diff options
| author | MAKS11060 <31521952+MAKS11060@users.noreply.github.com> | 2024-04-08 19:36:34 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-08 11:36:34 -0600 |
| commit | e3833b5a52a06a421fe5cb0f42ed6d7dd23a06b8 (patch) | |
| tree | cb3a5ec08e24eca6012d81534d5a8eca1aaf1c55 /ext/tls | |
| parent | 2670c1d580320ed01d3a7add27bc5db2a23ac80b (diff) | |
fix(ext/tls): add support EC private key (#23261)
Deno works with the `EC` key, but cannot recognize it.
This code works correctly if the prefix 'EC' is removed.
```typescript
const cert = `-----BEGIN CERTIFICATE-----
MIICqjCCAZKgAwIBAgIULvZQk8us6eYdpKZraHVkW8YKL/IwDQYJKoZIhvcNAQEL
BQAwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD0V4YW1wbGUtUm9vdC1DQTAgFw0y
NDA0MDYwNzM4MDlaGA8yMTIzMDMxNDA3MzgwOVowbTELMAkGA1UEBhMCVVMxEjAQ
BgNVBAgMCVlvdXJTdGF0ZTERMA8GA1UEBwwIWW91ckNpdHkxHTAbBgNVBAoMFEV4
YW1wbGUtQ2VydGlmaWNhdGVzMRgwFgYDVQQDDA9sb2NhbGhvc3QubG9jYWwwWTAT
BgcqhkjOPQIBBggqhkjOPQMBBwNCAATWOALcgzz4LbNikhjVGpkOCUmR8NahjfFw
9pNBuyZnaTcjfeGfiPaV0iQqvTuQnmL+fTBw8PKxzlKGpzsodQaWo1EwTzAfBgNV
HSMEGDAWgBTzut+pwwDfqmMYcI9KNWRDhxcIpTAJBgNVHRMEAjAAMAsGA1UdDwQE
AwIE8DAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggEBABWp
5LsGj5mWGIy7XpksXb0k2e3fUh+CobNl4JbvE7em68nuyojm0+/vEs8Bpd9vJaUo
tU1btyTO8xUlOGeyNa9Ddd2gj3oB8IGMjxhazWTSDseZ/WqBt6OudPMmnj+jPRQL
8Hb0vyXfmabZnWO9WH9/tcCoGdUdKo2KYN/7M2ojSeRq/4BIL08lC2SVX8DlBG40
8aj3FJo9xsUG59NI31iXVN1UPEN2pakKRJdSVdpbBjxDaEoLw/TB02gqfA43T1fU
wKz+0UYxSCjeW0lOZ3wlaNN2KqiHLuQ6ePG5kqD8aRufmYWK/ImlO/ZiSX60GiPu
K1cC6aWEohOhx+k424Y=
-----END CERTIFICATE-----`
const key = `-----BEGIN EC PRIVATE KEY-----
MHcCAQEEILL8H0x2ZP/ZZ+CwmKLS/zRleO7k7NBgWH0P767zYvlVoAoGCCqGSM49
AwEHoUQDQgAE1jgC3IM8+C2zYpIY1RqZDglJkfDWoY3xcPaTQbsmZ2k3I33hn4j2
ldIkKr07kJ5i/n0wcPDysc5Shqc7KHUGlg==
-----END EC PRIVATE KEY-----`
const config: Deno.ServeTlsOptions = {
cert,
// key, // not working // error: Uncaught (in promise) InvalidData: No keys found in key file
key: key.replaceAll(' EC', ''), // remove ' EC'. it works
}
Deno.serve(config, (r) => Response.json('ok'))
```
Diffstat (limited to 'ext/tls')
| -rw-r--r-- | ext/tls/lib.rs | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/ext/tls/lib.rs b/ext/tls/lib.rs index 9ed8a5a1f..be8cabadc 100644 --- a/ext/tls/lib.rs +++ b/ext/tls/lib.rs @@ -23,6 +23,7 @@ use rustls::PrivateKey; use rustls::RootCertStore; use rustls::ServerName; use rustls_pemfile::certs; +use rustls_pemfile::ec_private_keys; use rustls_pemfile::pkcs8_private_keys; use rustls_pemfile::rsa_private_keys; use serde::Deserialize; @@ -290,6 +291,12 @@ fn load_rsa_keys(mut bytes: &[u8]) -> Result<Vec<PrivateKey>, AnyError> { Ok(keys.into_iter().map(PrivateKey).collect()) } +/// Starts with -----BEGIN EC PRIVATE KEY----- +fn load_ec_keys(mut bytes: &[u8]) -> Result<Vec<PrivateKey>, AnyError> { + let keys = ec_private_keys(&mut bytes).map_err(|_| key_decode_err())?; + Ok(keys.into_iter().map(PrivateKey).collect()) +} + /// Starts with -----BEGIN PRIVATE KEY----- fn load_pkcs8_keys(mut bytes: &[u8]) -> Result<Vec<PrivateKey>, AnyError> { let keys = pkcs8_private_keys(&mut bytes).map_err(|_| key_decode_err())?; @@ -315,6 +322,10 @@ pub fn load_private_keys(bytes: &[u8]) -> Result<Vec<PrivateKey>, AnyError> { } if keys.is_empty() { + keys = load_ec_keys(bytes)?; + } + + if keys.is_empty() { return Err(key_not_found_err()); } |