Remove X-Pack PemUtils and DerParser

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertParsingUtils.java

@@ -7,6 +7,7 @@
 
 package org.elasticsearch.xpack.core.ssl;
 
+import org.elasticsearch.common.ssl.PemUtils;
 import org.elasticsearch.core.Nullable;
 import org.elasticsearch.common.settings.SecureString;
 import org.elasticsearch.common.settings.Settings;
@@ -22,6 +23,7 @@
 import java.io.InputStream;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.security.GeneralSecurityException;
 import java.security.Key;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -93,6 +95,23 @@ public static Certificate[] readCertificates(List<Path> certPaths) throws Certif
         return certificates.toArray(new Certificate[0]);
     }
 
+    public static X509Certificate readX509Certificate(Path path) throws CertificateException, IOException {
+        List<Certificate> certificates = PemUtils.readCertificates(List.of(path));
+        if (certificates.size() != 1) {
+            throw new IllegalArgumentException("expected a single certificate in file [" + path.toAbsolutePath() + "] but found [" +
+                certificates.size() + "]");
+        }
+        final Certificate cert = certificates.get(0);
+        if (cert instanceof X509Certificate) {
+            return (X509Certificate) cert;
+        } else {
+            throw new IllegalArgumentException("the certificate in " + path.toAbsolutePath() + " is not an X.509 certificate ("
+                + cert.getType()
+                + " : "
+                + cert.getClass() + ")");
+        }
+    }
+
     @SuppressWarnings("unchecked")
     public static X509Certificate[] readX509Certificates(List<Path> certPaths) throws CertificateException, IOException {
         Collection<X509Certificate> certificates = new ArrayList<>();
@@ -149,8 +168,8 @@ public static Map<Certificate, Key> readKeyPairsFromKeystore(KeyStore store, Fun
     /**
      * Creates a {@link KeyStore} from a PEM encoded certificate and key file
      */
-    public static KeyStore getKeyStoreFromPEM(Path certificatePath, Path keyPath, char[] keyPassword)
-        throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
+    public static KeyStore getKeyStoreFromPEM(Path certificatePath, Path keyPath, char[] keyPassword) throws IOException,
+        GeneralSecurityException {
         final PrivateKey key = PemUtils.readPrivateKey(keyPath, () -> keyPassword);
         final Certificate[] certificates = readCertificates(Collections.singletonList(certificatePath));
         return getKeyStore(certificates, key, keyPassword);

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/PEMKeyConfig.java

@@ -7,6 +7,7 @@
 package org.elasticsearch.xpack.core.ssl;
 
 import org.elasticsearch.ElasticsearchException;
+import org.elasticsearch.common.ssl.PemUtils;
 import org.elasticsearch.core.Nullable;
 import org.elasticsearch.common.settings.SecureString;
 import org.elasticsearch.env.Environment;
@@ -22,6 +23,7 @@
 import java.nio.file.NoSuchFileException;
 import java.nio.file.Path;
 import java.security.AccessControlException;
+import java.security.GeneralSecurityException;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
@@ -120,6 +122,8 @@ private static PrivateKey readPrivateKey(String keyPath, SecureString keyPasswor
             throw unreadableKeyConfigFile(accessException, KEY_FILE, key);
         } catch (AccessControlException securityException) {
             throw blockedKeyConfigFile(securityException, environment, KEY_FILE, key);
+        } catch (GeneralSecurityException e) {
+            throw new IllegalStateException("Error parsing Private Key from: " + keyPath, e);
         }
     }