[refactor] PKey read-er methods and return types

kares · kares · commit 382a829d4cb5 · 2024-04-04T08:00:49.000+02:00
diff --git a/src/main/java/org/jruby/ext/openssl/PKey.java b/src/main/java/org/jruby/ext/openssl/PKey.java
@@ -431,12 +431,12 @@ protected static boolean ttySTDIN(final ThreadContext context) {
         catch (RaiseException ex) { return false; }
     }
 
-    static Object readPrivateKey(final String str, final char[] passwd)
+    static KeyPair readPrivateKey(final String str, final char[] passwd)
         throws PEMInputOutput.PasswordRequiredException, IOException {
         return PEMInputOutput.readPrivateKey(new StringReader(str), passwd);
     }
 
-    static Object readPrivateKey(final RubyString str, final char[] passwd)
+    static KeyPair readPrivateKey(final RubyString str, final char[] passwd)
         throws PEMInputOutput.PasswordRequiredException, IOException {
         return readPrivateKey(str.toString(), passwd);
     }
diff --git a/src/main/java/org/jruby/ext/openssl/impl/PKey.java b/src/main/java/org/jruby/ext/openssl/impl/PKey.java
@@ -88,9 +88,13 @@
 public class PKey {
 
     public static KeyPair readPrivateKey(final byte[] input, final String type)
+        throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
+        return readPrivateKey((ASN1Sequence) new ASN1InputStream(input).readObject(), type);
+    }
+
+    public static KeyPair readPrivateKey(final ASN1Sequence seq, final String type)
         throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
         KeySpec pubSpec; KeySpec privSpec;
-        ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(input).readObject();
         if ( type.equals("RSA") ) {
             ASN1Integer mod = (ASN1Integer) seq.getObjectAt(1);
             ASN1Integer pubExp = (ASN1Integer) seq.getObjectAt(2);
@@ -114,7 +118,7 @@ else if ( type.equals("DSA") ) {
             pubSpec = new DSAPublicKeySpec(y.getValue(), p.getValue(), q.getValue(), g.getValue());
         }
         else if ( type.equals("EC") ) {
-            return readECPrivateKey(input);
+            return readECPrivateKey(SecurityHelper.getKeyFactory("EC"), seq);
         }
         else {
             throw new IllegalStateException("unsupported type: " + type);
@@ -123,29 +127,6 @@ else if ( type.equals("EC") ) {
         return new KeyPair(fact.generatePublic(pubSpec), fact.generatePrivate(privSpec));
     }
 
-    // d2i_PrivateKey_bio
-    public static KeyPair readPrivateKey(byte[] input) throws IOException,
-        NoSuchAlgorithmException, InvalidKeySpecException {
-        KeyPair key = null;
-        try {
-            key = readRSAPrivateKey(input);
-        }
-        catch (NoSuchAlgorithmException e) { throw e; /* should not happen */ }
-        catch (InvalidKeySpecException e) {
-            // ignore
-        }
-        if (key == null) {
-            try {
-                key = readDSAPrivateKey(input);
-            }
-            catch (NoSuchAlgorithmException e) { throw e; /* should not happen */ }
-            catch (InvalidKeySpecException e) {
-                // ignore
-            }
-        }
-        return key;
-    }
-
     // d2i_PUBKEY_bio
     public static PublicKey readPublicKey(byte[] input) throws IOException,
         NoSuchAlgorithmException, InvalidKeySpecException {
@@ -281,22 +262,26 @@ public static KeyPair readECPrivateKey(final byte[] input)
         return readECPrivateKey(SecurityHelper.getKeyFactory("EC"), input);
     }
 
