Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

End to End TLS SSL step #8 - Add support for PEM based certificates #17019

Merged
merged 38 commits into from
Nov 12, 2020
+84 −10
Merged

End to End TLS SSL step #8 - Add support for PEM based certificates #17019

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
e61d0ab
Enable revapi plugin
mnriem Oct 28, 2020
cc52f55
Enable revapi plugin
mnriem Oct 28, 2020
adb4daf
Adding initial plumbing for user-assigned managed identity
mnriem Oct 29, 2020
b86e7fa
Added support for user-assigned managed identity
mnriem Oct 30, 2020
46b637c
Communication - Purchase Search Follow-up PR (#16887)
jbeauregardb Oct 28, 2020
82cc38f
[Service Bus] Prepare tracing methods for message processor and sched…
YijunXieMS Oct 28, 2020
3307b60
Prepare Azure Core for November 2020 Release (#16924)
alzimmermsft Oct 28, 2020
f6a2000
Sb track2 schedule multiple message validate batch size (#16767)
hemanttanwar Oct 29, 2020
1ff1621
Mgmt: generate avs 2020 03 (#16954)
ChenTanyi Oct 29, 2020
c7a0679
mgmt rename session records by azure-core-test changes (#16921)
xseeseesee Oct 29, 2020
66d9527
Fixing live test failures in Event Hubs. (#16934)
conniey Oct 29, 2020
2b73ce8
Sb t2 schedule multiple message validate batch size (#16959)
hemanttanwar Oct 29, 2020
e2fd457
update MSI usage doc for service bus multi-binder sample (#16736)
Oct 29, 2020
23213a9
Fix redactor to skip redaction for empty key-value pairs values (#16943)
samvaity Oct 29, 2020
ecc9d52
Remove JsonPatchDocument.getOperations(), JsonPatchOperation, JsonPat…
alzimmermsft Oct 29, 2020
8be3526
Delete unused pipeline (#16945)
mikeharder Oct 29, 2020
3d6f053
Update CHANGELOG dates and added new CHANGELOG updates (#16967)
alzimmermsft Oct 29, 2020
321ccb2
Update CommunicationClientCredential.java (#16966)
chrwhit Oct 29, 2020
595b139
Communication - Added release phone number LRO (#16821)
jbeauregardb Oct 29, 2020
e2d4503
[Service Bus] Change getter of boolean values to isXyz() (#15890)
YijunXieMS Oct 29, 2020
16ba326
Fixed diagnostics information and other APIs on cosmos stored procedu…
kushagraThapar Oct 29, 2020
cc20791
Sync eng/common directory with azure-sdk-tools for PR 1146 (#16968)
azure-sdk Oct 29, 2020
6ae58f4
Update VM OS Image (#16976)
alzimmermsft Oct 29, 2020
18c3030
Fix digital twins client not deserializing date times correctly (#16975)
timtay-microsoft Oct 29, 2020
a300aa4
Addressing SpotBugs issues (#16894)
mnriem Oct 30, 2020
a717801
Add manual merge instructions to eng/common workflow (#16971)
azure-sdk Oct 30, 2020
e42ac84
Add PR Validation for Long Paths (#16980)
alzimmermsft Oct 30, 2020
996f3d1
Add etag property to BasicRelationship (#16981)
timtay-microsoft Oct 30, 2020
945d7dd
Test the common Generate_docindex scripts in each lang repo. (#16974)
sima-zhu Oct 30, 2020
4ed9c17
mgmt, appservice onedeploy (#16957)
weidongxu-microsoft Oct 30, 2020
8152105
Increment version for core releases (#17004)
azure-sdk Oct 30, 2020
f7796e2
Close client and check for link id when link is stolen (#16977)
srnagar Oct 30, 2020
bd750d5
Add ServiceBus Session Receiver Client (#16690)
YijunXieMS Oct 30, 2020
0106095
API ServiceBusErrorSource to represent source of error (#16710)
hemanttanwar Oct 30, 2020
895ee2a
[Service Bus] Migration Guide (#17003)
ramya-rao-a Oct 30, 2020
aad67fe
Merge branch 'master' of https://github.com/Azure/azure-sdk-for-java …
mnriem Oct 30, 2020
5f2c8b9
Add PEM support
mnriem Nov 2, 2020
047fcf8
Merge branch 'master' into end-to-end-tls-ssl-8
Nov 12, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 58 additions & 10 deletions ...e-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultClient.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,20 +8,26 @@
import com.azure.security.keyvault.jca.model.CertificatePolicy;
import com.azure.security.keyvault.jca.model.KeyProperties;
import com.azure.security.keyvault.jca.model.SecretBundle;
import java.io.BufferedReader;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
Expand Down Expand Up @@ -249,16 +255,25 @@ Key getKey(String alias, char[] password) {
if (body != null) {
JsonConverter converter = JsonConverterFactory.createJsonConverter();
SecretBundle secretBundle = (SecretBundle) converter.fromJson(body, SecretBundle.class);
try {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(
new ByteArrayInputStream(Base64.getDecoder().decode(secretBundle.getValue())),
"".toCharArray()
);
alias = keyStore.aliases().nextElement();
key = keyStore.getKey(alias, "".toCharArray());
} catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException ex) {
LOGGER.log(WARNING, "Unable to decode key", ex);
if (secretBundle.getContentType().equals("application/x-pkcs12")) {
try {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(
new ByteArrayInputStream(Base64.getDecoder().decode(secretBundle.getValue())),
"".toCharArray()
);
alias = keyStore.aliases().nextElement();
key = keyStore.getKey(alias, "".toCharArray());
} catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException ex) {
LOGGER.log(WARNING, "Unable to decode key", ex);
}
}
if (secretBundle.getContentType().equals("application/x-pem-file")) {
try {
key = createPrivateKeyFromPem(secretBundle.getValue());
} catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException | IllegalArgumentException ex) {
LOGGER.log(WARNING, "Unable to decode key", ex);
}
}
}
}
Expand All @@ -271,4 +286,37 @@ Key getKey(String alias, char[] password) {
LOGGER.exiting("KeyVaultClient", "getKey", key);
return key;
}

