From fa8386b3577bdfea0b94d85d54c6e2d857d7a6fa Mon Sep 17 00:00:00 2001 From: Adrian Cole Date: Thu, 2 Sep 2010 01:32:16 -0700 Subject: [PATCH] fixed rsa private key -> pem issue --- core/pom.xml | 8 +- .../main/java/org/jclouds/crypto/Pems.java | 136 +++++++++++------- .../java/org/jclouds/crypto/PemsTest.java | 22 ++- 3 files changed, 98 insertions(+), 68 deletions(-) diff --git a/core/pom.xml b/core/pom.xml index 8ba81da45e..d91bcb3547 100644 --- a/core/pom.xml +++ b/core/pom.xml @@ -58,7 +58,13 @@ oauth 20100527 - + + + org.bouncycastle + bcprov-jdk15 + 1.44 + true + aopalliance aopalliance diff --git a/core/src/main/java/org/jclouds/crypto/Pems.java b/core/src/main/java/org/jclouds/crypto/Pems.java index 2623f9706f..94cb3b9c83 100644 --- a/core/src/main/java/org/jclouds/crypto/Pems.java +++ b/core/src/main/java/org/jclouds/crypto/Pems.java @@ -31,6 +31,8 @@ import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; +import java.security.interfaces.RSAPrivateCrtKey; +import java.security.interfaces.RSAPublicKey; import java.security.spec.KeySpec; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.RSAPrivateKeySpec; @@ -43,12 +45,16 @@ import net.oauth.signature.pem.PEMReader; import net.oauth.signature.pem.PKCS1EncodedKeySpec; import net.oauth.signature.pem.PKCS1EncodedPublicKeySpec; +import org.bouncycastle.asn1.ASN1OutputStream; +import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure; import org.jclouds.crypto.Pems.PemProcessor.ResultParser; import org.jclouds.io.InputSuppliers; import com.google.common.annotations.Beta; +import com.google.common.base.Joiner; +import com.google.common.base.Splitter; +import com.google.common.base.Throwables; import com.google.common.collect.ImmutableMap; -import com.google.common.io.ByteStreams; import com.google.common.io.InputSupplier; /** @@ -89,7 +95,7 @@ public class Pems { return parsers.get(reader.getBeginMarker()).parseResult(bytes); } else { throw new IOException(String.format("Invalid PEM file: no parsers for marker %s in %s", reader - .getBeginMarker(), parsers.keySet())); + .getBeginMarker(), parsers.keySet())); } } catch (IOException e) { throw new RuntimeException(e); @@ -98,8 +104,7 @@ public class Pems { } /** - * Returns the object of generic type {@code T} that is pem encoded in the - * supplier. + * Returns the object of generic type {@code T} that is pem encoded in the supplier. * * @param supplier * the input stream factory @@ -107,13 +112,12 @@ public class Pems { * header that begins the PEM block * @param processor * how to parser the object from a byte array - * @return the object of generic type {@code T} which was PEM encoded in the - * stream + * @return the object of generic type {@code T} which was PEM encoded in the stream * @throws IOException * if an I/O error occurs */ public static T fromPem(InputSupplier supplier, PemProcessor processor) - throws IOException { + throws IOException { try { return com.google.common.io.ByteStreams.readBytes(supplier, processor); } catch (RuntimeException e) { @@ -136,24 +140,24 @@ public class Pems { */ public static KeySpec privateKeySpec(InputSupplier supplier) throws IOException { return fromPem(supplier, new PemProcessor(ImmutableMap.