|
|
|
@ -1,5 +1,5 @@ |
|
|
|
/* |
|
|
|
/* |
|
|
|
* Copyright 2012-2020 the original author or authors. |
|
|
|
* Copyright 2012-2022 the original author or authors. |
|
|
|
* |
|
|
|
* |
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
|
|
* you may not use this file except in compliance with the License. |
|
|
|
* you may not use this file except in compliance with the License. |
|
|
|
@ -24,8 +24,11 @@ import java.nio.file.Path; |
|
|
|
import java.security.GeneralSecurityException; |
|
|
|
import java.security.GeneralSecurityException; |
|
|
|
import java.security.KeyFactory; |
|
|
|
import java.security.KeyFactory; |
|
|
|
import java.security.PrivateKey; |
|
|
|
import java.security.PrivateKey; |
|
|
|
import java.security.spec.InvalidKeySpecException; |
|
|
|
|
|
|
|
import java.security.spec.PKCS8EncodedKeySpec; |
|
|
|
import java.security.spec.PKCS8EncodedKeySpec; |
|
|
|
|
|
|
|
import java.util.ArrayList; |
|
|
|
|
|
|
|
import java.util.Collections; |
|
|
|
|
|
|
|
import java.util.List; |
|
|
|
|
|
|
|
import java.util.function.Function; |
|
|
|
import java.util.regex.Matcher; |
|
|
|
import java.util.regex.Matcher; |
|
|
|
import java.util.regex.Pattern; |
|
|
|
import java.util.regex.Pattern; |
|
|
|
|
|
|
|
|
|
|
|
@ -43,21 +46,68 @@ final class PrivateKeyParser { |
|
|
|
|
|
|
|
|
|
|
|
private static final String PKCS1_FOOTER = "-+END\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+"; |
|
|
|
private static final String PKCS1_FOOTER = "-+END\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+"; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private static final String PKCS8_HEADER = "-+BEGIN\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+"; |
|
|
|
|
|
|
|
|
|
|
|
private static final String PKCS8_FOOTER = "-+END\\s+PRIVATE\\s+KEY[^-]*-+"; |
|
|
|
private static final String PKCS8_FOOTER = "-+END\\s+PRIVATE\\s+KEY[^-]*-+"; |
|
|
|
|
|
|
|
|
|
|
|
private static final String PKCS8_HEADER = "-+BEGIN\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+"; |
|
|
|
private static final String EC_HEADER = "-+BEGIN\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+"; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private static final String EC_FOOTER = "-+END\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+"; |
|
|
|
|
|
|
|
|
|
|
|
private static final String BASE64_TEXT = "([a-z0-9+/=\\r\\n]+)"; |
|
|
|
private static final String BASE64_TEXT = "([a-z0-9+/=\\r\\n]+)"; |
|
|
|
|
|
|
|
|
|
|
|
private static final Pattern PKCS1_PATTERN = Pattern.compile(PKCS1_HEADER + BASE64_TEXT + PKCS1_FOOTER, |
|
|
|
private static final List<PemParser> PEM_PARSERS; |
|
|
|
Pattern.CASE_INSENSITIVE); |
|
|
|
static { |
|
|
|
|
|
|
|
List<PemParser> parsers = new ArrayList<>(); |
|
|
|
|
|
|
|
parsers.add(new PemParser(PKCS1_HEADER, PKCS1_FOOTER, "RSA", PrivateKeyParser::createKeySpecForPkcs1)); |
|
|
|
|
|
|
|
parsers.add(new PemParser(EC_HEADER, EC_FOOTER, "EC", PrivateKeyParser::createKeySpecForEc)); |
|
|
|
|
|
|
|
parsers.add(new PemParser(PKCS8_HEADER, PKCS8_FOOTER, "RSA", PKCS8EncodedKeySpec::new)); |
|
|
|
|
|
|
|
PEM_PARSERS = Collections.unmodifiableList(parsers); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
|
|
* ASN.1 encoded object identifier {@literal 1.2.840.113549.1.1.1}. |
|
|
|
|
|
|
|
*/ |
|
|
|
|
|
|
|
private static final int[] RSA_ALGORITHM = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01 }; |
|
|
|
|
|
|
|
|
|
|
|
private static final Pattern PKCS8_KEY_PATTERN = Pattern.compile(PKCS8_HEADER + BASE64_TEXT + PKCS8_FOOTER, |
