Skip to content

Commit 5be826d

Browse files
mhalbrittermhalbritter
committed
Merge branch '2.7.x' into 3.0.x
Closes gh-37413
2 parents fdb0992 + 408fb8a commit 5be826d

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

50 files changed

+532
-153
lines changed

spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/main/java/org/springframework/boot/buildpack/platform/docker/ssl/PrivateKeyParser.java

Lines changed: 20 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -21,8 +21,8 @@
2121
import java.nio.ByteBuffer;
2222
import java.nio.file.Files;
2323
import java.nio.file.Path;
24-
import java.security.GeneralSecurityException;
2524
import java.security.KeyFactory;
25+
import java.security.NoSuchAlgorithmException;
2626
import java.security.PrivateKey;
2727
import java.security.spec.InvalidKeySpecException;
2828
import java.security.spec.PKCS8EncodedKeySpec;
@@ -47,26 +47,28 @@
4747
*/
4848
final class PrivateKeyParser {
4949

50-
private static final String PKCS1_HEADER = "-+BEGIN\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
50+
private static final String PKCS1_RSA_HEADER = "-+BEGIN\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
5151

52-
private static final String PKCS1_FOOTER = "-+END\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+";
52+
private static final String PKCS1_RSA_FOOTER = "-+END\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+";
5353

5454
private static final String PKCS8_HEADER = "-+BEGIN\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
5555

5656
private static final String PKCS8_FOOTER = "-+END\\s+PRIVATE\\s+KEY[^-]*-+";
5757

58-
private static final String EC_HEADER = "-+BEGIN\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
58+
private static final String SEC1_EC_HEADER = "-+BEGIN\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
5959

60-
private static final String EC_FOOTER = "-+END\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+";
60+
private static final String SEC1_EC_FOOTER = "-+END\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+";
6161

6262
private static final String BASE64_TEXT = "([a-z0-9+/=\\r\\n]+)";
6363

6464
private static final List<PemParser> PEM_PARSERS;
6565
static {
6666
List<PemParser> parsers = new ArrayList<>();
67-
parsers.add(new PemParser(PKCS1_HEADER, PKCS1_FOOTER, PrivateKeyParser::createKeySpecForPkcs1, "RSA"));
68-
parsers.add(new PemParser(EC_HEADER, EC_FOOTER, PrivateKeyParser::createKeySpecForEc, "EC"));
69-
parsers.add(new PemParser(PKCS8_HEADER, PKCS8_FOOTER, PKCS8EncodedKeySpec::new, "RSA", "EC", "DSA", "Ed25519"));
67+
parsers
68+
.add(new PemParser(PKCS1_RSA_HEADER, PKCS1_RSA_FOOTER, PrivateKeyParser::createKeySpecForPkcs1Rsa, "RSA"));
69+
parsers.add(new PemParser(SEC1_EC_HEADER, SEC1_EC_FOOTER, PrivateKeyParser::createKeySpecForSec1Ec, "EC"));
70+
parsers.add(new PemParser(PKCS8_HEADER, PKCS8_FOOTER, PKCS8EncodedKeySpec::new, "RSA", "RSASSA-PSS", "EC",
71+
"DSA", "EdDSA", "XDH"));
7072
PEM_PARSERS = Collections.unmodifiableList(parsers);
7173
}
7274

@@ -88,11 +90,11 @@ final class PrivateKeyParser {
8890
private PrivateKeyParser() {
8991
}
9092

91-
private static PKCS8EncodedKeySpec createKeySpecForPkcs1(byte[] bytes) {
93+
private static PKCS8EncodedKeySpec createKeySpecForPkcs1Rsa(byte[] bytes) {
9294
return createKeySpecForAlgorithm(bytes, RSA_ALGORITHM, null);
9395
}
9496

95-
private static PKCS8EncodedKeySpec createKeySpecForEc(byte[] bytes) {
97+
private static PKCS8EncodedKeySpec createKeySpecForSec1Ec(byte[] bytes) {
9698
DerElement ecPrivateKey = DerElement.of(bytes);
9799
Assert.state(ecPrivateKey.isType(ValueType.ENCODED, TagType.SEQUENCE),
98100
"Key spec should be an ASN.1 encoded sequence");
@@ -194,21 +196,16 @@ private static byte[] decodeBase64(String content) {
194196
}
195197

196198
private PrivateKey parse(byte[] bytes) {
197-
try {
198-
PKCS8EncodedKeySpec keySpec = this.keySpecFactory.apply(bytes);
199-
for (String algorithm : this.algorithms) {
199+
PKCS8EncodedKeySpec keySpec = this.keySpecFactory.apply(bytes);
200+
for (String algorithm : this.algorithms) {
201+
try {
200202
KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
201-
try {
202-
return keyFactory.generatePrivate(keySpec);
203-
}
204-
catch (InvalidKeySpecException ex) {
205-
}
203+
return keyFactory.generatePrivate(keySpec);
204+
}
205+
catch (InvalidKeySpecException | NoSuchAlgorithmException ex) {
206206
}
207-
return null;
208-
}
209-
catch (GeneralSecurityException ex) {
210-
throw new IllegalArgumentException("Unexpected key format", ex);
211207
}
208+
return null;
212209
}
213210