> of( - PRIVATE_PKCS1_MARKER, new ResultParser() { + PRIVATE_PKCS1_MARKER, new ResultParser() { - public KeySpec parseResult(byte[] bytes) throws IOException { - return (new PKCS1EncodedKeySpec(bytes)).getKeySpec(); - } + public KeySpec parseResult(byte[] bytes) throws IOException { + return (new PKCS1EncodedKeySpec(bytes)).getKeySpec(); + } - }, PRIVATE_PKCS8_MARKER, new ResultParser() { + }, PRIVATE_PKCS8_MARKER, new ResultParser() { - public KeySpec parseResult(byte[] bytes) throws IOException { - return new PKCS8EncodedKeySpec(bytes); - } + public KeySpec parseResult(byte[] bytes) throws IOException { + return new PKCS8EncodedKeySpec(bytes); + } - }))); + }))); } /** - * Executes {@link Pems#privateKeySpec(InputSupplier)} on the string which - * contains an encoded private key in PEM format. + * Executes {@link Pems#privateKeySpec(InputSupplier)} on the string which contains an encoded + * private key in PEM format. * * @param pem * private key in pem encoded format. @@ -175,24 +179,24 @@ public class Pems { */ public static KeySpec publicKeySpec(InputSupplier supplier) throws IOException { return fromPem(supplier, new PemProcessor(ImmutableMap.> of( - PUBLIC_PKCS1_MARKER, new ResultParser() { + PUBLIC_PKCS1_MARKER, new ResultParser() { - public KeySpec parseResult(byte[] bytes) throws IOException { - return (new PKCS1EncodedPublicKeySpec(bytes)).getKeySpec(); - } + public KeySpec parseResult(byte[] bytes) throws IOException { + return (new PKCS1EncodedPublicKeySpec(bytes)).getKeySpec(); + } - }, PUBLIC_X509_MARKER, new ResultParser() { + }, PUBLIC_X509_MARKER, new ResultParser() { - public X509EncodedKeySpec parseResult(byte[] bytes) throws IOException { - return new X509EncodedKeySpec(bytes); - } + public X509EncodedKeySpec parseResult(byte[] bytes) throws IOException { + return new X509EncodedKeySpec(bytes); + } - }))); + }))); } /** - * Executes {@link Pems#publicKeySpec(InputSupplier)} on the string which - * contains an encoded public key in PEM format. + * Executes {@link Pems#publicKeySpec(InputSupplier)} on the string which contains an encoded + * public key in PEM format. * * @param pem * public key in pem encoded format. @@ -203,8 +207,7 @@ public class Pems { } /** - * Returns the {@link X509EncodedKeySpec} that is pem encoded in the - * supplier. + * Returns the {@link X509EncodedKeySpec} that is pem encoded in the supplier. * * @param supplier * the input stream factory @@ -217,24 +220,24 @@ public class Pems { * @throws CertificateException */ public static X509Certificate x509Certificate(InputSupplier supplier, - @Nullable CertificateFactory certFactory) throws IOException, CertificateException { + @Nullable CertificateFactory certFactory) throws IOException, CertificateException { final CertificateFactory finalCertFactory = certFactory != null ? certFactory : CertificateFactory - .getInstance("X.509"); + .getInstance("X.509"); try { return fromPem(supplier, new PemProcessor(ImmutableMap - .> of(CERTIFICATE_X509_MARKER, - new ResultParser() { + .