Skip to content

Refactor SSLUtils.loadKey using PEMParser #2441

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 8, 2022
Merged

Refactor SSLUtils.loadKey using PEMParser #2441

merged 3 commits into from
Nov 8, 2022

Conversation

@exceptionfactory
Copy link
Contributor

@exceptionfactory exceptionfactory commented Nov 4, 2022

This pull request implements private key loading refactoring proposed in #2440.

The implementation refactors the SSLUtils.loadKey method to use the Bouncy Castle PEMParser for all types of private keys. The existing implementation uses PEMParser for ECDSA Private Keys, and the proposed changes eliminate the need for custom DER and PKCS8 parsing. Changes include updates to the SSLUtils test class, providing a reusable test method and also asserting expected algorithm values for parsed Private Keys.

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Nov 4, 2022
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: exceptionfactory (37cbbe0)

@k8s-ci-robot k8s-ci-robot added the cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. label Nov 4, 2022
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Nov 4, 2022

Welcome @exceptionfactory!

It looks like this is your first PR to kubernetes-client/java 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-client/java has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Nov 4, 2022
@exceptionfactory
Refactored SSLUtils.loadKey using PEMParser
37cbbe0 
- Removed custom DER parsing and Base64 decoding in favor of Bouncy Castle PEM Parser
- Refactored SSLUtilsTest methods with reusable assertion method and algorithm checks
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Nov 4, 2022
@brendandburns
Copy link
Contributor

brendandburns commented Nov 4, 2022

Thanks for the PR. A couple of questions:
First, I'm curious about the motivation for the PR. It looks like a general cleanup and that's appreciated, but did you run into problems with the other code?

Second can I request that this is split into two PRs:

  1. the refactor to SSLUtils
  2. the refactor to the unit tests

The reason for this is that I want to make sure that the existing tests pass with the refactored SSL code. I worry that in refactoring both the implementation and the test at the same time it is possible for behaviors to regress.

Thanks!

@exceptionfactory
Copy link
Contributor Author

exceptionfactory commented Nov 4, 2022

Thanks for the quick reply @brendandburns!

I was reviewing the client code for its approach to loading private keys and came across issue #1724. I also noted the code comments with the try-catch approach to handling different algorithms with PKCS8. I haven't noticed any runtime issues, but I have worked on projects such as sshj to improve key loading.

I understand the concern about refactoring both the implementation and tests together. I will update this PR to remove the unit test updates and create a new PR for just those changes.

@exceptionfactory exceptionfactory mentioned this pull request Nov 4, 2022
Merged
@brendandburns
Copy link
Contributor

brendandburns commented Nov 8, 2022

/lgtm
/approve

(assuming tests pass :)

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 8, 2022
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Nov 8, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: brendandburns, exceptionfactory

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 8, 2022
@k8s-ci-robot k8s-ci-robot merged commit 4ca34f4 into kubernetes-client:master Nov 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brendandburns brendandburns Awaiting requested review from brendandburns

@yue9944882 yue9944882 Awaiting requested review from yue9944882

Assignees

@brendandburns brendandburns

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@exceptionfactory @k8s-ci-robot @brendandburns