test for base64 encoded certs

Author: danielpeach

java-plugin/src/main/kotlin/io/github/danielpeach/plugin/Manager.kt

@@ -178,7 +178,7 @@ class Manager {
     val serverCertificate = split.getOrNull(5)?.let {
       if (it == "") return@let null
 
-      val cert = parseEncodedCertificate(it)
+      val cert = parseBase64EncodedCertificate(it)
       cert.checkValidity()
       cert
     }

java-plugin/src/main/kotlin/io/github/danielpeach/plugin/certificates.kt

@@ -12,19 +12,15 @@ import java.math.BigInteger
 import java.security.*
 import java.security.cert.CertificateFactory
 import java.security.cert.X509Certificate
-import java.security.spec.PKCS8EncodedKeySpec
 import java.util.*
 import javax.net.ssl.TrustManagerFactory
 
 private const val SHA_256 = "SHA-256"
-private const val BEGIN_PRIVATE_KEY = "-----BEGIN PRIVATE KEY-----"
-private const val END_PRIVATE_KEY = "-----END PRIVATE KEY-----"
 private const val BEGIN_CERT = "-----BEGIN CERTIFICATE-----"
 private const val END_CERT = "-----END CERTIFICATE-----"
 private val LINE_SEPARATOR: String = System.getProperty("line.separator")
 
-/** Parses a base64-encoded X.509 certificate. */
-internal fun parseEncodedCertificate(cert: String): X509Certificate {
+internal fun parseBase64EncodedCertificate(cert: String): X509Certificate {
   return parseCertificate(Base64.getDecoder().decode(cert).inputStream())
 }
 
@@ -37,16 +33,6 @@ internal fun parseCertificate(cert: InputStream): X509Certificate {
   return factory.generateCertificate(cert) as X509Certificate
 }
 
-internal fun parsePEMKey(raw: String): PrivateKey {
-  return raw
-    .replace(BEGIN_PRIVATE_KEY, "")
-    .replace(END_PRIVATE_KEY, "")
-    .replace(LINE_SEPARATOR, "")
-    .let { Base64.getDecoder().decode(it) }
-    .let { PKCS8EncodedKeySpec(it) }
-    .let { KeyFactory.getInstance("EC").generatePrivate(it) }
-}
-
 internal fun fingerprintCertificate(certificate: ByteArray, algorithm: String): String {
   val md = MessageDigest.getInstance(algorithm)
   return BaseEncoding.base16().encode(md.digest(certificate))

java-plugin/src/test/kotlin/io/github/danielpeach/plugin/CertificatesTest.kt

@@ -4,6 +4,8 @@ import dev.minutest.junit.JUnit5Minutests
 import dev.minutest.rootContext
 import strikt.api.expectCatching
 import strikt.assertions.isSuccess
+import java.nio.charset.Charset
+import java.util.*
 
 class CertificatesTest : JUnit5Minutests {
   fun tests() = rootContext {
@@ -14,5 +16,17 @@ class CertificatesTest : JUnit5Minutests {
 
       expectCatching { parseCertificate(pemEncodedCert).checkValidity() }.isSuccess()
     }
+
+    test("generate -> base64 encode -> decode") {
+      val (_, cert) = generateCert()
+
+      val base64PemEncodedCert = writeCertAsPEM(cert).let { pem ->
+        Base64.getEncoder().encode(pem.toByteArray()).toString(Charset.defaultCharset())
+      }
+
+      expectCatching {
+        parseBase64EncodedCertificate(base64PemEncodedCert).checkValidity()
+      }.isSuccess()
+    }
   }
 }