Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uUtwh-00AKSO-VD for pgsql-jdbc@arkaria.postgresql.org; Thu, 26 Jun 2025 21:15:48 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1uUtwg-00FbyM-1s for pgsql-jdbc@arkaria.postgresql.org; Thu, 26 Jun 2025 21:15:46 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uUtwf-00FbyC-Gx for pgsql-jdbc@lists.postgresql.org; Thu, 26 Jun 2025 21:15:46 +0000 Received: from mail-il1-x132.google.com ([2607:f8b0:4864:20::132]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1uUtwe-004ALm-1a for pgsql-jdbc@lists.postgresql.org; Thu, 26 Jun 2025 21:15:45 +0000 Received: by mail-il1-x132.google.com with SMTP id e9e14a558f8ab-3df2d8cb8d2so5617625ab.2 for ; Thu, 26 Jun 2025 14:15:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1750972543; x=1751577343; darn=lists.postgresql.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=C5tWhFw8H8CztiJON3IEIJJp1sIM8SitJDDgAE4wRlk=; b=ibi3ZxGrNz8ATYffPp7h+4//wi+yM0N9WaPfEIHAFYnQ2vUlD/zmT4CeP12l8zEacP uEWvh4sIN+ufgFuVvvaVEdLm69Fjoeu4YX2UyMO1VW2lwWB1NXhBjTS4nxwqSXXNVqYR UJaxLiN3hfiqXP/qnSrm4bqJ0oFvvfMQFnnTUXLpxWNbw2ZWVZ+jIaB8r5zdPp/xanG9 snooI96YvewWEX9ARdZ5p3ETfOm/fdTbzpxnZPIsYcN1mxTLPRyQQHdWlyimw7Qoy4OP 1RXVrIMdDv89mRRIk1FMstnDay9kL2BBGHPOcHaAPoHS3xsj4YErWr0h+qeVLiWi/V7F 4UaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750972543; x=1751577343; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=C5tWhFw8H8CztiJON3IEIJJp1sIM8SitJDDgAE4wRlk=; b=NBN6zbaP14RgFGDqtyFCwZAJGZ7mXm9YK/wBgtiLMxa1q8eyRkSaZQtFBy7UeYtMMH NYDuYRSq3kMIeSllUAvvapxAfMHgHmrGLinApnfjniHOHesEH50tZzoLpndLHxnj2pJH EoxUeosDXVwUJqBGZRwG9yWJpJIuLRANrsPVW809hFKBq+DN7f5l0tXNu0YfPFptN77s n/m/rU/8PxAM9tp/8iByEc/jpE07qwGU1QUSyW8B9vebp1JLc1KKCm04ISmVPj66bKsr VMQFhAyyDcW44BEo5K9+Kb+Od82d6ij5CtjGmTq1Xk4IwFh9kBcGwAdlwIwr8/wqLS6H lM+w== X-Gm-Message-State: AOJu0YwBZVm2ddYZeExMs4+BVd/RdOSQ4GxT7pOiUTEaGvP9gfqJ5sWS 9e1suG/0EMUagqhfcgkJJoBFigbW0JkHnBvWILxcSxde8xBVSRb7eLrff/+pwfauZ9SA3smpzoA WRimaPUvGzZSJHClfb3JiiFOJyummVOtlM2u6 X-Gm-Gg: ASbGncvc/+oWDAs/1QkTE1iTMbWxx87ClrWyx7wwildSh3CQmWwH9nVOpZ2E0a0yWTc QUG/yVGUw/cYeYZioxfMwk+pxJ+FE0jzv9RFLK/pTKFChqnhY+KmSqxIIbadpR4vC2ns7sbTxL+ pEw72mPMvq2ggbbFFMBO8tWcc5ws7EA3uPn9/lkjDLACCNtjBwpQ== X-Google-Smtp-Source: AGHT+IF+5b4GFD0c7CUmUZr1ZihRuo7uJyFu6s/6tqWRgemwyhDmynJu1pKf33XpF/V/8TCv/vBhw8grulYfMPuO2Qw= X-Received: by 2002:a05:6e02:160b:b0:3dc:8b57:b76c with SMTP id e9e14a558f8ab-3df4ab558dbmr12770325ab.9.1750972543273; Thu, 26 Jun 2025 14:15:43 -0700 (PDT) MIME-Version: 1.0 From: harinath kanchu Date: Thu, 26 Jun 2025 14:15:31 -0700 X-Gm-Features: Ac12FXwarpC0lDHLFHhylwlchEhWA3ycKB8AY7mul3kQgabqUg5cvXEYapMBt7c Message-ID: Subject: Patch for supporting PEM based certs and keys To: pgsql-jdbc@lists.postgresql.org Content-Type: multipart/mixed; boundary="000000000000743fad06388010f0" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000743fad06388010f0 