You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2016/03/25 22:40:00 UTC
[11/17] git commit: updated refs/heads/4.9-mvn-upgrade to 1199ff8
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5ed6b359/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
----------------------------------------------------------------------
diff --git a/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java b/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
index d43542f..fd05459 100644
--- a/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
+++ b/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
@@ -40,18 +40,19 @@ import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.List;
-import com.cloud.utils.exception.CloudRuntimeException;
import org.apache.commons.codec.binary.Base64;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.util.io.pem.PemReader;
import com.cloud.utils.Ternary;
-import org.bouncycastle.openssl.PEMReader;
+import com.cloud.utils.exception.CloudRuntimeException;
public class CertificateHelper {
public static byte[] buildAndSaveKeystore(String alias, String cert, String privateKey, String storePassword) throws KeyStoreException, CertificateException,
NoSuchAlgorithmException, InvalidKeySpecException, IOException {
- KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword);
+ final KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword);
- ByteArrayOutputStream os = new ByteArrayOutputStream();
+ final ByteArrayOutputStream os = new ByteArrayOutputStream();
ks.store(os, storePassword != null ? storePassword.toCharArray() : null);
os.close();
return os.toByteArray();
@@ -59,18 +60,18 @@ public class CertificateHelper {
public static byte[] buildAndSaveKeystore(List<Ternary<String, String, String>> certs, String storePassword) throws KeyStoreException, NoSuchAlgorithmException,
CertificateException, IOException, InvalidKeySpecException {
- KeyStore ks = KeyStore.getInstance("JKS");
+ final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, storePassword != null ? storePassword.toCharArray() : null);
//name,cert,key
- for (Ternary<String, String, String> cert : certs) {
+ for (final Ternary<String, String, String> cert : certs) {
if (cert.third() == null) {
- Certificate c = buildCertificate(cert.second());
+ final Certificate c = buildCertificate(cert.second());
ks.setCertificateEntry(cert.first(), c);
} else {
- Certificate[] c = new Certificate[certs.size()];
+ final Certificate[] c = new Certificate[certs.size()];
int i = certs.size();
- for (Ternary<String, String, String> ct : certs) {
+ for (final Ternary<String, String, String> ct : certs) {
c[i - 1] = buildCertificate(ct.second());
i--;
}
@@ -78,15 +79,15 @@ public class CertificateHelper {
}
}
- ByteArrayOutputStream os = new ByteArrayOutputStream();
+ final ByteArrayOutputStream os = new ByteArrayOutputStream();
ks.store(os, storePassword != null ? storePassword.toCharArray() : null);
os.close();
return os.toByteArray();
}
public static KeyStore loadKeystore(byte[] ksData, String storePassword) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
- assert (ksData != null);
- KeyStore ks = KeyStore.getInstance("JKS");
+ assert ksData != null;
+ final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new ByteArrayInputStream(ksData), storePassword != null ? storePassword.toCharArray() : null);
return ks;
@@ -95,42 +96,46 @@ public class CertificateHelper {
public static KeyStore buildKeystore(String alias, String cert, String privateKey, String storePassword) throws KeyStoreException, CertificateException,
NoSuchAlgorithmException, InvalidKeySpecException, IOException {
- KeyStore ks = KeyStore.getInstance("JKS");
+ final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, storePassword != null ? storePassword.toCharArray() : null);
- Certificate[] certs = new Certificate[1];
+ final Certificate[] certs = new Certificate[1];
certs[0] = buildCertificate(cert);
ks.setKeyEntry(alias, buildPrivateKey(privateKey), storePassword != null ? storePassword.toCharArray() : null, certs);
return ks;
}
public static Certificate buildCertificate(String content) throws CertificateException {
- assert (content != null);
+ assert content != null;
- BufferedInputStream bis = new BufferedInputStream(new ByteArrayInputStream(content.getBytes()));
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ final BufferedInputStream bis = new BufferedInputStream(new ByteArrayInputStream(content.getBytes()));
+ final CertificateFactory cf = CertificateFactory.getInstance("X.509");
return cf.generateCertificate(bis);
}
public static Key buildPrivateKey(String base64EncodedKeyContent) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
- KeyFactory kf = KeyFactory.getInstance("RSA");
- PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(Base64.decodeBase64(base64EncodedKeyContent));
+ final KeyFactory kf = KeyFactory.getInstance("RSA");
+ final PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(Base64.decodeBase64(base64EncodedKeyContent));
return kf.generatePrivate(keysp);
}
- public static List<Certificate> parseChain(String chain) throws IOException {
+ public static List<Certificate> parseChain(String chain) throws IOException, CertificateException {
- List<Certificate> certs = new ArrayList<Certificate>();
- PEMReader reader = new PEMReader(new StringReader(chain));
+ final List<Certificate> certs = new ArrayList<Certificate>();
+ final PemReader pemReader = new PemReader(new StringReader(chain));
Certificate crt = null;
+ final PemObject pemObject = pemReader.readPemObject();
+ final ByteArrayInputStream bais = new ByteArrayInputStream(pemObject.getContent());
+ final CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
- while ((crt = (Certificate)reader.readObject()) != null) {
+ while ((crt = certificateFactory.generateCertificate(bais)) != null) {
if (crt instanceof X509Certificate) {
certs.add(crt);
}
}
- if (certs.size() == 0)
+ if (certs.size() == 0) {
throw new IllegalArgumentException("Unable to decode certificate chain");
+ }
return certs;
}
@@ -139,24 +144,24 @@ public class CertificateHelper {
final char[] HEX = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
- StringBuilder buffer = new StringBuilder(60);
+ final StringBuilder buffer = new StringBuilder(60);
try {
- MessageDigest md = MessageDigest.getInstance("SHA-1");
- byte[] data = md.digest(cert.getEncoded());
+ final MessageDigest md = MessageDigest.getInstance("SHA-1");
+ final byte[] data = md.digest(cert.getEncoded());
- for (int i = 0; i < data.length; i++) {
+ for (final byte element : data) {
if (buffer.length() > 0) {
buffer.append(":");
}
- buffer.append(HEX[(0xF0 & data[i]) >>> 4]);
- buffer.append(HEX[0x0F & data[i]]);
+ buffer.append(HEX[(0xF0 & element) >>> 4]);
+ buffer.append(HEX[0x0F & element]);
}
- } catch (CertificateEncodingException e) {
+ } catch (final CertificateEncodingException e) {
throw new CloudRuntimeException("Bad certificate encoding");
- } catch (NoSuchAlgorithmException e) {
+ } catch (final NoSuchAlgorithmException e) {
throw new CloudRuntimeException("Bad certificate algorithm");
}