You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by da...@apache.org on 2016/04/25 14:08:08 UTC

git commit: updated refs/heads/4.9-bountycastle-daan to 1b6cd4f

Repository: cloudstack
Updated Branches:
  refs/heads/4.9-bountycastle-daan 2ac083776 -> 1b6cd4f9a


use more safe getCertifacte(s) call


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1b6cd4f9
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1b6cd4f9
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1b6cd4f9

Branch: refs/heads/4.9-bountycastle-daan
Commit: 1b6cd4f9aaef94c22b93787ffa138a5cc75ecfc8
Parents: 2ac0837
Author: Daan Hoogland <da...@onecht.net>
Authored: Mon Apr 25 14:05:40 2016 +0200
Committer: Daan Hoogland <da...@onecht.net>
Committed: Mon Apr 25 14:05:40 2016 +0200

----------------------------------------------------------------------
 .../cloud/utils/security/CertificateHelper.java | 33 +++++++++++++-------
 1 file changed, 21 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1b6cd4f9/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
----------------------------------------------------------------------
diff --git a/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java b/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
index fd05459..e1ec80c 100644
--- a/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
+++ b/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
@@ -38,6 +38,8 @@ import java.security.cert.X509Certificate;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
 import java.util.List;
 
 import org.apache.commons.codec.binary.Base64;
@@ -121,20 +123,27 @@ public class CertificateHelper {
     public static List<Certificate> parseChain(String chain) throws IOException, CertificateException {
 
         final List<Certificate> certs = new ArrayList<Certificate>();
-        final PemReader pemReader = new PemReader(new StringReader(chain));
-
-        Certificate crt = null;
-        final PemObject pemObject = pemReader.readPemObject();
-        final ByteArrayInputStream bais = new ByteArrayInputStream(pemObject.getContent());
-        final CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
-
-        while ((crt = certificateFactory.generateCertificate(bais)) != null) {
-            if (crt instanceof X509Certificate) {
-                certs.add(crt);
+        try(final PemReader pemReader = new PemReader(new StringReader(chain));)
+        {
+            Certificate cert = null;
+            final PemObject pemObject = pemReader.readPemObject();
+            final ByteArrayInputStream bais = new ByteArrayInputStream(pemObject.getContent());
+            final CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
+
+            Collection<? extends Certificate> c = certificateFactory.generateCertificates(bais);
+            Iterator<? extends Certificate> i = c.iterator();
+            while (i.hasNext()) {
+                cert = i.next();
+                if (cert instanceof X509Certificate) {
+                    certs.add(cert);
+                }
+            }
+            if (certs.size() == 0) {
+                throw new IllegalArgumentException("Unable to decode certificate chain");
             }
         }
-        if (certs.size() == 0) {
-            throw new IllegalArgumentException("Unable to decode certificate chain");
+        finally {
+            // just close the pemReader
         }
 
         return certs;