Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Add pkcs12 key functionality #1599

Merged
merged 2 commits into from Nov 29, 2019
Merged

fix: Add pkcs12 key functionality #1599

merged 2 commits into from Nov 29, 2019

Conversation

@davecramer
Copy link
Member

davecramer commented Nov 1, 2019

WIP
PBE-MD5-DES might be inadequate in environments where high level of security is needed and the key is not protected
pkcs12 uses 3DES which also isn't completely adequate but is certainly more secure than MD5-DES
needs documentation
Also it is possible to use stronger encryption in java 12

All Submissions:

  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?

New Feature Submissions:

  1. Does your submission pass tests?
  2. Does mvn checkstyle:check pass ?
  3. Have you added your new test classes to an existing test suite in alphabetical order?

Changes to Existing Features:

  • Does this break existing behaviour? If so please explain.
  • Have you added an explanation of what your changes do and why you'd like us to include them?
  • Have you written new tests for your core changes, as applicable?
  • Have you successfully run tests with your changes locally?
WIP
PBE-MD5-DES might be inadequate in environments where high level of security is needed and the key is not protected
pkcs12 uses 3DES which also isn't completely adequate but is certainly more secure than MD5-DES
@AppVeyorBot

This comment has been minimized.

Copy link

AppVeyorBot commented Nov 1, 2019

@codecov-io

This comment has been minimized.

Copy link

codecov-io commented Nov 1, 2019

Codecov Report

Merging #1599 into master will decrease coverage by 0.03%.
The diff coverage is 46.15%.

@@             Coverage Diff              @@
##             master    #1599      +/-   ##
============================================
- Coverage     68.87%   68.83%   -0.04%     
- Complexity     3983     4005      +22     
============================================
  Files           179      180       +1     
  Lines         16624    16699      +75     
  Branches       2708     2720      +12     
============================================
+ Hits          11450    11495      +45     
- Misses         3911     3945      +34     
+ Partials       1263     1259       -4
@AppVeyorBot

This comment has been minimized.

Copy link

AppVeyorBot commented Nov 1, 2019

@davecramer davecramer merged commit 82c2008 into pgjdbc:master Nov 29, 2019
2 of 3 checks passed
2 of 3 checks passed
codecov/project 68.83% (-0.04%) compared to e39a0be
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@davecramer davecramer deleted the davecramer:encrypt branch Nov 29, 2019
// Sending a wrong certificate makes the connection rejected, even, if clientcert=0 in
// pg_hba.conf.
// therefore we only send our certificate, if the issuer is listed in issuers
X509Certificate[] certchain = getCertificateChain("user");

This comment has been minimized.

Copy link
@vlsi

vlsi Feb 13, 2020

Member

Is there a good reason to hard-code this literal?
I think it must be moved to a static final constant with a comment then.

This comment has been minimized.

Copy link
@davecramer

davecramer Feb 13, 2020

Author Member

no good reason

@Test
public void testLoadP12Key() throws Exception {
String certdir = "../certdir/";
PKCS12KeyManager pkcs12KeyManager = new PKCS12KeyManager(certdir + "goodclient.p12", new TestCallbackHandler("sslpwd"));

This comment has been minimized.

Copy link
@vlsi

vlsi Feb 13, 2020

Member

I guess it is better to take sslpwd from the properties file.
Otherwise, the failures would be hard to analyze.

This comment has been minimized.

Copy link
@davecramer

davecramer Feb 13, 2020

Author Member

agreed

public void testLoadP12Key() throws Exception {
String certdir = "../certdir/";
PKCS12KeyManager pkcs12KeyManager = new PKCS12KeyManager(certdir + "goodclient.p12", new TestCallbackHandler("sslpwd"));
PrivateKey pk = pkcs12KeyManager.getPrivateKey("user");

This comment has been minimized.

Copy link
@vlsi

vlsi Feb 13, 2020

Member

It is unfortunate that getPrivateKey does not throw exceptions.
In other words, this method silently returns null, and the exception is not visible to the caller :(

This comment has been minimized.

Copy link
@davecramer

davecramer Feb 13, 2020

Author Member

ya, very hard to debug

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants
You can’t perform that action at this time.