From 5194826606060cdc9d7277311065bcd45ab2a91e Mon Sep 17 00:00:00 2001
From: earlgrey02 <san06036@naver.com>
Date: Tue, 27 Jan 2026 17:47:56 +0900
Subject: [PATCH] implement single-line RSA key support

Signed-off-by: earlgrey02 <san06036@naver.com>
---
 .../security/converter/RsaKeyConverters.java  | 40 ++++++++++++++-----
 .../converter/RsaKeyConvertersTests.java      | 19 +++++++++
 2 files changed, 50 insertions(+), 9 deletions(-)

diff --git a/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java b/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
index b3701f839d..30dc96ad50 100644
--- a/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
+++ b/core/src/main/java/org/springframework/security/converter/RsaKeyConverters.java
@@ -87,9 +87,17 @@ public final class RsaKeyConverters {
 					"Key is not in PEM-encoded PKCS#8 format, please check that the header begins with "
 							+ PKCS8_PEM_HEADER);
 			StringBuilder base64Encoded = new StringBuilder();
-			for (String line : lines) {
-				if (RsaKeyConverters.isNotPkcs8Wrapper(line)) {
-					base64Encoded.append(line);
+			if (lines.size() == 1) {
+				base64Encoded.append(lines.get(0)
+					.replace(PKCS8_PEM_HEADER, "")
+					.replace(PKCS8_PEM_FOOTER, "")
+					.replaceAll("\\s+", ""));
+			}
+			else {
+				for (String line : lines) {
+					if (RsaKeyConverters.isNotPkcs8Wrapper(line)) {
+						base64Encoded.append(line);
+					}
 				}
 			}
 			byte[] pkcs8 = Base64.getDecoder().decode(base64Encoded.toString());
@@ -165,9 +173,15 @@ public final class RsaKeyConverters {
 		@Override
 		public @NonNull RSAPublicKey convert(List<String> lines) {
 			StringBuilder base64Encoded = new StringBuilder();
-			for (String line : lines) {
-				if (isNotX509PemWrapper(line)) {
-					base64Encoded.append(line);
+			if (lines.size() == 1) {
+				base64Encoded.append(
+						lines.get(0).replace(X509_PEM_HEADER, "").replace(X509_PEM_FOOTER, "").replaceAll("\\s+", ""));
+			}
+			else {
+				for (String line : lines) {
+					if (isNotX509PemWrapper(line)) {
+						base64Encoded.append(line);
+					}
 				}
 			}
 			byte[] x509 = Base64.getDecoder().decode(base64Encoded.toString());
@@ -196,9 +210,17 @@ public final class RsaKeyConverters {
 		@Override
 		public @NonNull RSAPublicKey convert(List<String> lines) {
 			StringBuilder base64Encoded = new StringBuilder();
-			for (String line : lines) {
-				if (isNotX509CertificateWrapper(line)) {
-					base64Encoded.append(line);
+			if (lines.size() == 1) {
+				base64Encoded.append(lines.get(0)
+					.replace(X509_CERT_HEADER, "")
+					.replace(X509_CERT_FOOTER, "")
+					.replaceAll("\\s+", ""));
+			}
+			else {
+				for (String line : lines) {
+					if (isNotX509CertificateWrapper(line)) {
+						base64Encoded.append(line);
+					}
 				}
 			}
 			byte[] x509 = Base64.getDecoder().decode(base64Encoded.toString());
diff --git a/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java b/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java
index 149d7c2630..74f398f754 100644
--- a/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java
+++ b/core/src/test/java/org/springframework/security/converter/RsaKeyConvertersTests.java
@@ -120,6 +120,13 @@ public class RsaKeyConvertersTests {
 		Assertions.assertThat(key.getModulus().bitLength()).isEqualTo(2048);
 	}
 
+	@Test
+	public void pkcs8WhenConvertingSingleLinePkcs8PrivateKeyThenOk() {
+		RSAPrivateKey key = this.pkcs8.convert(toInputStream(PKCS8_PRIVATE_KEY.replace("\n", "")));
+		Assertions.assertThat(key).isInstanceOf(RSAPrivateCrtKey.class);
+		Assertions.assertThat(key.getModulus().bitLength()).isEqualTo(2048);
+	}
+
 	@Test
 	public void pkcs8WhenConvertingPkcs1PrivateKeyThenIllegalArgumentException() {
 		assertThatIllegalArgumentException().isThrownBy(() -> this.pkcs8.convert(toInputStream(PKCS1_PRIVATE_KEY)));
@@ -131,12 +138,24 @@ public class RsaKeyConvertersTests {
 		Assertions.assertThat(key.getModulus().bitLength()).isEqualTo(1024);
 	}
 
+	@Test
+	public void x509WhenConvertingSingleLineX509PublicKeyThenOk() {
+		RSAPublicKey key = this.x509.convert(toInputStream(X509_PUBLIC_KEY.replace("\n", "")));
+		Assertions.assertThat(key.getModulus().bitLength()).isEqualTo(1024);
+	}
+
 	@Test
 	public void x509WhenConvertingX509CertificateThenOk() {
 		RSAPublicKey key = this.x509.convert(toInputStream(X509_CERTIFICATE));
 		Assertions.assertThat(key.getModulus().bitLength()).isEqualTo(1024);
 	}
 
+	@Test
+	public void x509WhenConvertingX509SingleLineCertificateThenOk() {
+		RSAPublicKey key = this.x509.convert(toInputStream(X509_CERTIFICATE.replace("\n", "")));
+		Assertions.assertThat(key.getModulus().bitLength()).isEqualTo(1024);
+	}
+
 	@Test
 	public void x509WhenConvertingDerEncodedX509PublicKeyThenIllegalArgumentException() {
 		assertThatIllegalArgumentException().isThrownBy(() -> this.x509.convert(toInputStream(MALFORMED_X509_KEY)));