Author: remm Date: Tue Oct 9 19:27:09 2018 New Revision: 1843334 URL: http://svn.apache.org/viewvc?rev=1843334&view=rev Log: Fix use of client key algorithm parameter.
Modified: tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java tomcat/trunk/java/org/apache/tomcat/util/net/jsse/PEMFile.java Modified: tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java?rev=1843334&r1=1843333&r2=1843334&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java (original) +++ tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java Tue Oct 9 19:27:09 2018 @@ -47,11 +47,8 @@ public class CertificateStreamProvider e private final SSLSocketFactory factory; CertificateStreamProvider(String clientCertFile, String clientKeyFile, String clientKeyPassword, String clientKeyAlgo, String caCertFile) throws Exception { - // defaults - RSA and empty password char[] password = (clientKeyPassword != null) ? clientKeyPassword.toCharArray() : new char[0]; - String algorithm = (clientKeyAlgo != null) ? clientKeyAlgo : "RSA"; - - KeyManager[] keyManagers = configureClientCert(clientCertFile, clientKeyFile, password, algorithm); + KeyManager[] keyManagers = configureClientCert(clientCertFile, clientKeyFile, password, clientKeyAlgo); TrustManager[] trustManagers = configureCaCert(caCertFile); SSLContext context = SSLContext.getInstance("TLS"); context.init(keyManagers, trustManagers, null); @@ -77,12 +74,11 @@ public class CertificateStreamProvider e } private static KeyManager[] configureClientCert(String clientCertFile, String clientKeyFile, char[] clientKeyPassword, String clientKeyAlgo) throws Exception { - // TODO What is intended usage of clientKeyAlgo? try (InputStream certInputStream = new FileInputStream(clientCertFile)) { CertificateFactory certFactory = CertificateFactory.getInstance("X509"); X509Certificate cert = (X509Certificate)certFactory.generateCertificate(certInputStream); - PEMFile pemFile = new PEMFile(clientKeyFile, new String(clientKeyPassword)); + PEMFile pemFile = new PEMFile(clientKeyFile, new String(clientKeyPassword), clientKeyAlgo); PrivateKey privKey = pemFile.getPrivateKey(); KeyStore keyStore = KeyStore.getInstance("JKS"); Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/PEMFile.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/PEMFile.java?rev=1843334&r1=1843333&r2=1843334&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/PEMFile.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/PEMFile.java Tue Oct 9 19:27:09 2018 @@ -70,6 +70,10 @@ public class PEMFile { } public PEMFile(String filename, String password) throws IOException, GeneralSecurityException { + this(filename, password, null); + } + + public PEMFile(String filename, String password, String keyAlgorithm) throws IOException, GeneralSecurityException { this.filename = filename; List<Part> parts = new ArrayList<>(); @@ -93,10 +97,10 @@ public class PEMFile { for (Part part : parts) { switch (part.type) { case "PRIVATE KEY": - privateKey = part.toPrivateKey(null); + privateKey = part.toPrivateKey(null, keyAlgorithm); break; case "ENCRYPTED PRIVATE KEY": - privateKey = part.toPrivateKey(password); + privateKey = part.toPrivateKey(password, keyAlgorithm); break; case "CERTIFICATE": case "X509 CERTIFICATE": @@ -122,7 +126,7 @@ public class PEMFile { return (X509Certificate) factory.generateCertificate(new ByteArrayInputStream(decode())); } - public PrivateKey toPrivateKey(String password) throws GeneralSecurityException, IOException { + public PrivateKey toPrivateKey(String password, String keyAlgorithm) throws GeneralSecurityException, IOException { KeySpec keySpec; if (password == null) { @@ -139,9 +143,17 @@ public class PEMFile { } InvalidKeyException exception = new InvalidKeyException(sm.getString("jsse.pemParseError", filename)); - for (String algorithm : new String[] {"RSA", "DSA", "EC"}) { + if (keyAlgorithm == null) { + for (String algorithm : new String[] {"RSA", "DSA", "EC"}) { + try { + return KeyFactory.getInstance(algorithm).generatePrivate(keySpec); + } catch (InvalidKeySpecException e) { + exception.addSuppressed(e); + } + } + } else { try { - return KeyFactory.getInstance(algorithm).generatePrivate(keySpec); + return KeyFactory.getInstance(keyAlgorithm).generatePrivate(keySpec); } catch (InvalidKeySpecException e) { exception.addSuppressed(e); } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org