Skip non-key objects (e.g. ec params) when parsing private key from pem

author: Bjørn Christian Seime <bjorncs@oath.com> 2018-10-30 14:53:01 +0100
committer: Bjørn Christian Seime <bjorncs@oath.com> 2018-10-30 14:53:01 +0100
commit: 8f1729260599ce39546c5d3835d7a63ed051eeaf (patch)
tree: 2ae318badd05783eaaa725a3996824da1d0e26ea /security-utils
parent: f82663d75023486d3bbad4e7195afda37574fe8d (diff)
1 files changed, 18 insertions, 11 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java
index 11fb0f432e4..0d45a62f193 100644
--- a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java
@@ -28,6 +28,8 @@ import java.security.PublicKey;
 import java.security.interfaces.RSAPrivateCrtKey;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.RSAPublicKeySpec;
+import java.util.ArrayList;
+import java.util.List;
 
 import static com.yahoo.security.KeyAlgorithm.EC;
 import static com.yahoo.security.KeyAlgorithm.RSA;
@@ -79,18 +81,23 @@ public class KeyUtils {
 
     public static PrivateKey fromPemEncodedPrivateKey(String pem) {
         try (PEMParser parser = new PEMParser(new StringReader(pem))) {
-            Object pemObject = parser.readObject();
-            if (pemObject instanceof PrivateKeyInfo) {
-                PrivateKeyInfo keyInfo = (PrivateKeyInfo) pemObject;
-                PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyInfo.getEncoded());
-                return KeyFactory.getInstance(RSA.getAlgorithmName()).generatePrivate(keySpec);
-            } else if (pemObject instanceof PEMKeyPair) {
-                PEMKeyPair pemKeypair = (PEMKeyPair) pemObject;
-                PrivateKeyInfo keyInfo = pemKeypair.getPrivateKeyInfo();
-                JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter().setProvider(BouncyCastleProviderHolder.getInstance());
-                return pemConverter.getPrivateKey(keyInfo);
+            List<Object> unknownObjects = new ArrayList<>();
+            Object pemObject;
+            while ((pemObject = parser.readObject()) != null) {
+                if (pemObject instanceof PrivateKeyInfo) {
+                    PrivateKeyInfo keyInfo = (PrivateKeyInfo) pemObject;
+                    PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyInfo.getEncoded());
+                    return KeyFactory.getInstance(RSA.getAlgorithmName()).generatePrivate(keySpec);
+                } else if (pemObject instanceof PEMKeyPair) {
+                    PEMKeyPair pemKeypair = (PEMKeyPair) pemObject;
+                    PrivateKeyInfo keyInfo = pemKeypair.getPrivateKeyInfo();
+                    JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter().setProvider(BouncyCastleProviderHolder.getInstance());
+                    return pemConverter.getPrivateKey(keyInfo);
+                } else {
+                    unknownObjects.add(pemObject);
+                }
             }
-            throw new IllegalArgumentException("Unexpected type of PEM type: " + pemObject);
+            throw new IllegalArgumentException("Expected a private key, but found " + unknownObjects.toString());
         } catch (IOException e) {
             throw new UncheckedIOException(e);
         } catch (GeneralSecurityException e) {
author	Bjørn Christian Seime <bjorncs@oath.com>	2018-10-30 14:53:01 +0100
committer	Bjørn Christian Seime <bjorncs@oath.com>	2018-10-30 14:53:01 +0100
commit	8f1729260599ce39546c5d3835d7a63ed051eeaf (patch)
tree	2ae318badd05783eaaa725a3996824da1d0e26ea /security-utils
parent	f82663d75023486d3bbad4e7195afda37574fe8d (diff)