214211
}
@@ -296,7 +293,7 @@ static final class DerElement {
296293

297294
private final long tagType;
298295

299-
private ByteBuffer contents;
296+
private final ByteBuffer contents;
300297

301298
private DerElement(ByteBuffer bytes) {
302299
byte b = bytes.get();

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/server/PrivateKeyParser.java

Lines changed: 20 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -22,8 +22,8 @@
2222
import java.io.Reader;
2323
import java.net.URL;
2424
import java.nio.ByteBuffer;
25-
import java.security.GeneralSecurityException;
2625
import java.security.KeyFactory;
26+
import java.security.NoSuchAlgorithmException;
2727
import java.security.PrivateKey;
2828
import java.security.spec.InvalidKeySpecException;
2929
import java.security.spec.PKCS8EncodedKeySpec;
@@ -50,27 +50,29 @@
5050
*/
5151
final class PrivateKeyParser {
5252

53-
private static final String PKCS1_HEADER = "-+BEGIN\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
53+
private static final String PKCS1_RSA_HEADER = "-+BEGIN\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
5454

55-
private static final String PKCS1_FOOTER = "-+END\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+";
55+
private static final String PKCS1_RSA_FOOTER = "-+END\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+";
5656

5757
private static final String PKCS8_HEADER = "-+BEGIN\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
5858

5959
private static final String PKCS8_FOOTER = "-+END\\s+PRIVATE\\s+KEY[^-]*-+";
6060

61-
private static final String EC_HEADER = "-+BEGIN\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
61+
private static final String SEC1_EC_HEADER = "-+BEGIN\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
6262

63-
private static final String EC_FOOTER = "-+END\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+";
63+
private static final String SEC1_EC_FOOTER = "-+END\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+";
6464

6565
private static final String BASE64_TEXT = "([a-z0-9+/=\\r\\n]+)";
6666

6767
private static final List<PemParser> PEM_PARSERS;
6868

6969
static {
7070
List<PemParser> parsers = new ArrayList<>();
71-
parsers.add(new PemParser(PKCS1_HEADER, PKCS1_FOOTER, PrivateKeyParser::createKeySpecForPkcs1, "RSA"));
72-
parsers.add(new PemParser(EC_HEADER, EC_FOOTER, PrivateKeyParser::createKeySpecForEc, "EC"));
73-
parsers.add(new PemParser(PKCS8_HEADER, PKCS8_FOOTER, PKCS8EncodedKeySpec::new, "RSA", "EC", "DSA", "Ed25519"));
71+
parsers
72+
.add(new PemParser(PKCS1_RSA_HEADER, PKCS1_RSA_FOOTER, PrivateKeyParser::createKeySpecForPkcs1Rsa, "RSA"));
73+
parsers.add(new PemParser(SEC1_EC_HEADER, SEC1_EC_FOOTER, PrivateKeyParser::createKeySpecForSec1Ec, "EC"));
74+
parsers.add(new PemParser(PKCS8_HEADER, PKCS8_FOOTER, PKCS8EncodedKeySpec::new, "RSA", "RSASSA-PSS", "EC",
75+
"DSA", "EdDSA", "XDH"));
7476
PEM_PARSERS = Collections.unmodifiableList(parsers);
7577
}
7678

@@ -92,11 +94,11 @@ final class PrivateKeyParser {
9294
private PrivateKeyParser() {
9395
}
9496

95-
private static PKCS8EncodedKeySpec createKeySpecForPkcs1(byte[] bytes) {
97+
private static PKCS8EncodedKeySpec createKeySpecForPkcs1Rsa(byte[] bytes) {
9698
return createKeySpecForAlgorithm(bytes, RSA_ALGORITHM, null);
9799
}
98100

99-
private static PKCS8EncodedKeySpec createKeySpecForEc(byte[] bytes) {
101+
private static PKCS8EncodedKeySpec createKeySpecForSec1Ec(byte[] bytes) {
100102
DerElement ecPrivateKey = DerElement.of(bytes);
101103
Assert.state(ecPrivateKey.isType(ValueType.ENCODED, TagType.SEQUENCE),
102104
"Key spec should be an ASN.1 encoded sequence");
@@ -204,21 +206,16 @@ private static byte[] decodeBase64(String content) {
204206
}
205207

206208
private PrivateKey parse(byte[] bytes) {
207-
try {
208-
PKCS8EncodedKeySpec keySpec = this.keySpecFactory.apply(bytes);
209-
for (String algorithm : this.algorithms) {
209+
PKCS8EncodedKeySpec keySpec = this.keySpecFactory.apply(bytes);
210+
for (String algorithm : this.algorithms) {
211+
try {
210212
KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
211-
try {
212-
return keyFactory.generatePrivate(keySpec);
213-
}
214-
catch (InvalidKeySpecException ex) {
215-
}
213+
return keyFactory.generatePrivate(keySpec);
214+
}
215+
catch (InvalidKeySpecException | NoSuchAlgorithmException ex) {
216216
}
217-
return null;
218-
}
219-
catch (GeneralSecurityException ex) {
220-
throw new IllegalArgumentException("Unexpected key format", ex);
221217
}
218+
return null;
222219
}
223220

224221
}
@@ -306,7 +303,7 @@ static final class DerElement {
306303

307304
private final long tagType;
308305

309-
private ByteBuffer contents;
306+
private final ByteBuffer contents;
310307

311308
private DerElement(ByteBuffer bytes) {
312309
byte b = bytes.get();

0 commit comments

Comments
 (0)