cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@apache.org
Subject git commit: updated refs/heads/4.9-bountycastle-daan to a280f26 [Forced Update!]
Date Thu, 12 May 2016 14:11:02 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/4.9-bountycastle-daan 4817cb6ab -> a280f26f2 (forced update)


use more safe getCertificate(s) call


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/a280f26f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/a280f26f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/a280f26f

Branch: refs/heads/4.9-bountycastle-daan
Commit: a280f26f20eb643d9abbe7f345386b738d768b8e
Parents: 2d82198
Author: Daan Hoogland <daan@onecht.net>
Authored: Mon Apr 25 14:05:40 2016 +0200
Committer: Daan Hoogland <daan@onecht.net>
Committed: Thu May 12 16:10:25 2016 +0200

----------------------------------------------------------------------
 .../cloud/utils/security/CertificateHelper.java | 33 +++++++++++++-------
 1 file changed, 21 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a280f26f/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
----------------------------------------------------------------------
diff --git a/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java b/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
index fd05459..e1ec80c 100644
--- a/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
+++ b/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
@@ -38,6 +38,8 @@ import java.security.cert.X509Certificate;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
 import java.util.List;
 
 import org.apache.commons.codec.binary.Base64;
@@ -121,20 +123,27 @@ public class CertificateHelper {
     public static List<Certificate> parseChain(String chain) throws IOException, CertificateException
{
 
         final List<Certificate> certs = new ArrayList<Certificate>();
-        final PemReader pemReader = new PemReader(new StringReader(chain));
-
-        Certificate crt = null;
-        final PemObject pemObject = pemReader.readPemObject();
-        final ByteArrayInputStream bais = new ByteArrayInputStream(pemObject.getContent());
-        final CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
-
-        while ((crt = certificateFactory.generateCertificate(bais)) != null) {
-            if (crt instanceof X509Certificate) {
-                certs.add(crt);
+        try(final PemReader pemReader = new PemReader(new StringReader(chain));)
+        {
+            Certificate cert = null;
+            final PemObject pemObject = pemReader.readPemObject();
+            final ByteArrayInputStream bais = new ByteArrayInputStream(pemObject.getContent());
+            final CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
+
+            Collection<? extends Certificate> c = certificateFactory.generateCertificates(bais);
+            Iterator<? extends Certificate> i = c.iterator();
+            while (i.hasNext()) {
+                cert = i.next();
+                if (cert instanceof X509Certificate) {
+                    certs.add(cert);
+                }
+            }
+            if (certs.size() == 0) {
+                throw new IllegalArgumentException("Unable to decode certificate chain");
             }
         }
-        if (certs.size() == 0) {
-            throw new IllegalArgumentException("Unable to decode certificate chain");
+        finally {
+            // just close the pemReader
         }
 
         return certs;


Mime
View raw message