diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-10-30 14:53:01 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-10-30 14:53:01 +0100 |
commit | 8f1729260599ce39546c5d3835d7a63ed051eeaf (patch) | |
tree | 2ae318badd05783eaaa725a3996824da1d0e26ea /security-utils | |
parent | f82663d75023486d3bbad4e7195afda37574fe8d (diff) |
Skip non-key objects (e.g. ec params) when parsing private key from pem
Diffstat (limited to 'security-utils')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/KeyUtils.java | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java index 11fb0f432e4..0d45a62f193 100644 --- a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java +++ b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java @@ -28,6 +28,8 @@ import java.security.PublicKey; import java.security.interfaces.RSAPrivateCrtKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.RSAPublicKeySpec; +import java.util.ArrayList; +import java.util.List; import static com.yahoo.security.KeyAlgorithm.EC; import static com.yahoo.security.KeyAlgorithm.RSA; @@ -79,18 +81,23 @@ public class KeyUtils { public static PrivateKey fromPemEncodedPrivateKey(String pem) { try (PEMParser parser = new PEMParser(new StringReader(pem))) { - Object pemObject = parser.readObject(); - if (pemObject instanceof PrivateKeyInfo) { - PrivateKeyInfo keyInfo = (PrivateKeyInfo) pemObject; - PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyInfo.getEncoded()); - return KeyFactory.getInstance(RSA.getAlgorithmName()).generatePrivate(keySpec); - } else if (pemObject instanceof PEMKeyPair) { - PEMKeyPair pemKeypair = (PEMKeyPair) pemObject; - PrivateKeyInfo keyInfo = pemKeypair.getPrivateKeyInfo(); - JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter().setProvider(BouncyCastleProviderHolder.getInstance()); - return pemConverter.getPrivateKey(keyInfo); + List<Object> unknownObjects = new ArrayList<>(); + Object pemObject; + while ((pemObject = parser.readObject()) != null) { + if (pemObject instanceof PrivateKeyInfo) { + PrivateKeyInfo keyInfo = (PrivateKeyInfo) pemObject; + PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyInfo.getEncoded()); + return KeyFactory.getInstance(RSA.getAlgorithmName()).generatePrivate(keySpec); + } else if (pemObject instanceof PEMKeyPair) { + PEMKeyPair pemKeypair = (PEMKeyPair) pemObject; + PrivateKeyInfo keyInfo = pemKeypair.getPrivateKeyInfo(); + JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter().setProvider(BouncyCastleProviderHolder.getInstance()); + return pemConverter.getPrivateKey(keyInfo); + } else { + unknownObjects.add(pemObject); + } } - throw new IllegalArgumentException("Unexpected type of PEM type: " + pemObject); + throw new IllegalArgumentException("Expected a private key, but found " + unknownObjects.toString()); } catch (IOException e) { throw new UncheckedIOException(e); } catch (GeneralSecurityException e) { |