Skip to content

Commit

Permalink
Fix "no key" error for PKCS#8 encoded keys
Browse files Browse the repository at this point in the history 
Fixes the following issues:
 * jglobus#118
 * jglobus#146

Merge remote-tracking branch 'vokac/master' into PKCS8-key-format
  • Loading branch information
@ellert
ellert committed Oct 30, 2018
2 parents 7877669 + a116471 commit e5da381
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 3 deletions.
20 changes: 17 additions & 3 deletions ssl-proxies/src/main/java/org/globus/gsi/OpenSSLKey.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,11 @@
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.StringTokenizer;

import javax.crypto.Cipher;
Expand Down Expand Up @@ -172,8 +174,17 @@ private void readPEM(Reader rd) throws IOException, GeneralSecurityException {
if (isEncrypted()) {
this.keyData = null;
} else {
this.keyData = Base64.decode(encodedKey);
this.intKey = getKey(keyAlg, keyData);
if (keyAlg != "PKCS8") {
this.keyData = Base64.decode(encodedKey);
this.intKey = getKey(keyAlg, keyData);
} else {
// workaround for PKCS#8 encoded keys (only for keys without encryption)
keyAlg = "RSA";
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Base64.decode(encodedKey));
KeyFactory kfac = KeyFactory.getInstance("RSA");
this.intKey = kfac.generatePrivate(spec);
this.keyData = getEncoded(this.intKey);
}
}
}

Expand Down Expand Up @@ -210,7 +221,10 @@ private String extractEncryptionInfo(BufferedReader in) throws IOException, Gene
private void parseKeyAlgorithm(BufferedReader in) throws IOException, InvalidKeyException {
String next = in.readLine();
while (next != null) {
if (next.indexOf("PRIVATE KEY") != -1) {
if (next.indexOf("BEGIN PRIVATE KEY") != -1) {
keyAlg = "PKCS8";
break;
} else if (next.indexOf("PRIVATE KEY") != -1) {
keyAlg = getKeyAlgorithm(next);
break;
}
Expand Down
7 changes: 7 additions & 0 deletions ssl-proxies/src/main/java/org/globus/gsi/X509Credential.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
import java.security.cert.CertificateException;
import org.globus.gsi.bc.BouncyCastleUtil;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.EOFException;
Expand All @@ -47,6 +48,7 @@
import java.io.OutputStream;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
Expand Down Expand Up @@ -531,6 +533,11 @@ protected void load(InputStream input) throws CredentialException {
} else if (line.indexOf("BEGIN RSA PRIVATE KEY") != -1) {
byte[] data = getDecodedPEMObject(reader);
this.opensslKey = new BouncyCastleOpenSSLKey("RSA", data);
} else if (line.indexOf("BEGIN PRIVATE KEY") != -1) {
byte[] data = getDecodedPEMObject(reader);
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(data);
KeyFactory kfac = KeyFactory.getInstance("RSA");
this.opensslKey = new BouncyCastleOpenSSLKey(kfac.generatePrivate(spec));
}
}
} catch (Exception e) {
Expand Down

0 comments on commit e5da381

Please sign in to comment.