From 086d654f0b2045918df3ef8971aa467435179fb9 Mon Sep 17 00:00:00 2001 From: Moritz Halbritter Date: Tue, 9 May 2023 14:18:08 +0200 Subject: [PATCH] Add support for Ed25519 EC keys See gh-35364 --- .../springframework/boot/web/server/PrivateKeyParser.java | 6 +++--- .../boot/web/server/PrivateKeyParserTests.java | 8 ++++++++ .../src/test/resources/ssl/pkcs8/key-ec-ed25519.pem | 3 +++ 3 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 spring-boot-project/spring-boot/src/test/resources/ssl/pkcs8/key-ec-ed25519.pem diff --git a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/server/PrivateKeyParser.java b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/server/PrivateKeyParser.java index d27719c49d..aad1597d44 100644 --- a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/server/PrivateKeyParser.java +++ b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/server/PrivateKeyParser.java @@ -27,8 +27,8 @@ import java.security.PrivateKey; import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.util.ArrayList; -import java.util.Base64; import java.util.Arrays; +import java.util.Base64; import java.util.Collection; import java.util.Collections; import java.util.List; @@ -70,8 +70,8 @@ final class PrivateKeyParser { PrivateKeyParser::createKeySpecForPkcs1)); parsers.add( new PemParser(EC_HEADER, EC_FOOTER, Collections.singleton("EC"), PrivateKeyParser::createKeySpecForEc)); - parsers.add( - new PemParser(PKCS8_HEADER, PKCS8_FOOTER, Arrays.asList("RSA", "EC", "DSA"), PKCS8EncodedKeySpec::new)); + parsers.add(new PemParser(PKCS8_HEADER, PKCS8_FOOTER, Arrays.asList("RSA", "EC", "DSA", "Ed25519"), + PKCS8EncodedKeySpec::new)); PEM_PARSERS = Collections.unmodifiableList(parsers); } diff --git a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/server/PrivateKeyParserTests.java b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/server/PrivateKeyParserTests.java index 926e5ac12b..b336e691be 100644 --- a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/server/PrivateKeyParserTests.java +++ b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/server/PrivateKeyParserTests.java @@ -59,6 +59,14 @@ class PrivateKeyParserTests { assertThat(privateKey.getAlgorithm()).isEqualTo("DSA"); } + @Test + void parsePkcs8Ed25519KeyFile() { + PrivateKey privateKey = PrivateKeyParser.parse("classpath:ssl/pkcs8/key-ec-ed25519.pem"); + assertThat(privateKey).isNotNull(); + assertThat(privateKey.getFormat()).isEqualTo("PKCS#8"); + assertThat(privateKey.getAlgorithm()).isEqualTo("EdDSA"); + } + @Test void parsePkcs8KeyFileWithEcdsa() { PrivateKey privateKey = PrivateKeyParser.parse("classpath:test-ec-key.pem"); diff --git a/spring-boot-project/spring-boot/src/test/resources/ssl/pkcs8/key-ec-ed25519.pem b/spring-boot-project/spring-boot/src/test/resources/ssl/pkcs8/key-ec-ed25519.pem new file mode 100644 index 0000000000..aa831e825f --- /dev/null +++ b/spring-boot-project/spring-boot/src/test/resources/ssl/pkcs8/key-ec-ed25519.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIJOKNTaIJQTVuEqZ+yvclnjnlWJG6F+K+VsNCOlWRda+ +-----END PRIVATE KEY-----