Content-Type: text/plain; charset="UTF-8" Hello Pgjdbc community, I found that PGJDBC currently lacks support for PEM based certs and keys. We have a use case where PEM files are auto renewed on disk and converting them to DER format requires running something that watches files on disk and auto-converts to DER. Hence I would like to propose a patch for supporting PEM based certs, keys. This is the approach for adding the support, - Introduce a new PEMKeyManager which implements X509KeyManager. - PEMKeyManager will have the logic for extracting the BASE64 encoded DER bytes to convert into private key using key algorithm specified by property PGProperty.PEM_KEY_ALGORITHM. - PEMKeyManager will read the PEM based cert chain using CertificateFactory to get the X509Certificate chain. - Now LibPQFactory can initialize PEMKeyManager if the SSL Keyfile ends with .key or .pem I am attaching a patch file which also contains new test cases for PEM based certs, keys. Please take a look. Thanks. Regards, Harinath --000000000000743fad06388010f0 Content-Type: application/octet-stream; name="0001-Add-PEMKeyManager-to-handle-PEM-based-certs-and-keys.patch" Content-Disposition: attachment; filename="0001-Add-PEMKeyManager-to-handle-PEM-based-certs-and-keys.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_mcdvok5q0 RnJvbSBhMGY4NmEzZTM4YTA5YTVhZTYxNjI1MmMzYjhkNjRjYjU5ODI2NDNkIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBoYXJpbmF0aCA8aGFyaW5hdGhAaGFyaW5hdGhzLU1hY0Jvb2st UHJvLmxvY2FsPgpEYXRlOiBUaHUsIDEgTWF5IDIwMjUgMTQ6NDg6MDIgLTA3MDAKU3ViamVjdDog W1BBVENIXSBBZGQgUEVNS2V5TWFuYWdlciB0byBoYW5kbGUgUEVNIGJhc2VkIGNlcnRzIGFuZCBr ZXlzLgoKLS0tCiAuLi4vbWFpbi9qYXZhL29yZy9wb3N0Z3Jlc3FsL1BHUHJvcGVydHkuamF2YSAg fCAgIDcgKwogLi4uL2phdmEvb3JnL3Bvc3RncmVzcWwvc3NsL0xpYlBRRmFjdG9yeS5qYXZhIHwg IDM1ICsrKy0KIC4uLi9vcmcvcG9zdGdyZXNxbC9zc2wvUEVNS2V5TWFuYWdlci5qYXZhICAgICB8 IDE2OCArKysrKysrKysrKysrKysrKysKIC4uLi90ZXN0L3NzbC9QRU1LZXlNYW5hZ2VyVGVzdC5q YXZhICAgICAgICAgICB8ICA1OCArKysrKysKIDQgZmlsZXMgY2hhbmdlZCwgMjYyIGluc2VydGlv bnMoKyksIDYgZGVsZXRpb25zKC0pCiBjcmVhdGUgbW9kZSAxMDA2NDQgcGdqZGJjL3NyYy9tYWlu L2phdmEvb3JnL3Bvc3RncmVzcWwvc3NsL1BFTUtleU1hbmFnZXIuamF2YQogY3JlYXRlIG1vZGUg MTAwNjQ0IHBnamRiYy9zcmMvdGVzdC9qYXZhL29yZy9wb3N0Z3Jlc3FsL3Rlc3Qvc3NsL1BFTUtl eU1hbmFnZXJUZXN0LmphdmEKCmRpZmYgLS1naXQgYS9wZ2pkYmMvc3JjL21haW4vamF2YS9vcmcv cG9zdGdyZXNxbC9QR1Byb3BlcnR5LmphdmEgYi9wZ2pkYmMvc3JjL21haW4vamF2YS9vcmcvcG9z dGdyZXNxbC9QR1Byb3BlcnR5LmphdmEKaW5kZXggNzQwZjRlNTkuLmIzMWZjNWE1IDEwMDY0NAot LS0gYS9wZ2pkYmMvc3JjL21haW4vamF2YS9vcmcvcG9zdGdyZXNxbC9QR1Byb3BlcnR5LmphdmEK KysrIGIvcGdqZGJjL3NyYy9tYWluL2phdmEvb3JnL3Bvc3RncmVzcWwvUEdQcm9wZXJ0eS5qYXZh CkBAIC04MzAsNiArODMwLDEzIEBAIHB1YmxpYyBlbnVtIFBHUHJvcGVydHkgewogICAgICAgIiIs CiAgICAgICAiRmFjdG9yeSBjbGFzcyB0byBpbnN0YW50aWF0ZSBmYWN0b3JpZXMgZm9yIFhNTCBw