> of(CERTIFICATE_X509_MARKER, + new ResultParser() { - public X509Certificate parseResult(byte[] bytes) throws IOException { - try { - return (X509Certificate) finalCertFactory.generateCertificate(new ByteArrayInputStream( - bytes)); - } catch (CertificateException e) { - throw new RuntimeException(e); - } - } + public X509Certificate parseResult(byte[] bytes) throws IOException { + try { + return (X509Certificate) finalCertFactory + .generateCertificate(new ByteArrayInputStream(bytes)); + } catch (CertificateException e) { + throw new RuntimeException(e); + } + } - }))); + }))); } catch (RuntimeException e) { if (e.getCause() != null && e.getCause() instanceof CertificateException) { throw (CertificateException) e.getCause(); @@ -244,8 +247,8 @@ public class Pems { } /** - * Executes {@link Pems#x509Certificate(InputSupplier, CertificateFactory)} - * on the string which contains an X.509 certificate in PEM format. + * Executes {@link Pems#x509Certificate(InputSupplier, CertificateFactory)} on the string which + * contains an X.509 certificate in PEM format. * * @param pem * certificate in pem encoded format. @@ -265,9 +268,8 @@ public class Pems { * @throws CertificateEncodingException */ public static String pem(X509Certificate cert) throws IOException, CertificateEncodingException { - return new StringBuilder("-----BEGIN CERTIFICATE-----\n").append( - CryptoStreams.base64Encode(ByteStreams.newInputStreamSupplier(cert.getEncoded()))).append( - "\n-----END CERTIFICATE-----\n").toString(); + String marker = CERTIFICATE_X509_MARKER; + return pem(cert.getEncoded(), marker); } /** @@ -280,9 +282,8 @@ public class Pems { * @throws CertificateEncodingException */ public static String pem(PublicKey key) throws IOException { - return new StringBuilder("-----BEGIN PUBLIC KEY-----\n").append( - CryptoStreams.base64Encode(ByteStreams.newInputStreamSupplier(key.getEncoded()))).append( - "\n-----END PUBLIC KEY-----\n").toString(); + String marker = key instanceof RSAPublicKey ? PUBLIC_PKCS1_MARKER : PUBLIC_X509_MARKER; + return pem(key.getEncoded(), marker); } /** @@ -295,9 +296,34 @@ public class Pems { * @throws CertificateEncodingException */ public static String pem(PrivateKey key) throws IOException { - return new StringBuilder("-----BEGIN PRIVATE KEY-----\n").append( - CryptoStreams.base64Encode(ByteStreams.newInputStreamSupplier(key.getEncoded()))).append( - "\n-----END PRIVATE KEY-----\n").toString(); + String marker = key instanceof RSAPrivateCrtKey ? PRIVATE_PKCS1_MARKER : PRIVATE_PKCS8_MARKER; + return pem(key instanceof RSAPrivateCrtKey ? getEncoded(RSAPrivateCrtKey.class.cast(key)) : key.getEncoded(), + marker); + } + + // TODO find a way to do this without using bouncycastle + static byte[] getEncoded(RSAPrivateCrtKey key) { + RSAPrivateKeyStructure keyStruct = new RSAPrivateKeyStructure(key.getModulus(), key.getPublicExponent(), key + .getPrivateExponent(), key.getPrimeP(), key.getPrimeQ(), key.getPrimeExponentP(), key + .getPrimeExponentQ(), key.getCrtCoefficient()); + + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + ASN1OutputStream aOut = new ASN1OutputStream(bOut); + + try { + aOut.writeObject(keyStruct); + aOut.close(); + } catch (IOException e) { + Throwables.propagate(e); + } + + return bOut.toByteArray(); + } + + private static String pem(byte[] key, String marker) throws