Группа :: Разработка/Java
Пакет: jglobus
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: jglobus-support-PKCS8-key-format.patch
Скачать
Скачать
From a116471c60a836de390f4d5a9798ee6d2adee6ac Mon Sep 17 00:00:00 2001
From: Petr Vokac <vokac@fnal.gov>
Date: Mon, 22 Sep 2014 02:53:08 +0200
Subject: [PATCH] workaround to support SL6 openssl default PKCS8 key format
---
.../main/java/org/globus/gsi/OpenSSLKey.java | 20 ++++++++++++++++---
.../java/org/globus/gsi/X509Credential.java | 7 +++++++
2 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/ssl-proxies/src/main/java/org/globus/gsi/OpenSSLKey.java b/ssl-proxies/src/main/java/org/globus/gsi/OpenSSLKey.java
index 0ee95be..2466375 100644
--- a/ssl-proxies/src/main/java/org/globus/gsi/OpenSSLKey.java
+++ b/ssl-proxies/src/main/java/org/globus/gsi/OpenSSLKey.java
@@ -35,9 +35,11 @@ import java.io.Writer;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
+import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.SecureRandom;
+import java.security.spec.PKCS8EncodedKeySpec;
import java.util.StringTokenizer;
import javax.crypto.Cipher;
@@ -172,8 +174,17 @@ public abstract class OpenSSLKey implements Serializable {
if (isEncrypted()) {
this.keyData = null;
} else {
- this.keyData = Base64.decode(encodedKey);
- this.intKey = getKey(keyAlg, keyData);
+ if (keyAlg != "PKCS8") {
+ this.keyData = Base64.decode(encodedKey);
+ this.intKey = getKey(keyAlg, keyData);
+ } else {
+ // workaround for PKCS#8 encoded keys (only for keys without encryption)
+ keyAlg = "RSA";
+ PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Base64.decode(encodedKey));
+ KeyFactory kfac = KeyFactory.getInstance("RSA");
+ this.intKey = kfac.generatePrivate(spec);
+ this.keyData = getEncoded(this.intKey);
+ }
}
}
@@ -210,7 +221,10 @@ public abstract class OpenSSLKey implements Serializable {
private void parseKeyAlgorithm(BufferedReader in) throws IOException, InvalidKeyException {
String next = in.readLine();
while (next != null) {
- if (next.indexOf("PRIVATE KEY") != -1) {
+ if (next.indexOf("BEGIN PRIVATE KEY") != -1) {
+ keyAlg = "PKCS8";
+ break;
+ } else if (next.indexOf("PRIVATE KEY") != -1) {
keyAlg = getKeyAlgorithm(next);
break;
}
diff --git a/ssl-proxies/src/main/java/org/globus/gsi/X509Credential.java b/ssl-proxies/src/main/java/org/globus/gsi/X509Credential.java
index 47a8831..d960d62 100644
--- a/ssl-proxies/src/main/java/org/globus/gsi/X509Credential.java
+++ b/ssl-proxies/src/main/java/org/globus/gsi/X509Credential.java
@@ -36,6 +36,7 @@ import java.io.FileInputStream;
import java.security.cert.CertificateException;
import org.globus.gsi.bc.BouncyCastleUtil;
import java.security.interfaces.RSAPrivateKey;
+import java.security.spec.PKCS8EncodedKeySpec;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.EOFException;
@@ -47,6 +48,7 @@ import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.Serializable;
import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
@@ -531,6 +533,11 @@ public class X509Credential implements Serializable {
} else if (line.indexOf("BEGIN RSA PRIVATE KEY") != -1) {
byte[] data = getDecodedPEMObject(reader);
this.opensslKey = new BouncyCastleOpenSSLKey("RSA", data);
+ } else if (line.indexOf("BEGIN PRIVATE KEY") != -1) {
+ byte[] data = getDecodedPEMObject(reader);
+ PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(data);
+ KeyFactory kfac = KeyFactory.getInstance("RSA");
+ this.opensslKey = new BouncyCastleOpenSSLKey(kfac.generatePrivate(spec));
}
}
} catch (Exception e) {
--
2.17.2