cm9jZXNzaW5nIiksCiAKKyAgICAvKioKKyAgICAgKiBBbGdvcml0aG0gZm9yIHRoZSBQRU0ga2V5 LgorICAgICAqLworICAgIFBFTV9LRVlfQUxHT1JJVEhNKAorICAgICAgICAgICAgInBlbUtleUFs Z29yaXRobSIsCisgICAgICAgICAgICAiUlNBIiwKKyAgICAgICAgICAgICJBbGdvcml0aG0gb2Yg dGhlIFBFTSBrZXkiKSwKICAgOwogCiAgIHByaXZhdGUgZmluYWwgU3RyaW5nIG5hbWU7CmRpZmYg LS1naXQgYS9wZ2pkYmMvc3JjL21haW4vamF2YS9vcmcvcG9zdGdyZXNxbC9zc2wvTGliUFFGYWN0 b3J5LmphdmEgYi9wZ2pkYmMvc3JjL21haW4vamF2YS9vcmcvcG9zdGdyZXNxbC9zc2wvTGliUFFG YWN0b3J5LmphdmEKaW5kZXggMzNmMTZlMGQuLmU1MWI5ODFlIDEwMDY0NAotLS0gYS9wZ2pkYmMv c3JjL21haW4vamF2YS9vcmcvcG9zdGdyZXNxbC9zc2wvTGliUFFGYWN0b3J5LmphdmEKKysrIGIv cGdqZGJjL3NyYy9tYWluL2phdmEvb3JnL3Bvc3RncmVzcWwvc3NsL0xpYlBRRmFjdG9yeS5qYXZh CkBAIC03MCwxNiArNzAsMjAgQEAgcHVibGljIGNsYXNzIExpYlBRRmFjdG9yeSBleHRlbmRzIFdy YXBwZWRGYWN0b3J5IHsKICAgICByZXR1cm4gY2JoOwogICB9CiAKKyAgcHJpdmF0ZSBTdHJpbmcg Z2V0Q2VydEZpbGVQYXRoKFN0cmluZyBkZWZhdWx0ZGlyLCBQcm9wZXJ0aWVzIGluZm8pIHsKKyAg ICAgIC8vIExvYWQgdGhlIGNsaWVudCdzIGNlcnRpZmljYXRlIGFuZCBrZXkKKyAgICAgIFN0cmlu ZyBzc2xjZXJ0ZmlsZSA9IFBHUHJvcGVydHkuU1NMX0NFUlQuZ2V0T3JEZWZhdWx0KGluZm8pOwor ICAgICAgaWYgKHNzbGNlcnRmaWxlID09IG51bGwpIHsgLy8gRmFsbCBiYWNrIHRvIGRlZmF1bHQK KyAgICAgICAgICBkZWZhdWx0ZmlsZSA9IHRydWU7CisgICAgICAgICAgc3NsY2VydGZpbGUgPSBk ZWZhdWx0ZGlyICsgInBvc3RncmVzcWwuY3J0IjsKKyAgICAgIH0KKyAgICAgIHJldHVybiBzc2xj ZXJ0ZmlsZTsKKyAgfQogICBwcml2YXRlIHZvaWQgaW5pdFBrOCgKICAgICAgIEBVbmRlckluaXRp YWxpemF0aW9uKFdyYXBwZWRGYWN0b3J5LmNsYXNzKSBMaWJQUUZhY3RvcnkgdGhpcywKICAgICAg IFN0cmluZyBzc2xrZXlmaWxlLCBTdHJpbmcgZGVmYXVsdGRpciwgUHJvcGVydGllcyBpbmZvKSB0 aHJvd3MgIFBTUUxFeGNlcHRpb24gewogCi0gICAgLy8gTG9hZCB0aGUgY2xpZW50J3MgY2VydGlm aWNhdGUgYW5kIGtleQotICAgIFN0cmluZyBzc2xjZXJ0ZmlsZSA9IFBHUHJvcGVydHkuU1NMX0NF UlQuZ2V0T3JEZWZhdWx0KGluZm8pOwotICAgIGlmIChzc2xjZXJ0ZmlsZSA9PSBudWxsKSB7IC8v IEZhbGwgYmFjayB0byBkZWZhdWx0Ci0gICAgICBkZWZhdWx0ZmlsZSA9IHRydWU7Ci0gICAgICBz c2xjZXJ0ZmlsZSA9IGRlZmF1bHRkaXIgKyAicG9zdGdyZXNxbC5jcnQiOwotICAgIH0KKyAgICBT dHJpbmcgc3NsY2VydGZpbGUgPSBnZXRDZXJ0RmlsZVBhdGgoZGVmYXVsdGRpciwgaW5mbyk7CiAK ICAgICAvLyBJZiB0aGUgcHJvcGVydGllcyBhcmUgZW1wdHksIGdpdmUgbnVsbCB0byBwcmV2ZW50 IGNsaWVudCBrZXkgc2VsZWN0aW9uCiAgICAga20gPSBuZXcgTGF6eUtleU1hbmFnZXIoKCIiLmVx dWFscyhzc2xjZXJ0ZmlsZSkgPyBudWxsIDogc3NsY2VydGZpbGUpLApAQCAtOTIsNiArOTYsMjAg QEAgcHVibGljIGNsYXNzIExpYlBRRmFjdG9yeSBleHRlbmRzIFdyYXBwZWRGYWN0b3J5IHsKICAg ICBrbSA9IG5ldyBQS0NTMTJLZXlNYW5hZ2VyKHNzbGtleWZpbGUsIGdldENhbGxiYWNrSGFuZGxl cihpbmZvKSk7CiAgIH0KIAorICBwcml2YXRlIHZvaWQgaW5pdFBFTShAVW5kZXJJbml0aWFsaXph dGlvbihXcmFwcGVkRmFjdG9yeS5jbGFzcykgTGliUFFGYWN0b3J5IHRoaXMsCisgICAgICAgICAg ICAgICAgICAgICAgIFN0cmluZyBzc2xLZXlGaWxlLAorICAgICAgICAgICAgICAgICAgICAgICBT dHJpbmcgZGVmYXVsdGRpciwKKyAgICAgICAgICAgICAgICAgICAgICAgUHJvcGVydGllcyBpbmZv KSB0aHJvd3MgUFNRTEV4Y2VwdGlvbiB7CisgICAgdHJ5IHsKKyAgICAgICAgU3RyaW5nIHNzbENl cnRGaWxlID0gZ2V0Q2VydEZpbGVQYXRoKGRlZmF1bHRkaXIsIGluZm8pOworICAgICAgICBTdHJp