Home / Class/ PemPrivateKeyParserTests Class — spring-boot Architecture

PemPrivateKeyParserTests Class — spring-boot Architecture

Architecture documentation for the PemPrivateKeyParserTests class in PemPrivateKeyParserTests.java from the spring-boot codebase.

Class java

Entity Profile

Source Code

core/spring-boot/src/test/java/org/springframework/boot/ssl/pem/PemPrivateKeyParserTests.java lines 41–249

class PemPrivateKeyParserTests {

	@ParameterizedTest
	// @formatter:off
	@CsvSource({
			"dsa.key,		DSA",
			"rsa.key,		RSA",
			"rsa-pss.key,	RSASSA-PSS"
	})
	// @formatter:on
	void shouldParseTraditionalPkcs8(String file, String algorithm) throws IOException {
		PrivateKey privateKey = PemPrivateKeyParser.parse(read("pkcs8/" + file));
		assertThat(privateKey).isNotNull();
		assertThat(privateKey.getFormat()).isEqualTo("PKCS#8");
		assertThat(privateKey.getAlgorithm()).isEqualTo(algorithm);
	}

	@Test
	void shouldParseTraditionalPkcs1() throws IOException {
		PrivateKey privateKey = PemPrivateKeyParser.parse(read("pkcs1/rsa.key"));
		assertThat(privateKey).isNotNull();
		assertThat(privateKey.getFormat()).isEqualTo("PKCS#8");
		assertThat(privateKey.getAlgorithm()).isEqualTo("RSA");
	}

	@Test
	void shouldNotParseUnsupportedTraditionalPkcs1() {
		assertThatIllegalStateException().isThrownBy(() -> PemPrivateKeyParser.parse(read("pkcs1/dsa.key")))
			.withMessageContaining("Missing private key or unrecognized format");
	}

	@ParameterizedTest
	// @formatter:off
	@CsvSource({
			"brainpoolP256r1.key,	brainpoolP256r1,	1.3.36.3.3.2.8.1.1.7",
			"brainpoolP320r1.key,	brainpoolP320r1,	1.3.36.3.3.2.8.1.1.9",
			"brainpoolP384r1.key,	brainpoolP384r1,	1.3.36.3.3.2.8.1.1.11",
			"brainpoolP512r1.key,	brainpoolP512r1,	1.3.36.3.3.2.8.1.1.13",
			"prime256v1.key,		secp256r1,			1.2.840.10045.3.1.7",
			"secp224r1.key,			secp224r1,			1.3.132.0.33",
			"secp256k1.key,			secp256k1,			1.3.132.0.10",
			"secp256r1.key,			secp256r1,			1.2.840.10045.3.1.7",
			"secp384r1.key,			secp384r1,			1.3.132.0.34",
			"secp521r1.key,			secp521r1,			1.3.132.0.35"
	})
	// @formatter:on
	void shouldParseEcPkcs8(String file, String curveName, String oid) throws IOException {
		PrivateKey privateKey = PemPrivateKeyParser.parse(read("pkcs8/" + file));
		assertThat(privateKey).isNotNull();
		assertThat(privateKey.getFormat()).isEqualTo("PKCS#8");
		assertThat(privateKey.getAlgorithm()).isEqualTo("EC");
		assertThat(privateKey).isInstanceOf(ECPrivateKey.class);
		ECPrivateKey ecPrivateKey = (ECPrivateKey) privateKey;
		assertThat(ecPrivateKey.getParams().toString()).contains(curveName).contains(oid);
	}

	@ParameterizedTest
	// @formatter:off
	@ValueSource(strings = {
			"brainpoolP256t1.key",
			"brainpoolP320t1.key",
			"brainpoolP384t1.key",
			"brainpoolP512t1.key"
	})
		// @formatter:on
	void shouldNotParseUnsupportedEcPkcs8(String file) {
		assertThatIllegalStateException().isThrownBy(() -> PemPrivateKeyParser.parse(read("pkcs8/" + file)))
			.withMessageContaining("Missing private key or unrecognized format");
	}

	@ParameterizedTest
	// @formatter:off
	@ValueSource(strings = {
			"ed448.key",
			"ed25519.key"
	})
		// @formatter:on
	void shouldParseEdDsaPkcs8(String file) throws IOException {
		PrivateKey privateKey = PemPrivateKeyParser.parse(read("pkcs8/" + file));
		assertThat(privateKey).isNotNull();
		assertThat(privateKey.getFormat()).isEqualTo("PKCS#8");
		assertThat(privateKey.getAlgorithm()).isEqualTo("EdDSA");
	}

	@ParameterizedTest
	// @formatter:off
	@ValueSource(strings = {
			"x448.key",
			"x25519.key"
	})
		// @formatter:on
	void shouldParseXdhPkcs8(String file) throws IOException {
		PrivateKey privateKey = PemPrivateKeyParser.parse(read("pkcs8/" + file));
		assertThat(privateKey).isNotNull();
		assertThat(privateKey.getFormat()).isEqualTo("PKCS#8");
		assertThat(privateKey.getAlgorithm()).isEqualTo("XDH");
	}

