Improve error message when passing private key

author: Martin Polden <mpolden@mpolden.no> 2023-10-18 10:53:59 +0200
committer: Martin Polden <mpolden@mpolden.no> 2023-10-18 10:53:59 +0200
commit: 1c068fdaffe08016f00809186811d2c3d6e261bc (patch)
tree: b0880b7874abda754fbdf68e11213a987741bb38 /security-utils
parent: e469b637cc90581ba95d644bb28d4512bc2126a7 (diff)
1 files changed, 9 insertions, 5 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java b/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
index 9bcc6e7b8c6..171a8e890d0 100644
--- a/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
@@ -4,6 +4,7 @@ package com.yahoo.security;
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.x509.GeneralNames;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
@@ -73,15 +74,18 @@ public class X509CertificateUtils {
     }
 
     private static X509Certificate toX509Certificate(Object pemObject) throws CertificateException {
-        if (pemObject instanceof X509Certificate) {
-            return (X509Certificate) pemObject;
+        if (pemObject instanceof X509Certificate certificate) {
+            return certificate;
         }
-        if (pemObject instanceof X509CertificateHolder) {
+        if (pemObject instanceof X509CertificateHolder certificateHolder) {
             return new JcaX509CertificateConverter()
                     .setProvider(BouncyCastleProviderHolder.getInstance())
-                    .getCertificate((X509CertificateHolder) pemObject);
+                    .getCertificate(certificateHolder);
         }
-        throw new IllegalArgumentException("Invalid type of PEM object: " + pemObject);
+        if (pemObject instanceof PrivateKeyInfo) {
+            throw new IllegalArgumentException("Expected X509 certificate, but got private key");
+        }
+        throw new IllegalArgumentException("Invalid type of PEM object, got " + pemObject.getClass().getName());
     }
 
     public static String toPem(X509Certificate certificate) {
author	Martin Polden <mpolden@mpolden.no>	2023-10-18 10:53:59 +0200
committer	Martin Polden <mpolden@mpolden.no>	2023-10-18 10:53:59 +0200
commit	1c068fdaffe08016f00809186811d2c3d6e261bc (patch)
tree	b0880b7874abda754fbdf68e11213a987741bb38 /security-utils
parent	e469b637cc90581ba95d644bb28d4512bc2126a7 (diff)