bmcgYWxnb3JpdGhtID0gUEdQcm9wZXJ0eS5QRU1fS0VZX0FMR09SSVRITS5nZXRPckRlZmF1bHQo aW5mbyk7CisgICAgICAgIGttID0gbmV3IFBFTUtleU1hbmFnZXIoc3NsS2V5RmlsZSwgc3NsQ2Vy dEZpbGUsIGFsZ29yaXRobSk7CisgICAgfSBjYXRjaCAoRXhjZXB0aW9uIGV4KSB7CisgICAgICAg IGV4LnByaW50U3RhY2tUcmFjZShTeXN0ZW0ub3V0KTsKKyAgICAgICAgdGhyb3cgbmV3IFBTUUxF eGNlcHRpb24oR1QudHIoIkNvdWxkIG5vdCBpbml0aWFsIFBFTSBmaWxlcy4iKSwgUFNRTFN0YXRl LkNPTk5FQ1RJT05fRkFJTFVSRSwgZXgpOworICAgIH0KKyAgfQorCiAgIC8qKgogICAgKiBAcGFy YW0gaW5mbyB0aGUgY29ubmVjdGlvbiBwYXJhbWV0ZXJzIFRoZSBmb2xsb3dpbmcgcGFyYW1ldGVy cyBhcmUgdXNlZDoKICAgICogICAgICAgIHNzbG1vZGUsc3NsY2VydCxzc2xrZXksc3Nscm9vdGNl cnQsc3NsaG9zdG5hbWV2ZXJpZmllcixzc2xwYXNzd29yZGNhbGxiYWNrLHNzbHBhc3N3b3JkCkBA IC0xMTksNiArMTM3LDggQEAgcHVibGljIGNsYXNzIExpYlBRRmFjdG9yeSBleHRlbmRzIFdyYXBw ZWRGYWN0b3J5IHsKIAogICAgICAgaWYgKHNzbGtleWZpbGUuZW5kc1dpdGgoIi5wMTIiKSB8fCBz c2xrZXlmaWxlLmVuZHNXaXRoKCIucGZ4IikpIHsKICAgICAgICAgaW5pdFAxMihzc2xrZXlmaWxl LCBpbmZvKTsKKyAgICAgIH0gZWxzZSBpZiAoc3Nsa2V5ZmlsZS5lbmRzV2l0aCgiLmtleSIpIHx8 IHNzbGtleWZpbGUuZW5kc1dpdGgoIi5wZW0iKSkgeworICAgICAgICBpbml0UEVNKHNzbGtleWZp bGUsIGRlZmF1bHRkaXIsIGluZm8pOwogICAgICAgfSBlbHNlIHsKICAgICAgICAgaW5pdFBrOChz c2xrZXlmaWxlLCBkZWZhdWx0ZGlyLCBpbmZvKTsKICAgICAgIH0KQEAgLTIwOSw2ICsyMjksOSBA QCBwdWJsaWMgY2xhc3MgTGliUFFGYWN0b3J5IGV4dGVuZHMgV3JhcHBlZEZhY3RvcnkgewogICAg ICAgaWYgKGttIGluc3RhbmNlb2YgUEtDUzEyS2V5TWFuYWdlcikgewogICAgICAgICAoKFBLQ1Mx MktleU1hbmFnZXIpIGttKS50aHJvd0tleU1hbmFnZXJFeGNlcHRpb24oKTsKICAgICAgIH0KKyAg ICAgIGlmIChrbSBpbnN0YW5jZW9mIFBFTUtleU1hbmFnZXIpIHsKKyAgICAgICAgICAoKFBFTUtl eU1hbmFnZXIpIGttKS50aHJvd0tleU1hbmFnZXJFeGNlcHRpb24oKTsKKyAgICAgIH0KICAgICB9 CiAgIH0KIApkaWZmIC0tZ2l0IGEvcGdqZGJjL3NyYy9tYWluL2phdmEvb3JnL3Bvc3RncmVzcWwv c3NsL1BFTUtleU1hbmFnZXIuamF2YSBiL3BnamRiYy9zcmMvbWFpbi9qYXZhL29yZy9wb3N0Z3Jl c3FsL3NzbC9QRU1LZXlNYW5hZ2VyLmphdmEKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAw MDAwMDAuLjQxZWIwZTkzCi0tLSAvZGV2L251bGwKKysrIGIvcGdqZGJjL3NyYy9tYWluL2phdmEv b3JnL3Bvc3RncmVzcWwvc3NsL1BFTUtleU1hbmFnZXIuamF2YQpAQCAtMCwwICsxLDE2OCBAQAor cGFja2FnZSBvcmcucG9zdGdyZXNxbC5zc2w7CisKK2ltcG9ydCBvcmcuY2hlY2tlcmZyYW1ld29y ay5jaGVja2VyLm51bGxuZXNzLnF1YWwuTnVsbGFibGU7CitpbXBvcnQgb3JnLnBvc3RncmVzcWwu dXRpbC5HVDsKK2ltcG9ydCBvcmcucG9zdGdyZXNxbC51dGlsLlBTUUxFeGNlcHRpb247CitpbXBv cnQgb3JnLnBvc3RncmVzcWwudXRpbC5QU1FMU3RhdGU7CisKK2ltcG9ydCBqYXZheC5uZXQuc3Ns Llg1MDlLZXlNYW5hZ2VyOworaW1wb3J0IGphdmF4LnNlY3VyaXR5LmF1dGgueDUwMC5YNTAwUHJp bmNpcGFsOworaW1wb3J0IGphdmEuaW8uSW5wdXRTdHJlYW07CitpbXBvcnQgamF2YS5uZXQuU29j a2V0OworaW1wb3J0IGphdmEubmlvLmZpbGUuRmlsZXM7CitpbXBvcnQgamF2YS5uaW8uZmlsZS5Q YXRoczsKK2ltcG9ydCBqYXZhLnNlY3VyaXR5Lio7CitpbXBvcnQgamF2YS5zZWN1cml0eS5jZXJ0 LkNlcnRpZmljYXRlOworaW1wb3J0IGphdmEuc2VjdXJpdHkuY2VydC5DZXJ0aWZpY2F0ZUZhY3Rv cnk7CitpbXBvcnQgamF2YS5zZWN1cml0eS5jZXJ0Llg1MDlDZXJ0aWZpY2F0ZTsKK2ltcG9ydCBq YXZhLnNlY3VyaXR5LnNwZWMuUEtDUzhFbmNvZGVkS2V5U3BlYzsKK2ltcG9ydCBqYXZhLnV0aWwu