diff options
Diffstat (limited to 'container-disc')
-rw-r--r-- | container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/CryptoUtils.java | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/CryptoUtils.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/CryptoUtils.java index 6ff7857df4a..388b40a1fe0 100644 --- a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/CryptoUtils.java +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/CryptoUtils.java @@ -6,6 +6,9 @@ import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.asn1.x509.ExtensionsGenerator; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.openssl.jcajce.JcaPEMWriter; import org.bouncycastle.operator.OperatorCreationException; @@ -23,6 +26,7 @@ import java.io.UncheckedIOException; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; import java.security.cert.X509Certificate; /** @@ -30,6 +34,8 @@ import java.security.cert.X509Certificate; */ class CryptoUtils { + private static final BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider(); + private CryptoUtils() {} static KeyPair createKeyPair() { @@ -89,12 +95,19 @@ class CryptoUtils { static X509Certificate parseCertificate(String pemEncodedCertificate) { try (PEMParser parser = new PEMParser(new StringReader(pemEncodedCertificate))) { Object pemObject = parser.readObject(); - if (!(pemObject instanceof X509Certificate)) { - throw new IllegalArgumentException("Expeceted X509Certificate instance, got " + pemObject); + if (pemObject instanceof X509Certificate) { + return (X509Certificate) pemObject; + } + if (pemObject instanceof X509CertificateHolder) { + return new JcaX509CertificateConverter() + .setProvider(bouncyCastleProvider) + .getCertificate((X509CertificateHolder) pemObject); } - return (X509Certificate) pemObject; + throw new IllegalArgumentException("Invalid type of PEM object: " + pemObject); } catch (IOException e) { throw new UncheckedIOException(e); + } catch (CertificateException e) { + throw new RuntimeException(e); } } } |