You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2016/07/07 06:42:09 UTC
[24/27] directory-kerby git commit: Fix to load server certificates
from the classpath as well
Fix to load server certificates from the classpath as well
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/9af4754f
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/9af4754f
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/9af4754f
Branch: refs/heads/kpasswd
Commit: 9af4754f254881c69bba0046d092e155b532f2e1
Parents: cc91e4b
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jul 6 10:59:59 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jul 6 10:59:59 2016 +0100
----------------------------------------------------------------------
.../server/preauth/pkinit/PkinitPreauth.java | 55 +++++++-------------
1 file changed, 18 insertions(+), 37 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9af4754f/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
index 0e4867d..ffd59c0 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@ -19,6 +19,18 @@
*/
package org.apache.kerby.kerberos.kerb.server.preauth.pkinit;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.nio.ByteBuffer;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.crypto.interfaces.DHPublicKey;
+
import org.apache.kerby.asn1.Asn1;
import org.apache.kerby.asn1.parse.Asn1Container;
import org.apache.kerby.asn1.parse.Asn1ParseResult;
@@ -63,22 +75,6 @@ import org.apache.kerby.x509.type.SubjectPublicKeyInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.crypto.interfaces.DHPublicKey;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigInteger;
-import java.nio.ByteBuffer;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Scanner;
-
public class PkinitPreauth extends AbstractPreauthPlugin {
private static final Logger LOG = LoggerFactory.getLogger(PkinitPreauth.class);
@@ -306,28 +302,13 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
if (identityString != null) {
List<String> identityList = Arrays.asList(identityString.split(","));
for (String identity : identityList) {
- File file = new File(identity);
- try (Scanner scanner = new Scanner(file, "UTF-8")) {
- String found = scanner.findInLine("CERTIFICATE");
-
- if (found != null) {
- InputStream res = null;
- try {
- res = new FileInputStream(identity);
- } catch (FileNotFoundException e) {
- e.printStackTrace();
- }
- X509Certificate certificate = null;
- try {
- certificate = (X509Certificate) CertificateHelper.loadCerts(res).iterator().next();
- } catch (KrbException e) {
- e.printStackTrace();
- }
- certificates.add(certificate);
- res.close();
+ try {
+ List<java.security.cert.Certificate> loadedCerts = CertificateHelper.loadCerts(identity);
+ if (!loadedCerts.isEmpty()) {
+ certificates.add((X509Certificate)loadedCerts.iterator().next());
}
- } catch (IOException e) {
- e.getMessage();
+ } catch (KrbException e) {
+ LOG.warn("Error loading X.509 Certificate", e);
}
}
} else {