Commit 234670e3 authored by Costin Grigoras's avatar Costin Grigoras
Browse files

Get rid of the javax...X509Certificate and only use the java... one

parent dbf21810
......@@ -8,6 +8,8 @@ import java.net.ConnectException;
import java.net.Socket;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
......@@ -16,7 +18,6 @@ import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.security.cert.X509Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
......@@ -140,15 +141,18 @@ public class DispatchSSLClient extends Thread {
client.startHandshake();
final X509Certificate[] peerCerts = client.getSession().getPeerCertificateChain();
final Certificate[] peerCerts = client.getSession().getPeerCertificates();
if (peerCerts != null) {
logger.log(Level.INFO, "Printing peer's information:");
for (final X509Certificate peerCert : peerCerts)
logger.log(Level.INFO, "Peer's Certificate Information:\n" + Level.INFO, "- Subject: " + peerCert.getSubjectDN().getName() + "\n" + peerCert.getIssuerDN().getName() + "\n"
+ Level.INFO + "- Start Time: " + peerCert.getNotBefore().toString() + "\n" + Level.INFO + "- End Time: " + peerCert.getNotAfter().toString());
for (final Certificate peerCert : peerCerts) {
X509Certificate xCert = (X509Certificate) peerCert;
logger.log(Level.INFO, "Peer's Certificate Information:\n" + Level.INFO, "- Subject: " + xCert.getSubjectDN().getName() + "\n" + xCert.getIssuerDN().getName() + "\n"
+ Level.INFO + "- Start Time: " + xCert.getNotBefore().toString() + "\n" + Level.INFO + "- End Time: " + xCert.getNotAfter().toString());
}
final DispatchSSLClient sc = new DispatchSSLClient(client);
System.out.println("Connection to JCentral established.");
......@@ -291,7 +295,7 @@ public class DispatchSSLClient extends Thread {
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "Got back an object of type " + o.getClass().getCanonicalName() + " : " + o);
if (logger.isLoggable(Level.FINEST))
logger.log(Level.FINEST, "Call stack is: ", new Throwable());
}
......
......@@ -8,6 +8,8 @@ import java.net.ConnectException;
import java.net.Socket;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.EmptyStackException;
import java.util.Stack;
import java.util.concurrent.ThreadLocalRandom;
......@@ -18,7 +20,6 @@ import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.security.cert.X509Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
......@@ -190,15 +191,18 @@ public class DispatchSSLMTClient extends Thread {
client.startHandshake();
final X509Certificate[] peerCerts = client.getSession().getPeerCertificateChain();
final Certificate[] peerCerts = client.getSession().getPeerCertificates();
if (peerCerts != null) {
logger.log(Level.INFO, "Printing peer's information:");
for (final X509Certificate peerCert : peerCerts) {
logger.log(Level.INFO, "Peer's Certificate Information:\n" + Level.INFO, "- Subject: " + peerCert.getSubjectDN().getName() + "\n" + peerCert.getIssuerDN().getName() + "\n"
+ Level.INFO + "- Start Time: " + peerCert.getNotBefore().toString() + "\n" + Level.INFO + "- End Time: " + peerCert.getNotAfter().toString());
for (final Certificate peerCert : peerCerts) {
if (peerCert instanceof X509Certificate) {
X509Certificate xCert = (X509Certificate) peerCert;
logger.log(Level.INFO, "Peer's Certificate Information:\n" + Level.INFO, "- Subject: " + xCert.getSubjectDN().getName() + "\n" + xCert.getIssuerDN().getName() + "\n"
+ Level.INFO + "- Start Time: " + xCert.getNotBefore().toString() + "\n" + Level.INFO + "- End Time: " + xCert.getNotAfter().toString());
}
}
final DispatchSSLMTClient sc = new DispatchSSLMTClient(client);
......
......@@ -10,7 +10,9 @@ import java.net.Socket;
import java.security.KeyStoreException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
......@@ -21,7 +23,6 @@ import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import javax.security.cert.X509Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
......@@ -338,20 +339,34 @@ public class DispatchSSLServer extends Thread {
continue;
}
X509Certificate[] peerCertChain = null;
if (server.getNeedClientAuth() == true) {
logger.log(Level.INFO, "Printing client information:");
final X509Certificate[] peerCerts = c.getSession().getPeerCertificateChain();
final Certificate[] peerCerts = c.getSession().getPeerCertificates();
if (peerCerts != null) {
peerCertChain = new X509Certificate[peerCerts.length];
if (peerCerts != null)
for (final X509Certificate peerCert : peerCerts)
logger.log(Level.INFO, printClientInfo(peerCert));
for (int i = 0; i < peerCerts.length; i++) {
if (peerCerts[i] instanceof X509Certificate) {
X509Certificate xCert = (X509Certificate) peerCerts[i];
logger.log(Level.FINE, printClientInfo(xCert));
peerCertChain[i] = xCert;
}
else {
logger.log(Level.WARNING, "Peer certificate is not an X509 instance but instead a " + peerCerts[i].getType());
}
}
}
else
logger.log(Level.INFO, "Failed to get peer certificates");
}
final DispatchSSLServer serv = new DispatchSSLServer(c);
if (server.getNeedClientAuth() == true)
serv.partnerCerts = c.getSession().getPeerCertificateChain();
serv.partnerCerts = peerCertChain;
serv.start();
......@@ -363,7 +378,9 @@ public class DispatchSSLServer extends Thread {
}
}
} catch (final Throwable e) {
} catch (
final Throwable e) {
logger.log(Level.SEVERE, "Could not initiate SSL Server Socket.", e);
}
}
......@@ -376,10 +393,10 @@ public class DispatchSSLServer extends Thread {
/**
* Print client info on SSL partner
*/
private static String printClientInfo(final X509Certificate peerCerts) {
return "Peer Certificate Information:\n" + "- Subject: " + peerCerts.getSubjectDN().getName() + "- Issuer: \n" + peerCerts.getIssuerDN().getName() + "- Version: \n" + peerCerts.getVersion()
+ "- Start Time: \n" + peerCerts.getNotBefore().toString() + "\n" + "- End Time: " + peerCerts.getNotAfter().toString() + "\n" + "- Signature Algorithm: " + peerCerts.getSigAlgName()
+ "\n" + "- Serial Number: " + peerCerts.getSerialNumber();
private static String printClientInfo(final X509Certificate cert) {
return "Peer Certificate Information:\n" + "- Subject: " + cert.getSubjectDN().getName() + "- Issuer: \n" + cert.getIssuerDN().getName() + "- Version: \n" + cert.getVersion()
+ "- Start Time: \n" + cert.getNotBefore().toString() + "\n" + "- End Time: " + cert.getNotAfter().toString() + "\n" + "- Signature Algorithm: " + cert.getSigAlgName() + "\n"
+ "- Serial Number: " + cert.getSerialNumber();
}
/**
......
