/* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one * or more contributor license agreements. Licensed under the "Elastic License * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side * Public License v 1"; you may not use this file except in compliance with, at * your election, the "Elastic License 2.0", the "GNU Affero General Public * License v3.0 only", or the "Server Side Public License, v 1". */ package org.elasticsearch.common.ssl; import org.elasticsearch.core.CharArrays; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; import java.math.BigInteger; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; import java.security.AlgorithmParameters; import java.security.GeneralSecurityException; import java.security.KeyFactory; import java.security.KeyPairGenerator; import java.security.MessageDigest; import java.security.PrivateKey; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.interfaces.ECKey; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.DSAPrivateKeySpec; import java.security.spec.ECGenParameterSpec; import java.security.spec.ECParameterSpec; import java.security.spec.ECPrivateKeySpec; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.RSAPrivateCrtKeySpec; import java.util.ArrayList; import java.util.Arrays; import java.util.Base64; import java.util.Collection; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.function.Supplier; import javax.crypto.Cipher; import javax.crypto.EncryptedPrivateKeyInfo; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; public final class PemUtils { private static final String PKCS1_HEADER = "-----BEGIN RSA PRIVATE KEY-----"; private static final String PKCS1_FOOTER = "-----END RSA PRIVATE KEY-----"; private static final String OPENSSL_DSA_HEADER = "-----BEGIN DSA PRIVATE KEY-----"; private static final String OPENSSL_DSA_FOOTER = "-----END DSA PRIVATE KEY-----"; private static final String OPENSSL_DSA_PARAMS_HEADER = "-----BEGIN DSA PARAMETERS-----"; private static final String OPENSSL_DSA_PARAMS_FOOTER = "-----END DSA PARAMETERS-----"; private static final String PKCS8_HEADER = "-----BEGIN PRIVATE KEY-----"; private static final String PKCS8_FOOTER = "-----END PRIVATE KEY-----"; private static final String PKCS8_ENCRYPTED_HEADER = "-----BEGIN ENCRYPTED PRIVATE KEY-----"; private static final String PKCS8_ENCRYPTED_FOOTER = "-----END ENCRYPTED PRIVATE KEY-----"; private static final String OPENSSL_EC_HEADER = "-----BEGIN EC PRIVATE KEY-----"; private static final String OPENSSL_EC_FOOTER = "-----END EC PRIVATE KEY-----"; private static final String OPENSSL_EC_PARAMS_HEADER = "-----BEGIN EC PARAMETERS-----"; private static final String OPENSSL_EC_PARAMS_FOOTER = "-----END EC PARAMETERS-----"; private static final String HEADER = "-----BEGIN"; private static final String PBES2_OID = "1.2.840.113549.1.5.13"; private static final String AES_OID = "2.16.840.1.101.3.4.1"; /** * Standard Name for the * DES (Data Encryption Standard) * encryption algorithm. * This algorithm is obsolete and should not be used, however many historical versions of OpenSSL would default to using * DES (or {@link #DEPRECATED_DES_EDE_ALGORITHM DESede}) encryption, so we continue to support reading PEM files that are encrypted * using this algorithm */ private static final String DEPRECATED_DES_ALGORITHM = "DES"; /** * Standard Name for the DES encryption * algorithm in Encrypt-Decrypt-Encrypt mode (that is, Triple DES). * This algorithm is obsolete and should not be used, however many historical versions of OpenSSL would default to using * DESede (specified in PEM as {@code DES-EDE3-CBC}), so we continue to support reading PEM files that are encrypted using this * algorithm. */ private static final String DEPRECATED_DES_EDE_ALGORITHM = "DESede"; private PemUtils() { throw new IllegalStateException("Utility class should not be instantiated"); } /** * Creates a {@link