diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-05-03 14:37:22 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-05-03 15:19:17 +0200 |
commit | bcd18d57c73f4d3f04cf794e9e1e684a39d49218 (patch) | |
tree | 910b19dbdae361dfdbe62f9d748ba2085d52d59b /security-utils/src | |
parent | 1715733a1242d073a354947d3a5013e8c961790d (diff) |
Ensure parsed keys uses 'EC' as algorithm
Remove use of JcaPEMKeyConverter as it generated keys with 'ECDSA' as algorithm.
Diffstat (limited to 'security-utils/src')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/KeyUtils.java | 25 | ||||
-rw-r--r-- | security-utils/src/test/java/com/yahoo/security/KeyUtilsTest.java | 9 |
2 files changed, 26 insertions, 8 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java index 307be34d0b7..783afb7ac1d 100644 --- a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java +++ b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java @@ -3,8 +3,11 @@ package com.yahoo.security; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey; import org.bouncycastle.jce.spec.ECParameterSpec; import org.bouncycastle.jce.spec.ECPublicKeySpec; @@ -12,7 +15,6 @@ import org.bouncycastle.math.ec.ECPoint; import org.bouncycastle.math.ec.FixedPointCombMultiplier; import org.bouncycastle.openssl.PEMKeyPair; import org.bouncycastle.openssl.PEMParser; -import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; import org.bouncycastle.openssl.jcajce.JcaPEMWriter; import org.bouncycastle.util.io.pem.PemObject; @@ -30,6 +32,7 @@ import java.security.PublicKey; import java.security.interfaces.RSAPrivateCrtKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.RSAPublicKeySpec; +import java.security.spec.X509EncodedKeySpec; import java.util.ArrayList; import java.util.List; @@ -97,8 +100,8 @@ public class KeyUtils { } else if (pemObject instanceof PEMKeyPair) { PEMKeyPair pemKeypair = (PEMKeyPair) pemObject; PrivateKeyInfo keyInfo = pemKeypair.getPrivateKeyInfo(); - JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter().setProvider(BouncyCastleProviderHolder.getInstance()); - return pemConverter.getPrivateKey(keyInfo); + return createKeyFactory(keyInfo.getPrivateKeyAlgorithm()) + .generatePrivate(new PKCS8EncodedKeySpec(keyInfo.getEncoded())); } else { unknownObjects.add(pemObject); } @@ -126,12 +129,14 @@ public class KeyUtils { unknownObjects.add(pemObject); continue; } - JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter().setProvider(BouncyCastleProviderHolder.getInstance()); - return pemConverter.getPublicKey(keyInfo); + return createKeyFactory(keyInfo.getAlgorithm()) + .generatePublic(new X509EncodedKeySpec(keyInfo.getEncoded())); } throw new IllegalArgumentException("Expected a public key, but found " + unknownObjects.toString()); } catch (IOException e) { throw new UncheckedIOException(e); + } catch (GeneralSecurityException e) { + throw new RuntimeException(e); } } @@ -163,6 +168,16 @@ public class KeyUtils { return primitive.getEncoded(); } + private static KeyFactory createKeyFactory(AlgorithmIdentifier algorithm) throws NoSuchAlgorithmException { + if (X9ObjectIdentifiers.id_ecPublicKey.equals(algorithm.getAlgorithm())) { + return createKeyFactory(KeyAlgorithm.EC); + } else if (PKCSObjectIdentifiers.rsaEncryption.equals(algorithm.getAlgorithm())) { + return createKeyFactory(KeyAlgorithm.RSA); + } else { + throw new IllegalArgumentException("Unknown key algorithm: " + algorithm); + } + } + private static KeyFactory createKeyFactory(KeyAlgorithm algorithm) throws NoSuchAlgorithmException { return KeyFactory.getInstance(algorithm.getAlgorithmName(), BouncyCastleProviderHolder.getInstance()); } diff --git a/security-utils/src/test/java/com/yahoo/security/KeyUtilsTest.java b/security-utils/src/test/java/com/yahoo/security/KeyUtilsTest.java index 3a7480dfc63..eba6fad9bd8 100644 --- a/security-utils/src/test/java/com/yahoo/security/KeyUtilsTest.java +++ b/security-utils/src/test/java/com/yahoo/security/KeyUtilsTest.java @@ -81,13 +81,16 @@ public class KeyUtilsTest { @Test public void can_deserialize_rsa_publickey_in_pem_format() { - KeyUtils.fromPemEncodedPublicKey(rsaPemPublicKey); + PublicKey publicKey = KeyUtils.fromPemEncodedPublicKey(rsaPemPublicKey); + assertEquals(KeyAlgorithm.RSA.getAlgorithmName(), publicKey.getAlgorithm()); } @Test public void can_deserialize_ec_keys_in_pem_format() { - KeyUtils.fromPemEncodedPublicKey(ecPemPublicKey); - KeyUtils.fromPemEncodedPrivateKey(ecPemPrivateKey); + PublicKey publicKey = KeyUtils.fromPemEncodedPublicKey(ecPemPublicKey); + PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(ecPemPrivateKey); + assertEquals(KeyAlgorithm.EC.getAlgorithmName(), publicKey.getAlgorithm()); + assertEquals(KeyAlgorithm.EC.getAlgorithmName(), privateKey.getAlgorithm()); } } |