......@@ -7,7 +7,7 @@ import java.util.concurrent.atomic.AtomicLong;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.cert.X509Certificate;
import java.security.cert.X509Certificate;
import alien.catalogue.access.AuthorizationFactory;
import alien.config.ConfigUtils;
......
......@@ -187,10 +187,10 @@ public class GetTokenCertificate extends Request {
throw new IllegalArgumentException("When issuing a user certificate you need to pass the current one, that will limit the validity of the issued token");
}
final javax.security.cert.X509Certificate partnerCertificateChain[] = getPartnerCertificate();
final java.security.cert.X509Certificate partnerCertificateChain[] = getPartnerCertificate();
if (partnerCertificateChain != null)
for (final javax.security.cert.X509Certificate partner : partnerCertificateChain) {
for (final java.security.cert.X509Certificate partner : partnerCertificateChain) {
final ZonedDateTime partnerNotAfter = partner.getNotAfter().toInstant().atZone(ZoneId.systemDefault());
if (notAfter.isAfter(partnerNotAfter))
......
......@@ -6,7 +6,7 @@ import java.util.Date;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.cert.X509Certificate;
import java.security.cert.X509Certificate;
import lazyj.DBFunctions;
import lia.util.StringFactory;
......
......@@ -13,7 +13,7 @@ import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.util.logging.Logger;
import javax.security.cert.X509Certificate;
import java.security.cert.X509Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
......@@ -138,7 +138,7 @@ public class JobSigner {
final Certificate[] ts = JAKeyStore.getKeyStore().getCertificateChain("User.cert");
final X509Certificate[] tts = new X509Certificate[ts.length];
for (int a = 0; a < ts.length; a++)
tts[a] = UserFactory.convert((java.security.cert.X509Certificate) ts[a]);
tts[a] = (java.security.cert.X509Certificate) ts[a];
System.out.println("Verifying central service signature...");
if (verifyJob(tts, null, sjdl)) {
......
......@@ -8,7 +8,7 @@ import java.security.SignatureException;
import java.util.HashMap;
import java.util.concurrent.atomic.AtomicLong;
import javax.security.cert.X509Certificate;
import java.security.cert.X509Certificate;
import alien.user.AliEnPrincipal;
import alien.user.JAKeyStore;
......
package alien.user;
import java.io.ByteArrayInputStream;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.LinkedHashSet;
import java.util.Set;
import java.util.StringTokenizer;
......@@ -75,25 +73,6 @@ public final class UserFactory {
return null;
}
/**
* Get the account corresponding to this certificate chain
*
* @param certChain
* @return account, or <code>null</code> if no account has this certificate
* associated to it
*/
public static AliEnPrincipal getByCertificate(final javax.security.cert.X509Certificate[] certChain) {
final ArrayList<X509Certificate> certs = new ArrayList<>(certChain.length);
for (final javax.security.cert.X509Certificate c : certChain)
certs.add(convert(c));
if (certs.isEmpty())
return null;
final X509Certificate[] c = new X509Certificate[certs.size()];
certs.toArray(c);
return getByCertificate(c);
}
/**
* Get the account corresponding to this certificate chain
*
......@@ -275,36 +254,4 @@ public final class UserFactory {
return null;
}
/**
* @param cert
* @return the other type of certificate
*/
public static X509Certificate convert(final javax.security.cert.X509Certificate cert) {
try {
final byte[] encoded = cert.getEncoded();
final ByteArrayInputStream bis = new ByteArrayInputStream(encoded);
final java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
return (java.security.cert.X509Certificate) cf.generateCertificate(bis);
} catch (final javax.security.cert.CertificateEncodingException | java.security.cert.CertificateException e) {
logger.log(Level.FINE, "Cannot convert javax to java X509 Certificate", e);
}
return null;
}
/**
* @param cert
* @return the other type of certificate
*/
public static javax.security.cert.X509Certificate convert(final X509Certificate cert) {
try {
final byte[] encoded = cert.getEncoded();
return javax.security.cert.X509Certificate.getInstance(encoded);
} catch (final java.security.cert.CertificateEncodingException | javax.security.cert.CertificateException e) {
logger.log(Level.FINE, "Cannot convert java to javax X509 Certificate", e);
}
return null;
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment