forked from elastic/elasticsearch
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add support for more named curves (elastic#55179) (elastic#55538)
We implicitly only supported the prime256v1 ( aka secp256r1 ) curve for the EC keys we read as PEM files to be used in any SSL Context. We would not fail when trying to read a key pair using a different curve but we would silently assume that it was using `secp256r1` which would lead to strange TLS handshake issues if the curve was actually another one. This commit fixes that behavior in that it supports parsing EC keys that use any of the named curves defined in rfc5915 and rfc5480 making no assumptions about whether the security provider in use supports them (JDK8 and higher support all the curves defined in rfc5480).
- Loading branch information
Showing
19 changed files
with
316 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13 changes: 13 additions & 0 deletions
13
libs/ssl-config/src/test/resources/certs/pem-utils/certificate_secp256r1.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIICBzCCAaygAwIBAgIUAhfs6i7USsFCrKcjhaYmjOOekd8wCgYIKoZIzj0EAwIw | ||
| IjEgMB4GA1UEAxMXRWxhc3RpY3NlYXJjaCBUZXN0IE5vZGUwHhcNMjAwNDE0MTg0 | ||
| OTA0WhcNMjQwNDEzMTg0OTA0WjAiMSAwHgYDVQQDExdFbGFzdGljc2VhcmNoIFRl | ||
| c3QgTm9kZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABN7Ioe2JD2Ssbk0pF19W | ||
| iwO/leZtIcCIZP9btPMGhq0r4e6va/qCYFRJoAMEKv49RQwL23MfBK1Djm63pl7z | ||
| 33Cjgb8wgbwwCQYDVR0TBAIwADAdBgNVHQ4EFgQUZGVhl0jaavD09XqqAZq+QB+q | ||
| VzMwgY8GA1UdEQSBhzCBhIIJbG9jYWxob3N0ghVsb2NhbGhvc3QubG9jYWxkb21h | ||
| aW6CCmxvY2FsaG9zdDSCF2xvY2FsaG9zdDQubG9jYWxkb21haW40ggpsb2NhbGhv | ||
| c3Q2ghdsb2NhbGhvc3Q2LmxvY2FsZG9tYWluNocEfwAAAYcQAAAAAAAAAAAAAAAA | ||
| AAAAATAKBggqhkjOPQQDAgNJADBGAiEA5rkkz7V8zFb9ME4b3SiBqFQaXGnLNzz5 | ||
| UXmL31oevUUCIQCsL/qw/HKhBtojG9LnK5TezFCYauafDPsVqsxvj7F9UA== | ||
| -----END CERTIFICATE----- |
15 changes: 15 additions & 0 deletions
15
libs/ssl-config/src/test/resources/certs/pem-utils/certificate_secp384r1.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIICQzCCAcmgAwIBAgIUFBuqf8Y7xcDb5MvDH3/WKCaqZOwwCgYIKoZIzj0EAwIw | ||
| IjEgMB4GA1UEAxMXRWxhc3RpY3NlYXJjaCBUZXN0IE5vZGUwHhcNMjAwNDE0MTg1 | ||
| MjE4WhcNMjQwNDEzMTg1MjE4WjAiMSAwHgYDVQQDExdFbGFzdGljc2VhcmNoIFRl | ||
| c3QgTm9kZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABKLpoDYudvcmGfr1+aImIap7 | ||
| C1cC9SUBcI8EOWlogODMUM1DWcaWrQbbQzhUNpQFvX6A/I2SiME5WM2IC+lJX/W8 | ||
| fafcLzYF+Ts2Eftmdi9usBsQz+JEGTPcgRNyM/N3FaOBvzCBvDAJBgNVHRMEAjAA | ||
| MB0GA1UdDgQWBBTuCqvozIlpHH5kLc3BfsT1bRqpHDCBjwYDVR0RBIGHMIGEggls | ||
| b2NhbGhvc3SCFWxvY2FsaG9zdC5sb2NhbGRvbWFpboIKbG9jYWxob3N0NIIXbG9j | ||
