fix NPE when reading private keys (with passwd)

resolves jruby/jruby#1784
jruby · Jan 18, 2017 · 47c9f42 · 47c9f42
1 parent 3cbd503
commit 47c9f42
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 8 deletions.
diff --git a/src/main/java/org/jruby/ext/openssl/PKey.java b/src/main/java/org/jruby/ext/openssl/PKey.java
@@ -125,12 +125,21 @@ public static IRubyObject read(final ThreadContext context, IRubyObject recv, IR
                 }
             }
             if (key != null) {
-                if (key.getPublic().getAlgorithm().equals("RSA")) {
-                    return new PKeyRSA(runtime, _PKey(runtime).getClass("RSA"), (RSAPrivateCrtKey) key.getPrivate(),
-                            (RSAPublicKey) key.getPublic());
-                } else if (key.getPublic().getAlgorithm().equals("DSA")) {
-                    return new PKeyDSA(runtime, _PKey(runtime).getClass("DSA"), (DSAPrivateKey) key.getPrivate(),
-                            (DSAPublicKey) key.getPublic());
+                final String alg = getAlgorithm(key);
+                if ( "RSA".equals(alg) ) {
+                    return new PKeyRSA(runtime, _PKey(runtime).getClass("RSA"),
+                            (RSAPrivateCrtKey) key.getPrivate(), (RSAPublicKey) key.getPublic()
+                    );
+                }
+                if ( "DSA".equals(alg) ) {
+                    return new PKeyDSA(runtime, _PKey(runtime).getClass("DSA"),
+                            (DSAPrivateKey) key.getPrivate(), (DSAPublicKey) key.getPublic()
+                    );
+                }
+                if ( "ECDSA".equals(alg) ) {
+                    return new PKeyEC(runtime, _PKey(runtime).getClass("EC"),
+                            (PrivateKey) key.getPrivate(), (PublicKey) key.getPublic()
+                    );
                 }
             }
 
@@ -153,15 +162,26 @@ public static IRubyObject read(final ThreadContext context, IRubyObject recv, IR
             }
 
             if (pubKey != null) {
-                if (pubKey.getAlgorithm().equals("RSA")) {
+                if ( "RSA".equals(pubKey.getAlgorithm()) ) {
                     return new PKeyRSA(runtime, (RSAPublicKey) pubKey);
-                } else if (key.getPublic().getAlgorithm().equals("DSA")) {
+                }
+                if ( "DSA".equals(pubKey.getAlgorithm()) ) {
                     return new PKeyDSA(runtime, (DSAPublicKey) pubKey);
                 }
+                if ( "ECDSA".equals(pubKey.getAlgorithm()) ) {
+                    return new PKeyEC(runtime, pubKey);
+                }
             }
 
             throw runtime.newArgumentError("Could not parse PKey");
         }
+
+        private static String getAlgorithm(final KeyPair key) {
+            if ( key.getPrivate() != null ) return key.getPrivate().getAlgorithm();
+            if ( key.getPublic() != null ) return key.getPublic().getAlgorithm();
+            return null;
+        }
+
     }
 
     public PKey(Ruby runtime, RubyClass type) {

diff --git a/src/main/java/org/jruby/ext/openssl/PKeyEC.java b/src/main/java/org/jruby/ext/openssl/PKeyEC.java
@@ -189,6 +189,10 @@ public PKeyEC(Ruby runtime, RubyClass type) {
         super(runtime, type);
     }
 
+    PKeyEC(Ruby runtime, PublicKey pubKey) {
+        this(runtime, _EC(runtime), null, pubKey);
+    }
+
     PKeyEC(Ruby runtime, RubyClass type, PrivateKey privKey, PublicKey pubKey) {
         super(runtime, type);
         this.privateKey = privKey;