KjsKKworcHVibGljIGNsYXNzIFBFTUtleU1hbmFnZXIgaW1wbGVtZW50cyBYNTA5S2V5TWFuYWdl ciB7CisKKyAgICAvLyBwcml2YXRlIGZpbmFsIENhbGxiYWNrSGFuZGxlciBjYmg7CisKKyAgICBw cml2YXRlIEBOdWxsYWJsZSBQU1FMRXhjZXB0aW9uIGVycm9yOworCisgICAgcHJpdmF0ZSBmaW5h bCBTdHJpbmcga2V5RmlsZVBhdGg7CisgICAgcHJpdmF0ZSBmaW5hbCBTdHJpbmcgY2VydEZpbGVQ YXRoOworCisKKyAgICBwcml2YXRlIGZpbmFsIFN0cmluZyBrZXlBbGdvcml0aG07CisKKyAgICBw dWJsaWMgUEVNS2V5TWFuYWdlcihTdHJpbmcgcGVtS2V5UGF0aCwgU3RyaW5nIHBlbUNlcnRzUGF0 aCwgU3RyaW5nIGtleUFsZ29yaXRobSkgeworICAgICAgICB0aGlzLmtleUZpbGVQYXRoID0gcGVt S2V5UGF0aDsKKyAgICAgICAgdGhpcy5jZXJ0RmlsZVBhdGggPSBwZW1DZXJ0c1BhdGg7CisgICAg ICAgIHRoaXMua2V5QWxnb3JpdGhtID0ga2V5QWxnb3JpdGhtOworICAgIH0KKworICAgIC8qKgor ICAgICAqIGdldENlcnRpZmljYXRlQ2hhaW4gYW5kIGdldFByaXZhdGVLZXkgY2Fubm90IHRocm93 IGV4Y2VwdGlvbnMsIHRoZXJlZm9yZSBhbnkgZXhjZXB0aW9uIGlzIHN0b3JlZAorICAgICAqIGlu IHtAbGluayAjZXJyb3J9IGFuZCBjYW4gYmUgcmFpc2VkIGJ5IHRoaXMgbWV0aG9kLgorICAgICAq CisgICAgICogQHRocm93cyBQU1FMRXhjZXB0aW9uIGlmIGFueSBleGNlcHRpb24gaXMgc3RvcmVk IGluIHtAbGluayAjZXJyb3J9IGFuZCBjYW4gYmUgcmFpc2VkCisgICAgICovCisgICAgcHVibGlj IHZvaWQgdGhyb3dLZXlNYW5hZ2VyRXhjZXB0aW9uKCkgdGhyb3dzIFBTUUxFeGNlcHRpb24gewor ICAgICAgICBpZiAoZXJyb3IgIT0gbnVsbCkgeworICAgICAgICAgICAgdGhyb3cgZXJyb3I7Cisg ICAgICAgIH0KKyAgICB9CisKKyAgICBAT3ZlcnJpZGUKKyAgICBwdWJsaWMgQE51bGxhYmxlIFBy aXZhdGVLZXkgZ2V0UHJpdmF0ZUtleShTdHJpbmcgcykgeworICAgICAgICB0cnkgeworICAgICAg ICAgICAgTGlzdDxTdHJpbmc+IGxpbmVzID0gRmlsZXMucmVhZEFsbExpbmVzKFBhdGhzLmdldChr ZXlGaWxlUGF0aCkpOworICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBrZXlDb250ZW50ID0gbmV3 IFN0cmluZ0J1aWxkZXIoKTsKKyAgICAgICAgICAgIGZvciAoU3RyaW5nIGxpbmUgOiBsaW5lcykg eworICAgICAgICAgICAgICAgIGlmICghbGluZS5jb250YWlucygiQkVHSU4gUFJJVkFURSBLRVki KSAmJgorICAgICAgICAgICAgICAgICAgICAhbGluZS5jb250YWlucygiQkVHSU4gUlNBIFBSSVZB VEUgS0VZIikgJiYKKyAgICAgICAgICAgICAgICAgICAgIWxpbmUuY29udGFpbnMoIkVORCBQUklW QVRFIEtFWSIpJiYKKyAgICAgICAgICAgICAgICAgICAgIWxpbmUuY29udGFpbnMoIkVORCBSU0Eg UFJJVkFURSBLRVkiKSkgeworICAgICAgICAgICAgICAgICAgICBrZXlDb250ZW50LmFwcGVuZChs aW5lLnRyaW0oKSk7CisgICAgICAgICAgICAgICAgfQorICAgICAgICAgICAgfQorCisgICAgICAg ICAgICBieXRlW10gcHJpdmF0ZUtleURFUkJ5dGVzID0gQmFzZTY0LmdldERlY29kZXIoKS5kZWNv ZGUoa2V5Q29udGVudC50b1N0cmluZygpKTsKKyAgICAgICAgICAgIFBLQ1M4RW5jb2RlZEtleVNw ZWMga2V5U3BlYyA9IG5ldyBQS0NTOEVuY29kZWRLZXlTcGVjKHByaXZhdGVLZXlERVJCeXRlcyk7 CisgICAgICAgICAgICBLZXlGYWN0b3J5IGtmID0gS2V5RmFjdG9yeS5nZXRJbnN0YW5jZSh0aGlz LmtleUFsZ29yaXRobSk7CisKKyAgICAgICAgICAgIHJldHVybiBrZi5nZW5lcmF0ZVByaXZhdGUo a2V5U3BlYyk7CisgICAgICAgIH0gY2F0Y2ggKEV4Y2VwdGlvbiBlKSB7CisgICAgICAgICAgICBl cnJvciA9IG5ldyBQU1FMRXhjZXB0aW9uKEdULnRyKCJDb3VsZCBub3QgbG9hZCB0aGUgcHJpdmF0 ZSBrZXkiKSwgUFNRTFN0YXRlLkNPTk5FQ1RJT05fRkFJTFVSRSwgZSk7CisgICAgICAgIH0KKyAg ICAgICAgcmV0dXJuIG51bGw7CisgICAgfQorCisgICAgQE92ZXJyaWRlCisgICAgcHVibGljIFg1 