cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject [14/17] git commit: updated refs/heads/4.9-mvn-upgrade to 0324442
Date Thu, 07 Apr 2016 15:48:42 GMT
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f845bb4e/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
----------------------------------------------------------------------
diff --git a/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java b/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
index d43542f..fd05459 100644
--- a/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
+++ b/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
@@ -40,18 +40,19 @@ import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.ArrayList;
 import java.util.List;
 
-import com.cloud.utils.exception.CloudRuntimeException;
 import org.apache.commons.codec.binary.Base64;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.util.io.pem.PemReader;
 
 import com.cloud.utils.Ternary;
-import org.bouncycastle.openssl.PEMReader;
+import com.cloud.utils.exception.CloudRuntimeException;
 
 public class CertificateHelper {
     public static byte[] buildAndSaveKeystore(String alias, String cert, String privateKey,
String storePassword) throws KeyStoreException, CertificateException,
         NoSuchAlgorithmException, InvalidKeySpecException, IOException {
-        KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword);
+        final KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword);
 
-        ByteArrayOutputStream os = new ByteArrayOutputStream();
+        final ByteArrayOutputStream os = new ByteArrayOutputStream();
         ks.store(os, storePassword != null ? storePassword.toCharArray() : null);
         os.close();
         return os.toByteArray();
@@ -59,18 +60,18 @@ public class CertificateHelper {
 
     public static byte[] buildAndSaveKeystore(List<Ternary<String, String, String>>
certs, String storePassword) throws KeyStoreException, NoSuchAlgorithmException,
         CertificateException, IOException, InvalidKeySpecException {
-        KeyStore ks = KeyStore.getInstance("JKS");
+        final KeyStore ks = KeyStore.getInstance("JKS");
         ks.load(null, storePassword != null ? storePassword.toCharArray() : null);
 
         //name,cert,key
-        for (Ternary<String, String, String> cert : certs) {
+        for (final Ternary<String, String, String> cert : certs) {
             if (cert.third() == null) {
-                Certificate c = buildCertificate(cert.second());
+                final Certificate c = buildCertificate(cert.second());
                 ks.setCertificateEntry(cert.first(), c);
             } else {
-                Certificate[] c = new Certificate[certs.size()];
+                final Certificate[] c = new Certificate[certs.size()];
                 int i = certs.size();
-                for (Ternary<String, String, String> ct : certs) {
+                for (final Ternary<String, String, String> ct : certs) {
                     c[i - 1] = buildCertificate(ct.second());
                     i--;
                 }
@@ -78,15 +79,15 @@ public class CertificateHelper {
             }
         }
 
-        ByteArrayOutputStream os = new ByteArrayOutputStream();
+        final ByteArrayOutputStream os = new ByteArrayOutputStream();
         ks.store(os, storePassword != null ? storePassword.toCharArray() : null);
         os.close();
         return os.toByteArray();
     }
 
     public static KeyStore loadKeystore(byte[] ksData, String storePassword) throws KeyStoreException,
CertificateException, NoSuchAlgorithmException, IOException {
-        assert (ksData != null);
-        KeyStore ks = KeyStore.getInstance("JKS");
+        assert ksData != null;
+        final KeyStore ks = KeyStore.getInstance("JKS");
         ks.load(new ByteArrayInputStream(ksData), storePassword != null ? storePassword.toCharArray()
: null);
 
         return ks;
@@ -95,42 +96,46 @@ public class CertificateHelper {
     public static KeyStore buildKeystore(String alias, String cert, String privateKey, String
storePassword) throws KeyStoreException, CertificateException,
         NoSuchAlgorithmException, InvalidKeySpecException, IOException {
 
-        KeyStore ks = KeyStore.getInstance("JKS");
+        final KeyStore ks = KeyStore.getInstance("JKS");
         ks.load(null, storePassword != null ? storePassword.toCharArray() : null);
-        Certificate[] certs = new Certificate[1];
+        final Certificate[] certs = new Certificate[1];
         certs[0] = buildCertificate(cert);
         ks.setKeyEntry(alias, buildPrivateKey(privateKey), storePassword != null ? storePassword.toCharArray()
: null, certs);
         return ks;
     }
 
     public static Certificate buildCertificate(String content) throws CertificateException
{
-        assert (content != null);
+        assert content != null;
 
-        BufferedInputStream bis = new BufferedInputStream(new ByteArrayInputStream(content.getBytes()));
-        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+        final BufferedInputStream bis = new BufferedInputStream(new ByteArrayInputStream(content.getBytes()));
+        final CertificateFactory cf = CertificateFactory.getInstance("X.509");
         return cf.generateCertificate(bis);
     }
 
     public static Key buildPrivateKey(String base64EncodedKeyContent) throws NoSuchAlgorithmException,
InvalidKeySpecException, IOException {
-        KeyFactory kf = KeyFactory.getInstance("RSA");
-        PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(Base64.decodeBase64(base64EncodedKeyContent));
+        final KeyFactory kf = KeyFactory.getInstance("RSA");
+        final PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(Base64.decodeBase64(base64EncodedKeyContent));
         return kf.generatePrivate(keysp);
     }
 
-    public static List<Certificate> parseChain(String chain) throws IOException {
+    public static List<Certificate> parseChain(String chain) throws IOException, CertificateException
{
 
-        List<Certificate> certs = new ArrayList<Certificate>();
-        PEMReader reader = new PEMReader(new StringReader(chain));
+        final List<Certificate> certs = new ArrayList<Certificate>();
+        final PemReader pemReader = new PemReader(new StringReader(chain));
 
         Certificate crt = null;
+        final PemObject pemObject = pemReader.readPemObject();
+        final ByteArrayInputStream bais = new ByteArrayInputStream(pemObject.getContent());
+        final CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
 
-        while ((crt = (Certificate)reader.readObject()) != null) {
+        while ((crt = certificateFactory.generateCertificate(bais)) != null) {
             if (crt instanceof X509Certificate) {
                 certs.add(crt);
             }
         }
-        if (certs.size() == 0)
+        if (certs.size() == 0) {
             throw new IllegalArgumentException("Unable to decode certificate chain");
+        }
 
         return certs;
     }
@@ -139,24 +144,24 @@ public class CertificateHelper {
 
         final char[] HEX = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C',
'D', 'E', 'F'};
 
-        StringBuilder buffer = new StringBuilder(60);
+        final StringBuilder buffer = new StringBuilder(60);
         try {
 
-            MessageDigest md = MessageDigest.getInstance("SHA-1");
-            byte[] data = md.digest(cert.getEncoded());
+            final MessageDigest md = MessageDigest.getInstance("SHA-1");
+            final byte[] data = md.digest(cert.getEncoded());
 
-            for (int i = 0; i < data.length; i++) {
+            for (final byte element : data) {
                 if (buffer.length() > 0) {
                     buffer.append(":");
                 }
 
-                buffer.append(HEX[(0xF0 & data[i]) >>> 4]);
-                buffer.append(HEX[0x0F & data[i]]);
+                buffer.append(HEX[(0xF0 & element) >>> 4]);
+                buffer.append(HEX[0x0F & element]);
             }
 
-        } catch (CertificateEncodingException e) {
+        } catch (final CertificateEncodingException e) {
             throw new CloudRuntimeException("Bad certificate encoding");
-        } catch (NoSuchAlgorithmException e) {
+        } catch (final NoSuchAlgorithmException e) {
             throw new CloudRuntimeException("Bad certificate algorithm");
         }
 


Mime
View raw message