geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vamsic...@apache.org
Subject svn commit: r470461 - /geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java
Date Thu, 02 Nov 2006 18:24:13 GMT
Author: vamsic007
Date: Thu Nov  2 10:24:11 2006
New Revision: 470461

URL: http://svn.apache.org/viewvc?view=rev&rev=470461
Log:
GERONIMO-2443 Import CA reply should match the public key in the keystore with that in the
certificate from CA.

Modified:
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java?view=diff&rev=470461&r1=470460&r2=470461
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java
(original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java
Thu Nov  2 10:24:11 2006
@@ -384,9 +384,13 @@
             for (int i = 0; iter.hasNext(); i++) {
                 chain[i] = (Certificate) iter.next();
             }
-            char[] keyPassword = (char[]) keyPasswords.get(alias);
-            keystore.setKeyEntry(alias, keystore.getKey(alias, keyPassword), keyPassword,
chain);
-            saveKeystore(storePassword);
+            if(keystore.getCertificate(alias).getPublicKey().equals(chain[0].getPublicKey()))
{
+                char[] keyPassword = (char[])keyPasswords.get(alias);
+                keystore.setKeyEntry(alias, keystore.getKey(alias, keyPassword), keyPassword,
chain);
+                saveKeystore(keystorePassword);
+            } else {
+                log.error("Error in importPKCS7Certificate.  PublicKey in the certificate
received is not related to the PrivateKey in the keystore. keystore = "+keystoreName+", alias
= "+alias);
+            }
         } catch (CertificateException e) {
             throw new KeystoreException("Unable to import PKCS7 certificat in keystore '"
+ keystoreName + "' for alias '" + alias + "'", e);
         } catch (KeyStoreException e) {



Mime
View raw message