|
|
|
/** |
|
|
|
Pattern.CASE_INSENSITIVE); |
|
|
|
* ASN.1 encoded object identifier {@literal 1.2.840.10045.2.1}. |
|
|
|
|
|
|
|
*/ |
|
|
|
|
|
|
|
private static final int[] EC_ALGORITHM = { 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01 }; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
|
|
* ASN.1 encoded object identifier {@literal 1.3.132.0.34}. |
|
|
|
|
|
|
|
*/ |
|
|
|
|
|
|
|
private static final int[] EC_PARAMETERS = { 0x2b, 0x81, 0x04, 0x00, 0x22 }; |
|
|
|
|
|
|
|
|
|
|
|
private PrivateKeyParser() { |
|
|
|
private PrivateKeyParser() { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private static PKCS8EncodedKeySpec createKeySpecForPkcs1(byte[] bytes) { |
|
|
|
|
|
|
|
return createKeySpecForAlgorithm(bytes, RSA_ALGORITHM, null); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private static PKCS8EncodedKeySpec createKeySpecForEc(byte[] bytes) { |
|
|
|
|
|
|
|
return createKeySpecForAlgorithm(bytes, EC_ALGORITHM, EC_PARAMETERS); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private static PKCS8EncodedKeySpec createKeySpecForAlgorithm(byte[] bytes, int[] algorithm, int[] parameters) { |
|
|
|
|
|
|
|
try { |
|
|
|
|
|
|
|
DerEncoder encoder = new DerEncoder(); |
|
|
|
|
|
|
|
encoder.integer(0x00); // Version 0
|
|
|
|
|
|
|
|
DerEncoder algorithmIdentifier = new DerEncoder(); |
|
|
|
|
|
|
|
algorithmIdentifier.objectIdentifier(algorithm); |
|
|
|
|
|
|
|
algorithmIdentifier.objectIdentifier(parameters); |
|
|
|
|
|
|
|
byte[] byteArray = algorithmIdentifier.toByteArray(); |
|
|
|
|
|
|
|
encoder.sequence(byteArray); |
|
|
|
|
|
|
|
encoder.octetString(bytes); |
|
|
|
|
|
|
|
return new PKCS8EncodedKeySpec(encoder.toSequence()); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
catch (IOException ex) { |
|
|
|
|
|
|
|
throw new IllegalStateException(ex); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
/** |
|
|
|
* Load a private key from the specified file paths. |
|
|
|
* Load a private key from the specified file paths. |
|
|
|
* @param path the path to the private key file |
|
|
|
* @param path the path to the private key file |
|
|
|
@ -66,80 +116,137 @@ final class PrivateKeyParser { |
|
|
|
static PrivateKey parse(Path path) { |
|
|
|
static PrivateKey parse(Path path) { |
|
|
|
try { |
|
|
|
try { |
|
|
|
String text = readText(path); |
|
|
|
String text = readText(path); |
|
|
|
Matcher matcher = PKCS1_PATTERN.matcher(text); |
|
|
|
for (PemParser pemParser : PEM_PARSERS) { |
|
|
|
if (matcher.find()) { |
|
|
|
PrivateKey privateKey = pemParser.parse(text); |
|
|
|
return parsePkcs1(decodeBase64(matcher.group(1))); |
|
|
|
if (privateKey != null) { |
|
|
|
|
|
|
|
return privateKey; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
matcher = PKCS8_KEY_PATTERN.matcher(text); |
|
|
|
throw new IllegalStateException("Unrecognized private key format"); |
|
|
|
if (matcher.find()) { |
|
|
|
|
|
|
|
return parsePkcs8(decodeBase64(matcher.group(1))); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
throw new IllegalStateException("Unrecognized private key format in " + path); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
catch (GeneralSecurityException | IOException ex) { |
|
|
|
catch (Exception ex) { |
|
|
|
throw new IllegalStateException("Error loading private key file " + path, ex); |
|
|
|
throw new IllegalStateException("Error loading private key file " + path, ex); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private static PrivateKey parsePkcs1(byte[] privateKeyBytes) throws GeneralSecurityException { |
