Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
JAliEn
JAliEn
Commits
234670e3
Commit
234670e3
authored
Jun 06, 2018
by
Costin Grigoras
Browse files
Get rid of the javax...X509Certificate and only use the java... one
parent
dbf21810
Changes
9
Hide whitespace changes
Inline
Side-by-side
src/alien/api/DispatchSSLClient.java
View file @
234670e3
...
...
@@ -8,6 +8,8 @@ import java.net.ConnectException;
import
java.net.Socket
;
import
java.security.SecureRandom
;
import
java.security.Security
;
import
java.security.cert.Certificate
;
import
java.security.cert.X509Certificate
;
import
java.util.HashMap
;
import
java.util.logging.Level
;
import
java.util.logging.Logger
;
...
...
@@ -16,7 +18,6 @@ import javax.net.ssl.KeyManagerFactory;
import
javax.net.ssl.SSLContext
;
import
javax.net.ssl.SSLSocket
;
import
javax.net.ssl.SSLSocketFactory
;
import
javax.security.cert.X509Certificate
;
import
org.bouncycastle.jce.provider.BouncyCastleProvider
;
...
...
@@ -140,15 +141,18 @@ public class DispatchSSLClient extends Thread {
client
.
startHandshake
();
final
X509
Certificate
[]
peerCerts
=
client
.
getSession
().
getPeerCertificate
Chain
();
final
Certificate
[]
peerCerts
=
client
.
getSession
().
getPeerCertificate
s
();
if
(
peerCerts
!=
null
)
{
logger
.
log
(
Level
.
INFO
,
"Printing peer's information:"
);
for
(
final
X509Certificate
peerCert
:
peerCerts
)
logger
.
log
(
Level
.
INFO
,
"Peer's Certificate Information:\n"
+
Level
.
INFO
,
"- Subject: "
+
peerCert
.
getSubjectDN
().
getName
()
+
"\n"
+
peerCert
.
getIssuerDN
().
getName
()
+
"\n"
+
Level
.
INFO
+
"- Start Time: "
+
peerCert
.
getNotBefore
().
toString
()
+
"\n"
+
Level
.
INFO
+
"- End Time: "
+
peerCert
.
getNotAfter
().
toString
());
for
(
final
Certificate
peerCert
:
peerCerts
)
{
X509Certificate
xCert
=
(
X509Certificate
)
peerCert
;
logger
.
log
(
Level
.
INFO
,
"Peer's Certificate Information:\n"
+
Level
.
INFO
,
"- Subject: "
+
xCert
.
getSubjectDN
().
getName
()
+
"\n"
+
xCert
.
getIssuerDN
().
getName
()
+
"\n"
+
Level
.
INFO
+
"- Start Time: "
+
xCert
.
getNotBefore
().
toString
()
+
"\n"
+
Level
.
INFO
+
"- End Time: "
+
xCert
.
getNotAfter
().
toString
());
}
final
DispatchSSLClient
sc
=
new
DispatchSSLClient
(
client
);
System
.
out
.
println
(
"Connection to JCentral established."
);
...
...
@@ -291,7 +295,7 @@ public class DispatchSSLClient extends Thread {
if
(
logger
.
isLoggable
(
Level
.
FINE
))
{
logger
.
log
(
Level
.
FINE
,
"Got back an object of type "
+
o
.
getClass
().
getCanonicalName
()
+
" : "
+
o
);
if
(
logger
.
isLoggable
(
Level
.
FINEST
))
logger
.
log
(
Level
.
FINEST
,
"Call stack is: "
,
new
Throwable
());
}
...
...
src/alien/api/DispatchSSLMTClient.java
View file @
234670e3
...
...
@@ -8,6 +8,8 @@ import java.net.ConnectException;
import
java.net.Socket
;
import
java.security.SecureRandom
;
import
java.security.Security
;
import
java.security.cert.Certificate
;
import
java.security.cert.X509Certificate
;
import
java.util.EmptyStackException
;
import
java.util.Stack
;
import
java.util.concurrent.ThreadLocalRandom
;
...
...
@@ -18,7 +20,6 @@ import javax.net.ssl.KeyManagerFactory;
import
javax.net.ssl.SSLContext
;
import
javax.net.ssl.SSLSocket
;
import
javax.net.ssl.SSLSocketFactory
;
import
javax.security.cert.X509Certificate
;
import
org.bouncycastle.jce.provider.BouncyCastleProvider
;
...
...
