supporting private keys other than RSA

ccutrer · ccutrer · commit ca5c69a65003 · 2026-01-14T11:21:45.000-07:00
see njh#148
diff --git a/lib/mqtt/client.rb b/lib/mqtt/client.rb
@@ -203,13 +203,13 @@ def cert=(cert)
     # Set a path to a file containing a PEM-format client private key
     def key_file=(*args)
       path, passphrase = args.flatten
-      ssl_context.key = OpenSSL::PKey::RSA.new(File.open(path), passphrase)
+      ssl_context.key = OpenSSL::PKey.read(File.binread(path), passphrase)
     end
 
     # Set to a PEM-format client private key
     def key=(*args)
       cert, passphrase = args.flatten
-      ssl_context.key = OpenSSL::PKey::RSA.new(cert, passphrase)
+      ssl_context.key = OpenSSL::PKey.read(cert, passphrase)
     end
 
     # Set a path to a file containing a PEM-format CA certificate and enable peer verification
diff --git a/spec/fixtures/ec.key b/spec/fixtures/ec.key
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIE2eyE3r4eoZCbHMYIwLCW42IKqaCkTSpw4dE4+j2TTqoAoGCCqGSM49
+AwEHoUQDQgAEoAyjMxTzzh9dEkzmXk26Vomq7HQFon/m4hDcKNAbqcrLVJI8bcQt
+yewCuHTAu3A6ymRxZnYvcNgMPyK+Oc+umA==
+-----END EC PRIVATE KEY-----
diff --git a/spec/fixtures/ec.pass.key b/spec/fixtures/ec.pass.key
@@ -0,0 +1,8 @@
+-----BEGIN EC PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,0727A85143BDD14830310915273C3879
+
+vbjVLdV7YvVWnRHUzKVZjO5YR+q4GL3LU/BAlAj/E0klH+6ytEU34tpEtBfyC5QR
+bkDd/40qO6NGh81VvvEzafGQbnBHlBRxWZ52FspFob9ry+bW8F6sGbp46Ny6vTc/
+BSOtHDN+tDG5PQx9YXSVgBwRkekX86/63Zgh3jiy6rg=
+-----END EC PRIVATE KEY-----
diff --git a/spec/mqtt/client_spec.rb b/spec/mqtt/client_spec.rb
@@ -211,10 +211,47 @@
   describe "setting an encrypted client private key, w/an incorrect passphrase" do
     let(:key_pass) { "ttqm" }
 
-    it "raises an OpenSSL::PKey::RSAError exception" do
+    it "raises an exception" do
       expect(client.ssl_context.key).to be_nil
       expect { client.key_file = [fixture_path("client.pass.key"), key_pass] }.to(
-        raise_error(OpenSSL::PKey::RSAError, /Neither PUB key nor PRIV key/)
+        raise_error(/Could not parse PKey/)
+      )
+    end
+  end
+
+  describe "setting a client private EC key file path" do
+    it "adds a certificate to the SSL context" do
+      expect(client.ssl_context.key).to be_nil
+      client.key_file = fixture_path("ec.key")
+      expect(client.ssl_context.key).to be_a(OpenSSL::PKey::EC)
+    end
+  end
+
+  describe "setting a client private EC key directly" do
+    it "adds a certificate to the SSL context" do
+      expect(client.ssl_context.key).to be_nil
+      client.key = File.read(fixture_path("ec.key"))
+      expect(client.ssl_context.key).to be_a(OpenSSL::PKey::EC)
+    end
+  end
+
+  describe "setting an encrypted client private EC key, w/the correct passphrase" do
+    let(:key_pass) { "mqtt" }
+
+    it "adds the decrypted certificate to the SSL context" do
+      expect(client.ssl_context.key).to be_nil
+      client.key_file = [fixture_path("ec.pass.key"), key_pass]
+      expect(client.ssl_context.key).to be_a(OpenSSL::PKey::EC)
+    end
+  end
+
+  describe "setting an encrypted client private EC key, w/an incorrect passphrase" do
+    let(:key_pass) { "ttqm" }
+
+    it "raises an exception" do
+      expect(client.ssl_context.key).to be_nil
+      expect { client.key_file = [fixture_path("ec.pass.key"), key_pass] }.to(
+        raise_error(/Could not parse PKey/)
       )
     end
   end
