[
https://issues.apache.org/jira/browse/CLOUDSTACK-9632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15710064#comment-15710064
]
ASF GitHub Bot commented on CLOUDSTACK-9632:
--------------------------------------------
Github user jburwell commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/1799#discussion_r90340513
--- Diff: server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java
---
@@ -339,190 +348,182 @@ public SslCertResponse createCertResponse(SslCertVO
cert, List<LoadBalancerCertM
return response;
}
- private void validateCert(Certificate cert, boolean chainPresent) {
+ private void validateCert(final Certificate cert, final boolean
chainPresent) {
- if (!(cert instanceof X509Certificate))
+ if (!(cert instanceof X509Certificate)) {
throw new IllegalArgumentException("Invalid certificate
format. Expected X509 certificate");
+ }
try {
((X509Certificate)cert).checkValidity();
- } catch (Exception e) {
+ } catch (final Exception e) {
throw new IllegalArgumentException("Certificate expired or not
valid", e);
}
}
- private void validateKeys(PublicKey pubKey, PrivateKey privKey) {
+ private void validateKeys(final PublicKey pubKey, final PrivateKey
privKey) {
- if (pubKey.getAlgorithm() != privKey.getAlgorithm())
+ if (pubKey.getAlgorithm() != privKey.getAlgorithm()) {
throw new IllegalArgumentException("Public and private key
have different algorithms");
+ }
// No encryption for DSA
- if (pubKey.getAlgorithm() != "RSA")
+ if (pubKey.getAlgorithm() != "RSA") {
return;
+ }
try {
- String data = "ENCRYPT_DATA";
- SecureRandom random = new SecureRandom();
- Cipher cipher = Cipher.getInstance(pubKey.getAlgorithm());
+ final String data = "ENCRYPT_DATA";
+ final SecureRandom random = new SecureRandom();
+ final Cipher cipher =
Cipher.getInstance(pubKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privKey, random);
- byte[] encryptedData = cipher.doFinal(data.getBytes());
+ final byte[] encryptedData = cipher.doFinal(data.getBytes());
cipher.init(Cipher.DECRYPT_MODE, pubKey, random);
- String decreptedData = new
String(cipher.doFinal(encryptedData));
- if (!decreptedData.equals(data))
+ final String decreptedData = new
String(cipher.doFinal(encryptedData));
+ if (!decreptedData.equals(data)) {
throw new IllegalArgumentException("Bad public-private
key");
+ }
- } catch (BadPaddingException e) {
+ } catch (final BadPaddingException e) {
throw new IllegalArgumentException("Bad public-private key",
e);
- } catch (IllegalBlockSizeException e) {
+ } catch (final IllegalBlockSizeException e) {
throw new IllegalArgumentException("Bad public-private key",
e);
- } catch (NoSuchPaddingException e) {
+ } catch (final NoSuchPaddingException e) {
throw new IllegalArgumentException("Bad public-private key",
e);
- } catch (InvalidKeyException e) {
+ } catch (final InvalidKeyException e) {
throw new IllegalArgumentException("Invalid public-private
key", e);
- } catch (NoSuchAlgorithmException e) {
+ } catch (final NoSuchAlgorithmException e) {
throw new IllegalArgumentException("Invalid algorithm for
public-private key", e);
}
}
- private void validateChain(List<Certificate> chain, Certificate cert) {
+ private void validateChain(final List<Certificate> chain, final
Certificate cert) {
- List<Certificate> certs = new ArrayList<Certificate>();
- Set<TrustAnchor> anchors = new HashSet<TrustAnchor>();
+ final List<Certificate> certs = new ArrayList<Certificate>();
+ final Set<TrustAnchor> anchors = new HashSet<TrustAnchor>();
certs.add(cert); // adding for self signed certs
certs.addAll(chain);
- for (Certificate c : certs) {
- if (!(c instanceof X509Certificate))
+ for (final Certificate c : certs) {
+ if (!(c instanceof X509Certificate)) {
throw new IllegalArgumentException("Invalid chain format.
Expected X509 certificate");
+ }
- X509Certificate xCert = (X509Certificate)c;
+ final X509Certificate xCert = (X509Certificate)c;
- Principal subject = xCert.getSubjectDN();
- Principal issuer = xCert.getIssuerDN();
+ xCert.getSubjectDN();
+ xCert.getIssuerDN();
- anchors.add(new TrustAnchor(xCert, null));
+ anchors.add(new TrustAnchor(xCert, null));
--- End diff --
Please add a check for the return of the `add` method to ensure that the
element was added to `anchors`.
> Upgrade bountycastle to 1.55+
> -----------------------------
>
> Key: CLOUDSTACK-9632
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9632
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: Rohit Yadav
> Assignee: Rohit Yadav
> Fix For: Future, 4.10.0.0
>
>
> Upgrade bountycastle library to latest versions.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