@@ -190,15 +191,18 @@ public class DispatchSSLMTClient extends Thread {
client
.
startHandshake
();
final
X509
Certificate
[]
peerCerts
=
client
.
getSession
().
getPeerCertificate
Chain
();
final
Certificate
[]
peerCerts
=
client
.
getSession
().
getPeerCertificate
s
();
if
(
peerCerts
!=
null
)
{
logger
.
log
(
Level
.
INFO
,
"Printing peer's information:"
);
for
(
final
X509Certificate
peerCert
:
peerCerts
)
{
logger
.
log
(
Level
.
INFO
,
"Peer's Certificate Information:\n"
+
Level
.
INFO
,
"- Subject: "
+
peerCert
.
getSubjectDN
().
getName
()
+
"\n"
+
peerCert
.
getIssuerDN
().
getName
()
+
"\n"
+
Level
.
INFO
+
"- Start Time: "
+
peerCert
.
getNotBefore
().
toString
()
+
"\n"
+
Level
.
INFO
+
"- End Time: "
+
peerCert
.
getNotAfter
().
toString
());
for
(
final
Certificate
peerCert
:
peerCerts
)
{
if
(
peerCert
instanceof
X509Certificate
)
{
X509Certificate
xCert
=
(
X509Certificate
)
peerCert
;
logger
.
log
(
Level
.
INFO
,
"Peer's Certificate Information:\n"
+
Level
.
INFO
,
"- Subject: "
+
xCert
.
getSubjectDN
().
getName
()
+
"\n"
+
xCert
.
getIssuerDN
().
getName
()
+
"\n"
+
Level
.
INFO
+
"- Start Time: "
+
xCert
.
getNotBefore
().
toString
()
+
"\n"
+
Level
.
INFO
+
"- End Time: "
+
xCert
.
getNotAfter
().
toString
());
}
}
final
DispatchSSLMTClient
sc
=
new
DispatchSSLMTClient
(
client
);
...
...
src/alien/api/DispatchSSLServer.java
View file @
234670e3
...
...
@@ -10,7 +10,9 @@ import java.net.Socket;
import
java.security.KeyStoreException
;
import
java.security.SecureRandom
;
import
java.security.Security
;
import
java.security.cert.Certificate
;
import
java.security.cert.CertificateException
;
import
java.security.cert.X509Certificate
;
import
java.util.Arrays
;
import
java.util.logging.Level
;
import
java.util.logging.Logger
;
...
...
@@ -21,7 +23,6 @@ import javax.net.ssl.SSLServerSocket;
import
javax.net.ssl.SSLServerSocketFactory
;
import
javax.net.ssl.SSLSocket
;
import
javax.net.ssl.TrustManagerFactory
;
import
javax.security.cert.X509Certificate
;
import
org.bouncycastle.jce.provider.BouncyCastleProvider
;
...
...
@@ -338,20 +339,34 @@ public class DispatchSSLServer extends Thread {
continue
;
}
X509Certificate
[]
peerCertChain
=
null
;
if
(
server
.
getNeedClientAuth
()
==
true
)
{
logger
.
log
(
Level
.
INFO
,
"Printing client information:"
);
final
X509Certificate
[]
peerCerts
=
c
.
getSession
().
getPeerCertificateChain
();
final
Certificate
[]
peerCerts
=
c
.
getSession
().
getPeerCertificates
();
if
(
peerCerts
!=
null
)
{
peerCertChain
=
new
X509Certificate
[
peerCerts
.
length
];
if
(
peerCerts
!=
null
)
for
(
final
X509Certificate
peerCert
:
peerCerts
)
logger
.
log
(
Level
.
INFO
,
printClientInfo
(
peerCert
));
for
(
int
i
=
0
;
i
<
peerCerts
.
length
;
i
++)
{
if
(
peerCerts
[
i
]
instanceof
X509Certificate
)
{
X509Certificate
xCert
=
(
X509Certificate
)
peerCerts
[
i
];
logger
.
log
(
Level
.
FINE
,
printClientInfo
(
xCert
));
peerCertChain
[
i
]
=
xCert
;
}
else
{
logger
.
log
(
Level
.
WARNING
,
"Peer certificate is not an X509 instance but instead a "
+
peerCerts
[
i
].
getType
());
}
}
}
else
logger
.
log
(
Level
.
INFO
,
"Failed to get peer certificates"
);
}
final
DispatchSSLServer
serv
=
new
DispatchSSLServer
(
c
);
if
(
server
.
getNeedClientAuth
()
==
true
)
serv
.
partnerCerts
=
c
.
getSession
().
getPeerCertificate
Chain
()
;
serv
.
partnerCerts
=
peerCert
Chain
;
serv
.
start
();
...
...
@@ -363,7 +378,9 @@ public class DispatchSSLServer extends Thread {
}
}
}
catch
(
final
Throwable
e
)
{
}
catch
(
final
Throwable
e
)
{
logger
.
log
(
Level
.
SEVERE
,
"Could not initiate SSL Server Socket."
,
e
);
}
}
...
...
@@ -376,10 +393,10 @@ public class DispatchSSLServer extends Thread {
/**
* Print client info on SSL partner
*/
private
static
String
printClientInfo
(
final
X509Certificate
peerC
ert
s
)
{
return
"Peer Certificate Information:\n"
+
"- Subject: "
+
peerC
ert
s
.
getSubjectDN
().
getName
()
+
"- Issuer: \n"
+
peerC
ert
s
.
getIssuerDN
().
getName
()
+
"- Version: \n"
+
peerC
ert
s
.
getVersion
()
+
"- Start Time: \n"
+
peerC
ert
s
.
getNotBefore
().
toString
()
+
"\n"
+
"- End Time: "
+
peerC
ert
s
.
getNotAfter
().
toString
()
+
"\n"
+
"- Signature Algorithm: "
+
peerC
ert
s
.
getSigAlgName
()
+
"\n"
+
"- Serial Number: "
+
peerC
ert
s
.
getSerialNumber
();
private
static
String
printClientInfo
(
final
X509Certificate
c
ert
)
{
return
"Peer Certificate Information:\n"
+
"- Subject: "
+
c
ert
.
getSubjectDN
().
getName
()
+
"- Issuer: \n"
+
c
ert
.
getIssuerDN
().
getName
()
+
"- Version: \n"
+
c
ert
.
getVersion
()
+
"- Start Time: \n"
+
c
ert
.
getNotBefore
().
toString
()
+
"\n"
+
"- End Time: "
+
c
ert
.
getNotAfter
().
toString
()
+
"\n"
+
"- Signature Algorithm: "
+
c
ert
.
getSigAlgName
()
+
"\n"
+
"- Serial Number: "
+
c
ert
.
getSerialNumber
();
}
/**
...
...
src/alien/api/Request.java
View file @
234670e3
...
...
@@ -7,7 +7,7 @@ import java.util.concurrent.atomic.AtomicLong;
import
java.util.logging.Level
;
import
java.util.logging.Logger
;
import
java
x
.security.cert.X509Certificate
;
import
java.security.cert.X509Certificate
;
import
alien.catalogue.access.AuthorizationFactory
;
import
alien.config.ConfigUtils
;
...
...
src/alien/api/aaa/GetTokenCertificate.java
View file @
234670e3
...
...
@@ -187,10 +187,10 @@ public class GetTokenCertificate extends Request {
throw
new
IllegalArgumentException
(
"When issuing a user certificate you need to pass the current one, that will limit the validity of the issued token"
);
}
final
java
x
.
security
.
cert
.
X509Certificate
partnerCertificateChain
[]
=
getPartnerCertificate
();
final
java
.
security
.
cert
.
X509Certificate
partnerCertificateChain
[]
=
getPartnerCertificate
();
if
(
partnerCertificateChain
!=
null
)
for
(
final
java
x
.
security
.
cert
.
X509Certificate
partner
:
partnerCertificateChain
)
{
for
(
final
java
.
security
.
cert
.
X509Certificate
partner
:
partnerCertificateChain
)
{
final
ZonedDateTime
partnerNotAfter
=
partner
.
getNotAfter
().
toInstant
().
atZone
(
ZoneId
.
systemDefault
());
if
(
notAfter
.
isAfter
(
partnerNotAfter
))
...
...
src/alien/taskQueue/Job.java
View file @
234670e3
...
...
@@ -6,7 +6,7 @@ import java.util.Date;
import
java.util.regex.Matcher
;
import
java.util.regex.Pattern
;
import
java
x
.security.cert.X509Certificate
;
import
java.security.cert.X509Certificate
;
import
lazyj.DBFunctions
;
import
lia.util.StringFactory
;
...
...
src/alien/taskQueue/JobSigner.java
View file @
234670e3
...
...
