This is an automated email from the git hooks/post-receive script. ebourg-guest pushed a commit to branch master in repository ca-certificates-java.
commit 16dd9db0bcfc209e97104940b64c4dd5f5b6a013 Author: Emmanuel Bourg <[email protected]> Date: Mon Mar 24 10:35:49 2014 +0000 Code formatting --- src/main/java/org/debian/security/Exceptions.java | 73 ++-- .../org/debian/security/UpdateCertificates.java | 134 ++++---- .../debian/security/UpdateCertificatesTest.java | 372 ++++++++++----------- 3 files changed, 284 insertions(+), 295 deletions(-) diff --git a/src/main/java/org/debian/security/Exceptions.java b/src/main/java/org/debian/security/Exceptions.java index 32a71ae..8474f92 100644 --- a/src/main/java/org/debian/security/Exceptions.java +++ b/src/main/java/org/debian/security/Exceptions.java @@ -5,12 +5,12 @@ * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. - + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - + * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. @@ -21,43 +21,42 @@ package org.debian.security; /** * Custom exceptions used by {@link UpdateCertificates} - * + * * @author Damien Raude-Morvan <[email protected]> */ public class Exceptions { - - /** - * Data send in stdin is invalid (neither "+" or "-" command). - */ - public static class UnknownInput extends Exception { - private static final long serialVersionUID = 5698253678856993527L; - public UnknownInput(final String message) { - super(message); - } - - } - - /** - * Unable to save keystore to provided location. - */ - public static class UnableToSaveKeystore extends Exception { - private static final long serialVersionUID = 3632154306237688490L; - public UnableToSaveKeystore(final String message, final Exception e) { - super(message, e); - } - - } - - /** - * Unable to open keystore from provided location (might be an invalid password - * or IO error). - */ - public static class InvalidKeystorePassword extends Exception { - private static final long serialVersionUID = 7004201816889107694L; - public InvalidKeystorePassword(final String message, final Exception e) { - super(message, e); - } - - } + /** + * Data send in stdin is invalid (neither "+" or "-" command). + */ + public static class UnknownInput extends Exception { + private static final long serialVersionUID = 5698253678856993527L; + + public UnknownInput(final String message) { + super(message); + } + } + + /** + * Unable to save keystore to provided location. + */ + public static class UnableToSaveKeystore extends Exception { + private static final long serialVersionUID = 3632154306237688490L; + + public UnableToSaveKeystore(final String message, final Exception e) { + super(message, e); + } + } + + /** + * Unable to open keystore from provided location (might be an invalid password + * or IO error). + */ + public static class InvalidKeystorePassword extends Exception { + private static final long serialVersionUID = 7004201816889107694L; + + public InvalidKeystorePassword(final String message, final Exception e) { + super(message, e); + } + } } diff --git a/src/main/java/org/debian/security/UpdateCertificates.java b/src/main/java/org/debian/security/UpdateCertificates.java index 18ba3dc..8f3a23a 100644 --- a/src/main/java/org/debian/security/UpdateCertificates.java +++ b/src/main/java/org/debian/security/UpdateCertificates.java @@ -6,12 +6,12 @@ * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. - + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - + * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. @@ -55,24 +55,23 @@ public class UpdateCertificates { String passwordString = "changeit"; if (args.length == 2 && args[0].equals("-storepass")) { passwordString = args[1]; - } - else if (args.length > 0) { + } else if (args.length > 0) { System.err.println("Usage: java UpdateCertificates [-storepass <password>]"); System.exit(1); } - try { - UpdateCertificates uc = new UpdateCertificates(passwordString, "/etc/ssl/certs/java/cacerts"); - // Force reading of inputstream