zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-04-30 03:57:51 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add the ability to parse PKCS#8 private key in PEM file (#682)

Browse source
This commit is contained in:
Lai Jiang 2020-07-14 11:20:00 -04:00 committed by GitHub
parent 4036be3bdc
commit 20cd587409
1 changed files with 16 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
networking/src/main/java/google/registry/networking/module/CertificateSupplierModule.java
View file

@ -40,6 +40,7 @@ import javax.inject.Named;
import javax.inject.Provider; import javax.inject.Provider;
import javax.inject.Qualifier; import javax.inject.Qualifier;
import javax.inject.Singleton; import javax.inject.Singleton;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.provider.BouncyCastleProvider;
@ -215,17 +216,29 @@ public final class CertificateSupplierModule {
@PemFile @PemFile
static PrivateKey providePemPrivateKey(@PemFile ImmutableList<Object> pemObjects) { static PrivateKey providePemPrivateKey(@PemFile ImmutableList<Object> pemObjects) {
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
Function<PEMKeyPair, PrivateKey> privateKeyConverter = Function<PEMKeyPair, PrivateKey> pkcs1PrivateKeyConverter =
pemKeyPair -> { pemKeyPair -> {
try { try {
return converter.getKeyPair(pemKeyPair).getPrivate(); return converter.getKeyPair(pemKeyPair).getPrivate();
} catch (PEMException e) { } catch (PEMException e) {
throw new RuntimeException( throw new RuntimeException(
String.format("Error converting private key: %s", pemKeyPair), e); String.format("Error converting PKCS#1 private key: %s", pemKeyPair), e);
}
};
Function<PrivateKeyInfo, PrivateKey> pkcs8PrivateKeyConverter =
privateKeyInfo -> {
try {
return converter.getPrivateKey(privateKeyInfo);
} catch (PEMException e) {
throw new RuntimeException(
String.format("Error converting PKCS#8 private key: %s", privateKeyInfo), e);
} }
}; };
ImmutableList<PrivateKey> privateKeys = ImmutableList<PrivateKey> privateKeys =
filterAndConvert(pemObjects, PEMKeyPair.class, privateKeyConverter); ImmutableList.<PrivateKey>builder()
.addAll(filterAndConvert(pemObjects, PEMKeyPair.class, pkcs1PrivateKeyConverter))
.addAll(filterAndConvert(pemObjects, PrivateKeyInfo.class, pkcs8PrivateKeyConverter))
.build();
checkState( checkState(
privateKeys.size() == 1, privateKeys.size() == 1,
"The pem file must contain exactly one private key, but %s keys are found", "The pem file must contain exactly one private key, but %s keys are found",