@@ -13,7 +13,7 @@ import java.security.UnrecoverableKeyException;
import
java.security.cert.Certificate
;
import
java.util.logging.Logger
;
import
java
x
.security.cert.X509Certificate
;
import
java.security.cert.X509Certificate
;
import
org.bouncycastle.jce.provider.BouncyCastleProvider
;
...
...
@@ -138,7 +138,7 @@ public class JobSigner {
final
Certificate
[]
ts
=
JAKeyStore
.
getKeyStore
().
getCertificateChain
(
"User.cert"
);
final
X509Certificate
[]
tts
=
new
X509Certificate
[
ts
.
length
];
for
(
int
a
=
0
;
a
<
ts
.
length
;
a
++)
tts
[
a
]
=
UserFactory
.
convert
(
(
java
.
security
.
cert
.
X509Certificate
)
ts
[
a
]
)
;
tts
[
a
]
=
(
java
.
security
.
cert
.
X509Certificate
)
ts
[
a
];
System
.
out
.
println
(
"Verifying central service signature..."
);
if
(
verifyJob
(
tts
,
null
,
sjdl
))
{
...
...
src/alien/taskQueue/TaskQueueFakeUtils.java
View file @
234670e3
...
...
@@ -8,7 +8,7 @@ import java.security.SignatureException;
import
java.util.HashMap
;
import
java.util.concurrent.atomic.AtomicLong
;
import
java
x
.security.cert.X509Certificate
;
import
java.security.cert.X509Certificate
;
import
alien.user.AliEnPrincipal
;
import
alien.user.JAKeyStore
;
...
...
src/alien/user/UserFactory.java
View file @
234670e3
package
alien.user
;
import
java.io.ByteArrayInputStream
;
import
java.security.cert.X509Certificate
;
import
java.util.ArrayList
;
import
java.util.LinkedHashSet
;
import
java.util.Set
;
import
java.util.StringTokenizer
;
...
...
@@ -75,25 +73,6 @@ public final class UserFactory {
return
null
;
}
/**
* Get the account corresponding to this certificate chain
*
* @param certChain
* @return account, or <code>null</code> if no account has this certificate
* associated to it
*/
public
static
AliEnPrincipal
getByCertificate
(
final
javax
.
security
.
cert
.
X509Certificate
[]
certChain
)
{
final
ArrayList
<
X509Certificate
>
certs
=
new
ArrayList
<>(
certChain
.
length
);
for
(
final
javax
.
security
.
cert
.
X509Certificate
c
:
certChain
)
certs
.
add
(
convert
(
c
));
if
(
certs
.
isEmpty
())
return
null
;
final
X509Certificate
[]
c
=
new
X509Certificate
[
certs
.
size
()];
certs
.
toArray
(
c
);
return
getByCertificate
(
c
);
}
/**
* Get the account corresponding to this certificate chain
*
...
...
@@ -275,36 +254,4 @@ public final class UserFactory {
return
null
;
}
/**
* @param cert
* @return the other type of certificate
*/
public
static
X509Certificate
convert
(
final
javax
.
security
.
cert
.
X509Certificate
cert
)
{
try
{
final
byte
[]
encoded
=
cert
.
getEncoded
();
final
ByteArrayInputStream
bis
=
new
ByteArrayInputStream
(
encoded
);
final
java
.
security
.
cert
.
CertificateFactory
cf
=
java
.
security
.
cert
.
CertificateFactory
.
getInstance
(
"X.509"
);
return
(
java
.
security
.
cert
.
X509Certificate
)
cf
.
generateCertificate
(
bis
);
}
catch
(
final
javax
.
security
.
cert
.
CertificateEncodingException
|
java
.
security
.
cert
.
CertificateException
e
)
{
logger
.
log
(
Level
.
FINE
,
"Cannot convert javax to java X509 Certificate"
,
e
);
}
return
null
;
}
/**
* @param cert
* @return the other type of certificate
*/
public
static
javax
.
security
.
cert
.
X509Certificate
convert
(
final
X509Certificate
cert
)
{
try
{
final
byte
[]
encoded
=
cert
.
getEncoded
();
return
javax
.
security
.
cert
.
X509Certificate
.
getInstance
(
encoded
);
}
catch
(
final
java
.
security
.
cert
.
CertificateEncodingException
|
javax
.
security
.
cert
.
CertificateException
e
)
{
logger
.
log
(
Level
.
FINE
,
"Cannot convert java to javax X509 Certificate"
,
e
);
}
return
null
;
}
}
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