PrivateKey} from the contents of a file and handles any exceptions * * @param path the path for the key file * @param passwordSupplier A password supplier for the potentially encrypted (password protected) key * @return a private key from the contents of the file */ public static PrivateKey readPrivateKey(Path path, Supplier passwordSupplier) throws IOException, GeneralSecurityException { try { final PrivateKey privateKey = PemUtils.parsePrivateKey(path, passwordSupplier); if (privateKey == null) { throw new SslConfigException("could not load ssl private key file [" + path + "]"); } return privateKey; } catch (SecurityException e) { throw SslFileUtil.accessControlFailure("PEM private key", List.of(path), e, null); } catch (IOException e) { throw SslFileUtil.ioException("PEM private key", List.of(path), e); } catch (GeneralSecurityException e) { throw SslFileUtil.securityException("PEM private key", List.of(path), e); } } /** * Creates a {@link PrivateKey} from the contents of a file. Supports PKCS#1, PKCS#8 * encoded formats of encrypted and plaintext RSA, DSA and EC(secp256r1) keys * * @param keyPath the path for the key file * @param passwordSupplier A password supplier for the potentially encrypted (password protected) key * @return a private key from the contents of the file */ static PrivateKey parsePrivateKey(Path keyPath, Supplier passwordSupplier) throws IOException, GeneralSecurityException { try (BufferedReader bReader = Files.newBufferedReader(keyPath, StandardCharsets.UTF_8)) { String line = bReader.readLine(); while (null != line && line.startsWith(HEADER) == false) { line = bReader.readLine(); } if (null == line) { throw new SslConfigException("Error parsing Private Key [" + keyPath.toAbsolutePath() + "], file is empty"); } if (PKCS8_ENCRYPTED_HEADER.equals(line.trim())) { char[] password = passwordSupplier.get(); if (password == null) { throw new SslConfigException("cannot read encrypted key [" + keyPath.toAbsolutePath() + "] without a password"); } return parsePKCS8Encrypted(bReader, password); } else if (PKCS8_HEADER.equals(line.trim())) { return parsePKCS8(bReader); } else if (PKCS1_HEADER.equals(line.trim())) { return parsePKCS1Rsa(bReader, passwordSupplier); } else if (OPENSSL_DSA_HEADER.equals(line.trim())) { return parseOpenSslDsa(bReader, passwordSupplier); } else if (OPENSSL_DSA_PARAMS_HEADER.equals(line.trim())) { return parseOpenSslDsa(removeDsaHeaders(bReader), passwordSupplier); } else if (OPENSSL_EC_HEADER.equals(line.trim())) { return parseOpenSslEC(bReader, passwordSupplier); } else if (OPENSSL_EC_PARAMS_HEADER.equals(line.trim())) { return parseOpenSslEC(removeECHeaders(bReader), passwordSupplier); } else { throw new SslConfigException( "cannot read PEM private key [" + keyPath.toAbsolutePath() + "] because the file does not contain a supported key format" ); } } } /** * Removes the EC Headers that OpenSSL adds to EC private keys as the information in them * is redundant * * @throws IOException if the EC Parameter footer is missing */ private static BufferedReader removeECHeaders(BufferedReader bReader) throws IOException { String line = bReader.readLine(); while (line != null) { if (OPENSSL_EC_PARAMS_FOOTER.equals(line.trim())) { break; } line = bReader.readLine(); } if (null == line || OPENSSL_EC_PARAMS_FOOTER.equals(line.trim()) == false) { throw new IOException("Malformed PEM file, EC Parameters footer is missing"); } // Verify that the key starts with the correct header before passing it to parseOpenSslEC if (OPENSSL_EC_HEADER.equals(bReader.readLine()) == false) { throw new IOException("Malformed PEM file, EC Key header is missing"); } return bReader; } /** * Removes the DSA Params Headers that OpenSSL adds to DSA private keys as the information in them * is redundant * * @throws IOException if the EC Parameter footer is missing */ private static BufferedReader