| YWxob3N0NC5sb2NhbGRvbWFpbjSCCmxvY2FsaG9zdDaCF2xvY2FsaG9zdDYubG9j | ||
| YWxkb21haW42hwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMAoGCCqGSM49BAMCA2gA | ||
| MGUCMQDtmO2fQY1vVD58fFHsAt0LoStzrhB22SkcfKtTVNlrHkTX8SXjToqKKbxX | ||
| AMgUCNoCMFSn7lc3V7xycDx+P1icdb+jLVoFl7G1Ki17B1z6W8JlZRJBsyEiu6qC | ||
| UxZU5NBdww== | ||
| -----END CERTIFICATE----- |
16 changes: 16 additions & 0 deletions
16
libs/ssl-config/src/test/resources/certs/pem-utils/certificate_secp521r1.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIICjjCCAe+gAwIBAgIUR5YlaSjZ7BE/bCe5f2966kG8+cowCgYIKoZIzj0EAwIw | ||
| IjEgMB4GA1UEAxMXRWxhc3RpY3NlYXJjaCBUZXN0IE5vZGUwHhcNMjAwNDE0MTg1 | ||
| MjM4WhcNMjQwNDEzMTg1MjM4WjAiMSAwHgYDVQQDExdFbGFzdGljc2VhcmNoIFRl | ||
| c3QgTm9kZTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAC/v/jT1EwJzFyVjSYw8 | ||
| H/Ix6Ty9KjTJ+duN1qc9ByGg2YoJw5Z179mAPoDp7LalGCawplhs38J45rqh7pbN | ||
| MI+1AaAilKSJiuIzByPlkKjxWOX1sYaxmBY4Kc0UOKpqFfY70fBzhIi8M+9t3eaB | ||
| TWoLbIghGkDHG6icTCUawesuTI7/o4G/MIG8MAkGA1UdEwQCMAAwHQYDVR0OBBYE | ||
| FNIirnFLQRx8t9uMd3D5Cux+/uSzMIGPBgNVHREEgYcwgYSCCWxvY2FsaG9zdIIV | ||
| bG9jYWxob3N0LmxvY2FsZG9tYWluggpsb2NhbGhvc3Q0ghdsb2NhbGhvc3Q0Lmxv | ||
| Y2FsZG9tYWluNIIKbG9jYWxob3N0NoIXbG9jYWxob3N0Ni5sb2NhbGRvbWFpbjaH | ||
| BH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDgYwAMIGIAkIAo+T4 | ||
| wkgf9OwzupXYQc8ftQydvucF29sK1OdJDnJHN/oBFtYdo4ZOMar8PzJZ3KtiOETo | ||
| IInuL8YE6kO9aTaQOUwCQgDfs3/nnEITC9OzpYpHWDp54phcrKgbHUDEUPn8CPU1 | ||
| aH8dJ/TVeSiYkt7dAeqklOP790HfHjS+rTAyMFn7uq4pkw== | ||
| -----END CERTIFICATE----- |
8 changes: 8 additions & 0 deletions
8
libs/ssl-config/src/test/resources/certs/pem-utils/private_secp256r1.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| -----BEGIN EC PARAMETERS----- | ||
| BggqhkjOPQMBBw== | ||
| -----END EC PARAMETERS----- | ||
| -----BEGIN EC PRIVATE KEY----- | ||
| MHcCAQEEIMdU2MBFYjUeThgqXbSrVByV+rMmsKKe6qzwBjgBwgHXoAoGCCqGSM49 | ||
| AwEHoUQDQgAE3sih7YkPZKxuTSkXX1aLA7+V5m0hwIhk/1u08waGrSvh7q9r+oJg | ||
| VEmgAwQq/j1FDAvbcx8ErUOObremXvPfcA== | ||
| -----END EC PRIVATE KEY----- |
9 changes: 9 additions & 0 deletions
9
libs/ssl-config/src/test/resources/certs/pem-utils/private_secp384r1.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| -----BEGIN EC PARAMETERS----- | ||
| BgUrgQQAIg== | ||
| -----END EC PARAMETERS----- | ||
| -----BEGIN EC PRIVATE KEY----- | ||
| MIGkAgEBBDA6lA/V9jd1eZJrD+fkOJMNWDU0xT5aRyUJxrNdIwMWFu1wvswHLvF8 | ||
| kZELRUMx3QmgBwYFK4EEACKhZANiAASi6aA2Lnb3Jhn69fmiJiGqewtXAvUlAXCP | ||
| BDlpaIDgzFDNQ1nGlq0G20M4VDaUBb1+gPyNkojBOVjNiAvpSV/1vH2n3C82Bfk7 | ||
| NhH7ZnYvbrAbEM/iRBkz3IETcjPzdxU= | ||
