From a116471c60a836de390f4d5a9798ee6d2adee6ac Mon Sep 17 00:00:00 2001 From: Petr Vokac Date: Mon, 22 Sep 2014 02:53:08 +0200 Subject: [PATCH] workaround to support SL6 openssl default PKCS8 key format --- .../main/java/org/globus/gsi/OpenSSLKey.java | 20 ++++++++++++++++--- .../java/org/globus/gsi/X509Credential.java | 7 +++++++ 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/ssl-proxies/src/main/java/org/globus/gsi/OpenSSLKey.java b/ssl-proxies/src/main/java/org/globus/gsi/OpenSSLKey.java index 0ee95be1..2466375a 100644 --- a/ssl-proxies/src/main/java/org/globus/gsi/OpenSSLKey.java +++ b/ssl-proxies/src/main/java/org/globus/gsi/OpenSSLKey.java @@ -35,9 +35,11 @@ import java.security.GeneralSecurityException; import java.security.InvalidKeyException; import java.security.Key; +import java.security.KeyFactory; import java.security.MessageDigest; import java.security.PrivateKey; import java.security.SecureRandom; +import java.security.spec.PKCS8EncodedKeySpec; import java.util.StringTokenizer; import javax.crypto.Cipher; @@ -172,8 +174,17 @@ private void readPEM(Reader rd) throws IOException, GeneralSecurityException { if (isEncrypted()) { this.keyData = null; } else { - this.keyData = Base64.decode(encodedKey); - this.intKey = getKey(keyAlg, keyData); + if (keyAlg != "PKCS8") { + this.keyData = Base64.decode(encodedKey); + this.intKey = getKey(keyAlg, keyData); + } else { + // workaround for PKCS#8 encoded keys (only for keys without encryption) + keyAlg = "RSA"; + PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Base64.decode(encodedKey)); + KeyFactory kfac = KeyFactory.getInstance("RSA"); + this.intKey = kfac.generatePrivate(spec); + this.keyData = getEncoded(this.intKey); + } } } @@ -210,7 +221,10 @@ private String extractEncryptionInfo(BufferedReader in) throws IOException, Gene private void parseKeyAlgorithm(BufferedReader in) throws IOException, InvalidKeyException { String next = in.readLine(); while (next != null) { - if (next.indexOf("PRIVATE KEY") != -1) { + if (next.indexOf("BEGIN PRIVATE KEY") != -1) { + keyAlg = "PKCS8"; + break; + } else if (next.indexOf("PRIVATE KEY") != -1) { keyAlg = getKeyAlgorithm(next); break; } diff --git a/ssl-proxies/src/main/java/org/globus/gsi/X509Credential.java b/ssl-proxies/src/main/java/org/globus/gsi/X509Credential.java index 47a88311..d960d62e 100644 --- a/ssl-proxies/src/main/java/org/globus/gsi/X509Credential.java +++ b/ssl-proxies/src/main/java/org/globus/gsi/X509Credential.java @@ -36,6 +36,7 @@ import java.security.cert.CertificateException; import org.globus.gsi.bc.BouncyCastleUtil; import java.security.interfaces.RSAPrivateKey; +import java.security.spec.PKCS8EncodedKeySpec; import java.io.BufferedReader; import java.io.ByteArrayInputStream; import java.io.EOFException; @@ -47,6 +48,7 @@ import java.io.OutputStream; import java.io.Serializable; import java.security.GeneralSecurityException; +import java.security.KeyFactory; import java.security.PrivateKey; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -531,6 +533,11 @@ protected void load(InputStream input) throws CredentialException { } else if (line.indexOf("BEGIN RSA PRIVATE KEY") != -1) { byte[] data = getDecodedPEMObject(reader); this.opensslKey = new BouncyCastleOpenSSLKey("RSA", data); + } else if (line.indexOf("BEGIN PRIVATE KEY") != -1) { + byte[] data = getDecodedPEMObject(reader); + PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(data); + KeyFactory kfac = KeyFactory.getInstance("RSA"); + this.opensslKey = new BouncyCastleOpenSSLKey(kfac.generatePrivate(spec)); } } } catch (Exception e) {