MDlDZXJ0aWZpY2F0ZSBATnVsbGFibGUgW10gZ2V0Q2VydGlmaWNhdGVDaGFpbihTdHJpbmcgYWxp YXMpIHsKKyAgICAgICAgdHJ5IChJbnB1dFN0cmVhbSBpblN0cmVhbSA9IEZpbGVzLm5ld0lucHV0 U3RyZWFtKFBhdGhzLmdldCh0aGlzLmNlcnRGaWxlUGF0aCkpKSB7CisgICAgICAgICAgICBDZXJ0 aWZpY2F0ZUZhY3RvcnkgY2YgPSBDZXJ0aWZpY2F0ZUZhY3RvcnkuZ2V0SW5zdGFuY2UoIlguNTA5 Iik7CisKKyAgICAgICAgICAgIENvbGxlY3Rpb248PyBleHRlbmRzIGphdmEuc2VjdXJpdHkuY2Vy dC5DZXJ0aWZpY2F0ZT4gY2VydHMgPSBjZi5nZW5lcmF0ZUNlcnRpZmljYXRlcyhpblN0cmVhbSk7 CisgICAgICAgICAgICBMaXN0PFg1MDlDZXJ0aWZpY2F0ZT4gY2VydENoYWluID0gbmV3IEFycmF5 TGlzdDw+KCk7CisKKyAgICAgICAgICAgIGZvciAoQ2VydGlmaWNhdGUgY2VydCA6IGNlcnRzKSB7 CisgICAgICAgICAgICAgICAgaWYgKGNlcnQgaW5zdGFuY2VvZiBYNTA5Q2VydGlmaWNhdGUpIHsK KyAgICAgICAgICAgICAgICAgICAgY2VydENoYWluLmFkZCgoWDUwOUNlcnRpZmljYXRlKSBjZXJ0 KTsKKyAgICAgICAgICAgICAgICB9CisgICAgICAgICAgICB9CisKKyAgICAgICAgICAgIHJldHVy biBjZXJ0Q2hhaW4udG9BcnJheShuZXcgWDUwOUNlcnRpZmljYXRlWzBdKTsKKyAgICAgICAgfSBj YXRjaCAoRXhjZXB0aW9uIGUpIHsKKyAgICAgICAgICAgIGVycm9yID0gbmV3IFBTUUxFeGNlcHRp b24oR1QudHIoIkNvdWxkIG5vdCBsb2FkIGNlcnQgY2hhaW4iKSwgUFNRTFN0YXRlLkNPTk5FQ1RJ T05fRkFJTFVSRSwgZSk7CisgICAgICAgIH0KKyAgICAgICAgcmV0dXJuIG51bGw7CisgICAgfQor CisgICAgQE92ZXJyaWRlCisgICAgcHVibGljIFN0cmluZyBATnVsbGFibGUgW10gZ2V0Q2xpZW50 QWxpYXNlcyhTdHJpbmcga2V5VHlwZSwgUHJpbmNpcGFsIEBOdWxsYWJsZSBbXSBwcmluY2lwYWxz KSB7CisgICAgICAgIFN0cmluZyBhbGlhcyA9IGNob29zZUNsaWVudEFsaWFzKG5ldyBTdHJpbmdb XXtrZXlUeXBlfSwgcHJpbmNpcGFscywgKFNvY2tldCkgbnVsbCk7CisgICAgICAgIHJldHVybiBh bGlhcyA9PSBudWxsID8gbnVsbCA6IG5ldyBTdHJpbmdbXXthbGlhc307CisgICAgfQorCisgICAg QE92ZXJyaWRlCisgICAgcHVibGljIEBOdWxsYWJsZSBTdHJpbmcgY2hvb3NlQ2xpZW50QWxpYXMo U3RyaW5nW10ga2V5VHlwZSwgUHJpbmNpcGFsIEBOdWxsYWJsZSBbXSBwcmluY2lwYWxzLAorICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEBOdWxsYWJsZSBTb2Nr ZXQgc29ja2V0KSB7CisgICAgICAgIGlmIChwcmluY2lwYWxzID09IG51bGwgfHwgcHJpbmNpcGFs cy5sZW5ndGggPT0gMCkgeworICAgICAgICAgICAgLy8gUG9zdGdyZXMgOC40IGFuZCBlYXJsaWVy IGRvIG5vdCBzZW5kIHRoZSBsaXN0IG9mIGFjY2VwdGVkIGNlcnRpZmljYXRlIGF1dGhvcml0aWVz CisgICAgICAgICAgICAvLyB0byB0aGUgY2xpZW50LiBTZWUgQlVHICM1NDY4LiBXZSBvbmx5IGhv cGUsIHRoYXQgb3VyIGNlcnRpZmljYXRlIHdpbGwgYmUgYWNjZXB0ZWQuCisgICAgICAgICAgICBy ZXR1cm4gInVzZXIiOworICAgICAgICB9IGVsc2UgeworICAgICAgICAgICAgLy8gU2VuZGluZyBh IHdyb25nIGNlcnRpZmljYXRlIG1ha2VzIHRoZSBjb25uZWN0aW9uIHJlamVjdGVkLCBldmVuLCBp ZiBjbGllbnRjZXJ0PTAgaW4KKyAgICAgICAgICAgIC8vIHBnX2hiYS5jb25mLgorICAgICAgICAg ICAgLy8gdGhlcmVmb3JlIHdlIG9ubHkgc2VuZCBvdXIgY2VydGlmaWNhdGUsIGlmIHRoZSBpc3N1 ZXIgaXMgbGlzdGVkIGluIGlzc3VlcnMKKyAgICAgICAgICAgIFg1MDlDZXJ0aWZpY2F0ZVtdIGNl cnRjaGFpbiA9IGdldENlcnRpZmljYXRlQ2hhaW4oInVzZXIiKTsKKyAgICAgICAgICAgIGlmIChj ZXJ0Y2hhaW4gPT0gbnVsbCkgeworICAgICAgICAgICAgICAgIHJldHVybiBudWxsOworICAgICAg ICAgICAgfSBlbHNlIHsKKyAgICAgICAgICAgICAgICBYNTA5Q2VydGlmaWNhdGUgY2VydCA9IGNl cnRjaGFpbltjZXJ0Y2hhaW4ubGVuZ3RoIC0gMV07CisgICAgICAgICAgICAgICAgWDUwMFByaW5j aXBhbCBvdXJpc3N1ZXIgPSBjZXJ0LmdldElzc3Vlclg1MDBQcmluY2lwYWwoKTsKKyAgICAgICAg