[ 
https://issues.apache.org/jira/browse/CLOUDSTACK-9632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15711267#comment-15711267
 ] 

ASF GitHub Bot commented on CLOUDSTACK-9632:
--------------------------------------------

Github user rhtyd commented on a diff in the pull request:

    https://github.com/apache/cloudstack/pull/1799#discussion_r90398972
  
    --- Diff: 
utils/src/main/java/com/cloud/utils/security/CertificateHelper.java ---
    @@ -40,123 +46,122 @@
     import java.util.ArrayList;
     import java.util.List;
     
    -import com.cloud.utils.exception.CloudRuntimeException;
    -import org.apache.commons.codec.binary.Base64;
    -
    -import com.cloud.utils.Ternary;
    -import org.bouncycastle.openssl.PEMReader;
    -
     public class CertificateHelper {
    -    public static byte[] buildAndSaveKeystore(String alias, String cert, 
String privateKey, String storePassword) throws KeyStoreException, 
CertificateException,
    -        NoSuchAlgorithmException, InvalidKeySpecException, IOException {
    -        KeyStore ks = buildKeystore(alias, cert, privateKey, 
storePassword);
    -
    -        ByteArrayOutputStream os = new ByteArrayOutputStream();
    -        ks.store(os, storePassword != null ? storePassword.toCharArray() : 
null);
    -        os.close();
    -        return os.toByteArray();
    +    public static byte[] buildAndSaveKeystore(final String alias, final 
String cert, final String privateKey, final String storePassword) throws 
KeyStoreException, CertificateException,
    +    NoSuchAlgorithmException, InvalidKeySpecException, IOException {
    +        final KeyStore ks = buildKeystore(alias, cert, privateKey, 
storePassword);
    +
    +        try (final ByteArrayOutputStream os = new ByteArrayOutputStream()) 
{
    +            ks.store(os, storePassword != null ? 
storePassword.toCharArray() : null);
    +            return os.toByteArray();
    +        }
         }
     
    -    public static byte[] buildAndSaveKeystore(List<Ternary<String, String, 
String>> certs, String storePassword) throws KeyStoreException, 
NoSuchAlgorithmException,
    -        CertificateException, IOException, InvalidKeySpecException {
    -        KeyStore ks = KeyStore.getInstance("JKS");
    +    public static byte[] buildAndSaveKeystore(final List<Ternary<String, 
String, String>> certs, final String storePassword) throws KeyStoreException, 
NoSuchAlgorithmException,
    +    CertificateException, IOException, InvalidKeySpecException {
    +        final KeyStore ks = KeyStore.getInstance("JKS");
             ks.load(null, storePassword != null ? storePassword.toCharArray() 
: null);
     
             //name,cert,key
    -        for (Ternary<String, String, String> cert : certs) {
    +        for (final Ternary<String, String, String> cert : certs) {
                 if (cert.third() == null) {
    -                Certificate c = buildCertificate(cert.second());
    +                final Certificate c = buildCertificate(cert.second());
                     ks.setCertificateEntry(cert.first(), c);
                 } else {
    -                Certificate[] c = new Certificate[certs.size()];
    +                final Certificate[] c = new Certificate[certs.size()];
                     int i = certs.size();
    -                for (Ternary<String, String, String> ct : certs) {
    +                for (final Ternary<String, String, String> ct : certs) {
                         c[i - 1] = buildCertificate(ct.second());
                         i--;
                     }
                     ks.setKeyEntry(cert.first(), 
buildPrivateKey(cert.third()), storePassword != null ? 
storePassword.toCharArray() : null, c);
                 }
             }
     
    -        ByteArrayOutputStream os = new ByteArrayOutputStream();
    -        ks.store(os, storePassword != null ? storePassword.toCharArray() : 
null);
    -        os.close();
    -        return os.toByteArray();
    +        try (final ByteArrayOutputStream os = new ByteArrayOutputStream()) 
{
    +            ks.store(os, storePassword != null ? 
storePassword.toCharArray() : null);
    +            return os.toByteArray();
    +        }
         }
     
    -    public static KeyStore loadKeystore(byte[] ksData, String 
storePassword) throws KeyStoreException, CertificateException, 
NoSuchAlgorithmException, IOException {
    -        assert (ksData != null);
    -        KeyStore ks = KeyStore.getInstance("JKS");
    -        ks.load(new ByteArrayInputStream(ksData), storePassword != null ? 
storePassword.toCharArray() : null);
    +    public static KeyStore loadKeystore(final byte[] ksData, final String 
storePassword) throws KeyStoreException, CertificateException, 
NoSuchAlgorithmException, IOException {
    +        assert ksData != null;
    +        final KeyStore ks = KeyStore.getInstance("JKS");
    +        try (final ByteArrayInputStream is = new 
ByteArrayInputStream(ksData)) {
    +            ks.load(is, storePassword != null ? 
storePassword.toCharArray() : null);
    +        }
     
             return ks;
         }
     
    -    public static KeyStore buildKeystore(String alias, String cert, String 
privateKey, String storePassword) throws KeyStoreException, 
CertificateException,
    -        NoSuchAlgorithmException, InvalidKeySpecException, IOException {
    +    public static KeyStore buildKeystore(final String alias, final String 
cert, final String privateKey, final String storePassword) throws 
KeyStoreException, CertificateException,
    +    NoSuchAlgorithmException, InvalidKeySpecException, IOException {
     
    -        KeyStore ks = KeyStore.getInstance("JKS");
    +        final KeyStore ks = KeyStore.getInstance("JKS");
             ks.load(null, storePassword != null ? storePassword.toCharArray() 
: null);
    -        Certificate[] certs = new Certificate[1];
    +        final Certificate[] certs = new Certificate[1];
             certs[0] = buildCertificate(cert);
             ks.setKeyEntry(alias, buildPrivateKey(privateKey), storePassword 
!= null ? storePassword.toCharArray() : null, certs);
             return ks;
         }
     
    -    public static Certificate buildCertificate(String content) throws 
CertificateException {
    -        assert (content != null);
    +    public static Certificate buildCertificate(final String content) 
throws CertificateException {
    +        assert content != null;
     
    -        BufferedInputStream bis = new BufferedInputStream(new 
ByteArrayInputStream(content.getBytes()));
    -        CertificateFactory cf = CertificateFactory.getInstance("X.509");
    +        final BufferedInputStream bis = new BufferedInputStream(new 
ByteArrayInputStream(content.getBytes()));
    +        final CertificateFactory cf = 
CertificateFactory.getInstance("X.509");
             return cf.generateCertificate(bis);
         }
     
    -    public static Key buildPrivateKey(String base64EncodedKeyContent) 
throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
    -        KeyFactory kf = KeyFactory.getInstance("RSA");
    -        PKCS8EncodedKeySpec keysp = new 
PKCS8EncodedKeySpec(Base64.decodeBase64(base64EncodedKeyContent));
    +    public static Key buildPrivateKey(final String 
base64EncodedKeyContent) throws NoSuchAlgorithmException, 
InvalidKeySpecException, IOException {
    --- End diff --
    
    Fixed.


> Upgrade bountycastle to 1.55+
> -----------------------------
>
>                 Key: CLOUDSTACK-9632
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9632
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>             Fix For: Future, 4.10.0.0
>
>
> Upgrade bountycastle library to latest versions.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to