ExternalVendorCode/chirpstack
1
0
Fork 0
mirror of https://github.com/chirpstack/chirpstack.git synced 2025-06-22 00:57:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add auto conversion for SEC1 EC keys to PKCS#8.

Browse Source 
Fixes #386.
This commit is contained in:
Orne Brocaar
2024-03-27 09:50:18 +00:00
parent 286d8b33b2
commit 2c06edd6ff
3 changed files with 22 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@ -819,6 +819,7 @@ dependencies = [
"diesel-async", "diesel-async",
"diesel_migrations", "diesel_migrations",
"dotenv", "dotenv",
"elliptic-curve",
"email_address", "email_address",
"futures", "futures",
"futures-util", "futures-util",
@ -839,6 +840,7 @@ dependencies = [
"mime_guess", "mime_guess",
"oauth2", "oauth2",
"openidconnect", "openidconnect",
"p256",
"pbjson-types", "pbjson-types",
"pbkdf2", "pbkdf2",
"petgraph", "petgraph",

2
chirpstack/Cargo.toml
View File

@ -105,6 +105,8 @@ rustls = "0.22"
rustls-native-certs = "0.7" rustls-native-certs = "0.7"
rustls-pemfile = "2.1" rustls-pemfile = "2.1"
rsa = "0.9" rsa = "0.9"
elliptic-curve = { version = "0.13", features = ["pem"] }
p256 = "0.13"
rcgen = { version = "0.12", features = [ "x509-parser" ] } rcgen = { version = "0.12", features = [ "x509-parser" ] }
openidconnect = { version = "3.5", features = ["accept-rfc3339-timestamps"] } openidconnect = { version = "3.5", features = ["accept-rfc3339-timestamps"] }
oauth2 = "4.4" oauth2 = "4.4"

23
chirpstack/src/certificate.rs
View File

@ -4,11 +4,6 @@ use anyhow::{Context, Result};
use rcgen::{ use rcgen::{
Certificate, CertificateParams, DnType, ExtendedKeyUsagePurpose, KeyPair, KeyUsagePurpose, Certificate, CertificateParams, DnType, ExtendedKeyUsagePurpose, KeyPair, KeyUsagePurpose,
}; };
use rsa::{
pkcs1::DecodeRsaPrivateKey,
pkcs8::{EncodePrivateKey, LineEnding},
RsaPrivateKey,
};
use tokio::fs; use tokio::fs;
use uuid::Uuid; use uuid::Uuid;
@ -100,9 +95,27 @@ pub async fn client_cert_for_application_id(
fn private_key_to_pkcs8(pem: &str) -> Result<String> { fn private_key_to_pkcs8(pem: &str) -> Result<String> {
if pem.contains("RSA PRIVATE KEY") { if pem.contains("RSA PRIVATE KEY") {
use rsa::{
pkcs1::DecodeRsaPrivateKey,
pkcs8::{EncodePrivateKey, LineEnding},
RsaPrivateKey,
};
let pkey = RsaPrivateKey::from_pkcs1_pem(pem).context("Read RSA PKCS#1")?; let pkey = RsaPrivateKey::from_pkcs1_pem(pem).context("Read RSA PKCS#1")?;
let pkcs8_pem = pkey.to_pkcs8_pem(LineEnding::default())?; let pkcs8_pem = pkey.to_pkcs8_pem(LineEnding::default())?;
Ok(pkcs8_pem.as_str().to_owned()) Ok(pkcs8_pem.as_str().to_owned())
} else if pem.contains("EC PRIVATE KEY") {
use elliptic_curve::{
pkcs8::{EncodePrivateKey, LineEnding},
SecretKey,
};
// We assume it is a P256 based secret-key, which is the most popular curve.
// Attempting to decode it as P256 is still better than just failing to read it.
let pkey: SecretKey<p256::NistP256> =
SecretKey::from_sec1_pem(pem).context("Read EC SEC1")?;
let pkcs8_pem = pkey.to_pkcs8_pem(LineEnding::default())?;
Ok(pkcs8_pem.as_str().to_owned())
} else { } else {
Ok(pem.to_string()) Ok(pem.to_string())
} }