[
https://issues.apache.org/jira/browse/CLOUDSTACK-9632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15710063#comment-15710063
]
ASF GitHub Bot commented on CLOUDSTACK-9632:
--------------------------------------------
Github user jburwell commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/1799#discussion_r90340246
--- Diff: server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java
---
@@ -339,190 +348,182 @@ public SslCertResponse createCertResponse(SslCertVO
cert, List<LoadBalancerCertM
return response;
}
- private void validateCert(Certificate cert, boolean chainPresent) {
+ private void validateCert(final Certificate cert, final boolean
chainPresent) {
- if (!(cert instanceof X509Certificate))
+ if (!(cert instanceof X509Certificate)) {
throw new IllegalArgumentException("Invalid certificate
format. Expected X509 certificate");
+ }
try {
((X509Certificate)cert).checkValidity();
- } catch (Exception e) {
+ } catch (final Exception e) {
throw new IllegalArgumentException("Certificate expired or not
valid", e);
}
}
- private void validateKeys(PublicKey pubKey, PrivateKey privKey) {
+ private void validateKeys(final PublicKey pubKey, final PrivateKey
privKey) {
- if (pubKey.getAlgorithm() != privKey.getAlgorithm())
+ if (pubKey.getAlgorithm() != privKey.getAlgorithm()) {
throw new IllegalArgumentException("Public and private key
have different algorithms");
+ }
// No encryption for DSA
- if (pubKey.getAlgorithm() != "RSA")
+ if (pubKey.getAlgorithm() != "RSA") {
return;
+ }
try {
- String data = "ENCRYPT_DATA";
- SecureRandom random = new SecureRandom();
- Cipher cipher = Cipher.getInstance(pubKey.getAlgorithm());
+ final String data = "ENCRYPT_DATA";
+ final SecureRandom random = new SecureRandom();
+ final Cipher cipher =
Cipher.getInstance(pubKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privKey, random);
- byte[] encryptedData = cipher.doFinal(data.getBytes());
+ final byte[] encryptedData = cipher.doFinal(data.getBytes());
cipher.init(Cipher.DECRYPT_MODE, pubKey, random);
- String decreptedData = new
String(cipher.doFinal(encryptedData));
- if (!decreptedData.equals(data))
+ final String decreptedData = new
String(cipher.doFinal(encryptedData));
+ if (!decreptedData.equals(data)) {
throw new IllegalArgumentException("Bad public-private
key");
+ }
- } catch (BadPaddingException e) {
+ } catch (final BadPaddingException e) {
throw new IllegalArgumentException("Bad public-private key",
e);
- } catch (IllegalBlockSizeException e) {
+ } catch (final IllegalBlockSizeException e) {
throw new IllegalArgumentException("Bad public-private key",
e);
- } catch (NoSuchPaddingException e) {
+ } catch (final NoSuchPaddingException e) {
--- End diff --
Please consolidate lines 389-394 into a multi-catch. Also,
`InvalidArgumentException` seems inappropriate as it indicates that a parameter
did not match the expected contract. `IllegalStateException` seems the more
appropriate type.
> Upgrade bountycastle to 1.55+
> -----------------------------
>
> Key: CLOUDSTACK-9632
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9632
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: Rohit Yadav
> Assignee: Rohit Yadav
> Fix For: Future, 4.10.0.0
>
>
> Upgrade bountycastle library to latest versions.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
