I found that PGJDBC currently lacks support for PEM based certs and keys.
We have a use case where PEM files are auto renewed on disk and converting them to DER format requires running something that watches files on disk and auto-converts to DER.
Hence I would like to propose a patch for supporting PEM based certs, keys.
This is the approach for adding the support,
- Introduce a new PEMKeyManager which implements X509KeyManager. - PEMKeyManager will have the logic for extracting the BASE64 encoded DER bytes to convert into private key using key algorithm specified by property PGProperty.PEM_KEY_ALGORITHM. - PEMKeyManager will read the PEM based cert chain using CertificateFactory to get the X509Certificate chain. - Now LibPQFactory can initialize PEMKeyManager if the SSL Keyfile ends with .key or .pem
I am attaching a patch file which also contains new test cases for PEM based certs, keys. Please take a look.