	@ParameterizedTest
	// @formatter:off
	@CsvSource({
			"brainpoolP256r1.key,	brainpoolP256r1,	1.3.36.3.3.2.8.1.1.7",
			"brainpoolP320r1.key,	brainpoolP320r1,	1.3.36.3.3.2.8.1.1.9",
			"brainpoolP384r1.key,	brainpoolP384r1,	1.3.36.3.3.2.8.1.1.11",
			"brainpoolP512r1.key,	brainpoolP512r1,	1.3.36.3.3.2.8.1.1.13",
			"prime256v1.key,		secp256r1,			1.2.840.10045.3.1.7",
			"secp224r1.key,			secp224r1,			1.3.132.0.33",
			"secp256k1.key,			secp256k1,			1.3.132.0.10",
			"secp256r1.key,			secp256r1,			1.2.840.10045.3.1.7",
			"secp384r1.key,			secp384r1,			1.3.132.0.34",
			"secp521r1.key,			secp521r1,			1.3.132.0.35"
	})
		// @formatter:on
	void shouldParseEcSec1(String file, String curveName, String oid) throws IOException {
		PrivateKey privateKey = PemPrivateKeyParser.parse(read("sec1/" + file));
		assertThat(privateKey).isNotNull();
		assertThat(privateKey.getFormat()).isEqualTo("PKCS#8");
		assertThat(privateKey.getAlgorithm()).isEqualTo("EC");
		assertThat(privateKey).isInstanceOf(ECPrivateKey.class);
		ECPrivateKey ecPrivateKey = (ECPrivateKey) privateKey;
		assertThat(ecPrivateKey.getParams().toString()).contains(curveName).contains(oid);
	}

	@ParameterizedTest
	// @formatter:off
	@ValueSource(strings = {
			"brainpoolP256t1.key",
			"brainpoolP320t1.key",
			"brainpoolP384t1.key",
			"brainpoolP512t1.key"
	})
		// @formatter:on
	void shouldNotParseUnsupportedEcSec1(String file) {
		assertThatIllegalStateException().isThrownBy(() -> PemPrivateKeyParser.parse(read("sec1/" + file)))
			.withMessageContaining("Missing private key or unrecognized format");
	}

	@Test
	void parseWithNonKeyTextWillThrowException() {
		assertThatIllegalStateException().isThrownBy(() -> PemPrivateKeyParser.parse(read("file.txt")));
	}

	@ParameterizedTest
	// @formatter:off
	@CsvSource({
			"dsa-aes-128-cbc.key,				DSA",
			"rsa-aes-256-cbc.key,				RSA",
			"prime256v1-aes-256-cbc.key,		EC",
			"ed25519-aes-256-cbc.key,			EdDSA",
			"x448-aes-256-cbc.key,				XDH"
	})
		// @formatter:on
	void shouldParseEncryptedPkcs8(String file, String algorithm) throws IOException {
		// Created with:
		// openssl pkcs8 -topk8 -in <input file> -out <output file> -v2 <algorithm>
		// -passout pass:test
		// where <algorithm> is aes128 or aes256
		PrivateKey privateKey = PemPrivateKeyParser.parse(read("pkcs8/" + file), "test");
		assertThat(privateKey).isNotNull();
		assertThat(privateKey.getFormat()).isEqualTo("PKCS#8");
		assertThat(privateKey.getAlgorithm()).isEqualTo(algorithm);
	}

	@Test
	void shouldNotParseEncryptedPkcs8NotUsingAes() {
		// Created with:
		// openssl pkcs8 -topk8 -in rsa.key -out rsa-des-ede3-cbc.key -v2 des3 -passout
		// pass:test
		assertThatIllegalStateException()
			.isThrownBy(() -> PemPrivateKeyParser.parse(read("pkcs8/rsa-des-ede3-cbc.key"), "test"))
			.isInstanceOf(IllegalStateException.class)
			.withMessageContaining("Error decrypting private key");
	}

	@Test
	void shouldNotParseEncryptedPkcs8NotUsingPbkdf2() {
		// Created with:
		// openssl pkcs8 -topk8 -in rsa.key -out rsa-des-ede3-cbc.key -scrypt -passout
		// pass:test
		assertThatIllegalStateException()
			.isThrownBy(() -> PemPrivateKeyParser.parse(read("pkcs8/rsa-scrypt.key"), "test"))
			.withMessageContaining("Error decrypting private key");
	}

	@Test
	void shouldNotParseEncryptedSec1() {
		// created with:
		// openssl ecparam -genkey -name prime256v1 | openssl ec -aes-128-cbc -out
		// prime256v1-aes-128-cbc.key
		assertThatIllegalStateException()
			.isThrownBy(() -> PemPrivateKeyParser.parse(read("sec1/prime256v1-aes-128-cbc.key"), "test"))
			.withMessageContaining("Missing private key or unrecognized format");
	}

	@Test
	void shouldNotParseEncryptedPkcs1() {
		// created with:
		// openssl genrsa -aes-256-cbc -out rsa-aes-256-cbc.key
		assertThatIllegalStateException()
			.isThrownBy(() -> PemPrivateKeyParser.parse(read("pkcs1/rsa-aes-256-cbc.key"), "test"))
			.withMessageContaining("Missing private key or unrecognized format");
	}

	private String read(String path) throws IOException {
		return new ClassPathResource("org/springframework/boot/ssl/pem/" + path)
			.getContentAsString(StandardCharsets.UTF_8);
	}

}

Source

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free