| -----END EC PRIVATE KEY----- |
10 changes: 10 additions & 0 deletions
10
libs/ssl-config/src/test/resources/certs/pem-utils/private_secp521r1.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| -----BEGIN EC PARAMETERS----- | ||
| BgUrgQQAIw== | ||
| -----END EC PARAMETERS----- | ||
| -----BEGIN EC PRIVATE KEY----- | ||
| MIHcAgEBBEIANfC2QUp9OWMWk+1+7i1S3hhg1sXiE2Ysv2lTSV3Jct547FJRoNnl | ||
| kJEdojfPbWNlP/uxtoWdIY0T/c+K8ErSkPGgBwYFK4EEACOhgYkDgYYABAAv7/40 | ||
| 9RMCcxclY0mMPB/yMek8vSo0yfnbjdanPQchoNmKCcOWde/ZgD6A6ey2pRgmsKZY | ||
| bN/CeOa6oe6WzTCPtQGgIpSkiYriMwcj5ZCo8Vjl9bGGsZgWOCnNFDiqahX2O9Hw | ||
| c4SIvDPvbd3mgU1qC2yIIRpAxxuonEwlGsHrLkyO/w== | ||
| -----END EC PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13 changes: 13 additions & 0 deletions
13
...ces/org/elasticsearch/xpack/security/transport/ssl/certs/simple/certificate_secp256r1.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIICBzCCAaygAwIBAgIUAhfs6i7USsFCrKcjhaYmjOOekd8wCgYIKoZIzj0EAwIw | ||
| IjEgMB4GA1UEAxMXRWxhc3RpY3NlYXJjaCBUZXN0IE5vZGUwHhcNMjAwNDE0MTg0 | ||
| OTA0WhcNMjQwNDEzMTg0OTA0WjAiMSAwHgYDVQQDExdFbGFzdGljc2VhcmNoIFRl | ||
| c3QgTm9kZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABN7Ioe2JD2Ssbk0pF19W | ||
| iwO/leZtIcCIZP9btPMGhq0r4e6va/qCYFRJoAMEKv49RQwL23MfBK1Djm63pl7z | ||
| 33Cjgb8wgbwwCQYDVR0TBAIwADAdBgNVHQ4EFgQUZGVhl0jaavD09XqqAZq+QB+q | ||
| VzMwgY8GA1UdEQSBhzCBhIIJbG9jYWxob3N0ghVsb2NhbGhvc3QubG9jYWxkb21h | ||
| aW6CCmxvY2FsaG9zdDSCF2xvY2FsaG9zdDQubG9jYWxkb21haW40ggpsb2NhbGhv | ||
| c3Q2ghdsb2NhbGhvc3Q2LmxvY2FsZG9tYWluNocEfwAAAYcQAAAAAAAAAAAAAAAA | ||
| AAAAATAKBggqhkjOPQQDAgNJADBGAiEA5rkkz7V8zFb9ME4b3SiBqFQaXGnLNzz5 | ||
| UXmL31oevUUCIQCsL/qw/HKhBtojG9LnK5TezFCYauafDPsVqsxvj7F9UA== | ||
| -----END CERTIFICATE----- |
15 changes: 15 additions & 0 deletions
15
...ces/org/elasticsearch/xpack/security/transport/ssl/certs/simple/certificate_secp384r1.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIICQzCCAcmgAwIBAgIUFBuqf8Y7xcDb5MvDH3/WKCaqZOwwCgYIKoZIzj0EAwIw | ||
| IjEgMB4GA1UEAxMXRWxhc3RpY3NlYXJjaCBUZXN0IE5vZGUwHhcNMjAwNDE0MTg1 | ||
| MjE4WhcNMjQwNDEzMTg1MjE4WjAiMSAwHgYDVQQDExdFbGFzdGljc2VhcmNoIFRl | ||
| c3QgTm9kZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABKLpoDYudvcmGfr1+aImIap7 | ||
| C1cC9SUBcI8EOWlogODMUM1DWcaWrQbbQzhUNpQFvX6A/I2SiME5WM2IC+lJX/W8 | ||
| fafcLzYF+Ts2Eftmdi9usBsQz+JEGTPcgRNyM/N3FaOBvzCBvDAJBgNVHRMEAjAA | ||
| MB0GA1UdDgQWBBTuCqvozIlpHH5kLc3BfsT1bRqpHDCBjwYDVR0RBIGHMIGEggls | ||
| b2NhbGhvc3SCFWxvY2FsaG9zdC5sb2NhbGRvbWFpboIKbG9jYWxob3N0NIIXbG9j | ||
| YWxob3N0NC5sb2NhbGRvbWFpbjSCCmxvY2FsaG9zdDaCF2xvY2FsaG9zdDYubG9j | ||
