Skip to content

Improve SSLUtils Private Key Loading #2440

New issue
New issue
Closed
Closed
Improve SSLUtils Private Key Loading#2440
@exceptionfactory

Description

@exceptionfactory
exceptionfactory
opened on Nov 4, 2022

Describe the bug
The io.kubernetes.client.util.SSLUtils class contains several loadKey methods that use a variety of approaches to read private keys from PEM-encoded bytes. The current implementation relies on the client key algorithm parsed from the PEM header to determine the parsing strategy, using the Bouncy Castle PEMParser for ECDSA, custom DER parsing for PKCS1 RSA, and attempting to use the Java PKCS8EncodedKeySpec for RSA or ECDSA encoded using PKCS8.

Client Version
16.0.2

Kubernetes Version
1.24.0

Java Version
Java 8

To Reproduce
NA

Expected behavior
The Bouncy Castle PEMParser supports both PKCS1 and PKCS8 encoding for all of private key algorithms listed, so the implementation could be streamlined to eliminate custom DER parsing and avoid the current try-catch approach for RSA and ECDSA PKCS8.

KubeConfig
NA

Server (please complete the following information):
NA

Additional context
I am interesting in contributing a pull request with these improvements.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions