From 20cd5874091565d3a48521df23718da06d315efd Mon Sep 17 00:00:00 2001
From: Lai Jiang <jianglai@google.com>
Date: Tue, 14 Jul 2020 11:20:00 -0400
Subject: [PATCH] Add the ability to parse PKCS#8 private key in PEM file
 (#682)

---
 .../module/CertificateSupplierModule.java     | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/networking/src/main/java/google/registry/networking/module/CertificateSupplierModule.java b/networking/src/main/java/google/registry/networking/module/CertificateSupplierModule.java
index 664a653e3..9e5791689 100644
--- a/networking/src/main/java/google/registry/networking/module/CertificateSupplierModule.java
+++ b/networking/src/main/java/google/registry/networking/module/CertificateSupplierModule.java
@@ -40,6 +40,7 @@ import javax.inject.Named;
 import javax.inject.Provider;
 import javax.inject.Qualifier;
 import javax.inject.Singleton;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
@@ -215,17 +216,29 @@ public final class CertificateSupplierModule {
   @PemFile
   static PrivateKey providePemPrivateKey(@PemFile ImmutableList<Object> pemObjects) {
     JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
-    Function<PEMKeyPair, PrivateKey> privateKeyConverter =
+    Function<PEMKeyPair, PrivateKey> pkcs1PrivateKeyConverter =
         pemKeyPair -> {
           try {
             return converter.getKeyPair(pemKeyPair).getPrivate();
           } catch (PEMException e) {
             throw new RuntimeException(
-                String.format("Error converting private key: %s", pemKeyPair), e);
+                String.format("Error converting PKCS#1 private key: %s", pemKeyPair), e);
+          }
+        };
+    Function<PrivateKeyInfo, PrivateKey> pkcs8PrivateKeyConverter =
+        privateKeyInfo -> {
+          try {
+            return converter.getPrivateKey(privateKeyInfo);
+          } catch (PEMException e) {
+            throw new RuntimeException(
+                String.format("Error converting PKCS#8 private key: %s", privateKeyInfo), e);
           }
         };
     ImmutableList<PrivateKey> privateKeys =
-        filterAndConvert(pemObjects, PEMKeyPair.class, privateKeyConverter);
+        ImmutableList.<PrivateKey>builder()
+            .addAll(filterAndConvert(pemObjects, PEMKeyPair.class, pkcs1PrivateKeyConverter))
+            .addAll(filterAndConvert(pemObjects, PrivateKeyInfo.class, pkcs8PrivateKeyConverter))
+            .build();
     checkState(
         privateKeys.size() == 1,
         "The pem file must contain exactly one private key, but %s keys are found",