cert-signer.git

commit fe7b972d29b2e63536932fc017a78bc89bcade9c

Author: Paolo Lulli <paolo@lulli.net>

Proper PEM formatting


 src/main/java/net/lulli/certsigner/util/FileCAUtils.java | 45 +++++----
 src/main/java/net/lulli/certsigner/util/Serde.java | 32 ++++---


diff --git a/src/main/java/net/lulli/certsigner/util/FileCAUtils.java b/src/main/java/net/lulli/certsigner/util/FileCAUtils.java
index 3626306c3adb34642cf3d838949c2054030c1fea..447cddb4c6b8e647ed12ed9f1ffbe8cdde374c42 100644
--- a/src/main/java/net/lulli/certsigner/util/FileCAUtils.java
+++ b/src/main/java/net/lulli/certsigner/util/FileCAUtils.java
@@ -1,17 +1,17 @@
-/* 
+/*
  * This file is part of cert-signer
  * Copyright (c) 2024 Paolo Lulli.
- * 
- * This program is free software: you can redistribute it and/or modify  
- * it under the terms of the GNU General Public License as published by  
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation, version 3.
  *
- * This program is distributed in the hope that it will be useful, but 
- * WITHOUT ANY WARRANTY; without even the implied warranty of 
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  * General Public License for more details.
  *
- * You should have received a copy of the GNU General Public License 
+ * You should have received a copy of the GNU General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
@@ -21,9 +21,12 @@ import net.lulli.certsigner.Settings;
 import net.lulli.certsigner.ca.CertificateIssue;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.pkcs.PKCS10CertificationRequest;
-import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.util.io.pem.PemWriter;
 
-import java.io.*;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.StringWriter;
 import java.security.*;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
@@ -122,10 +125,6 @@             throw new IllegalStateException(e.getMessage());
         }
     }
 
-
-
-
-
     static void keyPairToKeystore(KeyPair keyPair, Certificate certificate, String alias, String dirName, String storeType, String storePass) {
         try {
             KeyStore sslKeyStore = KeyStore.getInstance(storeType, Settings.BC_PROVIDER);
@@ -139,10 +138,18 @@         }
     }
 
     static void certToPemFile(Certificate certificate, String fileName) throws Exception {
-        FileOutputStream certificateOut = new FileOutputStream(fileName);
-        certificateOut.write("-----BEGIN CERTIFICATE-----\n".getBytes());
-        certificateOut.write(Base64.encode(certificate.getEncoded()));
-        certificateOut.write("-----END CERTIFICATE-----\n".getBytes());
-        certificateOut.close();
+        try {
+            FileOutputStream certificateOut = new FileOutputStream(fileName);
+            var pemObject = new PemObject("CERTIFICATE", certificate.getEncoded());
+            var str = new StringWriter();
+            var pemWriter = new PemWriter(str);
+            pemWriter.writeObject(pemObject);
+            pemWriter.close();
+            str.close();
+            certificateOut.write(str.toString().getBytes());
+            certificateOut.close();
+        } catch (Exception e) {
+            throw new IllegalStateException(e.getMessage());
+        }
     }
 }




diff --git a/src/main/java/net/lulli/certsigner/util/Serde.java b/src/main/java/net/lulli/certsigner/util/Serde.java
index 3a31f5786a821f97978dc5c9174371122862aaa0..cf2f666da384fce45456b210b6acc35ccbe32836 100644
--- a/src/main/java/net/lulli/certsigner/util/Serde.java
+++ b/src/main/java/net/lulli/certsigner/util/Serde.java
@@ -19,6 +19,8 @@ package net.lulli.certsigner.util;
 
 import org.bouncycastle.openssl.PEMParser;
 import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.util.io.pem.PemWriter;
 
 import java.io.*;
 import java.nio.file.Files;
@@ -83,27 +85,29 @@     }
 
     public static String toPem(PrivateKey privateKey) {
         try {
-            Writer out = new StringWriter();
-            out.write("-----BEGIN RSA PRIVATE KEY-----\n");
-            writeBase64(out, privateKey);
-            out.write("-----END RSA PRIVATE KEY-----\n");
-
-            return out.toString();
+            var pemObject = new PemObject("RSA PRIVATE KEY", privateKey.getEncoded());
+            var str = new StringWriter();
+            var pemWriter = new PemWriter(str);
+            pemWriter.writeObject(pemObject);
+            pemWriter.close();
+            str.close();
+            return str.toString();
         } catch (Exception e) {
-            return null;
+            throw new IllegalStateException(e.getMessage());
         }
     }
 
     public static String toPem(PublicKey publicKey) {
         try {
-            Writer out = new StringWriter();
-            out.write("-----BEGIN RSA PUBLIC KEY-----\n");
-            writeBase64(out, publicKey);
-            out.write("-----END RSA PUBLIC KEY-----\n");
-
-            return out.toString();
+            var pemObject = new PemObject("RSA PUBLIC KEY", publicKey.getEncoded());
+            var str = new StringWriter();
+            var pemWriter = new PemWriter(str);
+            pemWriter.writeObject(pemObject);
+            pemWriter.close();
+            str.close();
+            return str.toString();
         } catch (Exception e) {
-            return null;
+            throw new IllegalStateException(e.getMessage());
         }
     }