- 
                Notifications
    You must be signed in to change notification settings 
- Fork 83
Closed
Description
Dear JRuby folks,
When attempting to retrieve the EC public key of an X.509 certificate:
require 'net/http'
require 'openssl'
require 'uri'
cert_string = Net::HTTP.get(URI.parse('https://www.apple.com/certificateauthority/AppleRootCA-G3.cer'))
puts OpenSSL::X509::Certificate.new(cert_string).public_keyI am encountering the following error:
OpenSSL::X509::CertificateError: unsupported algorithm 'EC'
  public_key at org/jruby/ext/openssl/X509Cert.java:514
      <main> at -e:1I noticed two things about X509Cert#public_key that I think are causing this:
- When initializing the public key via X509Cert#initializePublicKey, only RSA and DSA are supported. See here and here.
- X509Cert#public_keydelegates to the certificate's public key's- public_keymethod. This seems to work for- OpenSSL::PKey::RSAand- OpenSSL::PKey::DSAsince their- public_keymethods return instances of- OpenSSL::PKey::RSAand- OpenSSL::PKey::DSArespectively (see here and here). But- OpenSSL::PKey::EC's- public_keymethod is documented as returning an- OpenSSL::PKey::EC::Point(see here).
As far as I can tell, X509Cert#public_key should be returning an OpenSSL::PKey::EC in this case (That is also the behavior I see on MRI Ruby).
I took a shot at addressing this in #273. Please let me know if this is reasonable.
Thanks in advance for any advice/suggestions.
Metadata
Metadata
Assignees
Labels
No labels