cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jburwell <...@git.apache.org>
Subject [GitHub] cloudstack pull request #1511: 4.9/master bountycastle changes
Date Tue, 13 Sep 2016 21:32:53 GMT
Github user jburwell commented on a diff in the pull request:

    https://github.com/apache/cloudstack/pull/1511#discussion_r78648573
  
    --- Diff: utils/src/main/java/com/cloud/utils/security/CertificateHelper.java ---
    @@ -38,125 +38,139 @@
     import java.security.spec.InvalidKeySpecException;
     import java.security.spec.PKCS8EncodedKeySpec;
     import java.util.ArrayList;
    +import java.util.Collection;
    +import java.util.Iterator;
     import java.util.List;
     
    -import com.cloud.utils.exception.CloudRuntimeException;
     import org.apache.commons.codec.binary.Base64;
    +import org.bouncycastle.util.io.pem.PemObject;
    +import org.bouncycastle.util.io.pem.PemReader;
     
     import com.cloud.utils.Ternary;
    -import org.bouncycastle.openssl.PEMReader;
    +import com.cloud.utils.exception.CloudRuntimeException;
     
     public class CertificateHelper {
    -    public static byte[] buildAndSaveKeystore(String alias, String cert, String privateKey,
String storePassword) throws KeyStoreException, CertificateException,
    -        NoSuchAlgorithmException, InvalidKeySpecException, IOException {
    -        KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword);
    +    public static byte[] buildAndSaveKeystore(final String alias, final String cert,
final String privateKey, final String storePassword) throws KeyStoreException, CertificateException,
    +    NoSuchAlgorithmException, InvalidKeySpecException, IOException {
    +        final KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword);
     
    -        ByteArrayOutputStream os = new ByteArrayOutputStream();
    +        final ByteArrayOutputStream os = new ByteArrayOutputStream();
             ks.store(os, storePassword != null ? storePassword.toCharArray() : null);
             os.close();
             return os.toByteArray();
         }
     
    -    public static byte[] buildAndSaveKeystore(List<Ternary<String, String, String>>
certs, String storePassword) throws KeyStoreException, NoSuchAlgorithmException,
    -        CertificateException, IOException, InvalidKeySpecException {
    -        KeyStore ks = KeyStore.getInstance("JKS");
    +    public static byte[] buildAndSaveKeystore(final List<Ternary<String, String,
String>> certs, final String storePassword) throws KeyStoreException, NoSuchAlgorithmException,
    +    CertificateException, IOException, InvalidKeySpecException {
    +        final KeyStore ks = KeyStore.getInstance("JKS");
             ks.load(null, storePassword != null ? storePassword.toCharArray() : null);
     
             //name,cert,key
    -        for (Ternary<String, String, String> cert : certs) {
    +        for (final Ternary<String, String, String> cert : certs) {
                 if (cert.third() == null) {
    -                Certificate c = buildCertificate(cert.second());
    +                final Certificate c = buildCertificate(cert.second());
                     ks.setCertificateEntry(cert.first(), c);
                 } else {
    -                Certificate[] c = new Certificate[certs.size()];
    +                final Certificate[] c = new Certificate[certs.size()];
                     int i = certs.size();
    -                for (Ternary<String, String, String> ct : certs) {
    +                for (final Ternary<String, String, String> ct : certs) {
                         c[i - 1] = buildCertificate(ct.second());
                         i--;
                     }
                     ks.setKeyEntry(cert.first(), buildPrivateKey(cert.third()), storePassword
!= null ? storePassword.toCharArray() : null, c);
                 }
             }
     
    -        ByteArrayOutputStream os = new ByteArrayOutputStream();
    +        final ByteArrayOutputStream os = new ByteArrayOutputStream();
             ks.store(os, storePassword != null ? storePassword.toCharArray() : null);
             os.close();
             return os.toByteArray();
         }
     
