From 62eed58afb7687faed1917cecdf1fb082e428ee3 Mon Sep 17 00:00:00 2001
From: Ludovic Orban <lorban@bitronix.be>
Date: Fri, 19 Mar 2021 08:46:05 +0100
Subject: [PATCH] improve pkcs12 -> pem convertor

Signed-off-by: Ludovic Orban <lorban@bitronix.be>
---
 .../jetty/http3/server/SSLKeyPair.java        | 44 ++++++++++---------
 1 file changed, 23 insertions(+), 21 deletions(-)

diff --git a/jetty-http3/http3-server/src/main/java/org/eclipse/jetty/http3/server/SSLKeyPair.java b/jetty-http3/http3-server/src/main/java/org/eclipse/jetty/http3/server/SSLKeyPair.java
index 3b5948d0028..73936c8f396 100644
--- a/jetty-http3/http3-server/src/main/java/org/eclipse/jetty/http3/server/SSLKeyPair.java
+++ b/jetty-http3/http3-server/src/main/java/org/eclipse/jetty/http3/server/SSLKeyPair.java
@@ -31,21 +31,22 @@ import java.util.Base64;
 
 public class SSLKeyPair
 {
-    private static final String BEGIN_KEY = "-----BEGIN PRIVATE KEY-----";
-    private static final String END_KEY = "-----END PRIVATE KEY-----";
-    private static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
-    private static final String END_CERT = "-----END CERTIFICATE-----";
-    private static final String LINE_SEPARATOR = System.getProperty("line.separator");
+    private static final byte[] BEGIN_KEY = "-----BEGIN PRIVATE KEY-----".getBytes(StandardCharsets.UTF_8);
+    private static final byte[] END_KEY = "-----END PRIVATE KEY-----".getBytes(StandardCharsets.UTF_8);
+    private static final byte[] BEGIN_CERT = "-----BEGIN CERTIFICATE-----".getBytes(StandardCharsets.UTF_8);
+    private static final byte[] END_CERT = "-----END CERTIFICATE-----".getBytes(StandardCharsets.UTF_8);
+    private static final byte[] LINE_SEPARATOR = System.getProperty("line.separator").getBytes(StandardCharsets.UTF_8);
     private static final int LINE_LENGTH = 64;
 
+    private final Base64.Encoder encoder = Base64.getMimeEncoder(LINE_LENGTH, LINE_SEPARATOR);
     private final Key key;
-    private final Certificate cert;
+    private final Certificate[] certChain;
     private final String alias;
 
-    public SSLKeyPair(Key key, Certificate cert, String alias)
+    public SSLKeyPair(Key key, Certificate[] certChain, String alias)
     {
         this.key = key;
-        this.cert = cert;
+        this.certChain = certChain;
         this.alias = alias;
     }
 
@@ -57,7 +58,7 @@ public class SSLKeyPair
             keyStore.load(fis, storePassword);
             this.alias = alias;
             this.key = keyStore.getKey(alias, keyPassword);
-            this.cert = keyStore.getCertificate(alias);
+            this.certChain = keyStore.getCertificateChain(alias);
         }
     }
 
@@ -76,30 +77,31 @@ public class SSLKeyPair
         }
         try (FileOutputStream fos = new FileOutputStream(files[1]))
         {
-            writeAsPem(fos, cert);
+            for (Certificate cert : certChain)
+                writeAsPem(fos, cert);
         }
         return files;
     }
 
     private void writeAsPem(OutputStream outputStream, Key key) throws IOException
     {
-        Base64.Encoder encoder = Base64.getMimeEncoder(LINE_LENGTH, LINE_SEPARATOR.getBytes());
         byte[] encoded = encoder.encode(key.getEncoded());
-        outputStream.write(BEGIN_KEY.getBytes(StandardCharsets.UTF_8));
-        outputStream.write(LINE_SEPARATOR.getBytes(StandardCharsets.UTF_8));
+        outputStream.write(BEGIN_KEY);
+        outputStream.write(LINE_SEPARATOR);
         outputStream.write(encoded);
-        outputStream.write(LINE_SEPARATOR.getBytes(StandardCharsets.UTF_8));
-        outputStream.write(END_KEY.getBytes(StandardCharsets.UTF_8));
+        outputStream.write(LINE_SEPARATOR);
+        outputStream.write(END_KEY);
+        outputStream.write(LINE_SEPARATOR);
     }
 
-    private static void writeAsPem(OutputStream outputStream, Certificate certificate) throws CertificateEncodingException, IOException
+    private void writeAsPem(OutputStream outputStream, Certificate certificate) throws CertificateEncodingException, IOException
     {
-        Base64.Encoder encoder = Base64.getMimeEncoder(LINE_LENGTH, LINE_SEPARATOR.getBytes());
         byte[] encoded = encoder.encode(certificate.getEncoded());
-        outputStream.write(BEGIN_CERT.getBytes(StandardCharsets.UTF_8));
-        outputStream.write(LINE_SEPARATOR.getBytes(StandardCharsets.UTF_8));
+        outputStream.write(BEGIN_CERT);
+        outputStream.write(LINE_SEPARATOR);
         outputStream.write(encoded);
-        outputStream.write(LINE_SEPARATOR.getBytes(StandardCharsets.UTF_8));
-        outputStream.write(END_CERT.getBytes(StandardCharsets.UTF_8));
+        outputStream.write(LINE_SEPARATOR);
+        outputStream.write(END_CERT);
+        outputStream.write(LINE_SEPARATOR);
     }
 }