[tomcat] 01/02: Enhance PEMFile to load from an InputStream.

Tue, 18 Apr 2023 13:39:02 -0700 

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit ffafc9c7e86035ed4fe817c9678248a82e806ff0
Author: Christopher Schultz <ch...@christopherschultz.net>
AuthorDate: Tue Apr 18 16:33:41 2023 -0400

    Enhance PEMFile to load from an InputStream.
    
    Merged PR #610 from Romain Manni-Bucau.
---
 java/org/apache/tomcat/util/net/jsse/PEMFile.java | 34 +++++++++++++++--------
 webapps/docs/changelog.xml                        |  3 ++
 2 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java 
b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
index 443a5a39d8..c374e402e6 100644
--- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
+++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
@@ -78,7 +78,6 @@ public class PEMFile {
         return result.toString();
     }
 
-    private String filename;
     private List<X509Certificate> certificates = new ArrayList<>();
     private PrivateKey privateKey;
 
@@ -100,12 +99,22 @@ public class PEMFile {
 
     public PEMFile(String filename, String password, String keyAlgorithm)
             throws IOException, GeneralSecurityException {
-        this.filename = filename;
+        this(filename, 
ConfigFileLoader.getSource().getResource(filename).getInputStream(), password, 
keyAlgorithm);
+    }
 
+    /**
+     * @param filename the filename to mention in error messages, not used for 
anything else.
+     * @param fileStream the stream containing the pem(s).
+     * @param password password to load the pem objects.
+     * @param keyAlgorithm the algorithm to help to know how to load the 
objects (guessed if null).
+     * @throws IOException if input can't be read.
+     * @throws GeneralSecurityException if input can't be parsed/loaded.
+     */
+    public PEMFile(String filename, InputStream fileStream, String password, 
String keyAlgorithm)
+            throws IOException, GeneralSecurityException {
         List<Part> parts = new ArrayList<>();
-        try (InputStream inputStream = 
ConfigFileLoader.getSource().getResource(filename).getInputStream()) {
-            BufferedReader reader =
-                    new BufferedReader(new InputStreamReader(inputStream, 
StandardCharsets.US_ASCII));
+        try (BufferedReader reader =
+                 new BufferedReader(new InputStreamReader(fileStream, 
StandardCharsets.US_ASCII))) {
             Part part = null;
             String line;
             while ((line = reader.readLine()) != null) {
@@ -127,28 +136,29 @@ public class PEMFile {
                             part.algorithm = pieces[0];
                             part.ivHex = pieces[1];
                         }
-                    }                }
+                    }
+                }
             }
         }
 
         for (Part part : parts) {
             switch (part.type) {
                 case Part.PRIVATE_KEY:
-                    privateKey = part.toPrivateKey(null, keyAlgorithm, 
Format.PKCS8);
+                    privateKey = part.toPrivateKey(null, keyAlgorithm, 
Format.PKCS8, filename);
                     break;
                 case Part.EC_PRIVATE_KEY:
-                    privateKey = part.toPrivateKey(null, "EC", Format.RFC5915);
+                    privateKey = part.toPrivateKey(null, "EC", Format.RFC5915, 
filename);
                     break;
                 case Part.ENCRYPTED_PRIVATE_KEY:
-                    privateKey = part.toPrivateKey(password, keyAlgorithm, 
Format.PKCS8);
+                    privateKey = part.toPrivateKey(password, keyAlgorithm, 
Format.PKCS8, filename);
                     break;
                 case Part.RSA_PRIVATE_KEY:
                     if (part.algorithm == null) {
                         // If no encryption algorithm was detected, ignore any
                         // (probably default) key password provided.
-                        privateKey = part.toPrivateKey(null, keyAlgorithm, 
Format.PKCS1);
+                        privateKey = part.toPrivateKey(null, keyAlgorithm, 
Format.PKCS1, filename);
                     } else {
-                        privateKey = part.toPrivateKey(password, keyAlgorithm, 
Format.PKCS1);
+                        privateKey = part.toPrivateKey(password, keyAlgorithm, 
Format.PKCS1, filename);
                     }
                     break;
                 case Part.CERTIFICATE:
@@ -185,7 +195,7 @@ public class PEMFile {
             return (X509Certificate) factory.generateCertificate(new 
ByteArrayInputStream(decode()));
         }
 
-        public PrivateKey toPrivateKey(String password, String keyAlgorithm, 
Format format)
+        public PrivateKey toPrivateKey(String password, String keyAlgorithm, 
Format format, String filename)
                 throws GeneralSecurityException, IOException {
             KeySpec keySpec = null;
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c742d3d82d..cae17de709 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -309,6 +309,9 @@
       <update>
         Update Jacoco to 0.8.9. (markt)
       </update>
+      <fix>
+        Enhance PEMFile to laod from an InputStream. Patch provided by
+        Romain Manni-Bucau. (schultz)
     </changelog>
   </subsection>
 </section>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to