IOException { + return new StringBuilder(marker + "\n").append( + Joiner.on('\n').join(Splitter.fixedLength(64).split(CryptoStreams.base64(key)))).append( + "\n" + marker.replace("BEGIN", "END") + "\n").toString().trim(); } } diff --git a/core/src/test/java/org/jclouds/crypto/PemsTest.java b/core/src/test/java/org/jclouds/crypto/PemsTest.java index 3e0934e48b..0edc803b6d 100644 --- a/core/src/test/java/org/jclouds/crypto/PemsTest.java +++ b/core/src/test/java/org/jclouds/crypto/PemsTest.java @@ -26,6 +26,7 @@ import java.security.KeyFactory; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; +import java.security.interfaces.RSAPrivateCrtKey; import java.security.spec.InvalidKeySpecException; import org.jclouds.io.Payloads; @@ -40,7 +41,7 @@ public class PemsTest { public static final String PRIVATE_KEY = "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEAyb2ZJJqGm0KKR+8nfQJNsSd+F9tXNMV7CfOcW6jsqs8EZgiV\nR09hD1IYOj4YqM0qJONlgyg4xRWewdSG7QTPj1lJpVAida9sXy2+kzyagZA1Am0O\nZcbqb5hoeIDgcX+eDa79s0u0DomjcfO9EKhvHLBz+zM+3QqPRkPV8nYTbfs+HjVz\nzOU6D1B0XR3+IPZZl2AnWs2d0qhnStHcDUvnRVQ0P482YwN9VgceOZtpPz0DCKEJ\n5Tx5STub8k0/zt/VAMHQafLSuQMLd2s4ZLuOZptN//uAsTmxireqd37z+8ZTdBbJ\n8LEpJ+iCXuSfm5aUh7iw6oxvToY2AL53+jK2UQIDAQABAoIBAQDA88B3i/xWn0vX\nBVxFamCYoecuNjGwXXkSyZew616A+EOCu47bh4aTurdFbYL0YFaAtaWvzlaN2eHg\nDb+HDuTefE29+WkcGk6SshPmiz5T0XOCAICWw6wSVDkHmGwS4jZvbAFm7W8nwGk9\nYhxgxFiRngswJZFopOLoF5WXs2td8guIYNslMpo7tu50iFnBHwKO2ZsPAk8t9nnS\nxlDavKruymEmqHCr3+dtio5eaenJcp3fjoXBQOKUk3ipII29XRB8NqeCVV/7Kxwq\nckqOBEbRwBclckyIbD+RiAgKvOelORjEiE9R42vuqvxRA6k9kd9o7utlX0AUtpEn\n3gZc6LepAoGBAP9ael5Y75+sK2JJUNOOhO8ae45cdsilp2yI0X+UBaSuQs2+dyPp\nkpEHAxd4pmmSvn/8c9TlEZhr+qYbABXVPlDncxpIuw2Ajbk7s/S4XaSKsRqpXL57\nzj/QOqLkRk8+OVV9q6lMeQNqLtEj1u6JPviX70Ro+FQtRttNOYbfdP/fAoGBAMpA\nXjR5woV5sUb+REg9vEuYo8RSyOarxqKFCIXVUNsLOx+22+AK4+CQpbueWN7jotrl\nYD6uT6svWi3AAC7kiY0UI/fjVPRCUi8tVoQUE0TaU5VLITaYOB+W/bBaDE4M9560\n1NuDWO90baA5dfU44iuzva02rGJXK9+nS3o8nk/PAoGBALOL6djnDe4mwAaG6Jco\ncd4xr8jkyPzCRZuyBCSBbwphIUXLc7hDprPky064ncJD1UDmwIdkXd/fpMkg2QmA\n/CUk6LEFjMisqHojOaCL9gQZJPhLN5QUN2x1PJWGjs1vQh8Tkx0iUUCOa8bQPXNR\n+34OTsW6TUna4CSZAycLfhffAoGBAIggVsefBCvuQkF0NeUhmDCRZfhnd8y55RHR\n1HCvqKIlpv+rhcX/zmyBLuteopYyRJRsOiE2FW00i8+rIPRu4Z3Q5nybx7w3PzV9\noHN5R5baE9OyI4KpZWztpYYitZF67NcnAvVULHHOvVJQGnKYfLHJYmrJF7GA1ojM\nAuMdFbjFAoGAPxUhxwFy8gaqBahKUEZn4F81HFP5ihGhkT4QL6AFPO2e+JhIGjuR\n27+85hcFqQ+HHVtFsm81b/a+R7P4UuCRgc8eCjxQMoJ1Xl4n7VbjPbHMnIN0Ryvd\nO4ZpWDWYnCO021JTOUUOJ4J/y0416Bvkw0z59y7sNX7wDBBHHbK/XCc=\n-----END RSA PRIVATE KEY-----\n"; - public static final String PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyb2ZJJqGm0KKR+8nfQJNsSd+F9tXNMV7CfOcW6jsqs8EZgiVR09hD1IYOj4YqM0qJONlgyg4xRWewdSG7QTPj1lJpVAida9sXy2+kzyagZA1Am0OZcbqb5hoeIDgcX+eDa79s0u0DomjcfO9EKhvHLBz+zM+3QqPRkPV8nYTbfs+HjVzzOU6D1B0XR3+IPZZl2AnWs2d0qhnStHcDUvnRVQ0P482YwN9VgceOZtpPz0DCKEJ5Tx5STub8k0/zt/VAMHQafLSuQMLd2s4ZLuOZptN//uAsTmxireqd37z+8ZTdBbJ8LEpJ+iCXuSfm5aUh7iw6oxvToY2AL53+jK2UQIDAQAB\n-----END PUBLIC KEY-----\n"; + public static final String PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyb2ZJJqGm0KKR+8nfQJN\nsSd+F9tXNMV7CfOcW6jsqs8EZgiVR09hD1IYOj4YqM0qJONlgyg4xRWewdSG7QTP\nj1lJpVAida9sXy2+kzyagZA1Am0OZcbqb5hoeIDgcX+eDa79s0u0DomjcfO9EKhv\nHLBz+zM+3QqPRkPV8nYTbfs+HjVzzOU6D1B0XR3+IPZZl2AnWs2d0qhnStHcDUvn\nRVQ0P482YwN9VgceOZtpPz0DCKEJ5Tx5STub8k0/zt/VAMHQafLSuQMLd2s4ZLuO\nZptN//uAsTmxireqd37z+8ZTdBbJ8LEpJ+iCXuSfm5aUh7iw6oxvToY2AL53+jK2\nUQIDAQAB\n-----END PUBLIC KEY-----\n"; private static final String CERTIFICATE = "-----BEGIN CERTIFICATE-----\nMIIClzCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnjELMAkGA1UEBhMCVVMx\nEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFjAUBgNVBAoM\nDU9wc2NvZGUsIEluYy4xHDAaBgNVBAsME0NlcnRpZmljYXRlIFNlcnZpY2UxMjAw\nBgNVBAMMKW9wc2NvZGUuY29tL2VtYWlsQWRkcmVzcz1hdXRoQG9wc2NvZGUuY29t\nMB4XDTEwMDczMDIwNDEzMFoXDTIwMDcyNzIwNDEzMFowADCCASIwDQYJKoZIhvcN\nAQEBBQADggEPADCCAQoCggEBAMm9mSSahptCikfvJ30CTbEnfhfbVzTFewnznFuo\n7KrPBGYIlUdPYQ9SGDo+GKjNKiTjZYMoOMUVnsHUhu0Ez49ZSaVQInWvbF8tvpM8\nmoGQNQJtDmXG6m+YaHiA4HF/ng2u/bNLtA6Jo3HzvRCobxywc/szPt0Kj0ZD1fJ2\nE237Ph41c8zlOg9QdF0d/iD2WZdgJ1rNndKoZ0rR3A1L50VUND+PNmMDfVYHHjmb\naT89AwihCeU8eUk7m/JNP87f1QDB0Gny0rkDC3drOGS7jmabTf/7gLE5sYq3qnd+\n8/vGU3QWyfCxKSfogl7kn5uWlIe4sOqMb06GNgC+d/oytlECAwEAATANBgkqhkiG\n9w0BAQUFAAOBgQBftzSZxstWw60GqRTDNN/F2GnrdtnKBoXzHww3r6jtGEylYq20\n5KfKpEx+sPX0gyZuYJiXC2CkEjImAluWKcdN9ZF6VD541sheAjbiaU7q7ZsztTxF\nWUH2tCvHeDXYKPKek3QzL7bYpUhLnCN/XxEv6ibeMDwtI7f5qpk2Aspzcw==\n-----END CERTIFICATE-----\n"; @@ -64,29 +65,26 @@ public class PemsTest { Pems.x509Certificate(Payloads.newStringPayload(CERTIFICATE), CertificateFactory.getInstance("X.509")); } - @Test(enabled = false) - // TODO figure out how to write back in the same format + @Test public void testPrivateKeySpecPem() throws IOException, InvalidKeySpecException, NoSuchAlgorithmException { - String encoded = Pems.pem(KeyFactory.getInstance("RSA").generatePrivate( - Pems.privateKeySpec(Payloads.newStringPayload(PRIVATE_KEY)))); - assertEquals(encoded, PRIVATE_KEY.replaceAll("\n", "").replaceAll("Y-----", "Y-----\n").replaceAll("-----E", - "\n-----E")); + RSAPrivateCrtKey key = (RSAPrivateCrtKey) KeyFactory.getInstance("RSA").generatePrivate( + Pems.privateKeySpec(Payloads.newStringPayload(PRIVATE_KEY))); + String encoded = Pems.pem(key); + assertEquals(encoded, PRIVATE_KEY.replaceAll("\n", "\n").trim()); } @Test - public void testPublicKeySpecPem() throws IOException, InvalidKeySpecException, NoSuchAlgorithmException { + public void testRSAPublicKeySpecPem() throws IOException, InvalidKeySpecException, NoSuchAlgorithmException { String encoded = Pems.pem(KeyFactory.getInstance("RSA").generatePublic( Pems.publicKeySpec(Payloads.newStringPayload(PUBLIC_KEY)))); - assertEquals(encoded, PUBLIC_KEY.replaceAll("\n", "").replaceAll("Y-----", "Y-----\n").replaceAll("-----E", - "\n-----E")); + assertEquals(encoded, PUBLIC_KEY.replaceAll("PUBLIC", "RSA PUBLIC").replaceAll("\n", "\n").trim()); } @Test public void testX509CertificatePem() throws IOException, CertificateException { String encoded = Pems.pem(Pems.x509Certificate(Payloads.newStringPayload(CERTIFICATE), CertificateFactory .getInstance("X.509"))); - assertEquals(encoded, CERTIFICATE.replaceAll("\n", "").replaceAll("E-----", "E-----\n").replaceAll("-----E", - "\n-----E")); + assertEquals(encoded, CERTIFICATE.replaceAll("\n", "\n").trim()); } }