You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2016/07/05 07:16:59 UTC
[11/26] directory-kerby git commit: DIRKRB-588 - Support validation
keys in different formats Note: Introducing a Commons IO dependency as part
of this patch
DIRKRB-588 - Support validation keys in different formats
Note: Introducing a Commons IO dependency as part of this patch
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/641a3cca
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/641a3cca
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/641a3cca
Branch: refs/heads/kadmin-remote
Commit: 641a3cca8284c7a892942bd6a5ce09b78bc4265d
Parents: 8aae076
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Jun 16 10:35:04 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Jun 16 10:35:04 2016 +0100
----------------------------------------------------------------------
kerby-kerb/kerb-common/pom.xml | 6 ++
.../kerberos/kerb/common/PublicKeyReader.java | 60 +++++++++-----------
pom.xml | 1 +
3 files changed, 35 insertions(+), 32 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/641a3cca/kerby-kerb/kerb-common/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/pom.xml b/kerby-kerb/kerb-common/pom.xml
index 2272c96..779c391 100644
--- a/kerby-kerb/kerb-common/pom.xml
+++ b/kerby-kerb/kerb-common/pom.xml
@@ -36,5 +36,11 @@
<artifactId>kerb-crypto</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ <version>${commons-io.version}</version>
+ <scope>compile</scope>
+ </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/641a3cca/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/PublicKeyReader.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/PublicKeyReader.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/PublicKeyReader.java
index 49b2012..988d259 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/PublicKeyReader.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/PublicKeyReader.java
@@ -19,56 +19,52 @@
*/
package org.apache.kerby.kerberos.kerb.common;
-import org.apache.kerby.util.Base64;
-
-import java.io.BufferedReader;
-import java.io.IOException;
+import java.io.ByteArrayInputStream;
import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
+import org.apache.commons.io.IOUtils;
+import org.apache.kerby.util.Base64;
+
public class PublicKeyReader {
public static PublicKey loadPublicKey(InputStream in) throws Exception {
+ byte[] keyBytes = IOUtils.toByteArray(in);
+
try {
- BufferedReader br = new BufferedReader(new InputStreamReader(in, StandardCharsets.UTF_8));
- String readLine = null;
- StringBuilder sb = new StringBuilder();
- while ((readLine = br.readLine()) != null) {
- if (readLine.charAt(0) == '-') {
- continue;
- } else {
- sb.append(readLine);
- sb.append('\r');
- }
- }
- return loadPublicKey(sb.toString());
- } catch (IOException e) {
- throw e;
- } catch (NullPointerException e) {
- throw e;
+ return loadPublicKey(keyBytes);
+ } catch (InvalidKeySpecException ex) {
+ // It might be a Certificate and not a PublicKey...
+ Certificate cert =
+ CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(keyBytes));
+ return cert.getPublicKey();
}
}
- public static PublicKey loadPublicKey(String publicKeyStr) throws Exception {
- try {
+ public static PublicKey loadPublicKey(byte[] publicKeyBytes) throws Exception {
+ String pubKey = new String(publicKeyBytes, "UTF-8");
+ if (pubKey.startsWith("-----BEGIN PUBLIC KEY-----")) {
+ // PEM format
+ pubKey = pubKey.replace("-----BEGIN PUBLIC KEY-----", "");
+ pubKey = pubKey.replace("-----END PUBLIC KEY-----", "");
+
Base64 base64 = new Base64();
- byte[] buffer = base64.decode(publicKeyStr);
+ byte[] buffer = base64.decode(pubKey.trim());
+
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(buffer);
return keyFactory.generatePublic(keySpec);
- } catch (NoSuchAlgorithmException e) {
- throw e;
- } catch (InvalidKeySpecException e) {
- throw e;
- } catch (NullPointerException e) {
- throw e;
+ } else {
+ // DER format
+ KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+ X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKeyBytes);
+ return keyFactory.generatePublic(keySpec);
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/641a3cca/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 7e6967f..3aeef2a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,6 +49,7 @@
<properties>
<apacheds.version>2.0.0-M21</apacheds.version>
<bouncycastle.version>1.54</bouncycastle.version>
+ <commons-io.version>2.5</commons-io.version>
<gson.version>2.6.2</gson.version>
<ldap.api.version>1.0.0-M33</ldap.api.version>
<log4j.version>1.2.17</log4j.version>