From 168cbffb6ea28cc0287464baf66e39505e98ae9c Mon Sep 17 00:00:00 2001
From: Yuri Schimke <yuri@schimke.ee>
Date: Tue, 29 Dec 2020 01:46:01 +0000
Subject: [PATCH] Fail on unencodable keys (#6468)

---
 .../src/main/kotlin/okhttp3/tls/HandshakeCertificates.kt   | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/okhttp-tls/src/main/kotlin/okhttp3/tls/HandshakeCertificates.kt b/okhttp-tls/src/main/kotlin/okhttp3/tls/HandshakeCertificates.kt
index dc305c424..521b2e4b4 100644
--- a/okhttp-tls/src/main/kotlin/okhttp3/tls/HandshakeCertificates.kt
+++ b/okhttp-tls/src/main/kotlin/okhttp3/tls/HandshakeCertificates.kt
@@ -30,6 +30,7 @@ import okhttp3.internal.platform.Platform
 import okhttp3.internal.toImmutableList
 import okhttp3.tls.internal.TlsUtil.newKeyManager
 import okhttp3.tls.internal.TlsUtil.newTrustManager
+import java.security.KeyStoreException
 
 /**
  * Certificates to identify which peers to trust and also to earn the trust of those peers in kind.
@@ -172,6 +173,12 @@ class HandshakeCertificates private constructor(
 
     fun build(): HandshakeCertificates {
       val immutableInsecureHosts = insecureHosts.toImmutableList()
+
+      val heldCertificate = heldCertificate
+      if (heldCertificate != null && heldCertificate.keyPair.private.format == null) {
+        throw KeyStoreException("unable to support unencodable private key")
+      }
+
       val keyManager = newKeyManager(null, heldCertificate, *(intermediates ?: emptyArray()))
       val trustManager = newTrustManager(null, trustedCertificates, immutableInsecureHosts)
       return HandshakeCertificates(keyManager, trustManager)