some small tweaks to PKCS8KeyFile in relation to the PEMReader -> PEMParser transition

2025-12-06 23:30:55 +03:00 · 2014-06-24 14:21:40 +05:30
parent 0875417dde
commit 2a7278d239
1 changed files with 39 additions and 55 deletions
--- a/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
@@ -15,13 +15,6 @@
 */
 package net.schmizz.sshj.userauth.keyprovider;

-import java.io.File;
-import java.io.IOException;
-import java.io.Reader;
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-
 import net.schmizz.sshj.common.IOUtils;
 import net.schmizz.sshj.common.KeyType;
 import net.schmizz.sshj.userauth.password.PasswordFinder;
@@ -30,9 +23,7 @@ import net.schmizz.sshj.userauth.password.PrivateKeyFileResource;
 import net.schmizz.sshj.userauth.password.PrivateKeyReaderResource;
 import net.schmizz.sshj.userauth.password.PrivateKeyStringResource;
 import net.schmizz.sshj.userauth.password.Resource;
-
 import org.bouncycastle.openssl.EncryptionException;
-import org.bouncycastle.openssl.PEMDecryptorProvider;
 import org.bouncycastle.openssl.PEMEncryptedKeyPair;
 import org.bouncycastle.openssl.PEMKeyPair;
 import org.bouncycastle.openssl.PEMParser;
@@ -41,6 +32,13 @@ import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

+import java.io.File;
+import java.io.IOException;
+import java.io.Reader;
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
 /** Represents a PKCS8-encoded key file. This is the format used by OpenSSH and OpenSSL. */
 public class PKCS8KeyFile
        implements FileKeyProvider {
@@ -123,44 +121,37 @@ public class PKCS8KeyFile
        this.pwdf = pwdf;
    }

-    protected org.bouncycastle.openssl.PasswordFinder makeBouncyPasswordFinder() {
-        if (pwdf == null)
-            return null;
-        else
-            return new org.bouncycastle.openssl.PasswordFinder() {
-                @Override
-                public char[] getPassword() {
-                    return passphrase = pwdf.reqPassword(resource);
-                }
-            };
-    }
-
    protected KeyPair readKeyPair()
            throws IOException {
        KeyPair kp = null;
-        org.bouncycastle.openssl.PasswordFinder pFinder = makeBouncyPasswordFinder();
-        PEMParser r = null;
-        Object o = null;
-        try {
-            for (; ; ) {
+
+        for (PEMParser r = null; ; ) {
            // while the PasswordFinder tells us we should retry
            try {
                r = new PEMParser(resource.getReader());
-                    o = r.readObject();
+                final Object o = r.readObject();

-                    JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
+                final JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
                pemConverter.setProvider("BC");
-                    if (pFinder != null && o instanceof PEMEncryptedKeyPair) {
+
+                if (o instanceof PEMEncryptedKeyPair) {
+                    final PEMEncryptedKeyPair encryptedKeyPair = (PEMEncryptedKeyPair) o;
                    JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
-                        PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(pFinder.getPassword());
-                        o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor));
+                    decryptorBuilder.setProvider("BC");
+                    try {
+                        passphrase = pwdf == null ? null : pwdf.reqPassword(resource);
+                        kp = pemConverter.getKeyPair(encryptedKeyPair.decryptKeyPair(decryptorBuilder.build(passphrase)));
+                    } finally {
+                        PasswordUtils.blankOut(passphrase);
                    }
-                    if (o instanceof PEMKeyPair) {
-                        o = pemConverter.getKeyPair((PEMKeyPair) o);
+                } else if (o instanceof PEMKeyPair) {
+                    kp = pemConverter.getKeyPair((PEMKeyPair) o);
+                } else {
+                    log.debug("Expected PEMEncryptedKeyPair or PEMKeyPair, got: {}", o);
                }

            } catch (EncryptionException e) {
-                    if (pwdf.shouldRetry(resource))
+                if (pwdf != null && pwdf.shouldRetry(resource))
                    continue;
                else
                    throw e;
@@ -169,16 +160,9 @@ public class PKCS8KeyFile
            }
            break;
        }
-        } finally {
-            PasswordUtils.blankOut(passphrase);
-        }

-        if (o == null)
+        if (kp == null)
            throw new IOException("Could not read key pair from: " + resource);
-        if (o instanceof KeyPair)
-            kp = (KeyPair) o;
-        else
-            log.debug("Expected KeyPair, got {}", o);
        return kp;
    }