[tomcat] branch 8.5.x updated: Enhance PEMFile to load from an InputStream.

Tue, 18 Apr 2023 13:55:16 -0700 

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new 7a2f3ece0d Enhance PEMFile to load from an InputStream.
7a2f3ece0d is described below

commit 7a2f3ece0d941ee1f267b7cfeee88b86080a5583
Author: Christopher Schultz <ch...@christopherschultz.net>
AuthorDate: Tue Apr 18 16:33:41 2023 -0400

    Enhance PEMFile to load from an InputStream.
    
    Merged PR #610 from Romain Manni-Bucau.
---
 java/org/apache/tomcat/util/net/jsse/PEMFile.java | 34 +++++++++++++++--------
 webapps/docs/changelog.xml                        |  4 +++
 2 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java 
b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
index f7751c18b0..6aee8ce84c 100644
--- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
+++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
@@ -78,7 +78,6 @@ public class PEMFile {
         return result.toString();
     }
 
-    private String filename;
     private List<X509Certificate> certificates = new ArrayList<>();
     private PrivateKey privateKey;
 
@@ -100,12 +99,22 @@ public class PEMFile {
 
     public PEMFile(String filename, String password, String keyAlgorithm)
             throws IOException, GeneralSecurityException {
-        this.filename = filename;
+        this(filename, ConfigFileLoader.getInputStream(filename), password, 
keyAlgorithm);
+    }
 
+    /**
+     * @param filename the filename to mention in error messages, not used for 
anything else.
+     * @param fileStream the stream containing the pem(s).
+     * @param password password to load the pem objects.
+     * @param keyAlgorithm the algorithm to help to know how to load the 
objects (guessed if null).
+     * @throws IOException if input can't be read.
+     * @throws GeneralSecurityException if input can't be parsed/loaded.
+     */
+    public PEMFile(String filename, InputStream fileStream, String password, 
String keyAlgorithm)
+            throws IOException, GeneralSecurityException {
         List<Part> parts = new ArrayList<>();
-        try (InputStream inputStream = 
ConfigFileLoader.getInputStream(filename)) {
-            BufferedReader reader =
-                    new BufferedReader(new InputStreamReader(inputStream, 
StandardCharsets.US_ASCII));
+        try (BufferedReader reader =
+                 new BufferedReader(new InputStreamReader(fileStream, 
StandardCharsets.US_ASCII))) {
             Part part = null;
             String line;
             while ((line = reader.readLine()) != null) {
@@ -127,28 +136,29 @@ public class PEMFile {
                             part.algorithm = pieces[0];
                             part.ivHex = pieces[1];
                         }
-                    }                }
+                    }
+                }
             }
         }
 
         for (Part part : parts) {
             switch (part.type) {
                 case Part.PRIVATE_KEY:
-                    privateKey = part.toPrivateKey(null, keyAlgorithm, 
Format.PKCS8);
+                    privateKey = part.toPrivateKey(null, keyAlgorithm, 
Format.PKCS8, filename);
                     break;
                 case Part.EC_PRIVATE_KEY:
-                    privateKey = part.toPrivateKey(null, "EC", Format.RFC5915);
+                    privateKey = part.toPrivateKey(null, "EC", Format.RFC5915, 
filename);
                     break;
                 case Part.ENCRYPTED_PRIVATE_KEY:
-                    privateKey = part.toPrivateKey(password, keyAlgorithm, 
Format.PKCS8);
+                    privateKey = part.toPrivateKey(password, keyAlgorithm, 
Format.PKCS8, filename);
                     break;
                 case Part.RSA_PRIVATE_KEY:
                     if (part.algorithm == null) {
                         // If no encryption algorithm was detected, ignore any
                         // (probably default) key password provided.
-                        privateKey = part.toPrivateKey(null, keyAlgorithm, 
Format.PKCS1);
+                        privateKey = part.toPrivateKey(null, keyAlgorithm, 
Format.PKCS1, filename);
                     } else {
-                        privateKey = part.toPrivateKey(password, keyAlgorithm, 
Format.PKCS1);
+                        privateKey = part.toPrivateKey(password, keyAlgorithm, 
Format.PKCS1, filename);
                     }
                     break;
                 case Part.CERTIFICATE:
@@ -185,7 +195,7 @@ public class PEMFile {
             return (X509Certificate) factory.generateCertificate(new 
ByteArrayInputStream(decode()));
         }
 
-        public PrivateKey toPrivateKey(String password, String keyAlgorithm, 
Format format)
+        public PrivateKey toPrivateKey(String password, String keyAlgorithm, 
Format format, String filename)
                 throws GeneralSecurityException, IOException {
             KeySpec keySpec = null;
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 36b3568f01..4d4f471e22 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -276,6 +276,10 @@
       <update>
         Update Jacoco to 0.8.9. (markt)
       </update>
+      <fix>
+        Enhance PEMFile to laod from an InputStream. Patch provided by
+        Romain Manni-Bucau. (schultz)
+      </fix>
     </changelog>
   </subsection>
 </section>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to