From 0c55dc92a3bf889c67fac1ca855e6e33e1994904 Mon Sep 17 00:00:00 2001
From: Jon Bratseth <bratseth@vespa.ai>
Date: Mon, 9 Oct 2023 09:44:29 +0200
Subject: Update copyright

---
 .../src/main/java/com/yahoo/security/X509CertificateUtils.java          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java')

diff --git a/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java b/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
index 67b91dfc61a..9bcc6e7b8c6 100644
--- a/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
@@ -1,4 +1,4 @@
-// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.security;
 
 import org.bouncycastle.asn1.ASN1Encodable;
-- 
cgit v1.2.3


From 1c068fdaffe08016f00809186811d2c3d6e261bc Mon Sep 17 00:00:00 2001
From: Martin Polden <mpolden@mpolden.no>
Date: Wed, 18 Oct 2023 10:53:59 +0200
Subject: Improve error message when passing private key

---
 .../main/java/com/yahoo/security/X509CertificateUtils.java | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java')

diff --git a/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java b/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
index 9bcc6e7b8c6..171a8e890d0 100644
--- a/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
@@ -4,6 +4,7 @@ package com.yahoo.security;
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.x509.GeneralNames;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
@@ -73,15 +74,18 @@ public class X509CertificateUtils {
     }
 
     private static X509Certificate toX509Certificate(Object pemObject) throws CertificateException {
-        if (pemObject instanceof X509Certificate) {
-            return (X509Certificate) pemObject;
+        if (pemObject instanceof X509Certificate certificate) {
+            return certificate;
         }
-        if (pemObject instanceof X509CertificateHolder) {
+        if (pemObject instanceof X509CertificateHolder certificateHolder) {
             return new JcaX509CertificateConverter()
                     .setProvider(BouncyCastleProviderHolder.getInstance())
-                    .getCertificate((X509CertificateHolder) pemObject);
+                    .getCertificate(certificateHolder);
         }
-        throw new IllegalArgumentException("Invalid type of PEM object: " + pemObject);
+        if (pemObject instanceof PrivateKeyInfo) {
+            throw new IllegalArgumentException("Expected X509 certificate, but got private key");
+        }
+        throw new IllegalArgumentException("Invalid type of PEM object, got " + pemObject.getClass().getName());
     }
 
     public static String toPem(X509Certificate certificate) {
-- 
cgit v1.2.3