removeDsaHeaders(BufferedReader bReader) throws IOException { String line = bReader.readLine(); while (line != null) { if (OPENSSL_DSA_PARAMS_FOOTER.equals(line.trim())) { break; } line = bReader.readLine(); } if (null == line || OPENSSL_DSA_PARAMS_FOOTER.equals(line.trim()) == false) { throw new IOException("Malformed PEM file, DSA Parameters footer is missing"); } // Verify that the key starts with the correct header before passing it to parseOpenSslDsa if (OPENSSL_DSA_HEADER.equals(bReader.readLine()) == false) { throw new IOException("Malformed PEM file, DSA Key header is missing"); } return bReader; } /** * Creates a {@link PrivateKey} from the contents of {@code bReader} that contains an plaintext private key encoded in * PKCS#8 * * @param bReader the {@link BufferedReader} containing the key file contents * @return {@link PrivateKey} * @throws IOException if the file can't be read * @throws GeneralSecurityException if the private key can't be generated from the {@link PKCS8EncodedKeySpec} */ private static PrivateKey parsePKCS8(BufferedReader bReader) throws IOException, GeneralSecurityException { StringBuilder sb = new StringBuilder(); String line = bReader.readLine(); while (line != null) { if (PKCS8_FOOTER.equals(line.trim())) { break; } sb.append(line.trim()); line = bReader.readLine(); } if (null == line || PKCS8_FOOTER.equals(line.trim()) == false) { throw new IOException("Malformed PEM file, PEM footer is invalid or missing"); } return parsePKCS8PemString(sb.toString()); } /** * Creates a {@link PrivateKey} from a String that contains the PEM encoded representation of a plaintext private key encoded in PKCS8 * @param pemString the PEM encoded representation of a plaintext private key encoded in PKCS8 * @return {@link PrivateKey} * @throws IOException if the algorithm identifier can not be parsed from DER * @throws GeneralSecurityException if the private key can't be generated from the {@link PKCS8EncodedKeySpec} */ public static PrivateKey parsePKCS8PemString(String pemString) throws IOException, GeneralSecurityException { byte[] keyBytes = Base64.getDecoder().decode(pemString); String keyAlgo = getKeyAlgorithmIdentifier(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(keyAlgo); return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(keyBytes)); } /** * Creates a {@link PrivateKey} from the contents of {@code bReader} that contains an EC private key encoded in * OpenSSL traditional format. * * @param bReader the {@link BufferedReader} containing the key file contents * @param passwordSupplier A password supplier for the potentially encrypted (password protected) key * @return {@link PrivateKey} * @throws IOException if the file can't be read * @throws GeneralSecurityException if the private key can't be generated from the {@link ECPrivateKeySpec} */ private static PrivateKey parseOpenSslEC(BufferedReader bReader, Supplier passwordSupplier) throws IOException, GeneralSecurityException { StringBuilder sb = new StringBuilder(); String line = bReader.readLine(); Map pemHeaders = new HashMap<>(); while (line != null) { if (OPENSSL_EC_FOOTER.equals(line.trim())) { break; } // Parse PEM headers according to https://www.ietf.org/rfc/rfc1421.txt if (line.contains(":")) { String[] header = line.split(":"); pemHeaders.put(header[0].trim(), header[1].trim()); } else { sb.append(line.trim()); } line = bReader.readLine(); } if (null == line || OPENSSL_EC_FOOTER.equals(line.trim()) == false) { throw new IOException("Malformed PEM file, PEM footer is invalid or missing"); } byte[] keyBytes = possiblyDecryptPKCS1Key(pemHeaders, sb.toString(), passwordSupplier); KeyFactory keyFactory = KeyFactory.getInstance("EC"); ECPrivateKeySpec ecSpec = parseEcDer(keyBytes); return keyFactory.generatePrivate(ecSpec); } /** * Creates a {@link PrivateKey} from the contents of {@code bReader} that contains an RSA private key