简柏林 / thingskit · Commits

Commit 7e66fd269332482b8f53597ddca23e4e1197606e

Authored by VoBa
Committed by GitHub
1 parent 424d631a

Fix for pem key with password (#2752) 

* Added activate user config. Fixed https issue

* Added possibility to encode PEM files encrypted with a private key - Integration

* Remove PE fixes
Inline Side-by-side
Showing 1 changed file with 35 additions and 5 deletions
@@ -21,7 +21,6 @@ import io.netty.handler.ssl.SslContext; @@ -21,7 +21,6 @@ import io.netty.handler.ssl.SslContext;
21 import io.netty.handler.ssl.SslContextBuilder; 21 import io.netty.handler.ssl.SslContextBuilder;
22 import lombok.Data; 22 import lombok.Data;
23 import lombok.extern.slf4j.Slf4j; 23 import lombok.extern.slf4j.Slf4j;
24 -import org.thingsboard.mqtt.MqttClientConfig;  
25 import org.apache.commons.codec.binary.Base64; 24 import org.apache.commons.codec.binary.Base64;
26 import org.bouncycastle.jce.provider.BouncyCastleProvider; 25 import org.bouncycastle.jce.provider.BouncyCastleProvider;
27 import org.bouncycastle.openssl.PEMDecryptorProvider; 26 import org.bouncycastle.openssl.PEMDecryptorProvider;
@@ -30,15 +29,26 @@ import org.bouncycastle.openssl.PEMKeyPair; @@ -30,15 +29,26 @@ import org.bouncycastle.openssl.PEMKeyPair;
30 import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; 29 import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
31 import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder; 30 import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
32 import org.springframework.util.StringUtils; 31 import org.springframework.util.StringUtils;
  32 +import org.thingsboard.mqtt.MqttClientConfig;
33 33
  34 +import javax.crypto.Cipher;
  35 +import javax.crypto.EncryptedPrivateKeyInfo;
  36 +import javax.crypto.SecretKeyFactory;
  37 +import javax.crypto.spec.PBEKeySpec;
34 import javax.net.ssl.KeyManagerFactory; 38 import javax.net.ssl.KeyManagerFactory;
35 import javax.net.ssl.TrustManagerFactory; 39 import javax.net.ssl.TrustManagerFactory;
36 import java.io.ByteArrayInputStream; 40 import java.io.ByteArrayInputStream;
37 -import java.security.*; 41 +import java.security.AlgorithmParameters;
  42 +import java.security.Key;
  43 +import java.security.KeyFactory;
  44 +import java.security.KeyPair;
  45 +import java.security.KeyStore;
  46 +import java.security.PrivateKey;
  47 +import java.security.Security;
38 import java.security.cert.Certificate; 48 import java.security.cert.Certificate;
39 import java.security.cert.CertificateFactory; 49 import java.security.cert.CertificateFactory;
40 import java.security.cert.X509Certificate; 50 import java.security.cert.X509Certificate;
41 -import java.security.interfaces.RSAPrivateKey; 51 +import java.security.spec.KeySpec;
42 import java.security.spec.PKCS8EncodedKeySpec; 52 import java.security.spec.PKCS8EncodedKeySpec;
43 import java.util.Optional; 53 import java.util.Optional;
44 54
@@ -138,16 +148,36 @@ public class CertPemClientCredentials implements MqttClientCredentials { @@ -138,16 +148,36 @@ public class CertPemClientCredentials implements MqttClientCredentials {
138 } 148 }
139 149
140 private PrivateKey readPrivateKeyFile(String fileContent) throws Exception { 150 private PrivateKey readPrivateKeyFile(String fileContent) throws Exception {
141 - RSAPrivateKey privateKey = null; 151 + PrivateKey privateKey = null;
142 if (fileContent != null && !fileContent.isEmpty()) { 152 if (fileContent != null && !fileContent.isEmpty()) {
143 fileContent = fileContent.replaceAll(".*BEGIN.*PRIVATE KEY.*", "") 153 fileContent = fileContent.replaceAll(".*BEGIN.*PRIVATE KEY.*", "")
144 .replaceAll(".*END.*PRIVATE KEY.*", "") 154 .replaceAll(".*END.*PRIVATE KEY.*", "")
145 .replaceAll("\\s", ""); 155 .replaceAll("\\s", "");
146 byte[] decoded = Base64.decodeBase64(fileContent); 156 byte[] decoded = Base64.decodeBase64(fileContent);
147 KeyFactory keyFactory = KeyFactory.getInstance("RSA"); 157 KeyFactory keyFactory = KeyFactory.getInstance("RSA");
148 - privateKey = (RSAPrivateKey) keyFactory.generatePrivate(new PKCS8EncodedKeySpec(decoded)); 158 + KeySpec keySpec = getKeySpec(decoded);
  159 + privateKey = keyFactory.generatePrivate(keySpec);
149 } 160 }
150 return privateKey; 161 return privateKey;
151 } 162 }
152 163
  164 + private KeySpec getKeySpec(byte[] encodedKey) throws Exception {
  165 + KeySpec keySpec;
  166 + if (password == null) {
  167 + keySpec = new PKCS8EncodedKeySpec(encodedKey);
  168 + } else {
  169 + PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray());
  170 +
  171 + EncryptedPrivateKeyInfo privateKeyInfo = new EncryptedPrivateKeyInfo(encodedKey);
  172 + String algorithmName = privateKeyInfo.getAlgName();
  173 + Cipher cipher = Cipher.getInstance(algorithmName);
  174 + SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(algorithmName);
  175 +
  176 + Key pbeKey = secretKeyFactory.generateSecret(pbeKeySpec);
  177 + AlgorithmParameters algParams = privateKeyInfo.getAlgParameters();
  178 + cipher.init(Cipher.DECRYPT_MODE, pbeKey, algParams);
  179 + keySpec = privateKeyInfo.getKeySpec(cipher);
  180 + }
  181 + return keySpec;
  182 + }
153 } 183 }