You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2016/07/07 06:42:09 UTC

[24/27] directory-kerby git commit: Fix to load server certificates from the classpath as well

Fix to load server certificates from the classpath as well


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/9af4754f
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/9af4754f
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/9af4754f

Branch: refs/heads/kpasswd
Commit: 9af4754f254881c69bba0046d092e155b532f2e1
Parents: cc91e4b
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jul 6 10:59:59 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jul 6 10:59:59 2016 +0100

----------------------------------------------------------------------
 .../server/preauth/pkinit/PkinitPreauth.java    | 55 +++++++-------------
 1 file changed, 18 insertions(+), 37 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9af4754f/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
index 0e4867d..ffd59c0 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@ -19,6 +19,18 @@
  */
 package org.apache.kerby.kerberos.kerb.server.preauth.pkinit;
 
+import java.io.IOException;
+import java.math.BigInteger;
+import java.nio.ByteBuffer;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.crypto.interfaces.DHPublicKey;
+
 import org.apache.kerby.asn1.Asn1;
 import org.apache.kerby.asn1.parse.Asn1Container;
 import org.apache.kerby.asn1.parse.Asn1ParseResult;
@@ -63,22 +75,6 @@ import org.apache.kerby.x509.type.SubjectPublicKeyInfo;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.crypto.interfaces.DHPublicKey;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigInteger;
-import java.nio.ByteBuffer;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Scanner;
-
 public class PkinitPreauth extends AbstractPreauthPlugin {
 
     private static final Logger LOG = LoggerFactory.getLogger(PkinitPreauth.class);
@@ -306,28 +302,13 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
         if (identityString != null) {
             List<String> identityList = Arrays.asList(identityString.split(","));
             for (String identity : identityList) {
-                File file = new File(identity);
-                try (Scanner scanner = new Scanner(file, "UTF-8")) {
-                    String found = scanner.findInLine("CERTIFICATE");
-    
-                    if (found != null) {
-                        InputStream res = null;
-                        try {
-                            res = new FileInputStream(identity);
-                        } catch (FileNotFoundException e) {
-                            e.printStackTrace();
-                        }
-                        X509Certificate certificate = null;
-                        try {
-                            certificate = (X509Certificate) CertificateHelper.loadCerts(res).iterator().next();
-                        } catch (KrbException e) {
-                            e.printStackTrace();
-                        }
-                        certificates.add(certificate);
-                        res.close();
+                try {
+                    List<java.security.cert.Certificate> loadedCerts = CertificateHelper.loadCerts(identity);
+                    if (!loadedCerts.isEmpty()) {
+                        certificates.add((X509Certificate)loadedCerts.iterator().next());
                     }
-                } catch (IOException e) {
-                    e.getMessage();
+                } catch (KrbException e) {
+                    LOG.warn("Error loading X.509 Certificate", e);
                 }
             }
         } else {