@@ -36,13 +36,18 @@ private static Certificate[] readCertificateChain(Path path) {
3636 } catch (IOException e ) {
3737 throw new IllegalStateException ("Cannot read TLS certificate chain: " + path , e );
3838 }
39+ return decodeCertificateChain (bytes , path );
40+ }
41+
42+ // JEP 524 swap point: replace this body with PEMDecoder when the JDK PEM API lands.
43+ private static Certificate [] decodeCertificateChain (byte [] pem , Path source ) {
3944 try {
4045 CertificateFactory factory = CertificateFactory .getInstance ("X.509" );
4146 Collection <? extends Certificate > certs =
42- factory .generateCertificates (new ByteArrayInputStream (bytes ));
47+ factory .generateCertificates (new ByteArrayInputStream (pem ));
4348 return certs .toArray (new Certificate [0 ]);
4449 } catch (GeneralSecurityException e ) {
45- throw new IllegalStateException ("Failed to parse TLS certificate chain from " + path , e );
50+ throw new IllegalStateException ("Failed to parse TLS certificate chain from " + source , e );
4651 }
4752 }
4853
@@ -53,6 +58,11 @@ private static PrivateKey readPrivateKey(Path path) {
5358 } catch (IOException e ) {
5459 throw new IllegalStateException ("Cannot read TLS private key: " + path , e );
5560 }
61+ return decodePrivateKey (pem , path );
62+ }
63+
64+ // JEP 524 swap point: replace this body with PEMDecoder when the JDK PEM API lands.
65+ private static PrivateKey decodePrivateKey (String pem , Path source ) {
5666 byte [] der ;
5767 try {
5868 String base64 =
@@ -61,7 +71,7 @@ private static PrivateKey readPrivateKey(Path path) {
6171 .replaceAll ("\\ s+" , "" );
6272 der = Base64 .getDecoder ().decode (base64 );
6373 } catch (IllegalArgumentException e ) {
64- throw new IllegalStateException ("Failed to parse TLS private key from " + path , e );
74+ throw new IllegalStateException ("Failed to parse TLS private key from " + source , e );
6575 }
6676 PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec (der );
6777 try {
@@ -70,12 +80,13 @@ private static PrivateKey readPrivateKey(Path path) {
7080 try {
7181 return KeyFactory .getInstance ("EC" ).generatePrivate (spec );
7282 } catch (InvalidKeySpecException ecFail ) {
73- throw new IllegalStateException ("Unsupported TLS private key algorithm in " + path , ecFail );
83+ throw new IllegalStateException (
84+ "Unsupported TLS private key algorithm in " + source , ecFail );
7485 } catch (GeneralSecurityException e ) {
75- throw new IllegalStateException ("Failed to parse TLS private key from " + path , e );
86+ throw new IllegalStateException ("Failed to parse TLS private key from " + source , e );
7687 }
7788 } catch (GeneralSecurityException e ) {
78- throw new IllegalStateException ("Failed to parse TLS private key from " + path , e );
89+ throw new IllegalStateException ("Failed to parse TLS private key from " + source , e );
7990 }
8091 }
8192
0 commit comments