diff --git a/src/test/ruby/rsa/private_key_with_pass.pem b/src/test/ruby/rsa/private_key_with_pass.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIi+Fi+FH7OtACAggA
+MBQGCCqGSIb3DQMHBAivzaRTYRNk4QSCBMhnQ7/NN0ljkAwADHknQi4dgbBU+FV+
+vY+ypRCTLp7UongPMDS+pC6TyOFGeHz4Yri3UvmEIN5DlBlAfjPI6+lBswjOIrpw
+6CaZXrX4oefjh73c2OcQlYKw9w03ppfmfO0v1t6oPLiK6M8sNQ5lgb8d9eG3r6Dp
+LqIp4I6WeGcoXIpVYE35sz6wmLQ2Q626KY/5BPVAgMVG3K1g1haxZIAQBQE63cqz
+JK3IUiG2r6Q6vOyZ+Iz9KolEf3RVvW/RgOrb0dLbbLkDOL8G6dXDgWEeYtqGZpPR
+BktU2Kf7lr0BAgbI3eLubmIufhonoV4VkHVYu1ZSACwSl2HEqDl5aF5hP3wOtfS5
+Ls62Z1ATO/24dG1oI8xL3YCeTzoa1Lmyeh+HFRncoVU5CdQgyzY9d5yr1x70AwN+
+MpVwd0+WGyESiRVd4dN8n99SY/bTaYJxv8P+wOrbjld9Q3mF3vxx6Nkkfboai1wD
+bY9i/B5/TZip5FBnZbJiYakc+yoB6Bf1UuIZA9T9EIY2K7VhTeuEjTTqJVf7dp/C
+ZqVSNCHO3eAUMByrshznw2YCia8Q1VAXgIbnZ8RvUxxIZVUDTxuWPkBJkcrmMgKt
+GvD2YYIOIuFwTLCFBTlcXNl8kNYc9VRAnK7efi9xrzINod0VSV5hj1PYT4e2khnS
+4cngMTbbNwWP8Rg7pSxzwWIwc8Zkytde5gnfkBFv+g8o+JRM2ZB3wkiUhEkf0Vht
+gl3K9LFqdqN+EsRjXR/a16sVK3Uer7zcy/NLzvo/rF0YKRmb+apDIFO/vtCX9qyH
++pBofVO+RNb2T2ZY1iSvyjv/d7nNXRnLArecralQjekh+AKIBsl5R0nsSnQu6ydn
+yDteKDuOPnVl4qQowVbmGg7juHW9j4u98H7cW4RN/txegG1J7gbFFdl2bjYQ/PGZ
+iAG53QvjmvRRaiPCNOB3PYm1yO/1vCPAKlOeBYywF53BSxCDx9OjP0eXROdQGiZV
+XEkDqf742R9/8Fy1ETcriEzRVWv4nSRmB+yfMfHcTZZiJnEF9RUYQVxBVfpwBi8t
+I8N46L2iNeY4itbN8Ke3U3EfntdoZMNI1uN/haDmLFuRuzZIBkSl3YsnsDJXaT5P
+KjPPiZWkxsC3KUYeisefjNHonkM6JXqAy9ElyWrjSPhioMLTy3Qwus8NPGLWkMfI
+bpy7Z63xRf9tifXoANLOqC/VVXOCn4m/eEUAMi0EQZ7QbysopFigiri/MFidXf90
+aIUMiPmCTzLDBJfHozyalMVf3aJFbDJdlAmFtasAP1aPgqReAb9s+6U3wkE8VtGB
+rneBPhejj9FzrWMludgPLDRvfzr6/0nG2GC7XbOnKPd0RbKFtZaJuT18Jhil5Bwb
+S2MBrUnxMmOge9N5ZIyzXk+lPFRMkHmY64h+P/Op9w8tVYCFlj4HjAboVpJAGIq4
+gPgT3Q/0ghRyyBjBrmSDuk+/1s7qc/lWUONFAJaSCRdhpM9I8il5QYHPM6Z9JCg+
+PrfHftP+bU0xht7mVI5ew1OjWTZEym0/ALEyqddLz0qFYejKSemx8EMze8cN2wEE
+OTAqyVBLo+7HJ2FbIXMgRNSc4P77jmeEG0/4WsreMOeI1/6nOiwqvipuLY9ojc9v
+TGQ=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/src/test/ruby/rsa/test_rsa.rb b/src/test/ruby/rsa/test_rsa.rb
@@ -90,4 +90,17 @@ def test_rsa_from_params_private_first
     end
   end
 
+  def test_read_private_key
+    cert = File.join(File.dirname(__FILE__), 'private_key.pem')
+    assert key = OpenSSL::PKey.read(File.read(cert))
+    assert key.is_a?(OpenSSL::PKey::RSA)
+  end
+
+  def test_read_private_key_with_password
+    cert = File.join(File.dirname(__FILE__), 'private_key_with_pass.pem')
+    pass = "secure-password!42"
+    assert key = OpenSSL::PKey.read(File.read(cert), pass)
+    assert key.is_a?(OpenSSL::PKey::RSA)
+  end
+
 end