Support PEM serialization of EC private keys

author: Bjørn Christian Seime <bjorncs@oath.com> 2018-09-11 16:23:40 +0200
committer: Bjørn Christian Seime <bjorncs@oath.com> 2018-09-11 17:59:47 +0200
commit: 95d98ba5a4eacc6b5eedaae1ad5a7817b999aace (patch)
tree: eb7564f44137985e4e57dd25166583186a824ea3 /vespajlib/src/main
parent: 51746e4d5c94d1cc84e9b865d64fc41321bb3bf4 (diff)
1 files changed, 11 insertions, 3 deletions
diff --git a/vespajlib/src/main/java/com/yahoo/security/KeyUtils.java b/vespajlib/src/main/java/com/yahoo/security/KeyUtils.java
index 1c3157d639f..11fb0f432e4 100644
--- a/vespajlib/src/main/java/com/yahoo/security/KeyUtils.java
+++ b/vespajlib/src/main/java/com/yahoo/security/KeyUtils.java
@@ -35,7 +35,6 @@ import static com.yahoo.security.KeyAlgorithm.RSA;
 /**
  * @author bjorncs
  */
-// TODO Support serialization of EC private keys
 public class KeyUtils {
     private KeyUtils() {}
 
@@ -88,7 +87,7 @@ public class KeyUtils {
             } else if (pemObject instanceof PEMKeyPair) {
                 PEMKeyPair pemKeypair = (PEMKeyPair) pemObject;
                 PrivateKeyInfo keyInfo = pemKeypair.getPrivateKeyInfo();
-                JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
+                JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter().setProvider(BouncyCastleProviderHolder.getInstance());
                 return pemConverter.getPrivateKey(keyInfo);
             }
             throw new IllegalArgumentException("Unexpected type of PEM type: " + pemObject);
@@ -101,8 +100,17 @@ public class KeyUtils {
 
     public static String toPem(PrivateKey privateKey) {
         try (StringWriter stringWriter = new StringWriter(); JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) {
+            String algorithm = privateKey.getAlgorithm();
             // Note: Encoding using PKCS#1 as this is to be read by tools only supporting PKCS#1
-            pemWriter.writeObject(new PemObject("RSA PRIVATE KEY", getPkcs1Bytes(privateKey)));
+            String type;
+            if (algorithm.equals(RSA.getAlgorithmName())) {
+                type = "RSA PRIVATE KEY";
+            } else if (algorithm.equals(EC.getAlgorithmName())) {
+                type = "EC PRIVATE KEY";
+            } else {
+                throw new IllegalArgumentException("Unexpected key algorithm: " + algorithm);
+            }
+            pemWriter.writeObject(new PemObject(type, getPkcs1Bytes(privateKey)));
             pemWriter.flush();
             return stringWriter.toString();
         } catch (IOException e) {
author	Bjørn Christian Seime <bjorncs@oath.com>	2018-09-11 16:23:40 +0200
committer	Bjørn Christian Seime <bjorncs@oath.com>	2018-09-11 17:59:47 +0200
commit	95d98ba5a4eacc6b5eedaae1ad5a7817b999aace (patch)
tree	eb7564f44137985e4e57dd25166583186a824ea3 /vespajlib/src/main
parent	51746e4d5c94d1cc84e9b865d64fc41321bb3bf4 (diff)