Skip to content

Commit ed4b6aa

Browse files
mhalbrittermhalbritter
committed
Merge branch '3.0.x' into 3.1.x
Closes gh-37422
2 parents d653515 + 5be826d commit ed4b6aa

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

50 files changed

+532
-154
lines changed

spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/main/java/org/springframework/boot/buildpack/platform/docker/ssl/PrivateKeyParser.java

Lines changed: 20 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -21,8 +21,8 @@
2121
import java.nio.ByteBuffer;
2222
import java.nio.file.Files;
2323
import java.nio.file.Path;
24-
import java.security.GeneralSecurityException;
2524
import java.security.KeyFactory;
25+
import java.security.NoSuchAlgorithmException;
2626
import java.security.PrivateKey;
2727
import java.security.spec.InvalidKeySpecException;
2828
import java.security.spec.PKCS8EncodedKeySpec;
@@ -47,26 +47,28 @@
4747
*/
4848
final class PrivateKeyParser {
4949

50-
private static final String PKCS1_HEADER = "-+BEGIN\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
50+
private static final String PKCS1_RSA_HEADER = "-+BEGIN\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
5151

52-
private static final String PKCS1_FOOTER = "-+END\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+";
52+
private static final String PKCS1_RSA_FOOTER = "-+END\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+";
5353

5454
private static final String PKCS8_HEADER = "-+BEGIN\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
5555

5656
private static final String PKCS8_FOOTER = "-+END\\s+PRIVATE\\s+KEY[^-]*-+";
5757

58-
private static final String EC_HEADER = "-+BEGIN\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
58+
private static final String SEC1_EC_HEADER = "-+BEGIN\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
5959

60-
private static final String EC_FOOTER = "-+END\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+";
60+
private static final String SEC1_EC_FOOTER = "-+END\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+";
6161

6262
private static final String BASE64_TEXT = "([a-z0-9+/=\\r\\n]+)";
6363

6464
private static final List<PemParser> PEM_PARSERS;
6565
static {
6666
List<PemParser> parsers = new ArrayList<>();
67-
parsers.add(new PemParser(PKCS1_HEADER, PKCS1_FOOTER, PrivateKeyParser::createKeySpecForPkcs1, "RSA"));
68-
parsers.add(new PemParser(EC_HEADER, EC_FOOTER, PrivateKeyParser::createKeySpecForEc, "EC"));
69-
parsers.add(new PemParser(PKCS8_HEADER, PKCS8_FOOTER, PKCS8EncodedKeySpec::new, "RSA", "EC", "DSA", "Ed25519"));
67+
parsers
68+
.add(new PemParser(PKCS1_RSA_HEADER, PKCS1_RSA_FOOTER, PrivateKeyParser::createKeySpecForPkcs1Rsa, "RSA"));
69+
parsers.add(new PemParser(SEC1_EC_HEADER, SEC1_EC_FOOTER, PrivateKeyParser::createKeySpecForSec1Ec, "EC"));
70+
parsers.add(new PemParser(PKCS8_HEADER, PKCS8_FOOTER, PKCS8EncodedKeySpec::new, "RSA", "RSASSA-PSS", "EC",
71+
"DSA", "EdDSA", "XDH"));
7072
PEM_PARSERS = Collections.unmodifiableList(parsers);
7173
}
7274

@@ -88,11 +90,11 @@ final class PrivateKeyParser {
8890
private PrivateKeyParser() {
8991
}
9092

91-
private static PKCS8EncodedKeySpec createKeySpecForPkcs1(byte[] bytes) {
93+
private static PKCS8EncodedKeySpec createKeySpecForPkcs1Rsa(byte[] bytes) {
9294
return createKeySpecForAlgorithm(bytes, RSA_ALGORITHM, null);
9395
}
9496

95-
private static PKCS8EncodedKeySpec createKeySpecForEc(byte[] bytes) {
97+
private static PKCS8EncodedKeySpec createKeySpecForSec1Ec(byte[] bytes) {
9698
DerElement ecPrivateKey = DerElement.of(bytes);
9799
Assert.state(ecPrivateKey.isType(ValueType.ENCODED, TagType.SEQUENCE),
98100
"Key spec should be an ASN.1 encoded sequence");
@@ -194,21 +196,16 @@ private static byte[] decodeBase64(String content) {
194196
}
195197

196198
private PrivateKey parse(byte[] bytes) {
197-
try {
198-
PKCS8EncodedKeySpec keySpec = this.keySpecFactory.apply(bytes);
199-
for (String algorithm : this.algorithms) {
199+
PKCS8EncodedKeySpec keySpec = this.keySpecFactory.apply(bytes);
200+
for (String algorithm : this.algorithms) {
201+
try {
200202
KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
201-
try {
202-
return keyFactory.generatePrivate(keySpec);
203-
}
204-
catch (InvalidKeySpecException ex) {
205-
}
203+
return keyFactory.generatePrivate(keySpec);
204+
}
205+
catch (InvalidKeySpecException | NoSuchAlgorithmException ex) {
206206
}
207-
return null;
208-
}
209-
catch (GeneralSecurityException ex) {
210-
throw new IllegalArgumentException("Unexpected key format", ex);
211207
}
208+
return null;
212209
}
213210

214211
}
@@ -296,7 +293,7 @@ static final class DerElement {
296293

297294
private final long tagType;
298295

299-
private ByteBuffer contents;
296+
private final ByteBuffer contents;
300297

301298
private DerElement(ByteBuffer bytes) {
302299
byte b = bytes.get();

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/ssl/pem/PemPrivateKeyParser.java

