cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-9632) Upgrade bountycastle to 1.55+
Date Thu, 01 Dec 2016 08:08:58 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-9632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15711272#comment-15711272
] 

ASF GitHub Bot commented on CLOUDSTACK-9632:
--------------------------------------------

Github user rhtyd commented on a diff in the pull request:

    https://github.com/apache/cloudstack/pull/1799#discussion_r90399065
  
    --- Diff: utils/src/main/java/com/cloud/utils/security/CertificateHelper.java ---
    @@ -40,123 +46,122 @@
     import java.util.ArrayList;
     import java.util.List;
     
    -import com.cloud.utils.exception.CloudRuntimeException;
    -import org.apache.commons.codec.binary.Base64;
    -
    -import com.cloud.utils.Ternary;
    -import org.bouncycastle.openssl.PEMReader;
    -
     public class CertificateHelper {
    -    public static byte[] buildAndSaveKeystore(String alias, String cert, String privateKey,
String storePassword) throws KeyStoreException, CertificateException,
    -        NoSuchAlgorithmException, InvalidKeySpecException, IOException {
    -        KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword);
    -
    -        ByteArrayOutputStream os = new ByteArrayOutputStream();
    -        ks.store(os, storePassword != null ? storePassword.toCharArray() : null);
    -        os.close();
    -        return os.toByteArray();
    +    public static byte[] buildAndSaveKeystore(final String alias, final String cert,
final String privateKey, final String storePassword) throws KeyStoreException, CertificateException,
    +    NoSuchAlgorithmException, InvalidKeySpecException, IOException {
    +        final KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword);
    +
    +        try (final ByteArrayOutputStream os = new ByteArrayOutputStream()) {
    +            ks.store(os, storePassword != null ? storePassword.toCharArray() : null);
    +            return os.toByteArray();
    +        }
         }
     
    -    public static byte[] buildAndSaveKeystore(List<Ternary<String, String, String>>
certs, String storePassword) throws KeyStoreException, NoSuchAlgorithmException,
    -        CertificateException, IOException, InvalidKeySpecException {
    -        KeyStore ks = KeyStore.getInstance("JKS");
    +    public static byte[] buildAndSaveKeystore(final List<Ternary<String, String,
String>> certs, final String storePassword) throws KeyStoreException, NoSuchAlgorithmException,
    +    CertificateException, IOException, InvalidKeySpecException {
    +        final KeyStore ks = KeyStore.getInstance("JKS");
             ks.load(null, storePassword != null ? storePassword.toCharArray() : null);
     
             //name,cert,key
    -        for (Ternary<String, String, String> cert : certs) {
    +        for (final Ternary<String, String, String> cert : certs) {
                 if (cert.third() == null) {
    -                Certificate c = buildCertificate(cert.second());
    +                final Certificate c = buildCertificate(cert.second());
                     ks.setCertificateEntry(cert.first(), c);
                 } else {
    -                Certificate[] c = new Certificate[certs.size()];
    +                final Certificate[] c = new Certificate[certs.size()];
                     int i = certs.size();
    -                for (Ternary<String, String, String> ct : certs) {
    +                for (final Ternary<String, String, String> ct : certs) {
                         c[i - 1] = buildCertificate(ct.second());
                         i--;
                     }
                     ks.setKeyEntry(cert.first(), buildPrivateKey(cert.third()), storePassword
!= null ? storePassword.toCharArray() : null, c);
                 }
             }
     
    -        ByteArrayOutputStream os = new ByteArrayOutputStream();
    -        ks.store(os, storePassword != null ? storePassword.toCharArray() : null);
    -        os.close();
    -        return os.toByteArray();
    +        try (final ByteArrayOutputStream os = new ByteArrayOutputStream()) {
    +            ks.store(os, storePassword != null ? storePassword.toCharArray() : null);
    +            return os.toByteArray();
    +        }
         }
     