ICAgICAgICBTdHJpbmcgY2VydEtleVR5cGUgPSBjZXJ0LmdldFB1YmxpY0tleSgpLmdldEFsZ29y aXRobSgpOworICAgICAgICAgICAgICAgIGJvb2xlYW4ga2V5VHlwZUZvdW5kID0gZmFsc2U7Cisg ICAgICAgICAgICAgICAgYm9vbGVhbiBmb3VuZCA9IGZhbHNlOworICAgICAgICAgICAgICAgIGlm IChrZXlUeXBlICE9IG51bGwgJiYga2V5VHlwZS5sZW5ndGggPiAwKSB7CisgICAgICAgICAgICAg ICAgICAgIGZvciAoU3RyaW5nIGt0IDoga2V5VHlwZSkgeworICAgICAgICAgICAgICAgICAgICAg ICAgaWYgKGt0LmVxdWFsc0lnbm9yZUNhc2UoY2VydEtleVR5cGUpKSB7CisgICAgICAgICAgICAg ICAgICAgICAgICAgICAga2V5VHlwZUZvdW5kID0gdHJ1ZTsKKyAgICAgICAgICAgICAgICAgICAg ICAgIH0KKyAgICAgICAgICAgICAgICAgICAgfQorICAgICAgICAgICAgICAgIH0gZWxzZSB7Cisg ICAgICAgICAgICAgICAgICAgIC8vIElmIG5vIGtleSB0eXBlcyB3ZXJlIHBhc3NlZCBpbiwgYXNz dW1lIHdlIGRvbid0IGNhcmUKKyAgICAgICAgICAgICAgICAgICAgLy8gYWJvdXQgY2hlY2tpbmcg dGhhdCB0aGUgY2VydCB1c2VzIGEgcGFydGljdWxhciBrZXkgdHlwZS4KKyAgICAgICAgICAgICAg ICAgICAga2V5VHlwZUZvdW5kID0gdHJ1ZTsKKyAgICAgICAgICAgICAgICB9CisgICAgICAgICAg ICAgICAgaWYgKGtleVR5cGVGb3VuZCkgeworICAgICAgICAgICAgICAgICAgICBmb3IgKFByaW5j aXBhbCBpc3N1ZXIgOiBwcmluY2lwYWxzKSB7CisgICAgICAgICAgICAgICAgICAgICAgICBpZiAo b3VyaXNzdWVyLmVxdWFscyhpc3N1ZXIpKSB7CisgICAgICAgICAgICAgICAgICAgICAgICAgICAg Zm91bmQgPSBrZXlUeXBlRm91bmQ7CisgICAgICAgICAgICAgICAgICAgICAgICB9CisgICAgICAg ICAgICAgICAgICAgIH0KKyAgICAgICAgICAgICAgICB9CisgICAgICAgICAgICAgICAgcmV0dXJu IGZvdW5kID8gInVzZXIiIDogbnVsbDsKKyAgICAgICAgICAgIH0KKyAgICAgICAgfQorICAgIH0K KworICAgIEBPdmVycmlkZQorICAgIHB1YmxpYyBTdHJpbmcgQE51bGxhYmxlIFtdIGdldFNlcnZl ckFsaWFzZXMoU3RyaW5nIHMsIFByaW5jaXBhbCBATnVsbGFibGUgW10gcHJpbmNpcGFscykgewor ICAgICAgICByZXR1cm4gbmV3IFN0cmluZ1tde307CisgICAgfQorCisgICAgQE92ZXJyaWRlCisg ICAgcHVibGljIEBOdWxsYWJsZSBTdHJpbmcgY2hvb3NlU2VydmVyQWxpYXMoU3RyaW5nIHMsIFBy aW5jaXBhbCBATnVsbGFibGUgW10gcHJpbmNpcGFscywKKyAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICBATnVsbGFibGUgU29ja2V0IHNvY2tldCkgeworICAgICAg ICAvLyB3ZSBhcmUgbm90IGEgc2VydmVyCisgICAgICAgIHJldHVybiBudWxsOworICAgIH0KK30K ZGlmZiAtLWdpdCBhL3BnamRiYy9zcmMvdGVzdC9qYXZhL29yZy9wb3N0Z3Jlc3FsL3Rlc3Qvc3Ns L1BFTUtleU1hbmFnZXJUZXN0LmphdmEgYi9wZ2pkYmMvc3JjL3Rlc3QvamF2YS9vcmcvcG9zdGdy ZXNxbC90ZXN0L3NzbC9QRU1LZXlNYW5hZ2VyVGVzdC5qYXZhCm5ldyBmaWxlIG1vZGUgMTAwNjQ0 CmluZGV4IDAwMDAwMDAwLi4zZDY2MzI2YgotLS0gL2Rldi9udWxsCisrKyBiL3BnamRiYy9zcmMv dGVzdC9qYXZhL29yZy9wb3N0Z3Jlc3FsL3Rlc3Qvc3NsL1BFTUtleU1hbmFnZXJUZXN0LmphdmEK QEAgLTAsMCArMSw1OCBAQAorcGFja2FnZSBvcmcucG9zdGdyZXNxbC50ZXN0LnNzbDsKKworaW1w b3J0IG9yZy5qdW5pdC5qdXBpdGVyLmFwaS5UZXN0OworaW1wb3J0IG9yZy5wb3N0Z3Jlc3FsLlBH UHJvcGVydHk7CitpbXBvcnQgb3JnLnBvc3RncmVzcWwuc3NsLlBFTUtleU1hbmFnZXI7CitpbXBv cnQgb3JnLnBvc3RncmVzcWwudGVzdC5UZXN0VXRpbDsKKworaW1wb3J0IGphdmF4LnNlY3VyaXR5 LmF1dGgueDUwMC5YNTAwUHJpbmNpcGFsOworaW1wb3J0IGphdmEuc3FsLkNvbm5lY3Rpb247Citp bXBvcnQgamF2YS51dGlsLlByb3BlcnRpZXM7CisKK2ltcG9ydCBzdGF0aWMgb3JnLmp1bml0Lmp1 cGl0ZXIuYXBpLkFzc2VydGlvbnMuYXNzZXJ0Tm90TnVsbDsKK2ltcG9ydCBzdGF0aWMgb3JnLmp1 