|
|
|
private static String readText(Path path) throws IOException { |
|
|
|
byte[] pkcs8Bytes = convertPkcs1ToPkcs8(privateKeyBytes); |
|
|
|
byte[] bytes = Files.readAllBytes(path); |
|
|
|
return parsePkcs8(pkcs8Bytes); |
|
|
|
return new String(bytes, StandardCharsets.UTF_8); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private static byte[] convertPkcs1ToPkcs8(byte[] pkcs1) { |
|
|
|
/** |
|
|
|
try { |
|
|
|
* Parser for a specific PEM format. |
|
|
|
ByteArrayOutputStream result = new ByteArrayOutputStream(); |
|
|
|
*/ |
|
|
|
int pkcs1Length = pkcs1.length; |
|
|
|
private static class PemParser { |
|
|
|
int totalLength = pkcs1Length + 22; |
|
|
|
|
|
|
|
// Sequence + total length
|
|
|
|
private final Pattern pattern; |
|
|
|
result.write(bytes(0x30, 0x82)); |
|
|
|
|
|
|
|
result.write((totalLength >> 8) & 0xff); |
|
|
|
private final String algorithm; |
|
|
|
result.write(totalLength & 0xff); |
|
|
|
|
|
|
|
// Integer (0)
|
|
|
|
private final Function<byte[], PKCS8EncodedKeySpec> keySpecFactory; |
|
|
|
result.write(bytes(0x02, 0x01, 0x00)); |
|
|
|
|
|
|
|
// Sequence: 1.2.840.113549.1.1.1, NULL
|
|
|
|
PemParser(String header, String footer, String algorithm, |
|
|
|
result.write( |
|
|
|
Function<byte[], PKCS8EncodedKeySpec> keySpecFactory) { |
|
|
|
bytes(0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00)); |
|
|
|
this.pattern = Pattern.compile(header + BASE64_TEXT + footer, Pattern.CASE_INSENSITIVE); |
|
|
|
// Octet string + length
|
|
|
|
this.algorithm = algorithm; |
|
|
|
result.write(bytes(0x04, 0x82)); |
|
|
|
this.keySpecFactory = keySpecFactory; |
|
|
|
result.write((pkcs1Length >> 8) & 0xff); |
|
|
|
|
|
|
|
result.write(pkcs1Length & 0xff); |
|
|
|
|
|
|
|
// PKCS1
|
|
|
|
|
|
|
|
result.write(pkcs1); |
|
|
|
|
|
|
|
return result.toByteArray(); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
catch (IOException ex) { |
|
|
|
|
|
|
|
throw new IllegalStateException(ex); |
|
|
|
PrivateKey parse(String text) { |
|
|
|
|
|
|
|
Matcher matcher = this.pattern.matcher(text); |
|
|
|
|
|
|
|
return (!matcher.find()) ? null : parse(decodeBase64(matcher.group(1))); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private static byte[] bytes(int... elements) { |
|
|
|
private static byte[] decodeBase64(String content) { |
|
|
|
byte[] result = new byte[elements.length]; |
|
|
|
byte[] contentBytes = content.replaceAll("\r", "").replaceAll("\n", "").getBytes(); |
|
|
|
for (int i = 0; i < elements.length; i++) { |
|
|
|
return Base64Utils.decode(contentBytes); |
|
|
|
result[i] = (byte) elements[i]; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
return result; |
|
|
|
|
|
|
|
|
|
|
|
private PrivateKey parse(byte[] bytes) { |
|
|
|
|
|
|
|
try { |
|
|
|
|
|
|
|
PKCS8EncodedKeySpec keySpec = this.keySpecFactory.apply(bytes); |
|
|
|
|
|
|
|
KeyFactory keyFactory = KeyFactory.getInstance(this.algorithm); |
|
|
|
|
|
|
|
return keyFactory.generatePrivate(keySpec); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
catch (GeneralSecurityException ex) { |
|
|
|
|
|
|
|
throw new IllegalArgumentException("Unexpected key format", ex); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private static PrivateKey parsePkcs8(byte[] privateKeyBytes) throws GeneralSecurityException { |
|
|
|
/** |
|
|
|
try { |
|
|
|
* Simple ASN.1 DER encoder. |
|
|
|
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyBytes); |
|
|
|
*/ |
|
|
|