encoded in * OpenSSL traditional format. * * @param bReader the {@link BufferedReader} containing the key file contents * @param passwordSupplier A password supplier for the potentially encrypted (password protected) key * @return {@link PrivateKey} * @throws IOException if the file can't be read * @throws GeneralSecurityException if the private key can't be generated from the {@link RSAPrivateCrtKeySpec} */ private static PrivateKey parsePKCS1Rsa(BufferedReader bReader, Supplier passwordSupplier) throws IOException, GeneralSecurityException { StringBuilder sb = new StringBuilder(); String line = bReader.readLine(); Map pemHeaders = new HashMap<>(); while (line != null) { if (PKCS1_FOOTER.equals(line.trim())) { // Unencrypted break; } // Parse PEM headers according to https://www.ietf.org/rfc/rfc1421.txt if (line.contains(":")) { String[] header = line.split(":"); pemHeaders.put(header[0].trim(), header[1].trim()); } else { sb.append(line.trim()); } line = bReader.readLine(); } if (null == line || PKCS1_FOOTER.equals(line.trim()) == false) { throw new IOException("Malformed PEM file, PEM footer is invalid or missing"); } byte[] keyBytes = possiblyDecryptPKCS1Key(pemHeaders, sb.toString(), passwordSupplier); RSAPrivateCrtKeySpec spec = parseRsaDer(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); return keyFactory.generatePrivate(spec); } /** * Creates a {@link PrivateKey} from the contents of {@code bReader} that contains an DSA private key encoded in * OpenSSL traditional format. * * @param bReader the {@link BufferedReader} containing the key file contents * @param passwordSupplier A password supplier for the potentially encrypted (password protected) key * @return {@link PrivateKey} * @throws IOException if the file can't be read * @throws GeneralSecurityException if the private key can't be generated from the {@link DSAPrivateKeySpec} */ private static PrivateKey parseOpenSslDsa(BufferedReader bReader, Supplier passwordSupplier) throws IOException, GeneralSecurityException { StringBuilder sb = new StringBuilder(); String line = bReader.readLine(); Map pemHeaders = new HashMap<>(); while (line != null) { if (OPENSSL_DSA_FOOTER.equals(line.trim())) { // Unencrypted break; } // Parse PEM headers according to https://www.ietf.org/rfc/rfc1421.txt if (line.contains(":")) { String[] header = line.split(":"); pemHeaders.put(header[0].trim(), header[1].trim()); } else { sb.append(line.trim()); } line = bReader.readLine(); } if (null == line || OPENSSL_DSA_FOOTER.equals(line.trim()) == false) { throw new IOException("Malformed PEM file, PEM footer is invalid or missing"); } byte[] keyBytes = possiblyDecryptPKCS1Key(pemHeaders, sb.toString(), passwordSupplier); DSAPrivateKeySpec spec = parseDsaDer(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance("DSA"); return keyFactory.generatePrivate(spec); } /** * Creates a {@link PrivateKey} from the contents of {@code bReader} that contains an encrypted private key encoded in * PKCS#8 * * @param bReader the {@link BufferedReader} containing the key file contents * @param keyPassword The password for the encrypted (password protected) key * @return {@link PrivateKey} * @throws IOException if the file can't be read * @throws GeneralSecurityException if the private key can't be generated from the {@link PKCS8EncodedKeySpec} */ private static PrivateKey parsePKCS8Encrypted(BufferedReader bReader, char[] keyPassword) throws IOException, GeneralSecurityException { StringBuilder sb = new StringBuilder(); String line = bReader.readLine(); while (line != null) { if (PKCS8_ENCRYPTED_FOOTER.equals(line.trim())) { break; } sb.append(line.trim()); line = bReader.readLine(); } if (null == line || PKCS8_ENCRYPTED_FOOTER.equals(line.trim()) == false) { throw new IOException("Malformed PEM file, PEM footer is invalid or missing"); } byte[] keyBytes = Base64.getDecoder().decode(sb.toString()); final EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = getEncryptedPrivateKeyInfo(keyBytes); String algorithm = encryptedPrivateKeyInfo.getAlgName(); if (algorithm.equals("PBES2") || algorithm.equals("1.2.840.113549.1.5.13")) { algorithm = getPBES2Algorithm(encryptedPrivateKeyInfo); } SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(algorithm); SecretKey secretKey = secretKeyFactory.generateSecret(new PBEKeySpec(keyPassword)); Cipher cipher = Cipher.getInstance(algorithm); cipher.init(Cipher.DECRYPT_MODE, secretKey, encryptedPrivateKeyInfo.getAlgParameters()); PKCS8EncodedKeySpec keySpec = encryptedPrivateKeyInfo.getKeySpec(cipher); String keyAlgo = getKeyAlgorithmIdentifier(keySpec.getEncoded()); KeyFactory keyFactory = KeyFactory.getInstance(keyAlgo); return keyFactory.generatePrivate(keySpec); } private static EncryptedPrivateKeyInfo getEncryptedPrivateKeyInfo(byte[] keyBytes) throws IOException, GeneralSecurityException { try { return new EncryptedPrivateKeyInfo(keyBytes); } catch (IOException e) { // The Sun JCE provider can't handle non-AES PBES2 data (but it can handle PBES1 DES data - go figure) // It's not worth our effort to try and decrypt it ourselves, but we can detect it and give a good error message DerParser parser = new DerParser(keyBytes); final DerParser.Asn1Object rootSeq = parser.readAsn1Object(DerParser.Type.SEQUENCE); parser = rootSeq.getParser(); final DerParser.Asn1Object algSeq = parser.readAsn1Object(DerParser.Type.SEQUENCE); parser = algSeq.getParser(); final String algId = parser.readAsn1Object(DerParser.Type.OBJECT_OID).getOid(); if (PBES2_OID.equals(algId)) { final DerParser.Asn1Object algData = parser.readAsn1Object(DerParser.Type.SEQUENCE); parser = algData.getParser(); final DerParser.Asn1Object ignoreKdf = parser.readAsn1Object(DerParser.Type.SEQUENCE); final DerParser.Asn1Object cryptSeq = parser.readAsn1Object(DerParser.Type.SEQUENCE); parser = cryptSeq.getParser(); final String encryptionId = parser.readAsn1Object(DerParser.Type.OBJECT_OID).getOid(); if (encryptionId.startsWith(AES_OID) == false) { final String name = getAlgorithmNameFromOid(encryptionId); throw new GeneralSecurityException( "PKCS#8 Private Key is encrypted with unsupported PBES2 algorithm [" + encryptionId + "]" + (name == null ? "" : " (" + name + ")"), e ); } } throw e; } } /** * This is horrible, but it's the only option other than to parse the encoded ASN.1 value ourselves * @see AlgorithmParameters#toString() and com.sun.crypto.provider.PBES2Parameters#toString() */ private static String getPBES2Algorithm(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo) { final AlgorithmParameters algParameters = encryptedPrivateKeyInfo.getAlgParameters(); if (algParameters != null) { return algParameters.toString(); } else { // AlgorithmParameters can be null when running on BCFIPS. // However, since BCFIPS doesn't support any PBE specs, nothing we do here would work, so we just do enough to avoid an NPE return encryptedPrivateKeyInfo.getAlgName(); } } /** * Decrypts the password protected contents using the algorithm and IV that is specified in the PEM Headers of the file * * @param pemHeaders The Proc-Type and DEK-Info PEM headers that have been extracted from the key file * @param keyContents The key as a base64 encoded String * @param passwordSupplier A password supplier for the encrypted (password protected) key * @return the decrypted key bytes * @throws GeneralSecurityException if the key can't be decrypted * @throws IOException if the PEM headers are missing or malformed */ private static byte[] possiblyDecryptPKCS1Key(Map pemHeaders, String keyContents, Supplier passwordSupplier) throws GeneralSecurityException, IOException { byte[] keyBytes = Base64.getDecoder().decode(keyContents); String procType = pemHeaders.get("Proc-Type"); if ("4,ENCRYPTED".equals(procType)) { // We