fix(nm): 802.1x EAP-TLS on platforms where NetworkManager uses nss (#…

…5075) * fix: pass private key to NetworkManager as PEM instead of DER * refactor: simplify code * refactor: rollback to previous version * build: fix manifest * fix: add newline every 64 character as per RFC 1421 * refactor: extract conversion to method * refactor: remove extra newline * fix: wrong key header (I was too tired) * test: update test with correct expectation
eclipse-kura · Dec 22, 2023 · 57f0cd9 · 57f0cd9
1 parent 5297748
commit 57f0cd9
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 3 deletions.
diff --git a/kura/org.eclipse.kura.nm/META-INF/MANIFEST.MF b/kura/org.eclipse.kura.nm/META-INF/MANIFEST.MF
@@ -5,7 +5,8 @@ Bundle-SymbolicName: org.eclipse.kura.nm;singleton:=true
 Bundle-Version: 1.2.0.qualifier
 Bundle-Vendor: Eclipse Kura
 Require-Capability: osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"
-Import-Package: org.apache.commons.io;version="2.4.0",
+Import-Package: javax.xml.bind;version="2.3.3",
+ org.apache.commons.io;version="2.4.0",
  org.apache.commons.lang3.tuple;version="3.12.0",
  org.eclipse.kura;version="[1.0,2.0)",
  org.eclipse.kura.configuration;version="[1.1,2.0)",

diff --git a/....eclipse.kura.nm/src/main/java/org/eclipse/kura/nm/configuration/NMSettingsConverter.java b/....eclipse.kura.nm/src/main/java/org/eclipse/kura/nm/configuration/NMSettingsConverter.java
@@ -26,6 +26,8 @@
 import java.util.Map;
 import java.util.Optional;
 
+import javax.xml.bind.DatatypeConverter;
+
 import org.eclipse.kura.configuration.Password;
 import org.eclipse.kura.nm.Kura8021xEAP;
 import org.eclipse.kura.nm.Kura8021xInnerAuth;
@@ -199,7 +201,7 @@ private static void create8021xTls(NetworkProperties props, String deviceId, Map
             PrivateKey privateKey = props.get(PrivateKey.class, "net.interface.%s.config.802-1x.private-key-name",
                     deviceId);
             if (privateKey.getEncoded() != null) {
-                settings.put("private-key", new Variant<>(privateKey.getEncoded()));
+                settings.put("private-key", new Variant<>(convertToPem(privateKey.getEncoded())));
             } else {
                 logger.error("Unable to find or decode Private Key");
             }
@@ -787,4 +789,10 @@ private static String connectionTypeConvert(NMDeviceType deviceType) {
         }
     }
 
+    private static byte[] convertToPem(byte[] derKey) {
+        String pem = "-----BEGIN PRIVATE KEY-----\n"
+                + DatatypeConverter.printBase64Binary(derKey).replaceAll("(.{64})", "$1\n")
+                + "\n-----END PRIVATE KEY-----\n";
+        return pem.getBytes(StandardCharsets.UTF_8);
+    }
 }
diff --git a/...kura.nm.test/src/test/java/org/eclipse/kura/nm/configuration/NMSettingsConverterTest.java b/...kura.nm.test/src/test/java/org/eclipse/kura/nm/configuration/NMSettingsConverterTest.java
@@ -663,7 +663,8 @@ public void build8021xSettingsShouldWorkWithTls() {
         thenResultingMapContains("identity", "[email protected]");
         thenResultingMapContainsBytes("ca-cert", "binary ca cert");
         thenResultingMapContainsBytes("client-cert", "binary client cert");
-        thenResultingMapContainsBytes("private-key", "binary private key");
+        thenResultingMapContainsBytes("private-key",
+                "-----BEGIN PRIVATE KEY-----\nYmluYXJ5IHByaXZhdGUga2V5\n-----END PRIVATE KEY-----\n");
         thenResultingMapContains("private-key-password", "secure-password");
 
     }