adding utilities functions for reading/loading private key

Author: yue9944882

util/src/main/java/io/kubernetes/client/util/SSLUtils.java

@@ -12,13 +12,7 @@
 */
 package io.kubernetes.client.util;
 
-import java.io.BufferedReader;
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
+import java.io.*;
 import java.math.BigInteger;
 import java.security.KeyFactory;
 import java.security.KeyStore;
@@ -38,7 +32,9 @@
 import org.apache.commons.codec.binary.Base64;
 import org.bouncycastle.openssl.PEMKeyPair;
 import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
 import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
+import org.bouncycastle.util.io.pem.PemWriter;
 
 public class SSLUtils {
   static {
@@ -91,7 +87,38 @@ public static KeyStore createKeyStore(
     }
   }
 
-  private static PrivateKey loadKey(InputStream keyInputStream, String clientKeyAlgo)
+  public static byte[] dumpKey(PrivateKey privateKey) throws IOException {
+    StringWriter writer = new StringWriter();
+    PemWriter pemWriter = new PemWriter(writer);
+    pemWriter.writeObject(new JcaMiscPEMGenerator(privateKey));
+    pemWriter.flush();
+    return writer.toString().getBytes();
+  }
+
+  public static String recognizePrivateKeyAlgo(byte[] privateKeyBytes) {
+    String dataString = new String(privateKeyBytes);
+    String algo = ""; // PKCS#8
+    if (dataString.contains("BEGIN EC PRIVATE KEY")) {
+      algo = "EC"; // PKCS#1 - EC
+    }
+    if (dataString.contains("BEGIN RSA PRIVATE KEY")) {
+      algo = "RSA"; // PKCS#1 - RSA
+    }
+    return algo;
+  }
+
+  public static PrivateKey loadKey(byte[] privateKeyBytes)
+      throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
+    return loadKey(
+        new ByteArrayInputStream(privateKeyBytes), recognizePrivateKeyAlgo(privateKeyBytes));
+  }
+
+  public static PrivateKey loadKey(byte[] pemPrivateKeyBytes, String algo)
+      throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
+    return loadKey(new ByteArrayInputStream(pemPrivateKeyBytes), algo);
+  }
+
+  public static PrivateKey loadKey(InputStream keyInputStream, String clientKeyAlgo)
       throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
 
     // Try PKCS7 / EC

util/src/main/java/io/kubernetes/client/util/credentials/ClientCertificateAuthentication.java

@@ -37,14 +37,7 @@ public ClientCertificateAuthentication(final byte[] certificate, final byte[] ke
 
   @Override
   public void provide(ApiClient client) {
-    String dataString = new String(key);
-    String algo = "";
-    if (dataString.indexOf("BEGIN EC PRIVATE KEY") != -1) {
-      algo = "EC";
-    }
-    if (dataString.indexOf("BEGIN RSA PRIVATE KEY") != -1) {
-      algo = "RSA";
-    }
+    String algo = SSLUtils.recognizePrivateKeyAlgo(key);
     try {
       final KeyManager[] keyManagers = SSLUtils.keyManagers(certificate, key, algo, "", null, null);
       client.setKeyManagers(keyManagers);

util/src/test/java/io/kubernetes/client/util/SSLUtilsTest.java

@@ -0,0 +1,58 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package io.kubernetes.client.util;
+
+import com.google.common.io.Resources;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.spec.InvalidKeySpecException;
+import junit.framework.TestCase;
+
+public class SSLUtilsTest extends TestCase {
+
+  private static final String CLIENT_KEY_PATH = Resources.getResource("clientauth.key").getPath();
+  private static final String CLIENT_KEY_RSA_PATH =
+      Resources.getResource("clientauth-rsa.key").getPath();
+  private static final String CLIENT_KEY_EC_PATH =
+      Resources.getResource("clientauth-ec.key").getPath();
+
+  public void testPKCS8KeyLoadDump()
+      throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
+    byte[] loaded = Files.readAllBytes(Paths.get(CLIENT_KEY_PATH));
+    PrivateKey privateKey = SSLUtils.loadKey(loaded);
+    byte[] dumped = SSLUtils.dumpKey(privateKey);
+    PrivateKey reloaded = SSLUtils.loadKey(dumped);
+    assertEquals(privateKey, reloaded);
+  }
+
+  public void testPKCS1RSAKeyLoadDump()
+      throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
+    byte[] loaded = Files.readAllBytes(Paths.get(CLIENT_KEY_RSA_PATH));
+    PrivateKey privateKey = SSLUtils.loadKey(loaded);
+    byte[] dumped = SSLUtils.dumpKey(privateKey);
+    PrivateKey reloaded = SSLUtils.loadKey(dumped);
+    assertEquals(privateKey, reloaded);
+  }
+
+  public void testPKCS1ECKeyLoadDump()
+      throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
+    byte[] loaded = Files.readAllBytes(Paths.get(CLIENT_KEY_EC_PATH));
+    PrivateKey privateKey = SSLUtils.loadKey(loaded);
+    byte[] dumped = SSLUtils.dumpKey(privateKey);
+    PrivateKey reloaded = SSLUtils.loadKey(dumped);
+    assertEquals(privateKey, reloaded);
+  }
+}

util/src/test/resources/clientauth-ec.key

@@ -2,4 +2,4 @@
 MHcCAQEEIAPhomYs9rdnNgEtr2FIB1rBDYnuKqV4QVAYBX4yRqAEoAoGCCqGSM49
 AwEHoUQDQgAEUHBg7OvKkSprAljQcCcpXFns/pMNDkQJZuooj97A0063ipBrZzbd
 xTcuVcBjFNJC/Tn2keNSQP+m9QbQmQfmMw==
------END EC PRIVATE KEY-----
+-----END EC PRIVATE KEY-----