    -    public static KeyStore loadKeystore(byte[] ksData, String storePassword) throws KeyStoreException,
CertificateException, NoSuchAlgorithmException, IOException {
    -        assert (ksData != null);
    -        KeyStore ks = KeyStore.getInstance("JKS");
    +    public static KeyStore loadKeystore(final byte[] ksData, final String storePassword)
throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
    +        assert ksData != null;
    +        final KeyStore ks = KeyStore.getInstance("JKS");
             ks.load(new ByteArrayInputStream(ksData), storePassword != null ? storePassword.toCharArray()
: null);
     
             return ks;
         }
     
    -    public static KeyStore buildKeystore(String alias, String cert, String privateKey,
String storePassword) throws KeyStoreException, CertificateException,
    -        NoSuchAlgorithmException, InvalidKeySpecException, IOException {
    +    public static KeyStore buildKeystore(final String alias, final String cert, final
String privateKey, final String storePassword) throws KeyStoreException, CertificateException,
    +    NoSuchAlgorithmException, InvalidKeySpecException, IOException {
     
    -        KeyStore ks = KeyStore.getInstance("JKS");
    +        final KeyStore ks = KeyStore.getInstance("JKS");
             ks.load(null, storePassword != null ? storePassword.toCharArray() : null);
    -        Certificate[] certs = new Certificate[1];
    +        final Certificate[] certs = new Certificate[1];
             certs[0] = buildCertificate(cert);
             ks.setKeyEntry(alias, buildPrivateKey(privateKey), storePassword != null ? storePassword.toCharArray()
: null, certs);
             return ks;
         }
     
    -    public static Certificate buildCertificate(String content) throws CertificateException
{
    -        assert (content != null);
    +    public static Certificate buildCertificate(final String content) throws CertificateException
{
    +        assert content != null;
     
    -        BufferedInputStream bis = new BufferedInputStream(new ByteArrayInputStream(content.getBytes()));
    -        CertificateFactory cf = CertificateFactory.getInstance("X.509");
    +        final BufferedInputStream bis = new BufferedInputStream(new ByteArrayInputStream(content.getBytes()));
    +        final CertificateFactory cf = CertificateFactory.getInstance("X.509");
             return cf.generateCertificate(bis);
         }
     
    -    public static Key buildPrivateKey(String base64EncodedKeyContent) throws NoSuchAlgorithmException,
InvalidKeySpecException, IOException {
    -        KeyFactory kf = KeyFactory.getInstance("RSA");
    -        PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(Base64.decodeBase64(base64EncodedKeyContent));
    +    public static Key buildPrivateKey(final String base64EncodedKeyContent) throws NoSuchAlgorithmException,
InvalidKeySpecException, IOException {
    +        final KeyFactory kf = KeyFactory.getInstance("RSA");
    +        final PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(Base64.decodeBase64(base64EncodedKeyContent));
             return kf.generatePrivate(keysp);
         }
     
    -    public static List<Certificate> parseChain(String chain) throws IOException
{
    -
    -        List<Certificate> certs = new ArrayList<Certificate>();
    -        PEMReader reader = new PEMReader(new StringReader(chain));
    -
    -        Certificate crt = null;
    -
    -        while ((crt = (Certificate)reader.readObject()) != null) {
    -            if (crt instanceof X509Certificate) {
    -                certs.add(crt);
    +    public static List<Certificate> parseChain(final String chain) throws IOException,
CertificateException {
    +
    +        final List<Certificate> certs = new ArrayList<Certificate>();
    +        try(final PemReader pemReader = new PemReader(new StringReader(chain));)
    +        {
    +            Certificate cert = null;
    +            final PemObject pemObject = pemReader.readPemObject();
    +            final ByteArrayInputStream bais = new ByteArrayInputStream(pemObject.getContent());
    +            final CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    +
    +            final Collection<? extends Certificate> c = certificateFactory.generateCertificates(bais);
    +            final Iterator<? extends Certificate> i = c.iterator();
    +            while (i.hasNext()) {
    --- End diff --
    
    Why isn't this a `for` each instead of a `while` loop?  The iterator and loop logic would
be simpler.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message