Skip to content

Support for pkcs1#12670

Merged
normanmaurer merged 6 commits intonetty:4.1from
cwperks:support-for-pkcs1
Aug 10, 2022
Merged

Support for pkcs1#12670
normanmaurer merged 6 commits intonetty:4.1from
cwperks:support-for-pkcs1

Conversation

@cwperks
Copy link
Copy Markdown
Contributor

@cwperks cwperks commented Aug 5, 2022
edited
Loading

Signed-off-by: Craig Perkins cwperx@amazon.com

Motivation:

Motivated by a stale PR that was closed. This change adds support for keys in the PKCS#1 format. Currently netty only supports PKCS#8 keys.

Modification:

This change introduces a class called BouncyCastlePemReader which is only used if BouncyCastle is available on the classpath and uses BouncyCastle's PEMParser to parse the private keys. See list of supported types here.

Tests are added in SSLContextTest including tests with PKCS#8 keys (encrypted + unencrypted) to show these working with BouncyCastle.

Result:

Fixes #7323

cwperks added 3 commits August 5, 2022 12:47
@cwperks
Add support for pkcs#1
7789df0 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks
Add tests with pkcs#8 keys as well to show BouncyCastle supports both
3ae615b 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks
Add genrsa statements for both pksc8 and pkcs1
f401b11 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks cwperks mentioned this pull request Aug 5, 2022
Closed
@normanmaurer normanmaurer added this to the 4.1.80.Final milestone Aug 8, 2022
normanmaurer
normanmaurer requested changes Aug 8, 2022
View reviewed changes
peternied
peternied approved these changes Aug 8, 2022
View reviewed changes
Copy link
Copy Markdown

@peternied peternied left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with the comments about readability, but its a major improvement so other libraries/products don't have to do this themselves.

cwperks added 2 commits August 8, 2022 09:30
@cwperks
Return early is BC provider is unavailable and remove assignment in i…
03dd4a9 
…f clause

Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks
Switch from PrivilegedAction<Boolean> to PrivilegedAction<Void>
b6dd12a 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks
Copy link
Copy Markdown
Contributor Author

cwperks commented Aug 8, 2022

@normanmaurer Thank you for the review. I have addressed the code review comments and moved this block:

if (!isAvailable()) {
    if (logger.isDebugEnabled()) {
        logger.debug("Bouncy castle provider is unavailable.", unavailabilityCause());
    }
    return null;
}

into the public static PrivateKey BouncyCastlePemReader.getPrivateKey(...) methods and exit early if BC is unavailable.

normanmaurer
normanmaurer requested changes Aug 9, 2022
View reviewed changes
@cwperks
Move BouncyCastlePemReader to io.netty.handler.ssl
e8d1f30 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
@normanmaurer normanmaurer merged commit 91f8ecc into netty:4.1 Aug 10, 2022
@normanmaurer
Copy link
Copy Markdown
Member

normanmaurer commented Aug 10, 2022

@cwperks thanks a lot!

normanmaurer pushed a commit that referenced this pull request Aug 10, 2022
@cwperks @normanmaurer
Support for pkcs1 (#12670)
e168624 
Motivation:

Motivated by a stale [PR](#7451) that was closed. This change adds support for keys in the PKCS#1 format. Currently netty only supports PKCS#8 keys.

Modification:

This change introduces a class called `BouncyCastlePemReader` which is only used if BouncyCastle is available on the classpath and uses BouncyCastle's PEMParser to parse the private keys. See list of supported types [here](https://www.bouncycastle.org/docs/pkixdocs1.5on/org/bouncycastle/openssl/PEMParser.html).

Tests are added in `SSLContextTest` including tests with PKCS#8 keys (encrypted + unencrypted) to show these working with BouncyCastle.

Result:

Fixes [#7323](#7323)

Signed-off-by: Craig Perkins <cwperx@amazon.com>
@argha-c argha-c mentioned this pull request Aug 26, 2022
Closed
This was referenced Sep 6, 2022
Open
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Closed
@cwperks cwperks mentioned this pull request Oct 24, 2022
Merged
5 tasks
@peterzhuamazon peterzhuamazon mentioned this pull request Oct 25, 2022
Closed
@ejona86 ejona86 mentioned this pull request Feb 16, 2023
Closed
@cwperks cwperks mentioned this pull request Jun 16, 2023
Merged
3 tasks
@ls-bit ls-bit mentioned this pull request Feb 14, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@normanmaurer normanmaurer normanmaurer approved these changes

+1 more reviewer

@peternied peternied peternied approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

4.1.80.Final

Development

Successfully merging this pull request may close these issues.

Feature request: Support PKCS#1 keys when dealing with certificates

3 participants

@cwperks @normanmaurer @peternied