Repository: qpid-broker-j
Updated Branches:
  refs/heads/master a07e8fd80 -> c018e1ac9


QPID-8213: [Broker-J] Do not open redundant InputStream in 
SSLUtil#readCertificates


Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/c018e1ac
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/c018e1ac
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/c018e1ac

Branch: refs/heads/master
Commit: c018e1ac9d21e9f5eb38d2ae7a26a31e63c07fdf
Parents: a07e8fd
Author: Alex Rudyy <oru...@apache.org>
Authored: Wed Jun 27 10:48:20 2018 +0100
Committer: Alex Rudyy <oru...@apache.org>
Committed: Wed Jun 27 10:48:20 2018 +0100

----------------------------------------------------------------------
 .../transport/network/security/ssl/SSLUtil.java |  2 +-
 .../network/security/ssl/SSLUtilTest.java       | 45 ++++++++++++++++++++
 2 files changed, 46 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/c018e1ac/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
----------------------------------------------------------------------
diff --git 
a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
 
b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
index 520268c..edb753f 100644
--- 
a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
+++ 
b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
@@ -446,7 +446,7 @@ public class SSLUtil
     {
         try (InputStream is = certFile.openStream())
         {
-            return readCertificates(certFile.openStream());
+            return readCertificates(is);
         }
     }
 

http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/c018e1ac/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
----------------------------------------------------------------------
diff --git 
a/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
 
b/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
index 1da62ee..85833c0 100644
--- 
a/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
+++ 
b/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
@@ -21,14 +21,23 @@
 package org.apache.qpid.server.transport.network.security.ssl;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
 import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.net.URL;
 import java.nio.ByteBuffer;
 import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.Enumeration;
 import java.util.List;
 
 import javax.net.ssl.KeyManagerFactory;
@@ -41,6 +50,8 @@ import javax.xml.bind.DatatypeConverter;
 import org.junit.Test;
 
 import org.apache.qpid.server.transport.TransportException;
+import org.apache.qpid.server.util.DataUrlUtils;
+import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
 import org.apache.qpid.test.utils.UnitTestBase;
 
 public class SSLUtilTest extends UnitTestBase
@@ -213,6 +224,40 @@ public class SSLUtilTest extends UnitTestBase
                            Arrays.asList("example.org", "a.mqp.example.org", 
"org"));
     }
 
+    @Test
+    public void testReadCertificates() throws Exception
+    {
+        Certificate certificate = getTestCertificate();
+
+        assertNotNull("Certificate is not found", certificate);
+
+        URL certificateURL = new URL(null, 
DataUrlUtils.getDataUrlForBytes(certificate.getEncoded()), new Handler());
+        X509Certificate[] certificates = 
SSLUtil.readCertificates(certificateURL);
+
+        assertEquals("Unexpected number of certificates", 1, 
certificates.length);
+        assertEquals("Unexpected certificate", certificate, certificates[0]);
+    }
+
+    private Certificate getTestCertificate()
+            throws KeyStoreException, IOException, NoSuchAlgorithmException, 
CertificateException
+    {
+        KeyStore trustStore = KeyStore.getInstance("JKS");
+        trustStore.load(new ByteArrayInputStream(TRUSTSTORE), 
"password".toCharArray());
+
+        Enumeration<String> aliases = trustStore.aliases();
+        Certificate certificate = null;
+        while (aliases.hasMoreElements())
+        {
+            String alias = aliases.nextElement();
+            if (trustStore.isCertificateEntry(alias))
+            {
+                certificate = trustStore.getCertificate(alias);
+                break;
+            }
+        }
+        return certificate;
+    }
+
     private void doNameMatchingTest(byte[] keystoreBytes, List<String> 
validAddresses, List<String> invalidAddresses) throws Exception
     {
         KeyStore keyStore = KeyStore.getInstance("JKS");


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org
For additional commands, e-mail: commits-h...@qpid.apache.org

Reply via email to