diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-03-22 12:22:25 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-03-22 13:01:10 +0100 |
commit | facf02d828254ccbf1fd9c2ce0c9d294ac9e693b (patch) | |
tree | 84f055bfd3551099e848bf66557dd8befae4eb37 /vespa-athenz | |
parent | f370e4c8cb2d2e4b8ce4b8fcf6cb6ecda3c024c9 (diff) |
Add method for serializing private key to PEM
Rewrite pem deserialization to use BouncyCastle directly instead of
using third-party wrapper.
Diffstat (limited to 'vespa-athenz')
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/KeyUtils.java | 41 | ||||
-rw-r--r-- | vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/KeyUtilsTest.java | 14 |
2 files changed, 54 insertions, 1 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/KeyUtils.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/KeyUtils.java index f49e1324ba5..563cae80da2 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/KeyUtils.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/KeyUtils.java @@ -2,12 +2,24 @@ package com.yahoo.vespa.athenz.tls; import com.yahoo.athenz.auth.util.Crypto; +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.openssl.PEMKeyPair; +import org.bouncycastle.openssl.PEMParser; +import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; +import org.bouncycastle.openssl.jcajce.JcaPEMWriter; +import org.bouncycastle.util.io.pem.PemObject; +import java.io.IOException; +import java.io.StringReader; +import java.io.StringWriter; +import java.io.UncheckedIOException; import java.security.GeneralSecurityException; +import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; +import java.security.spec.PKCS8EncodedKeySpec; /** * @author bjorncs @@ -36,6 +48,33 @@ public class KeyUtils { } public static PrivateKey fromPemEncodedPrivateKey(String pem) { - return Crypto.loadPrivateKey(pem); + try (PEMParser parser = new PEMParser(new StringReader(pem))) { + Object pemObject = parser.readObject(); + if (pemObject instanceof PrivateKeyInfo) { + PrivateKeyInfo keyInfo = (PrivateKeyInfo) pemObject; + PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyInfo.getEncoded()); + return KeyFactory.getInstance(KeyAlgorithm.RSA.getAlgorithmName()).generatePrivate(keySpec); + } else if (pemObject instanceof PEMKeyPair) { + PEMKeyPair pemKeypair = (PEMKeyPair) pemObject; + PrivateKeyInfo keyInfo = pemKeypair.getPrivateKeyInfo(); + JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); + return pemConverter.getPrivateKey(keyInfo); + } + throw new IllegalArgumentException("Unexpected type of PEM type: " + pemObject); + } catch (IOException e) { + throw new UncheckedIOException(e); + } catch (GeneralSecurityException e) { + throw new RuntimeException(e); + } + } + + public static String toPem(PrivateKey privateKey) { + try (StringWriter stringWriter = new StringWriter(); JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) { + pemWriter.writeObject(new PemObject("PRIVATE KEY", privateKey.getEncoded())); + pemWriter.flush(); + return stringWriter.toString(); + } catch (IOException e) { + throw new UncheckedIOException(e); + } } } diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/KeyUtilsTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/KeyUtilsTest.java index a8730a31838..fca4353d400 100644 --- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/KeyUtilsTest.java +++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/KeyUtilsTest.java @@ -3,9 +3,13 @@ package com.yahoo.vespa.athenz.tls; import org.junit.Test; import java.security.KeyPair; +import java.security.PrivateKey; import java.security.PublicKey; +import static org.hamcrest.CoreMatchers.containsString; +import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertThat; /** * @author bjorncs @@ -19,4 +23,14 @@ public class KeyUtilsTest { assertNotNull(publicKey); } + @Test + public void can_serialize_deserialize_pem() { + KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); + String pem = KeyUtils.toPem(keyPair.getPrivate()); + assertThat(pem, containsString("BEGIN PRIVATE KEY")); + assertThat(pem, containsString("END PRIVATE KEY")); + PrivateKey deserializedKey = KeyUtils.fromPemEncodedPrivateKey(pem); + assertEquals(keyPair.getPrivate(), deserializedKey); + } + }
\ No newline at end of file |