only handle PEM encryption String encryptionParameters = pemHeaders.get("DEK-Info"); if (null == encryptionParameters) { // malformed pem throw new IOException("Malformed PEM File, DEK-Info header is missing"); } char[] password = passwordSupplier.get(); if (password == null) { throw new IOException("cannot read encrypted key without a password"); } Cipher cipher = getCipherFromParameters(encryptionParameters, password); byte[] decryptedKeyBytes = cipher.doFinal(keyBytes); return decryptedKeyBytes; } return keyBytes; } /** * Creates a {@link Cipher} from the contents of the DEK-Info header of a PEM file. RFC 1421 indicates that supported algorithms are * defined in RFC 1423. RFC 1423 only defines DES-CBS and triple DES (EDE) in CBC mode. AES in CBC mode is also widely used though ( 3 * different variants of 128, 192, 256 bit keys ) * * @param dekHeaderValue The value of the DEK-Info PEM header * @param password The password with which the key is encrypted * @return a cipher of the appropriate algorithm and parameters to be used for decryption * @throws GeneralSecurityException if the algorithm is not available in the used security provider, or if the key is inappropriate * for the cipher * @throws IOException if the DEK-Info PEM header is invalid */ private static Cipher getCipherFromParameters(String dekHeaderValue, char[] password) throws GeneralSecurityException, IOException { final String padding = "PKCS5Padding"; final SecretKey encryptionKey; final String[] valueTokens = dekHeaderValue.split(","); if (valueTokens.length != 2) { throw new IOException("Malformed PEM file, DEK-Info PEM header is invalid"); } final String algorithm = valueTokens[0]; final String ivString = valueTokens[1]; final byte[] iv; try { iv = hexStringToByteArray(ivString); } catch (IllegalArgumentException e) { throw new IOException("Malformed PEM file, DEK-Info IV is invalid", e); } if ("DES-CBC".equals(algorithm)) { byte[] key = generateOpenSslKey(password, iv, 8); encryptionKey = new SecretKeySpec(key, DEPRECATED_DES_ALGORITHM); } else if ("DES-EDE3-CBC".equals(algorithm)) { byte[] key = generateOpenSslKey(password, iv, 24); encryptionKey = new SecretKeySpec(key, DEPRECATED_DES_EDE_ALGORITHM); } else if ("AES-128-CBC".equals(algorithm)) { byte[] key = generateOpenSslKey(password, iv, 16); encryptionKey = new SecretKeySpec(key, "AES"); } else if ("AES-192-CBC".equals(algorithm)) { byte[] key = generateOpenSslKey(password, iv, 24); encryptionKey = new SecretKeySpec(key, "AES"); } else if ("AES-256-CBC".equals(algorithm)) { byte[] key = generateOpenSslKey(password, iv, 32); encryptionKey = new SecretKeySpec(key, "AES"); } else { throw new GeneralSecurityException("Private Key encrypted with unsupported algorithm [" + algorithm + "]"); } String transformation = encryptionKey.getAlgorithm() + "/" + "CBC" + "/" + padding; Cipher cipher = Cipher.getInstance(transformation); cipher.init(Cipher.DECRYPT_MODE, encryptionKey, new IvParameterSpec(iv)); return cipher; } /** * Performs key stretching in the same manner that OpenSSL does. This is basically a KDF * that uses n rounds of salted MD5 (as many times as needed to get the necessary number of key bytes) *

* https://www.openssl.org/docs/man1.1.0/crypto/PEM_write_bio_PrivateKey_traditional.html */ private static byte[] generateOpenSslKey(char[] password, byte[] salt, int keyLength) { byte[] passwordBytes = CharArrays.toUtf8Bytes(password); MessageDigest md5 = SslUtil.messageDigest("md5"); byte[] key = new byte[keyLength]; int copied = 0; int remaining; while (copied < keyLength) { remaining = keyLength - copied; md5.update(passwordBytes, 0, passwordBytes.length); md5.update(salt, 0, 8);// AES IV (salt) is longer but we only need 8 bytes byte[] tempDigest = md5.digest(); int bytesToCopy = (remaining > 16) ? 