You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by da...@apache.org on 2016/04/25 14:08:08 UTC
git commit: updated refs/heads/4.9-bountycastle-daan to 1b6cd4f
Repository: cloudstack
Updated Branches:
refs/heads/4.9-bountycastle-daan 2ac083776 -> 1b6cd4f9a
use more safe getCertifacte(s) call
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1b6cd4f9
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1b6cd4f9
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1b6cd4f9
Branch: refs/heads/4.9-bountycastle-daan
Commit: 1b6cd4f9aaef94c22b93787ffa138a5cc75ecfc8
Parents: 2ac0837
Author: Daan Hoogland <da...@onecht.net>
Authored: Mon Apr 25 14:05:40 2016 +0200
Committer: Daan Hoogland <da...@onecht.net>
Committed: Mon Apr 25 14:05:40 2016 +0200
----------------------------------------------------------------------
.../cloud/utils/security/CertificateHelper.java | 33 +++++++++++++-------
1 file changed, 21 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1b6cd4f9/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
----------------------------------------------------------------------
diff --git a/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java b/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
index fd05459..e1ec80c 100644
--- a/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
+++ b/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
@@ -38,6 +38,8 @@ import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
import java.util.List;
import org.apache.commons.codec.binary.Base64;
@@ -121,20 +123,27 @@ public class CertificateHelper {
public static List<Certificate> parseChain(String chain) throws IOException, CertificateException {
final List<Certificate> certs = new ArrayList<Certificate>();
- final PemReader pemReader = new PemReader(new StringReader(chain));
-
- Certificate crt = null;
- final PemObject pemObject = pemReader.readPemObject();
- final ByteArrayInputStream bais = new ByteArrayInputStream(pemObject.getContent());
- final CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
-
- while ((crt = certificateFactory.generateCertificate(bais)) != null) {
- if (crt instanceof X509Certificate) {
- certs.add(crt);
+ try(final PemReader pemReader = new PemReader(new StringReader(chain));)
+ {
+ Certificate cert = null;
+ final PemObject pemObject = pemReader.readPemObject();
+ final ByteArrayInputStream bais = new ByteArrayInputStream(pemObject.getContent());
+ final CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
+
+ Collection<? extends Certificate> c = certificateFactory.generateCertificates(bais);
+ Iterator<? extends Certificate> i = c.iterator();
+ while (i.hasNext()) {
+ cert = i.next();
+ if (cert instanceof X509Certificate) {
+ certs.add(cert);
+ }
+ }
+ if (certs.size() == 0) {
+ throw new IllegalArgumentException("Unable to decode certificate chain");
}
}
- if (certs.size() == 0) {
- throw new IllegalArgumentException("Unable to decode certificate chain");
+ finally {
+ // just close the pemReader
}
return certs;