[feature] Support PKCS1 "RSA PUBLIC KEY" pem block type (#1179)

* ap: add support for PKCS1 "RSA PUBLIC KEY" pem block type Signed-off-by: Sigrid Solveig Haflínudóttir <sigrid@ftrv.se> * ap: report no PEM data or unknown pem block type Signed-off-by: Sigrid Solveig Haflínudóttir <sigrid@ftrv.se> Signed-off-by: Sigrid Solveig Haflínudóttir <sigrid@ftrv.se>
2025-10-31 10:52:28 -05:00 · 2022-11-30 23:13:13 +01:00 · 2022-11-30 23:13:13 +01:00 · 5a0e418281
commit 5a0e418281
parent 1652633d93
1 changed files with 12 additions and 5 deletions
--- a/internal/ap/extract.go
+++ b/internal/ap/extract.go
@ -22,6 +22,7 @@
 package ap

 import (
+	"crypto"
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/pem"
@ -318,18 +319,24 @@ func ExtractPublicKeyForOwner(i WithPublicKey, forOwner *url.URL) (*rsa.PublicKe
 		}

 		block, _ := pem.Decode([]byte(pkeyPem))
-		if block == nil || block.Type != "PUBLIC KEY" {
-			return nil, nil, errors.New("could not decode publicKeyPem to PUBLIC KEY pem block type")
+		if block == nil {
+			return nil, nil, errors.New("could not decode publicKeyPem: no PEM data")
+		}
+		var p crypto.PublicKey
+		switch block.Type {
+		case "PUBLIC KEY":
+			p, err = x509.ParsePKIXPublicKey(block.Bytes)
+		case "RSA PUBLIC KEY":
+			p, err = x509.ParsePKCS1PublicKey(block.Bytes)
+		default:
+			return nil, nil, fmt.Errorf("could not parse public key: unknown block type: %q", block.Type)
 		}
-
-		p, err := x509.ParsePKIXPublicKey(block.Bytes)
 		if err != nil {
 			return nil, nil, fmt.Errorf("could not parse public key from block bytes: %s", err)
 		}
 		if p == nil {
 			return nil, nil, errors.New("returned public key was empty")
 		}
-
 		if publicKey, ok := p.(*rsa.PublicKey); ok {
 			return publicKey, pkeyID, nil
 		}