Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Bag Attributes" in a private_key.pem file throws a ClassCastException, while it works in MRI #104

Open
heisee opened this issue Sep 15, 2016 · 0 comments
Open

"Bag Attributes" in a private_key.pem file throws a ClassCastException, while it works in MRI #104

heisee opened this issue Sep 15, 2016 · 0 comments
Labels
asn.1

Comments

@heisee
Copy link

heisee commented Sep 15, 2016
edited by headius

I created the following key.pem with the password demo using the following command:

openssl req -new > cert.csr
openssl rsa -in privkey.pem -out key.pem

Then I added the following 4 lines in front of the key.pem:

Bag Attributes
    localKeyID: 01 00 00 00 
    friendlyName: lp-016f02aa-9b45-4295-baef-2ffc4768178e
    Microsoft CSP Name: Microsoft Strong Cryptographic Provider

because I saw such a file format in the wild.
I think, that these "Bag Attributes" are sometimes generated when converting pkcs12 files (.pfx) into .pem files, like this:

openssl pkcs12 -in input.pfx -nocerts -nodes -out key_temp.pem
openssl rsa -in key_temp.pem -out key.pem

Anyway, let's assume, that we've now this complete key.pem file:

Bag Attributes
    localKeyID: 01 00 00 00 
    friendlyName: lp-016f02aa-9b45-4295-baef-2ffc4768178e
    Microsoft CSP Name: Microsoft Strong Cryptographic Provider
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA1MpBqV1qNPUMu76h+p7I9sVWxBtUZ31czxxlS1BTM4+YqZui
bHiYECXPIQxessP3Hg5C491pQxd+QJu/9hcKusbeT64nnh+WuPGhz2pVWtFbRl6k
Z3Pymdjh495YxxqLrWLnRrz5ZBr0+o2yayM+rxv7bmZ3gCCJfXG8TPJ1pQuGjkD3
vJn2gM49Tz+AoI+mEn0p813ZtF8GmnUTa+6/50B3Fr97XpHxOsXIW1K+ZXOod4DJ
Pc/xzJNisrnk/ncDhNaIGAobS3z5qxsJoMylnNirXcn3NcdZd/JgVJbmoXTJci4d
JDyZ1oRdHcwO4EWjULRiK0XQQO0yvY56VUu55wIDAQABAoIBAQCtAL//1g46fh1b
KzOAksZrM6hGir3F4jupu7lzURxEKHSDOSEGNcnUHxlXEjqP9xmcGxYxMtuZC6m/
F6IrjzJPBs7KU5qsSZx+Qx4+h4Jb8yjVfq8F2VQd1yJY5Hajciar0mScs5nD1NLm
PnwX9TDKp+J1MOPpjQqbrfPdT6dshgR5r70eQPAdhwjWAzSygeK+L/kLv1vh1eZD
Ak1JxbwE3HdT529jiATJ3hE+6gX6wQoxvpF5dgzqZDZBUcensae1II0izHUu6YED
SAjTbLFSjpUdEfYKSNN1tyBWbs6fFlnDTqS9eeM0n2S84x9o25BXPSYphk4WvP53
hfV+yimBAoGBAP4yP9qAbCzMF8pIll4Lj/BOxFbcqTNrhSiUaVvDWKKhauEY9/0j
Bn+vVQ7VVW0iOZMogZZ10hUqiY6/ff1TAnIQtCkMQjdm9apYMl+PdfsVSBvaAG5u
v/JoiIKKDBM9f6nN/oOU7kstROZi91yxst0+MsmSEZdYfiEQs/5lNA6nAoGBANZM
ysuJ72dw+4IJABMURKdk0cJMVjQr0EDAn1Il4jvMRcBsVmmD/sA1umbVKEez4PMj
x/5DQRcCv40w8rU/qgRGATMSv9VFTZCEgrigyPebhLRgeTsTzRxCt+WE3IbOgzpg
G8kksLSmOk/Eu9EUeajSv2oCrPn80HX1MD/x4aLBAoGBAJ16Ufay4tFp6z8lcwp2
TUkJ8zcA4034yXjXYOI5hjrSl502U8QeI9OMsrxKy+6dal/Rk168RVdZj/jAh3Qe
LgCuen6Hmqop/f33P9XV0bioeZDPoL7Jm964hgGhNlPhIKr49DleVbZ7KBk2rJpf
eDj6ZIpeFMnXR+SCLZBn8DU3AoGBAJqsVnrOFfNtQrq6UEl1CZBgXl2Ex3tkXC1A
Wj3qhf1vFLEsALqrwIVuwhlSpH4MQMJ9Au5sEGDRZPw9ZhCX4NiwxlDcqYT/Plqe
qdMkiajdoMyoDRgs1JAfP6fzW1AZYfISSDvHtZrNl6zXbFAeHSlS40FaqQrOBI/+
5lJg/OCBAoGAfRUNgwS+TvrfFgCQ1kfXbUYi1c5ZQn0Z75vTUv24Eby0RjtmkwuA
H7OPMcmzYKw6xSuayCIhucY/QL0piXr8/Dm/XcvoTv1NNNYh4gV7FbaWhgLpkfhV
d/HB6PnhDFJieB2AmrmM/f3V2fgFDTFuqthJbXde5UeX1gD9ISmwXZw=
-----END RSA PRIVATE KEY-----

