cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ff...@apache.org
Subject cxf git commit: [CXF-6615]the order of attributes in SubjectDN of certificate shouldn't be significant
Date Tue, 29 Sep 2015 07:49:20 GMT
Repository: cxf
Updated Branches:
  refs/heads/master f64917edc -> 84e90e647


[CXF-6615]the order of attributes in SubjectDN of certificate shouldn't be significant


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/84e90e64
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/84e90e64
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/84e90e64

Branch: refs/heads/master
Commit: 84e90e647cfb0b3c3c96705491456ed577a3a6b3
Parents: f64917e
Author: Freeman Fang <freeman.fang@gmail.com>
Authored: Tue Sep 29 15:44:16 2015 +0800
Committer: Freeman Fang <freeman.fang@gmail.com>
Committed: Tue Sep 29 15:44:16 2015 +0800

----------------------------------------------------------------------
 .../x509/repo/file/FileCertificateRepo.java     | 24 ++++++++++++++++++--
 .../apache/cxf/xkms/x509/utils/X509Utils.java   |  3 ++-
 .../x509/repo/file/FileCertificateRepoTest.java |  5 ++--
 3 files changed, 27 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/84e90e64/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepo.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepo.java
b/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepo.java
index 9c2e2a1..ef250e9 100644
--- a/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepo.java
+++ b/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepo.java
@@ -50,6 +50,7 @@ public class FileCertificateRepo implements CertificateRepo {
     private static final String TRUSTED_CAS_PATH = "trusted_cas";
     private static final String CRLS_PATH = "crls";
     private static final String CAS_PATH = "cas";
+    private static final String SPLIT_REGEX = "\\s*,\\s*";
     private final File storageDir;
     private final CertificateFactory certFactory;
 
@@ -279,6 +280,8 @@ public class FileCertificateRepo implements CertificateRepo {
     public X509Certificate findBySubjectDn(String subjectDn) {
         List<X509Certificate> result = new ArrayList<>();
         File[] list = getX509Files();
+        String[] sDnArray = subjectDn.split(SPLIT_REGEX);
+        Arrays.sort(sDnArray);
         for (File certFile : list) {
             try {
                 if (certFile.isDirectory()) {
@@ -287,8 +290,12 @@ public class FileCertificateRepo implements CertificateRepo {
                 X509Certificate cert = readCertificate(certFile);
                 LOG.debug("Searching for " + subjectDn + ". Checking cert " 
                     + cert.getSubjectDN().getName() + ", " + cert.getSubjectX500Principal().getName());
-                if (subjectDn.equalsIgnoreCase(cert.getSubjectDN().getName())
-                    || subjectDn.equalsIgnoreCase(cert.getSubjectX500Principal().getName()))
{
+                String[] csDnArray = cert.getSubjectDN().getName().split(SPLIT_REGEX);
+                Arrays.sort(csDnArray);
+                String[] csX500Array = cert.getSubjectX500Principal().getName().split(SPLIT_REGEX);
+                Arrays.sort(csX500Array);
+                if (arraysEqualsIgnoreCaseIgnoreWhiteSpace(sDnArray, csDnArray)
+                    || arraysEqualsIgnoreCaseIgnoreWhiteSpace(sDnArray, csX500Array)) {
                     result.add(cert);
                 }
             } catch (Exception e) {
@@ -302,6 +309,19 @@ public class FileCertificateRepo implements CertificateRepo {
         }
         return null;
     }
+    
+      
+    private boolean arraysEqualsIgnoreCaseIgnoreWhiteSpace(String[] s1, String[] s2) {
+        if (s1 == null || s2 == null || s1.length != s2.length) {
+            return false;
+        }
+        for (int i = 0; i < s1.length; i++) {
+            if (!s1[i].trim().equalsIgnoreCase(s2[i].trim())) {
+                return false;
+            }
+        }
+        return true;
+    }
 
     @Override
     public X509Certificate findByIssuerSerial(String issuer, String serial) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/84e90e64/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/utils/X509Utils.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/utils/X509Utils.java
b/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/utils/X509Utils.java
index 283fe5b..5c34f59 100644
--- a/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/utils/X509Utils.java
+++ b/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/utils/X509Utils.java
@@ -103,7 +103,8 @@ public final class X509Utils {
             return (X509Certificate) certificate;
         } else {
             throw new CertificateException("Unsupported certificate type encountered: "
-                    + certificate.getClass().getName());
+                    + ((certificate != null && certificate.getClass() != null) 
+                        ? certificate.getClass().getName() : "Null"));
         }
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/84e90e64/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepoTest.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepoTest.java
b/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepoTest.java
index 8fa3f56..d42b7c8 100644
--- a/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepoTest.java
+++ b/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepoTest.java
@@ -26,6 +26,7 @@ import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.net.URISyntaxException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
@@ -42,7 +43,7 @@ public class FileCertificateRepoTest {
     private static final String EXPECTED_CERT_FILE_NAME = "CN-www.issuer.com_L-CGN_ST-NRW_C-DE_O-Issuer.cer";
 
     @Test
-    public void testSaveAndFind() throws CertificateException, IOException {
+    public void testSaveAndFind() throws CertificateException, IOException, URISyntaxException
{
         File storageDir = new File("target/teststore1");
         storageDir.mkdirs();
         FileCertificateRepo fileRegisterHandler = new FileCertificateRepo("target/teststore1");
@@ -56,7 +57,7 @@ public class FileCertificateRepoTest {
         key.setIdentifier(EXAMPLE_SUBJECT_DN);
         fileRegisterHandler.saveCertificate(cert, key);
 
-        File certFile = new File(storageDir, EXPECTED_CERT_FILE_NAME);
+        File certFile = new File(storageDir, fileRegisterHandler.getCertPath(cert, key));
         Assert.assertTrue("Cert file " + certFile + " should exist", certFile.exists());
         FileInputStream fis = new FileInputStream(certFile);
         X509Certificate outCert = loadTestCert(fis);


Mime
View raw message