Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 8DABF200BD0 for ; Wed, 30 Nov 2016 23:37:08 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 8C41C160B19; Wed, 30 Nov 2016 22:37:08 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id D5CD5160B06 for ; Wed, 30 Nov 2016 23:37:07 +0100 (CET) Received: (qmail 82146 invoked by uid 500); 30 Nov 2016 22:37:02 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 81374 invoked by uid 99); 30 Nov 2016 22:37:02 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Nov 2016 22:37:02 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 5D7F7E04BB; Wed, 30 Nov 2016 22:37:02 +0000 (UTC) From: jburwell To: dev@cloudstack.apache.org Reply-To: dev@cloudstack.apache.org References: In-Reply-To: Subject: [GitHub] cloudstack pull request #1799: CLOUDSTACK-9632: Upgrade bouncy castle to ver... Content-Type: text/plain Message-Id: <20161130223702.5D7F7E04BB@git1-us-west.apache.org> Date: Wed, 30 Nov 2016 22:37:02 +0000 (UTC) archived-at: Wed, 30 Nov 2016 22:37:08 -0000 Github user jburwell commented on a diff in the pull request: https://github.com/apache/cloudstack/pull/1799#discussion_r90309869 --- Diff: utils/src/main/java/com/cloud/utils/security/CertificateHelper.java --- @@ -40,123 +46,122 @@ import java.util.ArrayList; import java.util.List; -import com.cloud.utils.exception.CloudRuntimeException; -import org.apache.commons.codec.binary.Base64; - -import com.cloud.utils.Ternary; -import org.bouncycastle.openssl.PEMReader; - public class CertificateHelper { - public static byte[] buildAndSaveKeystore(String alias, String cert, String privateKey, String storePassword) throws KeyStoreException, CertificateException, - NoSuchAlgorithmException, InvalidKeySpecException, IOException { - KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword); - - ByteArrayOutputStream os = new ByteArrayOutputStream(); - ks.store(os, storePassword != null ? storePassword.toCharArray() : null); - os.close(); - return os.toByteArray(); + public static byte[] buildAndSaveKeystore(final String alias, final String cert, final String privateKey, final String storePassword) throws KeyStoreException, CertificateException, + NoSuchAlgorithmException, InvalidKeySpecException, IOException { + final KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword); + + try (final ByteArrayOutputStream os = new ByteArrayOutputStream()) { + ks.store(os, storePassword != null ? storePassword.toCharArray() : null); + return os.toByteArray(); + } } - public static byte[] buildAndSaveKeystore(List> certs, String storePassword) throws KeyStoreException, NoSuchAlgorithmException, - CertificateException, IOException, InvalidKeySpecException { - KeyStore ks = KeyStore.getInstance("JKS"); + public static byte[] buildAndSaveKeystore(final List> certs, final String storePassword) throws KeyStoreException, NoSuchAlgorithmException, + CertificateException, IOException, InvalidKeySpecException { + final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, storePassword != null ? storePassword.toCharArray() : null); //name,cert,key - for (Ternary cert : certs) { + for (final Ternary cert : certs) { if (cert.third() == null) { - Certificate c = buildCertificate(cert.second()); + final Certificate c = buildCertificate(cert.second()); ks.setCertificateEntry(cert.first(), c); } else { - Certificate[] c = new Certificate[certs.size()]; + final Certificate[] c = new Certificate[certs.size()]; int i = certs.size(); - for (Ternary ct : certs) { + for (final Ternary ct : certs) { c[i - 1] = buildCertificate(ct.second()); i--; } ks.setKeyEntry(cert.first(), buildPrivateKey(cert.third()), storePassword != null ? storePassword.toCharArray() : null, c); } } - ByteArrayOutputStream os = new ByteArrayOutputStream(); - ks.store(os, storePassword != null ? storePassword.toCharArray() : null); - os.close(); - return os.toByteArray(); + try (final ByteArrayOutputStream os = new ByteArrayOutputStream()) { + ks.store(os, storePassword != null ? storePassword.toCharArray() : null); + return os.toByteArray(); + } } - public static KeyStore loadKeystore(byte[] ksData, String storePassword) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { - assert (ksData != null); - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(new ByteArrayInputStream(ksData), storePassword != null ? storePassword.toCharArray() : null); + public static KeyStore loadKeystore(final byte[] ksData, final String storePassword) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { + assert ksData != null; --- End diff -- Since we don't usually run with assertions enabled, please consider converting `assert` to `Preconditions.checkArgument`. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastructure@apache.org or file a JIRA ticket with INFRA. ---