Hello Pgjdbc community,
I found that PGJDBC currently lacks support for PEM based certs and keys.
We have a use case where PEM files are auto renewed on disk and
converting them to DER format requires running something that watches
files on disk and auto-converts to DER.
Hence I would like to propose a patch for supporting PEM based certs, keys.
This is the approach for adding the support,
- Introduce a new PEMKeyManager which implements X509KeyManager.
- PEMKeyManager will have the logic for extracting the BASE64 encoded
DER bytes to convert into private key using key algorithm specified by
property PGProperty.PEM_KEY_ALGORITHM.
- PEMKeyManager will read the PEM based cert chain using
CertificateFactory to get the X509Certificate chain.
- Now LibPQFactory can initialize PEMKeyManager if the SSL Keyfile
ends with .key or .pem
I am attaching a patch file which also contains new test cases for PEM
based certs, keys. Please take a look.
Thanks.
Regards,
Harinath
