Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-jdbc-owner+archive@lists.postgresql.org>)
	id 1uWeRe-00GvPd-Ik
	for pgsql-jdbc@arkaria.postgresql.org; Tue, 01 Jul 2025 17:06:58 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-jdbc-owner+archive@lists.postgresql.org>)
	id 1uWeRc-0077go-8c
	for pgsql-jdbc@arkaria.postgresql.org; Tue, 01 Jul 2025 17:06:56 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <kanchuharinath@gmail.com>)
	id 1uWeRc-0077gJ-1R
	for pgsql-jdbc@lists.postgresql.org; Tue, 01 Jul 2025 17:06:56 +0000
Received: from mail-il1-x12b.google.com ([2607:f8b0:4864:20::12b])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <kanchuharinath@gmail.com>)
	id 1uWeRb-004zFO-00
	for pgsql-jdbc@lists.postgresql.org;
	Tue, 01 Jul 2025 17:06:55 +0000
Received: by mail-il1-x12b.google.com with SMTP id
 e9e14a558f8ab-3df2ddd39c6so13377115ab.0
        for <pgsql-jdbc@lists.postgresql.org>;
 Tue, 01 Jul 2025 10:06:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1751389613; x=1751994413;
 darn=lists.postgresql.org;
        h=content-transfer-encoding:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=MACYdipyLfhkwGv6tzlltW019GaZcM5frmE1a/Dt08Q=;
        b=XyFLBZzkQ49T/8uk6Gw9xo6ZrfnMO/QkBxynEtbmMC4SPyiZP6JKt8laxM/DT4lqvf
         huJGIYnzfckIN189y4EhWmwXHOKpt+d6/9nWQCuFnVcrDx8Zv+b+SS1Fhe1dj8Sh1QV0
         fAHiBli62Wkvl0PVIc+ehTFNrPvOBWs7yhaDaYLLmOtVUyZKi+6SqGJyXRSuFutzPCrF
         i7iotvPqh8rSkMaGYemSxxHq9PwsveB9UdyHkV70Oyvqr5VtRR2Qbeye7VkZjBQv8FyV
         BMCCz6vnEpO9BurOexk2SOs15W8wLstbV48rlgSKQvqaOlBOHN1ur3z+nWY6m9exml1X
         dbjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1751389613; x=1751994413;
        h=content-transfer-encoding:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=MACYdipyLfhkwGv6tzlltW019GaZcM5frmE1a/Dt08Q=;
        b=eyo9Did865nJgqXk4X36a6byXS61ND+cswdnhxmzT09ZGrGmKKM2e4kvyZum9J/q4X
         esSMXOTOpOTnIa1jKHdriTWdBDPBWHXSrIavYfuAG5Jbb2SfZsLZ/nIicke4Z09Biwox
         bCpKJr7x6CRphPy0tLH/+hoehWf8+ln2ObJHnZF/z9X6Yr/1MtDVkAPow70879M6yTif
         Z6oXFLs0zW0+Sgqb4ksVmNnxFouiXTq5QPbv8ABgUaF1G+yVDXQ6guBTkp7VBMSeI/Mi
         aT9zasAkvpVsan9SRn11XTbSAAdW03AIEK8m/8fieB0F9k/aQzYiPqX08tT9FbLGUest
         sKBg==
X-Gm-Message-State: AOJu0YwAsKyuG6y9eYjspt9p6GTeRfFXKhGBTmEhGPhsC7T3bvHOIwrW
	ernse0oc+EWvKp2sLkQQhUy/vXQA5kSoyHzYSdVEH1pXRpjNuXp1nXsIQtRgyrRs8IZVenlx2xh
	YuwlCrpw/soosz8a2iYuvdkLrwUAdsahkLrqM
X-Gm-Gg: ASbGncsEWQww6GgETHUCrEW9jkto11707ha4htufAWn5W2T+QSEpaCAPC2YqTuDofiY
	N+RwvGriKA2rCf01IqgjrEgtsuVQE9zst29ipCdX74tH5Qh4R5cm6Oe+vx3533F1MXgbCHYX+SP
	io+PUWRLcYN3oL3AoxZmdKoXkAZvmB+ob9wFVfrxpOECe7PRtLS0OVqg==
X-Google-Smtp-Source: 
 AGHT+IFMfDv0L50I9pruTFeWHIJDLpbKRU3VVMS242Xsno2RdQe9R2YOlDQA7mm8UZPAxA4j3gv0Y+1pes13q8Fhpfc=
X-Received: by 2002:a05:6e02:1a46:b0:3df:3154:2e90 with SMTP id
 e9e14a558f8ab-3df4abb9898mr221793305ab.19.1751389613122; Tue, 01 Jul 2025
 10:06:53 -0700 (PDT)
MIME-Version: 1.0
References: 
 <CAO7WNRRhJst=iT2C6kBjg+bYsQTBvN5ksXrNS5m+vkYGa+wGGw@mail.gmail.com>
In-Reply-To: 
 <CAO7WNRRhJst=iT2C6kBjg+bYsQTBvN5ksXrNS5m+vkYGa+wGGw@mail.gmail.com>
From: harinath kanchu <kanchuharinath@gmail.com>
Date: Tue, 1 Jul 2025 10:06:42 -0700
X-Gm-Features: Ac12FXwUPtyFbzlJpj0dgMe7ahr_uXkMa8zamuN5p8Hpl-fc4HX8sYG1Nwla6Mk
Message-ID: 
 <CAO7WNRR8EXF0BKzdWfL8RJrPJhW7VrzSoM=Q8qs8Y5XcTOSr2w@mail.gmail.com>
Subject: Re: Patch for supporting PEM based certs and keys
To: pgsql-jdbc@lists.postgresql.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <pgsql-jdbc.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-jdbc@lists.postgresql.org>
List-Owner: <mailto:pgsql-jdbc-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-jdbc>
Archived-At: 
 <https://www.postgresql.org/message-id/CAO7WNRR8EXF0BKzdWfL8RJrPJhW7VrzSoM%3DQ8qs8Y5XcTOSr2w%40mail.gmail.com>
Precedence: bulk

Hello,

I have raised an issue in the pgjdbc github here
https://github.com/pgjdbc/pgjdbc/issues/3702
and also a new PR here https://github.com/pgjdbc/pgjdbc/pull/3700

Happy to discuss further.

Thanks

- Harinath

On Thu, Jun 26, 2025 at 2:15=E2=80=AFPM harinath kanchu
<kanchuharinath@gmail.com> wrote:
>
> Hello Pgjdbc community,
>
> I found that PGJDBC currently lacks support for PEM based certs and keys.
>
> We have a use case where PEM files are auto renewed on disk and
> converting them to DER format requires running something that watches
> files on disk and auto-converts to DER.
>
> Hence I would like to propose a patch for supporting PEM based certs, key=
s.
>
> This is the approach for adding the support,
>
> - Introduce a new PEMKeyManager which implements X509KeyManager.
> - PEMKeyManager will have the logic for extracting the BASE64 encoded
> DER bytes to convert into private key using key algorithm specified by
> property PGProperty.PEM_KEY_ALGORITHM.
> - PEMKeyManager will read the PEM based cert chain using
> CertificateFactory to get the X509Certificate chain.
> - Now LibPQFactory can initialize PEMKeyManager if the SSL Keyfile
> ends with .key or .pem
>
> I am attaching a patch file which also contains new test cases for PEM
> based certs, keys. Please take a look.
>
> Thanks.
>
> Regards,
> Harinath