| From: | harinath kanchu <kanchuharinath(at)gmail(dot)com> |
|---|---|
| To: | pgsql-jdbc(at)lists(dot)postgresql(dot)org |
| Subject: | Patch for supporting PEM based certs and keys |
| Date: | 2025-06-26 21:15:31 |
| Message-ID: | CAO7WNRRhJst=iT2C6kBjg+bYsQTBvN5ksXrNS5m+vkYGa+wGGw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
Hello Pgjdbc community,
I found that PGJDBC currently lacks support for PEM based certs and keys.
We have a use case where PEM files are auto renewed on disk and
converting them to DER format requires running something that watches
files on disk and auto-converts to DER.
Hence I would like to propose a patch for supporting PEM based certs, keys.
This is the approach for adding the support,
- Introduce a new PEMKeyManager which implements X509KeyManager.
- PEMKeyManager will have the logic for extracting the BASE64 encoded
DER bytes to convert into private key using key algorithm specified by
property PGProperty.PEM_KEY_ALGORITHM.
- PEMKeyManager will read the PEM based cert chain using
CertificateFactory to get the X509Certificate chain.
- Now LibPQFactory can initialize PEMKeyManager if the SSL Keyfile
ends with .key or .pem
I am attaching a patch file which also contains new test cases for PEM
based certs, keys. Please take a look.
Thanks.
Regards,
Harinath
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Add-PEMKeyManager-to-handle-PEM-based-certs-and-keys.patch | application/octet-stream | 13.4 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | harinath kanchu | 2025-07-01 17:06:42 | Re: Patch for supporting PEM based certs and keys |
| Previous Message | David G. Johnston | 2025-06-20 21:14:59 | Re: Unable to set guc via setProperty |