Lines changed: 21 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
import java.security.AlgorithmParameters;
2323
import java.security.GeneralSecurityException;
2424
import java.security.KeyFactory;
25+
import java.security.NoSuchAlgorithmException;
2526
import java.security.PrivateKey;
2627
import java.security.spec.InvalidKeySpecException;
2728
import java.security.spec.PKCS8EncodedKeySpec;
@@ -52,9 +53,9 @@
5253
*/
5354
final class PemPrivateKeyParser {
5455

55-
private static final String PKCS1_HEADER = "-+BEGIN\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
56+
private static final String PKCS1_RSA_HEADER = "-+BEGIN\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
5657

57-
private static final String PKCS1_FOOTER = "-+END\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+";
58+
private static final String PKCS1_RSA_FOOTER = "-+END\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+";
5859

5960
private static final String PKCS8_HEADER = "-+BEGIN\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
6061

@@ -64,9 +65,9 @@ final class PemPrivateKeyParser {
6465

6566
private static final String PKCS8_ENCRYPTED_FOOTER = "-+END\\s+ENCRYPTED\\s+PRIVATE\\s+KEY[^-]*-+";
6667

67-
private static final String EC_HEADER = "-+BEGIN\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
68+
private static final String SEC1_EC_HEADER = "-+BEGIN\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
6869

69-
private static final String EC_FOOTER = "-+END\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+";
70+
private static final String SEC1_EC_FOOTER = "-+END\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+";
7071

7172
private static final String BASE64_TEXT = "([a-z0-9+/=\\r\\n]+)";
7273

@@ -75,12 +76,13 @@ final class PemPrivateKeyParser {
7576
private static final List<PemParser> PEM_PARSERS;
7677
static {
7778
List<PemParser> parsers = new ArrayList<>();
78-
parsers.add(new PemParser(PKCS1_HEADER, PKCS1_FOOTER, PemPrivateKeyParser::createKeySpecForPkcs1, "RSA"));
79-
parsers.add(new PemParser(EC_HEADER, EC_FOOTER, PemPrivateKeyParser::createKeySpecForEc, "EC"));
80-
parsers.add(new PemParser(PKCS8_HEADER, PKCS8_FOOTER, PemPrivateKeyParser::createKeySpecForPkcs8, "RSA", "EC",
81-
"DSA", "Ed25519"));
79+
parsers.add(new PemParser(PKCS1_RSA_HEADER, PKCS1_RSA_FOOTER, PemPrivateKeyParser::createKeySpecForPkcs1Rsa,
80+
"RSA"));
81+
parsers.add(new PemParser(SEC1_EC_HEADER, SEC1_EC_FOOTER, PemPrivateKeyParser::createKeySpecForSec1Ec, "EC"));
82+
parsers.add(new PemParser(PKCS8_HEADER, PKCS8_FOOTER, PemPrivateKeyParser::createKeySpecForPkcs8, "RSA",
83+
"RSASSA-PSS", "EC", "DSA", "EdDSA", "XDH"));
8284
parsers.add(new PemParser(PKCS8_ENCRYPTED_HEADER, PKCS8_ENCRYPTED_FOOTER,
83-
PemPrivateKeyParser::createKeySpecForPkcs8Encrypted, "RSA", "EC", "DSA", "Ed25519"));
85+
PemPrivateKeyParser::createKeySpecForPkcs8Encrypted, "RSA", "RSASSA-PSS", "EC", "DSA", "EdDSA", "XDH"));
8486
PEM_PARSERS = Collections.unmodifiableList(parsers);
8587
}
8688

@@ -102,11 +104,11 @@ final class PemPrivateKeyParser {
102104
private PemPrivateKeyParser() {
103105
}
104106

105-
private static PKCS8EncodedKeySpec createKeySpecForPkcs1(byte[] bytes, String password) {
107+
private static PKCS8EncodedKeySpec createKeySpecForPkcs1Rsa(byte[] bytes, String password) {
106108
return createKeySpecForAlgorithm(bytes, RSA_ALGORITHM, null);
107109
}
108110

109-
private static PKCS8EncodedKeySpec createKeySpecForEc(byte[] bytes, String password) {
111+
private static PKCS8EncodedKeySpec createKeySpecForSec1Ec(byte[] bytes, String password) {
110112
DerElement ecPrivateKey = DerElement.of(bytes);
111113
Assert.state(ecPrivateKey.isType(ValueType.ENCODED, TagType.SEQUENCE),
112114
"Key spec should be an ASN.1 encoded sequence");
@@ -228,21 +230,16 @@ private static byte[] decodeBase64(String content) {
228230
}
229231

230232
private PrivateKey parse(byte[] bytes, String password) {
231-
try {
232-
PKCS8EncodedKeySpec keySpec = this.keySpecFactory.apply(bytes, password);
233-
for (String algorithm : this.algorithms) {
233+
PKCS8EncodedKeySpec keySpec = this.keySpecFactory.apply(bytes, password);
234+
for (String algorithm : this.algorithms) {
235+
try {
234236
KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
235-
try {
236-
return keyFactory.generatePrivate(keySpec);
237-
}
238-
catch (InvalidKeySpecException ex) {
239-
}
237+
return keyFactory.generatePrivate(keySpec);
238+
}
239+
catch (InvalidKeySpecException | NoSuchAlgorithmException ex) {
240240
}
241-
return null;
242-
}
243-
catch (GeneralSecurityException ex) {
244-
throw new IllegalArgumentException("Unexpected key format", ex);
245241
}
242+
return null;
246243
}
247244

248245
}
@@ -330,7 +327,7 @@ static final class DerElement {
330327

331328
private final long tagType;
332329

333-
private ByteBuffer contents;
330+
private final ByteBuffer contents;
334331

335332
private DerElement(ByteBuffer bytes) {
336333
byte b = bytes.get();

0 commit comments

Comments
 (0)