16 : remaining; // MD5 digests are 16 bytes System.arraycopy(tempDigest, 0, key, copied, bytesToCopy); copied += bytesToCopy; if (remaining == 0) { break; } md5.update(tempDigest, 0, 16); // use previous round digest as IV } Arrays.fill(passwordBytes, (byte) 0); return key; } /** * Converts a hexadecimal string to a byte array */ private static byte[] hexStringToByteArray(String hexString) { int len = hexString.length(); if (len % 2 == 0) { byte[] data = new byte[len / 2]; for (int i = 0; i < len; i += 2) { final int k = Character.digit(hexString.charAt(i), 16); final int l = Character.digit(hexString.charAt(i + 1), 16); if (k == -1 || l == -1) { throw new IllegalStateException("String [" + hexString + "] is not hexadecimal"); } data[i / 2] = (byte) ((k << 4) + l); } return data; } else { throw new IllegalStateException( "Hexadecimal string [" + hexString + "] has odd length and cannot be converted to a byte array" ); } } /** * Parses a DER encoded EC key to an {@link ECPrivateKeySpec} using a minimal {@link DerParser} * * @param keyBytes the private key raw bytes * @return {@link ECPrivateKeySpec} * @throws IOException if the DER encoded key can't be parsed */ private static ECPrivateKeySpec parseEcDer(byte[] keyBytes) throws IOException, GeneralSecurityException { DerParser parser = new DerParser(keyBytes); DerParser.Asn1Object sequence = parser.readAsn1Object(); parser = sequence.getParser(); parser.readAsn1Object().getInteger(); // version String keyHex = parser.readAsn1Object().getString(); BigInteger privateKeyInt = new BigInteger(keyHex, 16); DerParser.Asn1Object choice = parser.readAsn1Object(); parser = choice.getParser(); String namedCurve = getEcCurveNameFromOid(parser.readAsn1Object().getOid()); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC"); AlgorithmParameterSpec algorithmParameterSpec = new ECGenParameterSpec(namedCurve); keyPairGenerator.initialize(algorithmParameterSpec); ECParameterSpec parameterSpec = ((ECKey) keyPairGenerator.generateKeyPair().getPrivate()).getParams(); return new ECPrivateKeySpec(privateKeyInt, parameterSpec); } /** * Parses a DER encoded RSA key to a {@link RSAPrivateCrtKeySpec} using a minimal {@link DerParser} * * @param keyBytes the private key raw bytes * @return {@link RSAPrivateCrtKeySpec} * @throws IOException if the DER encoded key can't be parsed */ private static RSAPrivateCrtKeySpec parseRsaDer(byte[] keyBytes) throws IOException { DerParser parser = new DerParser(keyBytes); DerParser.Asn1Object sequence = parser.readAsn1Object(); parser = sequence.getParser(); parser.readAsn1Object().getInteger(); // (version) We don't need it but must read to get to modulus BigInteger modulus = parser.readAsn1Object().getInteger(); BigInteger publicExponent = parser.readAsn1Object().getInteger(); BigInteger privateExponent = parser.readAsn1Object().getInteger(); BigInteger prime1 = parser.readAsn1Object().getInteger(); BigInteger prime2 = parser.readAsn1Object().getInteger(); BigInteger exponent1 = parser.readAsn1Object().getInteger(); BigInteger exponent2 = parser.readAsn1Object().getInteger(); BigInteger coefficient = parser.readAsn1Object().getInteger(); return new RSAPrivateCrtKeySpec(modulus, publicExponent, privateExponent, prime1, prime2, exponent1, exponent2, coefficient); } /** * Parses a DER encoded DSA key to a {@link DSAPrivateKeySpec} using a minimal {@link DerParser} * * @param keyBytes the private key raw bytes * @return {@link DSAPrivateKeySpec} * @throws IOException if the DER encoded key can't be parsed */ private static DSAPrivateKeySpec parseDsaDer(byte[] keyBytes) throws IOException { DerParser parser = new DerParser(keyBytes); DerParser.Asn1Object sequence = parser.readAsn1Object(); parser = sequence.getParser(); parser.readAsn1Object().getInteger(); // (version) We don't need it but must read to get to p BigInteger p = parser.readAsn1Object().getInteger(); BigInteger q = parser.readAsn1Object().getInteger(); BigInteger g = parser.readAsn1Object().getInteger(); parser.readAsn1Object().getInteger(); // we don't need x BigInteger x = parser.readAsn1Object().getInteger(); return new DSAPrivateKeySpec(x, p, q, g); } /** * Parses a DER encoded private key and reads its algorithm identifier Object OID. * * @param keyBytes the private key raw bytes * @return A string identifier for the key algorithm (RSA, DSA, or EC) * @throws GeneralSecurityException if the algorithm oid that is parsed from ASN.1 is unknown * @throws IOException if the DER encoded key can't be parsed */ private static String getKeyAlgorithmIdentifier(byte[] keyBytes) throws IOException, GeneralSecurityException { DerParser parser = new DerParser(keyBytes); DerParser.Asn1Object sequence = parser.readAsn1Object(); parser = sequence.getParser(); parser.readAsn1Object().getInteger(); // version DerParser.Asn1Object algSequence = parser.readAsn1Object(); parser = algSequence.getParser(); String oidString = parser.readAsn1Object().getOid(); return switch (oidString) { case "1.2.840.10040.4.1" -> "DSA"; case "1.2.840.113549.1.1.1" -> "RSA"; case "1.2.840.10045.2.1" -> "EC"; default -> throw new GeneralSecurityException( "Error parsing key algorithm identifier. Algorithm with OID [" + oidString + "] is not supported" ); }; } public static List readCertificates(Collection certPaths) throws CertificateException, IOException { CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); List certificates = new ArrayList<>(certPaths.size()); for (Path path : certPaths) { try (InputStream input = Files.newInputStream(path)) { final Collection parsed = certFactory.generateCertificates(input); if (parsed.isEmpty()) { throw new SslConfigException("failed to parse any certificates from [" + path.toAbsolutePath() + "]"); } certificates.addAll(parsed); } } return certificates; } private static String getAlgorithmNameFromOid(String oidString) throws GeneralSecurityException { return switch (oidString) { case "1.2.840.10040.4.1" -> "DSA"; case "1.2.840.113549.1.1.1" -> "RSA"; case "1.2.840.10045.2.1" -> "EC"; case "1.3.14.3.2.7" -> "DES-CBC"; case "2.16.840.1.101.3.4.1.1" -> "AES-128_ECB"; case "2.16.840.1.101.3.4.1.2" -> "AES-128_CBC"; case "2.16.840.1.101.3.4.1.3" -> "AES-128_OFB"; case "2.16.840.1.101.3.4.1.4" -> "AES-128_CFB"; case "2.16.840.1.101.3.4.1.6" -> "AES-128_GCM"; case "2.16.840.1.101.3.4.1.21" -> "AES-192_ECB"; case "2.16.840.1.101.3.4.1.22" -> "AES-192_CBC"; case "2.16.840.1.101.3.4.1.23" -> "AES-192_OFB"; case "2.16.840.1.101.3.4.1.24" -> "AES-192_CFB"; case "2.16.840.1.101.3.4.1.26" -> "AES-192_GCM"; case "2.16.840.1.101.3.4.1.41" -> "AES-256_ECB"; case "2.16.840.1.101.3.4.1.42" -> "AES-256_CBC"; case "2.16.840.1.101.3.4.1.43" -> "AES-256_OFB"; case "2.16.840.1.101.3.4.1.44" -> "AES-256_CFB"; case "2.16.840.1.101.3.4.1.46" -> "AES-256_GCM"; case "2.16.840.1.101.3.4.1.5" -> "AESWrap-128"; case "2.16.840.1.101.3.4.1.25" -> "AESWrap-192"; case "2.16.840.1.101.3.4.1.45" -> "AESWrap-256"; default -> null; }; } private static String getEcCurveNameFromOid(String oidString) throws GeneralSecurityException { return switch (oidString) { // see https://tools.ietf.org/html/rfc5480#section-2.1.1.1 case "1.2.840.10045.3.1" -> "secp192r1"; case "1.3.132.0.1" -> "sect163k1"; case "1.3.132.0.15" -> "sect163r2"; case "1.3.132.0.33" -> "secp224r1"; case "1.3.132.0.26" -> "sect233k1"; case "1.3.132.0.27" -> "sect233r1"; case "1.2.840.10045.3.1.7" -> "secp256r1"; case "1.3.132.0.16" -> "sect283k1"; case "1.3.132.0.17" -> "sect283r1"; case "1.3.132.0.34" -> "secp384r1"; case "1.3.132.0.36" -> "sect409k1"; case "1.3.132.0.37" -> "sect409r1"; case "1.3.132.0.35" -> "secp521r1"; case "1.3.132.0.38" -> "sect571k1"; case "1.3.132.0.39" -> "sect571r1"; default -> throw new GeneralSecurityException( "Error parsing EC named curve identifier. Named curve with OID: " + oidString + " is not supported" ); }; } }