-    public static KeyPair readECPrivateKey(final KeyFactory ecFactory, final byte[] input)
+    public static KeyPair readECPrivateKey(final KeyFactory keyFactory, final byte[] input)
+        throws IOException, InvalidKeySpecException {
+        return readECPrivateKey(keyFactory, (ASN1Sequence) ASN1Primitive.fromByteArray(input));
+    }
+
+    public static KeyPair readECPrivateKey(final KeyFactory keyFactory, final ASN1Sequence input)
         throws IOException, InvalidKeySpecException {
         try {
-            org.bouncycastle.asn1.sec.ECPrivateKey pKey = org.bouncycastle.asn1.sec.ECPrivateKey.getInstance(ASN1Primitive.fromByteArray(input));
+            org.bouncycastle.asn1.sec.ECPrivateKey pKey = org.bouncycastle.asn1.sec.ECPrivateKey.getInstance(input);
             AlgorithmIdentifier   algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, pKey.getParametersObject().toASN1Primitive());
             PrivateKeyInfo        privInfo = new PrivateKeyInfo(algId, pKey.toASN1Primitive());
             SubjectPublicKeyInfo  pubInfo = new SubjectPublicKeyInfo(algId, pKey.getPublicKey().getBytes());
             PKCS8EncodedKeySpec   privSpec = new PKCS8EncodedKeySpec(privInfo.getEncoded());
             X509EncodedKeySpec    pubSpec = new X509EncodedKeySpec(pubInfo.getEncoded());
-            //KeyFactory            fact = KeyFactory.getInstance("EC", provider);
 
-            ECPrivateKey privateKey = (ECPrivateKey) ecFactory.generatePrivate(privSpec);
+            ECPrivateKey privateKey = (ECPrivateKey) keyFactory.generatePrivate(privSpec);
             if ( algId.getParameters() instanceof ASN1ObjectIdentifier ) {
                 privateKey = ECPrivateKeyWithName.wrap(privateKey, (ASN1ObjectIdentifier) algId.getParameters());
             }
-            return new KeyPair(ecFactory.generatePublic(pubSpec), privateKey);
+            return new KeyPair(keyFactory.generatePublic(pubSpec), privateKey);
         }
         catch (ClassCastException ex) {
             throw new IOException("wrong ASN.1 object found in stream", ex);
diff --git a/src/main/java/org/jruby/ext/openssl/x509store/PEMInputOutput.java b/src/main/java/org/jruby/ext/openssl/x509store/PEMInputOutput.java
@@ -1486,23 +1486,23 @@ private static CMSSignedData readPKCS7(BufferedReader in, char[] p, String endMa
 
     public static KeyFactory getKeyFactory(final AlgorithmIdentifier algId)
         throws NoSuchAlgorithmException {
+        return SecurityHelper.getKeyFactory(getPrivateKeyType(algId));
+    }
 
+    private static String getPrivateKeyType(final AlgorithmIdentifier algId) {
         final ASN1ObjectIdentifier algIdentifier = algId.getAlgorithm();
 
-        String algorithm = null;
-        if ( X9ObjectIdentifiers.id_ecPublicKey.equals(algIdentifier) ) {
-            algorithm = "EC";
+        if (X9ObjectIdentifiers.id_ecPublicKey.equals(algIdentifier)) {
+            return "EC";
         }
-        else if ( PKCSObjectIdentifiers.rsaEncryption.equals(algIdentifier) ) {
-            algorithm = "RSA";
+        if (PKCSObjectIdentifiers.rsaEncryption.equals(algIdentifier)) {
+            return "RSA";
         }
-        else if ( X9ObjectIdentifiers.id_dsa.equals(algIdentifier) ) {
-            algorithm = "DSA";
+        if (X9ObjectIdentifiers.id_dsa.equals(algIdentifier)) {
+            return "DSA";
         }
 
-        if ( algorithm == null ) algorithm = algIdentifier.getId();
-
-        return SecurityHelper.getKeyFactory(algorithm);
+        return algIdentifier.getId();
     }
 
     private static CertificateFactory getX509CertificateFactory() {

Original file line number	Diff line number	Diff line change
`@@ -431,12 +431,12 @@ protected static boolean ttySTDIN(final ThreadContext context) {`
`431`	`431`	`catch (RaiseException ex) { return false; }`
`432`	`432`	`}`
`433`	`433`
`434`		`- static Object readPrivateKey(final String str, final char[] passwd)`
	`434`	`+ static KeyPair readPrivateKey(final String str, final char[] passwd)`
`435`	`435`	`throws PEMInputOutput.PasswordRequiredException, IOException {`
`436`	`436`	`return PEMInputOutput.readPrivateKey(new StringReader(str), passwd);`
`437`	`437`	`}`
`438`	`438`
`439`		`- static Object readPrivateKey(final RubyString str, final char[] passwd)`
	`439`	`+ static KeyPair readPrivateKey(final RubyString str, final char[] passwd)`
`440`	`440`	`throws PEMInputOutput.PasswordRequiredException, IOException {`
`441`	`441`	`return readPrivateKey(str.toString(), passwd);`
`442`	`442`	`}`