Problem is, that MRI reads it in two ways, while JRuby only in one way:

rvm ruby-2.3.0 do ruby -e "require 'openssl' ; puts OpenSSL::PKey::RSA.new(File.read('key.pem'), 'demo').class" 
=> OpenSSL::PKey::RSA

rvm ruby-2.3.0 do ruby -e "require 'openssl' ; puts OpenSSL::PKey.read(File.read('key.pem'), 'demo').class"
=> OpenSSL::PKey::RSA

rvm jruby-9.1.5.0 do ruby -e "require 'openssl' ; puts OpenSSL::PKey::RSA.new(File.read('key.pem'), 'demo').class" 
=> OpenSSL::PKey::RSA

rvm jruby-9.1.5.0 do ruby -e "require 'openssl' ; puts OpenSSL::PKey.read(File.read('key.pem'), 'demo').class"
Unhandled Java exception: java.lang.ClassCastException: org.bouncycastle.asn1.DERApplicationSpecific cannot be cast to org.bouncycastle.asn1.ASN1Sequence
java.lang.ClassCastException: org.bouncycastle.asn1.DERApplicationSpecific cannot be cast to org.bouncycastle.asn1.ASN1Sequence
    readRSAPrivateKey at org/jruby/ext/openssl/impl/PKey.java:173
    readRSAPrivateKey at org/jruby/ext/openssl/impl/PKey.java:168
       readPrivateKey at org/jruby/ext/openssl/impl/PKey.java:124
                 read at org/jruby/ext/openssl/PKey.java:120
                 call at org/jruby/ext/openssl/PKey$PKeyModule$INVOKER$s$0$1$read.gen:-1
                 call at org/jruby/internal/runtime/methods/JavaMethod.java:724
                 call at org/jruby/internal/runtime/methods/DynamicMethod.java:205
         cacheAndCall at org/jruby/runtime/callsite/CachingCallSite.java:358
                 call at org/jruby/runtime/callsite/CachingCallSite.java:195
    invokeOther5:read at -e:1
               <main> at -e:1
  invokeWithArguments at java/lang/invoke/MethodHandle.java:627
                 load at org/jruby/ir/Compiler.java:111
            runScript at org/jruby/Ruby.java:834
          runNormally at org/jruby/Ruby.java:749
          runNormally at org/jruby/Ruby.java:767
          runFromMain at org/jruby/Ruby.java:580
        doRunFromMain at org/jruby/Main.java:425
          internalRun at org/jruby/Main.java:313
                  run at org/jruby/Main.java:242
                 main at org/jruby/Main.java:204

When the 4 first lines, the "Bag Attributes", are removed from the .pem file, it also works with the JRuby:

rvm jruby-9.1.5.0 do ruby -e "require 'openssl' ; puts OpenSSL::PKey.read(File.read('key.pem'), 'demo').class"
=> OpenSSL::PKey::RSA

I found this style of reading the private key file in the HTTPI gem; the commit that introduced it is here: savonrb/httpi#118

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/37898323-bag-attributes-in-a-private_key-pem-file-throws-a-classcastexception-while-it-works-in-mri?utm_campaign=plugin&utm_content=tracker%2F136995&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F136995&utm_medium=issues&utm_source=github).
@kares kares added the asn.1 label Apr 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
asn.1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@heisee @kares