KeyFactory keyFactory = KeyFactory.getInstance("RSA"); |
|
|
|
static class DerEncoder { |
|
|
|
return keyFactory.generatePrivate(keySpec); |
|
|
|
|
|
|
|
|
|
|
|
private final ByteArrayOutputStream stream = new ByteArrayOutputStream(); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void objectIdentifier(int... encodedObjectIdentifier) throws IOException { |
|
|
|
|
|
|
|
int code = (encodedObjectIdentifier != null) ? 0x06 : 0x05; |
|
|
|
|
|
|
|
codeLengthBytes(code, bytes(encodedObjectIdentifier)); |
|
|
|
} |
|
|
|
} |
|
|
|
catch (InvalidKeySpecException ex) { |
|
|
|
|
|
|
|
throw new IllegalArgumentException("Unexpected key format", ex); |
|
|
|
void integer(int... encodedInteger) throws IOException { |
|
|
|
|
|
|
|
codeLengthBytes(0x02, bytes(encodedInteger)); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private static String readText(Path path) throws IOException { |
|
|
|
void octetString(byte[] bytes) throws IOException { |
|
|
|
byte[] bytes = Files.readAllBytes(path); |
|
|
|
codeLengthBytes(0x04, bytes); |
|
|
|
return new String(bytes, StandardCharsets.UTF_8); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
void sequence(int... elements) throws IOException { |
|
|
|
|
|
|
|
sequence(bytes(elements)); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void sequence(byte[] bytes) throws IOException { |
|
|
|
|
|
|
|
codeLengthBytes(0x30, bytes); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void codeLengthBytes(int code, byte[] bytes) throws IOException { |
|
|
|
|
|
|
|
this.stream.write(code); |
|
|
|
|
|
|
|
int length = (bytes != null) ? bytes.length : 0; |
|
|
|
|
|
|
|
if (length <= 127) { |
|
|
|
|
|
|
|
this.stream.write(length & 0xFF); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
else { |
|
|
|
|
|
|
|
ByteArrayOutputStream lengthStream = new ByteArrayOutputStream(); |
|
|
|
|
|
|
|
while (length != 0) { |
|
|
|
|
|
|
|
lengthStream.write(length & 0xFF); |
|
|
|
|
|
|
|
length = length >> 8; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
byte[] lengthBytes = lengthStream.toByteArray(); |
|
|
|
|
|
|
|
this.stream.write(0x80 | lengthBytes.length); |
|
|
|
|
|
|
|
for (int i = lengthBytes.length - 1; i >= 0; i--) { |
|
|
|
|
|
|
|
this.stream.write(lengthBytes[i]); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if (bytes != null) { |
|
|
|
|
|
|
|
this.stream.write(bytes); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private static byte[] bytes(int... elements) { |
|
|
|
|
|
|
|
if (elements == null) { |
|
|
|
|
|
|
|
return null; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
byte[] result = new byte[elements.length]; |
|
|
|
|
|
|
|
for (int i = 0; i < elements.length; i++) { |
|
|
|
|
|
|
|
result[i] = (byte) elements[i]; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
return result; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
byte[] toSequence() throws IOException { |
|
|
|
|
|
|
|
DerEncoder sequenceEncoder = new DerEncoder(); |
|
|
|
|
|
|
|
sequenceEncoder.sequence(toByteArray()); |
|
|
|
|
|
|
|
return sequenceEncoder.toByteArray(); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
byte[] toByteArray() { |
|
|
|
|
|
|
|
return this.stream.toByteArray(); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private static byte[] decodeBase64(String content) { |
|
|
|
|
|
|
|
byte[] contentBytes = content.replaceAll("\r", "").replaceAll("\n", "").getBytes(); |
|
|
|
|
|
|
|
return Base64Utils.decode(contentBytes); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
Phillip Webb
3 years ago