Repository: qpid-broker-j Updated Branches: refs/heads/master a07e8fd80 -> c018e1ac9
QPID-8213: [Broker-J] Do not open redundant InputStream in SSLUtil#readCertificates Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/c018e1ac Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/c018e1ac Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/c018e1ac Branch: refs/heads/master Commit: c018e1ac9d21e9f5eb38d2ae7a26a31e63c07fdf Parents: a07e8fd Author: Alex Rudyy <oru...@apache.org> Authored: Wed Jun 27 10:48:20 2018 +0100 Committer: Alex Rudyy <oru...@apache.org> Committed: Wed Jun 27 10:48:20 2018 +0100 ---------------------------------------------------------------------- .../transport/network/security/ssl/SSLUtil.java | 2 +- .../network/security/ssl/SSLUtilTest.java | 45 ++++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/c018e1ac/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java ---------------------------------------------------------------------- diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java index 520268c..edb753f 100644 --- a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java +++ b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java @@ -446,7 +446,7 @@ public class SSLUtil { try (InputStream is = certFile.openStream()) { - return readCertificates(certFile.openStream()); + return readCertificates(is); } } http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/c018e1ac/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java ---------------------------------------------------------------------- diff --git a/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java b/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java index 1da62ee..85833c0 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java @@ -21,14 +21,23 @@ package org.apache.qpid.server.transport.network.security.ssl; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.net.URL; import java.nio.ByteBuffer; import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.Collections; +import java.util.Enumeration; import java.util.List; import javax.net.ssl.KeyManagerFactory; @@ -41,6 +50,8 @@ import javax.xml.bind.DatatypeConverter; import org.junit.Test; import org.apache.qpid.server.transport.TransportException; +import org.apache.qpid.server.util.DataUrlUtils; +import org.apache.qpid.server.util.urlstreamhandler.data.Handler; import org.apache.qpid.test.utils.UnitTestBase; public class SSLUtilTest extends UnitTestBase @@ -213,6 +224,40 @@ public class SSLUtilTest extends UnitTestBase Arrays.asList("example.org", "a.mqp.example.org", "org")); } + @Test + public void testReadCertificates() throws Exception + { + Certificate certificate = getTestCertificate(); + + assertNotNull("Certificate is not found", certificate); + + URL certificateURL = new URL(null, DataUrlUtils.getDataUrlForBytes(certificate.getEncoded()), new Handler()); + X509Certificate[] certificates = SSLUtil.readCertificates(certificateURL); + + assertEquals("Unexpected number of certificates", 1, certificates.length); + assertEquals("Unexpected certificate", certificate, certificates[0]); + } + + private Certificate getTestCertificate() + throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException + { + KeyStore trustStore = KeyStore.getInstance("JKS"); + trustStore.load(new ByteArrayInputStream(TRUSTSTORE), "password".toCharArray()); + + Enumeration<String> aliases = trustStore.aliases(); + Certificate certificate = null; + while (aliases.hasMoreElements()) + { + String alias = aliases.nextElement(); + if (trustStore.isCertificateEntry(alias)) + { + certificate = trustStore.getCertificate(alias); + break; + } + } + return certificate; + } + private void doNameMatchingTest(byte[] keystoreBytes, List<String> validAddresses, List<String> invalidAddresses) throws Exception { KeyStore keyStore = KeyStore.getInstance("JKS"); --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org