Could not parse valid public key

[Chilinot]

Hello, im having issues with parsing public keys that I know are valid. The only error message i get says ArgumentError: Could not parse PKey.

Im using the jruby:9.2.0-jdk-alpine docker image to run my application.

Below is the output from pry that contains both the valid key, and the error message when I try to parse the key:

[3] pry(AuthVerifier)> File.read(path)
=> "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTlm5TxJp3WHMNmWIfo/\nWvkyhJCXc1S78Y9B8lSXxXnkRqX8Twxu5EkdUP0TwgD5gp0TGy7UPm/SgWlQOcqX\nqtdOWq/Hk29Ve9z6k6wTmst7NTefmm/7OqkeYmBhfhoECLCKBADM8ctjoqD63R0e\n3bUW2knq6vCS5YMmD76/5UoU647BzB9CjgDzjuTKEbXL5AvcO5wWDgHSp7CA+2t4\nIFQvQMrPso5mvm2hNvD19vI0VjiY21rKgkJQAXSrLgkJg/fTL2wQiz10d2GnYsmx\nDeJCiBMwC+cmRW2eWePqaCPaWJwr92KsIiry+LgyGb3y01SUVV8kQgQXazutHqfu\ncQIDAQAB\n-----END PUBLIC KEY-----\n"
[4] pry(AuthVerifier)> OpenSSL::PKey.read(File.read(path))
ArgumentError: Could not parse PKey
from org/jruby/ext/openssl/PKey.java:176:in `read'

[Chilinot]

I should note that this exact same code works fine in the regular ruby implementation.

[Chilinot]

I have replicated the issue in jirb:

irb(main):007:0> require 'openssl'
=> false
irb(main):008:0> OpenSSL::PKey.read("-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqxvGcotRPN6y8T4hnTm\nOHD7XBPqsSkm/NIt2ApXB+5t0mKTJbfg44gSiJWqkCD7cSFYKqVzENA7FNB0mjiu\nvb7sc++L2fc4u3OusrsHpeuNGLVymfSac7jD+3GRI7wz6RSX+LXWa5gQYmNq7dwi\ni8yVicpN83Fxs7JgYvIY4irKVmFc1VDjPPyqB3e8EY5pX7NPT7dX5m5IWhDSrjRG\nzQotfsxH2mK2H+AF/9PpoRG8MiVD/s/9kXvhVzOdxu9qp2EdTH0h5HhfBPpdKrvw\n2oYUMQHFDeiS8XtK2Ohj45wrksdZ2GwPFlix/UbyY2Z0W5ig1zsUlEOJnOP6lAP8\nLQIDAQAB\n-----END PUBLIC KEY-----\n")
Traceback (most recent call last):
        7: from /opt/jruby/bin/jirb:13:in `<main>'
        6: from org/jruby/RubyKernel.java:1180:in `catch'
        5: from org/jruby/RubyKernel.java:1180:in `catch'
        4: from org/jruby/RubyKernel.java:1418:in `loop'
        3: from org/jruby/RubyKernel.java:1037:in `eval'
        2: from (irb):8:in `<eval>'
        1: from org/jruby/ext/openssl/PKey.java:176:in `read'
ArgumentError (Could not parse PKey)
irb(main):009:0>

[Chilinot]

In regular ruby using irb it works fine:

irb(main):001:0> require 'openssl'
=> true
irb(main):002:0> OpenSSL::PKey.read("-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTlm5TxJp3WHMNmWIfo/\nWvkyhJCXc1S78Y9B8lSXxXnkRqX8Twxu5EkdUP0TwgD5gp0TGy7UPm/SgWlQOcqX\nqtdOWq/Hk29Ve9z6k6wTmst7NTefmm/7OqkeYmBhfhoECLCKBADM8ctjoqD63R0e\n3bUW2knq6vCS5YMmD76/5UoU647BzB9CjgDzjuTKEbXL5AvcO5wWDgHSp7CA+2t4\nIFQvQMrPso5mvm2hNvD19vI0VjiY21rKgkJQAXSrLgkJg/fTL2wQiz10d2GnYsmx\nDeJCiBMwC+cmRW2eWePqaCPaWJwr92KsIiry+LgyGb3y01SUVV8kQgQXazutHqfu\ncQIDAQAB\n-----END PUBLIC KEY-----\n")
=> #<OpenSSL::PKey::RSA:0x000055b6d1d65398>

[Chilinot]

I have found a workaround by following the instructions for loading public keys here.

Essentially, I have specified that the key is an RSA key using the below line:

OpenSSL::PKey::RSA.new File.read(path)

[p-mongo]

This issue affects public key and certificate bundles also.

I created a reproduce case here: https://github.com/p-mongo/tests/tree/master/tls-load-bundle

Given the following files:

• client.key - PEM encoded private key only
• client.pem - PEM encoded certificate followed by PEM encoded private key

Using jruby:

# OK
pk = OpenSSL::PKey.read(File.read('client.key'))

# OK
pk = OpenSSL::PKey::RSA.new(File.read('client.pem'))

# Fails
pk = OpenSSL::PKey.read(File.read('client.pem'))

MRI is able to read the certificate out of the bundle via OpenSSL::PKey.read.

Checked using:

jruby 9.2.5.0 (2.5.0) 2018-12-06 6d5a228 OpenJDK 64-Bit Server VM 25.171-b11 on 1.8.0_171-8u171-b11-2-b11 +jit [linux-x86_64]
jruby 9.2.7.0 (2.5.3) 2019-04-09 8a269e3 OpenJDK 64-Bit Server VM 25.171-b11 on 1.8.0_171-8u171-b11-2-b11 +jit [linux-x86_64]

[p-mongo]

Our current workaround for certificate+private key bundles: mongodb/mongo-ruby-driver@e74ce7a#diff-ed625ecdabf4aeff5d1a5fc04b958a3a