| YWxkb21haW42hwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMAoGCCqGSM49BAMCA2gA | ||
| MGUCMQDtmO2fQY1vVD58fFHsAt0LoStzrhB22SkcfKtTVNlrHkTX8SXjToqKKbxX | ||
| AMgUCNoCMFSn7lc3V7xycDx+P1icdb+jLVoFl7G1Ki17B1z6W8JlZRJBsyEiu6qC | ||
| UxZU5NBdww== | ||
| -----END CERTIFICATE----- |
16 changes: 16 additions & 0 deletions
16
...ces/org/elasticsearch/xpack/security/transport/ssl/certs/simple/certificate_secp521r1.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIICjjCCAe+gAwIBAgIUR5YlaSjZ7BE/bCe5f2966kG8+cowCgYIKoZIzj0EAwIw | ||
| IjEgMB4GA1UEAxMXRWxhc3RpY3NlYXJjaCBUZXN0IE5vZGUwHhcNMjAwNDE0MTg1 | ||
| MjM4WhcNMjQwNDEzMTg1MjM4WjAiMSAwHgYDVQQDExdFbGFzdGljc2VhcmNoIFRl | ||
| c3QgTm9kZTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAC/v/jT1EwJzFyVjSYw8 | ||
| H/Ix6Ty9KjTJ+duN1qc9ByGg2YoJw5Z179mAPoDp7LalGCawplhs38J45rqh7pbN | ||
| MI+1AaAilKSJiuIzByPlkKjxWOX1sYaxmBY4Kc0UOKpqFfY70fBzhIi8M+9t3eaB | ||
| TWoLbIghGkDHG6icTCUawesuTI7/o4G/MIG8MAkGA1UdEwQCMAAwHQYDVR0OBBYE | ||
| FNIirnFLQRx8t9uMd3D5Cux+/uSzMIGPBgNVHREEgYcwgYSCCWxvY2FsaG9zdIIV | ||
| bG9jYWxob3N0LmxvY2FsZG9tYWluggpsb2NhbGhvc3Q0ghdsb2NhbGhvc3Q0Lmxv | ||
| Y2FsZG9tYWluNIIKbG9jYWxob3N0NoIXbG9jYWxob3N0Ni5sb2NhbGRvbWFpbjaH | ||
| BH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDgYwAMIGIAkIAo+T4 | ||
| wkgf9OwzupXYQc8ftQydvucF29sK1OdJDnJHN/oBFtYdo4ZOMar8PzJZ3KtiOETo | ||
| IInuL8YE6kO9aTaQOUwCQgDfs3/nnEITC9OzpYpHWDp54phcrKgbHUDEUPn8CPU1 | ||
| aH8dJ/TVeSiYkt7dAeqklOP790HfHjS+rTAyMFn7uq4pkw== | ||
| -----END CERTIFICATE----- |
8 changes: 8 additions & 0 deletions
8
...sources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/private_secp256r1.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| -----BEGIN EC PARAMETERS----- | ||
| BggqhkjOPQMBBw== | ||
| -----END EC PARAMETERS----- | ||
| -----BEGIN EC PRIVATE KEY----- | ||
| MHcCAQEEIMdU2MBFYjUeThgqXbSrVByV+rMmsKKe6qzwBjgBwgHXoAoGCCqGSM49 | ||
| AwEHoUQDQgAE3sih7YkPZKxuTSkXX1aLA7+V5m0hwIhk/1u08waGrSvh7q9r+oJg | ||
| VEmgAwQq/j1FDAvbcx8ErUOObremXvPfcA== | ||
| -----END EC PRIVATE KEY----- |
9 changes: 9 additions & 0 deletions
9
...sources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/private_secp384r1.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| -----BEGIN EC PARAMETERS----- | ||
| BgUrgQQAIg== | ||
| -----END EC PARAMETERS----- | ||
| -----BEGIN EC PRIVATE KEY----- | ||
| MIGkAgEBBDA6lA/V9jd1eZJrD+fkOJMNWDU0xT5aRyUJxrNdIwMWFu1wvswHLvF8 | ||
| kZELRUMx3QmgBwYFK4EEACKhZANiAASi6aA2Lnb3Jhn69fmiJiGqewtXAvUlAXCP | ||
| BDlpaIDgzFDNQ1nGlq0G20M4VDaUBb1+gPyNkojBOVjNiAvpSV/1vH2n3C82Bfk7 | ||
| NhH7ZnYvbrAbEM/iRBkz3IETcjPzdxU= | ||
| -----END EC PRIVATE KEY----- |
Oops, something went wrong.