Merge branch 'master' into bjormel/aws-main-controllerbjormel/aws-main-controller

author: bjormel <bjormel@yahooinc.com> 2023-10-26 13:59:28 +0000
committer: bjormel <bjormel@yahooinc.com> 2023-10-26 13:59:28 +0000
commit: 567be9a1f6353cec41c23bfd1fcd46b4b2a4d2d7 (patch)
tree: 4664a743e166a5e11aee7b9acd70ad8ee2617612 /security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
parent: e9058b555d4dfea2f6c872d9a677e8678b569569 (diff)
parent: bce3b8e926bf9da880172acbe1ba4b12d5e026d6 (diff)
1 files changed, 10 insertions, 6 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java b/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
index 67b91dfc61a..171a8e890d0 100644
--- a/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
@@ -1,9 +1,10 @@
-// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.security;
 
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.x509.GeneralNames;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
@@ -73,15 +74,18 @@ public class X509CertificateUtils {
     }
 
     private static X509Certificate toX509Certificate(Object pemObject) throws CertificateException {
-        if (pemObject instanceof X509Certificate) {
-            return (X509Certificate) pemObject;
+        if (pemObject instanceof X509Certificate certificate) {
+            return certificate;
         }
-        if (pemObject instanceof X509CertificateHolder) {
+        if (pemObject instanceof X509CertificateHolder certificateHolder) {
             return new JcaX509CertificateConverter()
                     .setProvider(BouncyCastleProviderHolder.getInstance())
-                    .getCertificate((X509CertificateHolder) pemObject);
+                    .getCertificate(certificateHolder);
         }
-        throw new IllegalArgumentException("Invalid type of PEM object: " + pemObject);
+        if (pemObject instanceof PrivateKeyInfo) {
+            throw new IllegalArgumentException("Expected X509 certificate, but got private key");
+        }
+        throw new IllegalArgumentException("Invalid type of PEM object, got " + pemObject.getClass().getName());
     }
 
     public static String toPem(X509Certificate certificate) {
author	bjormel <bjormel@yahooinc.com>	2023-10-26 13:59:28 +0000
committer	bjormel <bjormel@yahooinc.com>	2023-10-26 13:59:28 +0000
commit	567be9a1f6353cec41c23bfd1fcd46b4b2a4d2d7 (patch)
tree	4664a743e166a5e11aee7b9acd70ad8ee2617612 /security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
parent	e9058b555d4dfea2f6c872d9a677e8678b569569 (diff)
parent	bce3b8e926bf9da880172acbe1ba4b12d5e026d6 (diff)