You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2018/10/09 19:27:09 UTC
svn commit: r1843334 - in /tomcat/trunk/java/org/apache:
catalina/tribes/membership/cloud/CertificateStreamProvider.java
tomcat/util/net/jsse/PEMFile.java
Author: remm
Date: Tue Oct 9 19:27:09 2018
New Revision: 1843334
URL: http://svn.apache.org/viewvc?rev=1843334&view=rev
Log:
Fix use of client key algorithm parameter.
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/PEMFile.java
Modified: tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java?rev=1843334&r1=1843333&r2=1843334&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java (original)
+++ tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java Tue Oct 9 19:27:09 2018
@@ -47,11 +47,8 @@ public class CertificateStreamProvider e
private final SSLSocketFactory factory;
CertificateStreamProvider(String clientCertFile, String clientKeyFile, String clientKeyPassword, String clientKeyAlgo, String caCertFile) throws Exception {
- // defaults - RSA and empty password
char[] password = (clientKeyPassword != null) ? clientKeyPassword.toCharArray() : new char[0];
- String algorithm = (clientKeyAlgo != null) ? clientKeyAlgo : "RSA";
-
- KeyManager[] keyManagers = configureClientCert(clientCertFile, clientKeyFile, password, algorithm);
+ KeyManager[] keyManagers = configureClientCert(clientCertFile, clientKeyFile, password, clientKeyAlgo);
TrustManager[] trustManagers = configureCaCert(caCertFile);
SSLContext context = SSLContext.getInstance("TLS");
context.init(keyManagers, trustManagers, null);
@@ -77,12 +74,11 @@ public class CertificateStreamProvider e
}
private static KeyManager[] configureClientCert(String clientCertFile, String clientKeyFile, char[] clientKeyPassword, String clientKeyAlgo) throws Exception {
- // TODO What is intended usage of clientKeyAlgo?
try (InputStream certInputStream = new FileInputStream(clientCertFile)) {
CertificateFactory certFactory = CertificateFactory.getInstance("X509");
X509Certificate cert = (X509Certificate)certFactory.generateCertificate(certInputStream);
- PEMFile pemFile = new PEMFile(clientKeyFile, new String(clientKeyPassword));
+ PEMFile pemFile = new PEMFile(clientKeyFile, new String(clientKeyPassword), clientKeyAlgo);
PrivateKey privKey = pemFile.getPrivateKey();
KeyStore keyStore = KeyStore.getInstance("JKS");
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/PEMFile.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/PEMFile.java?rev=1843334&r1=1843333&r2=1843334&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/PEMFile.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/PEMFile.java Tue Oct 9 19:27:09 2018
@@ -70,6 +70,10 @@ public class PEMFile {
}
public PEMFile(String filename, String password) throws IOException, GeneralSecurityException {
+ this(filename, password, null);
+ }
+
+ public PEMFile(String filename, String password, String keyAlgorithm) throws IOException, GeneralSecurityException {
this.filename = filename;
List<Part> parts = new ArrayList<>();
@@ -93,10 +97,10 @@ public class PEMFile {
for (Part part : parts) {
switch (part.type) {
case "PRIVATE KEY":
- privateKey = part.toPrivateKey(null);
+ privateKey = part.toPrivateKey(null, keyAlgorithm);
break;
case "ENCRYPTED PRIVATE KEY":
- privateKey = part.toPrivateKey(password);
+ privateKey = part.toPrivateKey(password, keyAlgorithm);
break;
case "CERTIFICATE":
case "X509 CERTIFICATE":
@@ -122,7 +126,7 @@ public class PEMFile {
return (X509Certificate) factory.generateCertificate(new ByteArrayInputStream(decode()));
}
- public PrivateKey toPrivateKey(String password) throws GeneralSecurityException, IOException {
+ public PrivateKey toPrivateKey(String password, String keyAlgorithm) throws GeneralSecurityException, IOException {
KeySpec keySpec;
if (password == null) {
@@ -139,9 +143,17 @@ public class PEMFile {
}
InvalidKeyException exception = new InvalidKeyException(sm.getString("jsse.pemParseError", filename));
- for (String algorithm : new String[] {"RSA", "DSA", "EC"}) {
+ if (keyAlgorithm == null) {
+ for (String algorithm : new String[] {"RSA", "DSA", "EC"}) {
+ try {
+ return KeyFactory.getInstance(algorithm).generatePrivate(keySpec);
+ } catch (InvalidKeySpecException e) {
+ exception.addSuppressed(e);
+ }
+ }
+ } else {
try {
- return KeyFactory.getInstance(algorithm).generatePrivate(keySpec);
+ return KeyFactory.getInstance(keyAlgorithm).generatePrivate(keySpec);
} catch (InvalidKeySpecException e) {
exception.addSuppressed(e);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org