bml0Lmp1cGl0ZXIuYXBpLkFzc2VydGlvbnMuYXNzZXJ0TnVsbDsKK2ltcG9ydCBzdGF0aWMgb3Jn Lmp1bml0Lmp1cGl0ZXIuYXBpLkFzc2VydGlvbnMuYXNzZXJ0VHJ1ZTsKKworcHVibGljIGNsYXNz IFBFTUtleU1hbmFnZXJUZXN0IHsKKworICAgIEBUZXN0CisgICAgdm9pZCBUZXN0R29vZENsaWVu dFBFTSgpIHRocm93cyBFeGNlcHRpb24geworICAgICAgICBUZXN0VXRpbC5hc3N1bWVTc2xUZXN0 c0VuYWJsZWQoKTsKKworICAgICAgICBQcm9wZXJ0aWVzIHByb3BzID0gbmV3IFByb3BlcnRpZXMo KTsKKyAgICAgICAgcHJvcHMucHV0KFRlc3RVdGlsLkRBVEFCQVNFX1BST1AsICJob3N0c3NsZGIi KTsKKyAgICAgICAgUEdQcm9wZXJ0eS5TU0xfTU9ERS5zZXQocHJvcHMsICJwcmVmZXIiKTsKKyAg ICAgICAgUEdQcm9wZXJ0eS5TU0xfS0VZLnNldChwcm9wcywgVGVzdFV0aWwuZ2V0U3NsVGVzdENl cnRQYXRoKCJnb29kY2xpZW50LmtleSIpKTsKKyAgICAgICAgUEdQcm9wZXJ0eS5TU0xfQ0VSVC5z ZXQocHJvcHMsIFRlc3RVdGlsLmdldFNzbFRlc3RDZXJ0UGF0aCgiZ29vZGNsaWVudC5jcnQiKSk7 CisgICAgICAgIFBHUHJvcGVydHkuUEVNX0tFWV9BTEdPUklUSE0uc2V0KHByb3BzLCAiUlNBIik7 CisKKyAgICAgICAgdHJ5IChDb25uZWN0aW9uIGNvbm4gPSBUZXN0VXRpbC5vcGVuREIocHJvcHMp KSB7CisgICAgICAgICAgICBib29sZWFuIHNzbFVzZWQgPSBUZXN0VXRpbC5xdWVyeUZvckJvb2xl YW4oY29ubiwgIlNFTEVDVCBzc2xfaXNfdXNlZCgpIik7CisgICAgICAgICAgICBhc3NlcnRUcnVl KHNzbFVzZWQsICJTU0wgc2hvdWxkIGJlIGluIHVzZSIpOworICAgICAgICB9CisgICAgfQorICAg IEBUZXN0CisgICAgdm9pZCBUZXN0Q2hvb3NlQ2xpZW50QWxpYXMoKSB7CisgICAgICAgIFN0cmlu ZyBzc2xLZXlGaWxlID0gVGVzdFV0aWwuZ2V0U3NsVGVzdENlcnRQYXRoKCJnb29kY2xpZW50Lmtl eSIpOworICAgICAgICBTdHJpbmcgc3NsQ2VydEZpbGUgPSBUZXN0VXRpbC5nZXRTc2xUZXN0Q2Vy dFBhdGgoImdvb2RjbGllbnQuY3J0Iik7CisgICAgICAgIFBFTUtleU1hbmFnZXIgcGVtS2V5TWFu YWdlciA9IG5ldyBQRU1LZXlNYW5hZ2VyKHNzbEtleUZpbGUsIHNzbENlcnRGaWxlLCAiUlNBIik7 CisKKyAgICAgICAgWDUwMFByaW5jaXBhbCB0ZXN0UHJpbmNpcGFsID0gbmV3IFg1MDBQcmluY2lw YWwoIkNOPXJvb3QgY2VydGlmaWNhdGUsIE89UGdKZGJjIHRlc3QsIFNUPUNBLCBDPVVTIik7Cisg ICAgICAgIFg1MDBQcmluY2lwYWxbXSBpc3N1ZXJzID0gbmV3IFg1MDBQcmluY2lwYWxbXXt0ZXN0 UHJpbmNpcGFsfTsKKworICAgICAgICBTdHJpbmcgdmFsaWRLZXlUeXBlID0gcGVtS2V5TWFuYWdl ci5jaG9vc2VDbGllbnRBbGlhcyhuZXcgU3RyaW5nW117IlJTQSJ9LCBpc3N1ZXJzLCBudWxsKTsK KyAgICAgICAgYXNzZXJ0Tm90TnVsbCh2YWxpZEtleVR5cGUpOworCisgICAgICAgIFN0cmluZyBp Z25vcmVzQ2FzZSA9IHBlbUtleU1hbmFnZXIuY2hvb3NlQ2xpZW50QWxpYXMobmV3IFN0cmluZ1td eyJyc2EifSwgaXNzdWVycywgbnVsbCk7CisgICAgICAgIGFzc2VydE5vdE51bGwoaWdub3Jlc0Nh c2UpOworCisgICAgICAgIFN0cmluZyBpbnZhbGlkS2V5VHlwZSA9IHBlbUtleU1hbmFnZXIuY2hv b3NlQ2xpZW50QWxpYXMobmV3IFN0cmluZ1tdeyJFQyJ9LCBpc3N1ZXJzLCBudWxsKTsKKyAgICAg ICAgYXNzZXJ0TnVsbChpbnZhbGlkS2V5VHlwZSk7CisKKyAgICAgICAgU3RyaW5nIGNvbnRhaW5z VmFsaWRLZXlUeXBlID0gcGVtS2V5TWFuYWdlci5jaG9vc2VDbGllbnRBbGlhcyhuZXcgU3RyaW5n W117IkVDIiwgIlJTQSJ9LCBpc3N1ZXJzLCBudWxsKTsKKyAgICAgICAgYXNzZXJ0Tm90TnVsbChj b250YWluc1ZhbGlkS2V5VHlwZSk7CisKKyAgICAgICAgU3RyaW5nIGlnbm9yZXNCbGFuayA9IHBl bUtleU1hbmFnZXIuY2hvb3NlQ2xpZW50QWxpYXMobmV3IFN0cmluZ1tde30sIGlzc3VlcnMsIG51 bGwpOworICAgICAgICBhc3NlcnROb3ROdWxsKGlnbm9yZXNCbGFuayk7CisgICAgfQorfQotLSAK Cg== --000000000000743fad06388010f0--