Skip to content

Commit 39fe1ea

Browse files
committed
refactor: Isolate PEM decoding for future JEP 524 swap
1 parent 1efd6ac commit 39fe1ea

1 file changed

Lines changed: 17 additions & 6 deletions

File tree

src/main/java/com/retailsvc/http/internal/PemSslContext.java

Lines changed: 17 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -36,13 +36,18 @@ private static Certificate[] readCertificateChain(Path path) {
3636
} catch (IOException e) {
3737
throw new IllegalStateException("Cannot read TLS certificate chain: " + path, e);
3838
}
39+
return decodeCertificateChain(bytes, path);
40+
}
41+
42+
// JEP 524 swap point: replace this body with PEMDecoder when the JDK PEM API lands.
43+
private static Certificate[] decodeCertificateChain(byte[] pem, Path source) {
3944
try {
4045
CertificateFactory factory = CertificateFactory.getInstance("X.509");
4146
Collection<? extends Certificate> certs =
42-
factory.generateCertificates(new ByteArrayInputStream(bytes));
47+
factory.generateCertificates(new ByteArrayInputStream(pem));
4348
return certs.toArray(new Certificate[0]);
4449
} catch (GeneralSecurityException e) {
45-
throw new IllegalStateException("Failed to parse TLS certificate chain from " + path, e);
50+
throw new IllegalStateException("Failed to parse TLS certificate chain from " + source, e);
4651
}
4752
}
4853

@@ -53,6 +58,11 @@ private static PrivateKey readPrivateKey(Path path) {
5358
} catch (IOException e) {
5459
throw new IllegalStateException("Cannot read TLS private key: " + path, e);
5560
}
61+
return decodePrivateKey(pem, path);
62+
}
63+
64+
// JEP 524 swap point: replace this body with PEMDecoder when the JDK PEM API lands.
65+
private static PrivateKey decodePrivateKey(String pem, Path source) {
5666
byte[] der;
5767
try {
5868
String base64 =
@@ -61,7 +71,7 @@ private static PrivateKey readPrivateKey(Path path) {
6171
.replaceAll("\\s+", "");
6272
der = Base64.getDecoder().decode(base64);
6373
} catch (IllegalArgumentException e) {
64-
throw new IllegalStateException("Failed to parse TLS private key from " + path, e);
74+
throw new IllegalStateException("Failed to parse TLS private key from " + source, e);
6575
}
6676
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(der);
6777
try {
@@ -70,12 +80,13 @@ private static PrivateKey readPrivateKey(Path path) {
7080
try {
7181
return KeyFactory.getInstance("EC").generatePrivate(spec);
7282
} catch (InvalidKeySpecException ecFail) {
73-
throw new IllegalStateException("Unsupported TLS private key algorithm in " + path, ecFail);
83+
throw new IllegalStateException(
84+
"Unsupported TLS private key algorithm in " + source, ecFail);
7485
} catch (GeneralSecurityException e) {
75-
throw new IllegalStateException("Failed to parse TLS private key from " + path, e);
86+
throw new IllegalStateException("Failed to parse TLS private key from " + source, e);
7687
}
7788
} catch (GeneralSecurityException e) {
78-
throw new IllegalStateException("Failed to parse TLS private key from " + path, e);
89+
throw new IllegalStateException("Failed to parse TLS private key from " + source, e);
7990
}
8091
}
8192

0 commit comments

Comments
 (0)