You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/07/12 15:54:51 UTC
[tomcat] 01/03: Back-port option to configure key algorithm
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 6279283acd41d0f9a38636e6f8614b47f3a0f5aa
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri Jul 12 16:51:56 2019 +0100
Back-port option to configure key algorithm
No currently required in 8.5.x but it reduces the diff to 9.0.x, making
other back-ports cleaner / easier.
---
java/org/apache/tomcat/util/net/jsse/PEMFile.java | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
index ee09cb2..f373939 100644
--- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
+++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
@@ -71,6 +71,11 @@ public class PEMFile {
}
public PEMFile(String filename, String password) throws IOException, GeneralSecurityException {
+ this(filename, password, null);
+ }
+
+ public PEMFile(String filename, String password, String keyAlgorithm)
+ throws IOException, GeneralSecurityException {
this.filename = filename;
List<Part> parts = new ArrayList<>();
@@ -95,10 +100,10 @@ public class PEMFile {
for (Part part : parts) {
switch (part.type) {
case "PRIVATE KEY":
- privateKey = part.toPrivateKey(null);
+ privateKey = part.toPrivateKey(null, keyAlgorithm);
break;
case "ENCRYPTED PRIVATE KEY":
- privateKey = part.toPrivateKey(password);
+ privateKey = part.toPrivateKey(password, keyAlgorithm);
break;
case "CERTIFICATE":
case "X509 CERTIFICATE":
@@ -124,7 +129,7 @@ public class PEMFile {
return (X509Certificate) factory.generateCertificate(new ByteArrayInputStream(decode()));
}
- public PrivateKey toPrivateKey(String password) throws GeneralSecurityException, IOException {
+ public PrivateKey toPrivateKey(String password, String keyAlgorithm) throws GeneralSecurityException, IOException {
KeySpec keySpec;
if (password == null) {
@@ -141,9 +146,17 @@ public class PEMFile {
}
InvalidKeyException exception = new InvalidKeyException(sm.getString("jsse.pemParseError", filename));
- for (String algorithm : new String[] {"RSA", "DSA", "EC"}) {
+ if (keyAlgorithm == null) {
+ for (String algorithm : new String[] {"RSA", "DSA", "EC"}) {
+ try {
+ return KeyFactory.getInstance(algorithm).generatePrivate(keySpec);
+ } catch (InvalidKeySpecException e) {
+ exception.addSuppressed(e);
+ }
+ }
+ } else {
try {
- return KeyFactory.getInstance(algorithm).generatePrivate(keySpec);
+ return KeyFactory.getInstance(keyAlgorithm).generatePrivate(keySpec);
} catch (InvalidKeySpecException e) {
exception.addSuppressed(e);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org