    -    public static KeyStore loadKeystore(byte[] ksData, String storePassword) throws KeyStoreException,
CertificateException, NoSuchAlgorithmException, IOException {
    -        assert (ksData != null);
    -        KeyStore ks = KeyStore.getInstance("JKS");
    -        ks.load(new ByteArrayInputStream(ksData), storePassword != null ? storePassword.toCharArray()
: null);
    +    public static KeyStore loadKeystore(final byte[] ksData, final String storePassword)
throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
    +        assert ksData != null;
    +        final KeyStore ks = KeyStore.getInstance("JKS");
    +        try (final ByteArrayInputStream is = new ByteArrayInputStream(ksData)) {
    +            ks.load(is, storePassword != null ? storePassword.toCharArray() : null);
    +        }
     
             return ks;
         }
     
    -    public static KeyStore buildKeystore(String alias, String cert, String privateKey,
String storePassword) throws KeyStoreException, CertificateException,
    -        NoSuchAlgorithmException, InvalidKeySpecException, IOException {
    +    public static KeyStore buildKeystore(final String alias, final String cert, final
String privateKey, final String storePassword) throws KeyStoreException, CertificateException,
    +    NoSuchAlgorithmException, InvalidKeySpecException, IOException {
     
    -        KeyStore ks = KeyStore.getInstance("JKS");
    +        final KeyStore ks = KeyStore.getInstance("JKS");
             ks.load(null, storePassword != null ? storePassword.toCharArray() : null);
    -        Certificate[] certs = new Certificate[1];
    +        final Certificate[] certs = new Certificate[1];
             certs[0] = buildCertificate(cert);
             ks.setKeyEntry(alias, buildPrivateKey(privateKey), storePassword != null ? storePassword.toCharArray()
: null, certs);
             return ks;
         }
     
    -    public static Certificate buildCertificate(String content) throws CertificateException
{
    -        assert (content != null);
    +    public static Certificate buildCertificate(final String content) throws CertificateException
{
    +        assert content != null;
     
    -        BufferedInputStream bis = new BufferedInputStream(new ByteArrayInputStream(content.getBytes()));
    -        CertificateFactory cf = CertificateFactory.getInstance("X.509");
    +        final BufferedInputStream bis = new BufferedInputStream(new ByteArrayInputStream(content.getBytes()));
    +        final CertificateFactory cf = CertificateFactory.getInstance("X.509");
             return cf.generateCertificate(bis);
         }
     
    -    public static Key buildPrivateKey(String base64EncodedKeyContent) throws NoSuchAlgorithmException,
InvalidKeySpecException, IOException {
    -        KeyFactory kf = KeyFactory.getInstance("RSA");
    -        PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(Base64.decodeBase64(base64EncodedKeyContent));
    +    public static Key buildPrivateKey(final String base64EncodedKeyContent) throws NoSuchAlgorithmException,
InvalidKeySpecException, IOException {
    +        final KeyFactory kf = KeyFactory.getInstance("RSA");
    +        final PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(Base64.decodeBase64(base64EncodedKeyContent));
             return kf.generatePrivate(keysp);
         }
     
    -    public static List<Certificate> parseChain(String chain) throws IOException
{
    +    public static List<Certificate> parseChain(final String chain) throws IOException,
CertificateException {
     
    -        List<Certificate> certs = new ArrayList<Certificate>();
    -        PEMReader reader = new PEMReader(new StringReader(chain));
    +        final List<Certificate> certs = new ArrayList<Certificate>();
    +        try(final PemReader pemReader = new PemReader(new StringReader(chain));)
    +        {
    +            final PemObject pemObject = pemReader.readPemObject();
    +            final CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    +            final ByteArrayInputStream bais = new ByteArrayInputStream(pemObject.getContent());
     
    -        Certificate crt = null;
    -
    -        while ((crt = (Certificate)reader.readObject()) != null) {
    -            if (crt instanceof X509Certificate) {
    -                certs.add(crt);
    +            for (final Certificate cert : certificateFactory.generateCertificates(bais))
{
    +                if (cert instanceof X509Certificate) {
    +                    certs.add(cert);
    +                }
    +            }
    +            if (certs.isEmpty()) {
    +                throw new IllegalArgumentException("Unable to decode certificate chain");
    --- End diff --
    
    Fixed.


> Upgrade bountycastle to 1.55+
> -----------------------------
>
>                 Key: CLOUDSTACK-9632
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9632
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>             Fix For: Future, 4.10.0.0
>
>
> Upgrade bountycastle library to latest versions.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message