JSSE: refactor X509Certificate.getPublicKey() to use JCE classes to generate PublicKey, fixes compatibility with wolfJCE underneath

cconlon · cconlon · commit 594816205fb6 · 2024-04-09T14:25:28.000-06:00
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java b/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java
@@ -29,7 +29,10 @@
 import java.security.Provider;
 import java.security.PublicKey;
 import java.security.Signature;
+import java.security.KeyFactory;
 import java.security.SignatureException;
+import java.security.spec.X509EncodedKeySpec;
+import java.security.spec.InvalidKeySpecException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateExpiredException;
@@ -449,7 +452,7 @@ public void verify(PublicKey key, Provider p)
             sig.initVerify(key);
             sig.update(this.getTBSCertificate());
         } catch (Exception e) {
-            throw new CertificateException();
+            throw new CertificateException(e);
         }
 
         if (sig.verify(this.getSignature()) == false) {
@@ -487,20 +490,41 @@ public void free() {
     @Override
     public PublicKey getPublicKey() {
 
+        String type = null;
+        byte[] der = null;
+        KeyFactory kf = null;
+        PublicKey key = null;
+        X509EncodedKeySpec spec = null;
+
         WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
             "entered getPublicKey()");
 
         if (this.cert == null) {
             return null;
         }
-        String type  = this.cert.getPubkeyType();
-        byte[] der   = this.cert.getPubkey();
+
+        type = this.cert.getPubkeyType();
+        der = this.cert.getPubkey();
 
         try {
-            return new WolfSSLPubKey(der, type, "X.509");
-        } catch (WolfSSLException e) {
+            if (type.equals("RSA")) {
+                kf = KeyFactory.getInstance("RSA");
+            } else if (type.equals("ECC")) {
+                kf = KeyFactory.getInstance("EC");
+            } else if (type.equals("DSA")) {
+                kf = KeyFactory.getInstance("DSA");
+            }
+
+            if (kf != null) {
+                spec = new X509EncodedKeySpec(der);
+                key = (PublicKey)kf.generatePublic(spec);
+            }
+
+        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
             return null;
         }
+
+        return key;
     }
 
     /* If unsupported critical extension is found then wolfSSL should not parse
@@ -585,66 +609,6 @@ protected void finalize() throws Throwable {
         }
     }
 
-
-    /* wolfSSL public key class */
-    private class WolfSSLPubKey implements PublicKey {
-        /**
-         * Default serial ID
-         */
-        private static final long serialVersionUID = 1L;
-        private byte[] encoding;
-        private String type;
-        private String format = "X.509";
-
-        /**
-         * Creates a new public key class
-         * @param der DER format key
-         * @param type key type i.e. WolfSSL.RSAk
-         * @param curveOID can be null in RSA case
-         * @throws WolfSSLException
-         */
-        private WolfSSLPubKey(byte[] der, String type, String format)
-                throws WolfSSLException {
-            this.format = format;
-            this.encoding = der;
-            if (this.encoding == null) {
-                throw new WolfSSLException("Error creating key");
-            }
-            this.type = type;
-
-            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                "created new WolfSSLPubKey");
-        }
-
-        @Override
-        public String getAlgorithm() {
-
-            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                "entered getAlgorithm()");
-
-            return this.type;
-        }
-
-        @Override
-        public String getFormat() {
-
-            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                "entered getFormat()");
-
-            return this.format;
-        }
-
-        @Override
-        public byte[] getEncoded() {
-
-            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                "entered getEncoded()");
-
-            return this.encoding;
-        }
-
-    }
-
     /* wolfSSL Principal class */
     private class WolfSSLPrincipal implements Principal {
         private String name;
diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java
@@ -365,7 +365,6 @@ public void testVerifyProvider() {
                 pass("\t\t\t... skipped");
                 return;
             }
-            System.out.print("\n\t  Signature provider " + sigProvider.getName());
 
             store = KeyStore.getInstance(tf.keyStoreType);
             stream = new FileInputStream(tf.allJKS);
@@ -403,6 +402,7 @@ public void testVerifyProvider() {
         } catch (KeyStoreException | NoSuchAlgorithmException |
                 CertificateException | IOException | WolfSSLException e) {
             error("\t... failed");
+            e.printStackTrace();
             fail("general failure");
         }
         pass("\t... passed");

Original file line number	Diff line number	Diff line change
`@@ -365,7 +365,6 @@ public void testVerifyProvider() {`
`365`	`365`	`pass("\t\t\t... skipped");`
`366`	`366`	`return;`
`367`	`367`	`}`
`368`		`- System.out.print("\n\t Signature provider " + sigProvider.getName());`
`369`	`368`
`370`	`369`	`store = KeyStore.getInstance(tf.keyStoreType);`
`371`	`370`	`stream = new FileInputStream(tf.allJKS);`
`@@ -403,6 +402,7 @@ public void testVerifyProvider() {`
`403`	`402`	`} catch (KeyStoreException \| NoSuchAlgorithmException \|`
`404`	`403`	`CertificateException \| IOException \| WolfSSLException e) {`
`405`	`404`	`error("\t... failed");`
	`405`	`+ e.printStackTrace();`
`406`	`406`	`fail("general failure");`
`407`	`407`	`}`
`408`	`408`	`pass("\t... passed");`