You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by mt...@apache.org on 2019/10/26 16:16:13 UTC
svn commit: r1869006 - in
/ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util:
KeyStoreUtil.java SSLUtil.java
Author: mthl
Date: Sat Oct 26 16:16:13 2019
New Revision: 1869006
URL: http://svn.apache.org/viewvc?rev=1869006&view=rev
Log:
Improved: Do not use deprecated ‘javax.security.cert.X509Certificate’
(OFBIZ-11262)
Modified:
ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/KeyStoreUtil.java
ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/SSLUtil.java
Modified: ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/KeyStoreUtil.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/KeyStoreUtil.java?rev=1869006&r1=1869005&r2=1869006&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/KeyStoreUtil.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/KeyStoreUtil.java Sat Oct 26 16:16:13 2019
@@ -140,10 +140,6 @@ public final class KeyStoreUtil {
return getX500Map(cert.getSubjectX500Principal());
}
- public static Map<String, String> getCertX500Map(javax.security.cert.X509Certificate cert) {
- return getX500Map(cert.getSubjectDN());
- }
-
public static Map<String, String> getX500Map(Principal x500) {
Map<String, String> x500Map = new HashMap<>();
Modified: ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/SSLUtil.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/SSLUtil.java?rev=1869006&r1=1869005&r2=1869006&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/SSLUtil.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/SSLUtil.java Sat Oct 26 16:16:13 2019
@@ -19,10 +19,12 @@
package org.apache.ofbiz.base.util;
import java.io.IOException;
+import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.SecureRandom;
+import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
@@ -251,24 +253,24 @@ public final class SSLUtil {
return new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
- javax.security.cert.X509Certificate[] peerCerts;
+ Certificate[] peerCerts;
try {
- peerCerts = session.getPeerCertificateChain();
+ peerCerts = session.getPeerCertificates();
} catch (SSLPeerUnverifiedException e) {
// cert not verified
Debug.logWarning(e.getMessage(), module);
return false;
}
- for (javax.security.cert.X509Certificate peerCert: peerCerts) {
- Principal x500s = peerCert.getSubjectDN();
- Map<String, String> subjectMap = KeyStoreUtil.getX500Map(x500s);
-
- if (Debug.infoOn()) {
- Debug.logInfo(peerCert.getSerialNumber().toString(16) + " :: " + subjectMap.get("CN"), module);
- }
-
+ for (Certificate peerCert : peerCerts) {
try {
- peerCert.checkValidity();
+ Principal x500s = session.getPeerPrincipal();
+ Map<String, String> subjectMap = KeyStoreUtil.getX500Map(x500s);
+ if (Debug.infoOn()) {
+ byte[] encodedCert = peerCert.getEncoded();
+ Debug.logInfo(new BigInteger(encodedCert).toString(16)
+ + " :: " + subjectMap.get("CN"), module);
+ }
+ peerCert.verify(peerCert.getPublicKey());
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {