[fix] PKey.read to parse subject PKI

kares · kares · commit adc56658b270 · 2026-03-06T07:44:43.000+01:00
diff --git a/src/main/java/org/jruby/ext/openssl/impl/PKey.java b/src/main/java/org/jruby/ext/openssl/impl/PKey.java
@@ -139,11 +139,24 @@ public static KeyPair readPrivateKey(final Type type, final PrivateKeyInfo keyIn
 
     // d2i_PUBKEY_bio
     public static PublicKey readPublicKey(final byte[] input) throws IOException {
+        // Try PEM first
         try (Reader in = new InputStreamReader(new ByteArrayInputStream(input))) {
             Object pemObject = new PEMParser(in).readObject();
-            SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(pemObject);
-            return new JcaPEMKeyConverter().getPublicKey(publicKeyInfo);
+            if (pemObject != null) {
+                SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(pemObject);
+                return new JcaPEMKeyConverter().getPublicKey(publicKeyInfo);
+            }
         }
+        // Fall back to DER-encoded SubjectPublicKeyInfo
+        try {
+            SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(input));
+            if (publicKeyInfo != null) {
+                return new JcaPEMKeyConverter().getPublicKey(publicKeyInfo);
+            }
+        } catch (Exception e) {
+            throw new IOException("Could not parse public key: " + e.getMessage(), e);
+        }
+        return null;
     }
 
     // d2i_RSAPrivateKey_bio
diff --git a/src/test/ruby/rsa/test_rsa.rb b/src/test/ruby/rsa/test_rsa.rb
@@ -412,8 +412,7 @@ def test_private_encoding_encrypted
   def test_export
     rsa1024 = Fixtures.pkey("rsa1024")
 
-    #pub = OpenSSL::PKey.read(rsa1024.public_to_der) # TODO not supported
-    pub = OpenSSL::PKey::RSA.new(rsa1024.public_to_der)
+    pub = OpenSSL::PKey.read(rsa1024.public_to_der)
     assert_not_equal rsa1024.export, pub.export
     assert_equal rsa1024.public_to_pem, pub.export
 
@@ -438,7 +437,7 @@ def test_export
   def test_to_der
     rsa1024 = Fixtures.pkey("rsa1024")
 
-    pub = OpenSSL::PKey::RSA.new(rsa1024.public_to_der)
+    pub = OpenSSL::PKey.read(rsa1024.public_to_der)
     assert_not_equal rsa1024.to_der, pub.to_der
     assert_equal rsa1024.public_to_der, pub.to_der
 
