From b8fe968c88fc50d65581fc1892c00b50b809c19e Mon Sep 17 00:00:00 2001 From: ZHANG Dapeng Date: Fri, 21 Aug 2020 11:19:08 -0700 Subject: [PATCH] xds: not to use insecure DSA crypto Although DSA is only used in tests so it's totally no security concern, it's annoying we need some workaround for internal checks to import. So removing the usage. --- .../certprovider/CommonCertProviderTestUtils.java | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/xds/src/test/java/io/grpc/xds/internal/certprovider/CommonCertProviderTestUtils.java b/xds/src/test/java/io/grpc/xds/internal/certprovider/CommonCertProviderTestUtils.java index 3a056c209f..fe584612e2 100644 --- a/xds/src/test/java/io/grpc/xds/internal/certprovider/CommonCertProviderTestUtils.java +++ b/xds/src/test/java/io/grpc/xds/internal/certprovider/CommonCertProviderTestUtils.java @@ -38,7 +38,6 @@ import java.security.KeyFactory; import java.security.PrivateKey; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; -import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.util.logging.Level; import java.util.logging.Logger; @@ -103,19 +102,7 @@ public class CommonCertProviderTestUtils { byte[] encodedKey = new byte[encodedKeyBuf.readableBytes()]; encodedKeyBuf.readBytes(encodedKey).release(); PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(encodedKey); - try { - return KeyFactory.getInstance("RSA").generatePrivate(spec); - } catch (InvalidKeySpecException ignore) { - try { - return KeyFactory.getInstance("DSA").generatePrivate(spec); - } catch (InvalidKeySpecException ignore2) { - try { - return KeyFactory.getInstance("EC").generatePrivate(spec); - } catch (InvalidKeySpecException e) { - throw new InvalidKeySpecException("Neither RSA, DSA nor EC worked", e); - } - } - } + return KeyFactory.getInstance("RSA").generatePrivate(spec); } static ByteBuf readPrivateKey(InputStream in) throws KeyException {