/**
* Get the private key from the PEM string.
*
* @param pemString the PEM file in string format.
* @return the private key
* @throws IOException when an I/O error occurs.
* @throws NoSuchAlgorithmException when algorithm is unavailable.
* @throws InvalidKeySpecException when the private key cannot be generated.
*/
private PrivateKey createPrivateKeyFromPem(String pemString)
throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {

StringBuilder builder = new StringBuilder();
try (BufferedReader reader = new BufferedReader(new StringReader(pemString))) {
String line = reader.readLine();
if (line == null || !line.contains("BEGIN PRIVATE KEY")) {
throw new IllegalArgumentException("No PRIVATE KEY found");
}
line = "";
while (line != null) {
if (line.contains("END PRIVATE KEY")) {
break;
}
builder.append(line);
line = reader.readLine();
}
}
byte[] bytes = Base64.getDecoder().decode(builder.toString());
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(bytes);
KeyFactory factory = KeyFactory.getInstance("RSA");
return factory.generatePrivate(spec);
}
}
3 changes: 3 additions & 0 deletions ...security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultKeyStore.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,9 @@ public Key engineGetKey(String alias, char[] password) {
key = keyVaultClient.getKey(alias, password);
if (key != null) {
certificateKeys.put(alias, key);
if (aliases == null) {
aliases = keyVaultClient.getAliases();
}
if (!aliases.contains(alias)) {
aliases.add(alias);
}
Expand Down
23 changes: 23 additions & 0 deletions ...curity-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/model/SecretBundle.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,26 @@ public class SecretBundle implements Serializable {
* Stores the serial version UID.
*/
private static final long serialVersionUID = 1L;

/**
* Stores the content type.
*/
private String contentType;

/**
* Stores the value.
*/
private String value;

/**
* Get the content type.
*
* @return the content type.
*/
public String getContentType() {
return contentType;
}

/**
* Get the value.
*
Expand All @@ -28,6 +42,15 @@ public class SecretBundle implements Serializable {
public String getValue() {
return value;
}

/**
* Set the content type.
*
* @param contentType the content type.
*/
public void setContentType(String contentType) {
this.contentType = contentType;
}

/**
* Set the value.
Expand Down