in UTF-8 - uc.processChanges(new InputStreamReader(System.in, "UTF8")); - uc.writeKeyStore(); - } catch (Exceptions.InvalidKeystorePassword e) { - e.printStackTrace(System.err); - System.exit(1); - } catch (Exceptions.UnableToSaveKeystore e) { - e.printStackTrace(System.err); - System.exit(1); - } + try { + UpdateCertificates uc = new UpdateCertificates(passwordString, "/etc/ssl/certs/java/cacerts"); + // Force reading of inputstream in UTF-8 + uc.processChanges(new InputStreamReader(System.in, "UTF8")); + uc.writeKeyStore(); + } catch (Exceptions.InvalidKeystorePassword e) { + e.printStackTrace(System.err); + System.exit(1); + } catch (Exceptions.UnableToSaveKeystore e) { + e.printStackTrace(System.err); + System.exit(1); + } } public UpdateCertificates(final String passwordString, final String keystoreFile) throws IOException, GeneralSecurityException, Exceptions.InvalidKeystorePassword { @@ -80,7 +79,7 @@ public class UpdateCertificates { this.ksFilename = keystoreFile; this.ks = openKeyStore(); this.certFactory = CertificateFactory.getInstance("X.509"); - } + } /** * Try to open a existing keystore or create an new one. @@ -94,8 +93,7 @@ public class UpdateCertificates { } try { ks.load(certInputStream, this.password); - } - catch (IOException e) { + } catch (IOException e) { throw new Exceptions.InvalidKeystorePassword("Cannot open Java keystore. Is the password correct?", e); } if (certInputStream != null) { @@ -107,17 +105,16 @@ public class UpdateCertificates { /** * Until reader EOF, try to read changes and send each to {@link #parseLine(String)}. */ - protected void processChanges(final Reader reader) - throws IOException, GeneralSecurityException { + protected void processChanges(final Reader reader) throws IOException, GeneralSecurityException { String line; BufferedReader bufferedStdinReader = new BufferedReader(reader); - while((line = bufferedStdinReader.readLine()) != null) { - try { - parseLine(line); - } catch (Exceptions.UnknownInput e) { - System.err.println("Unknown input: " + line); - // Keep processing for others lines - } + while ((line = bufferedStdinReader.readLine()) != null) { + try { + parseLine(line); + } catch (Exceptions.UnknownInput e) { + System.err.println("Unknown input: " + line); + // Keep processing for others lines + } } } @@ -125,28 +122,25 @@ public class UpdateCertificates { * Parse given line to choose between {@link #addAlias(String, Certificate)} * or {@link #deleteAlias(String)}. */ - protected void parseLine(final String line) - throws GeneralSecurityException, IOException, Exceptions.UnknownInput { - assert this.ks != null; + protected void parseLine(final String line) throws GeneralSecurityException, IOException, Exceptions.UnknownInput { + assert this.ks != null; String path = line.substring(1); String filename = path.substring(path.lastIndexOf("/") + 1); String alias = "debian:" + filename; - if(line.startsWith("+")) { + if (line.startsWith("+")) { Certificate cert = loadCertificate(path); if (cert == null) { return; } addAlias(alias, cert); - } - else if (line.startsWith("-")) { + } else if (line.startsWith("-")) { deleteAlias(alias); // Remove old non-prefixed aliases, too. This code should be // removed after the release of Wheezy. deleteAlias(filename); - } - else { - throw new Exceptions.UnknownInput(line); + } else { + throw new Exceptions.UnknownInput(line); } } @@ -154,7 +148,7 @@ public class UpdateCertificates { * Delete cert in keystore at given alias. */ private void deleteAlias(final String alias) throws GeneralSecurityException { - assert this.ks != null; + assert this.ks != null; if (contains(alias)) { System.out.println("Removing " + alias); @@ -165,44 +159,41 @@ public class UpdateCertificates { /** * Add or replace existing cert in keystore with given alias. */ - private void addAlias(final String alias, final Certificate cert) - throws KeyStoreException { - assert this.ks != null; - - if(contains(alias)) { - System.out.println("Replacing " + alias); - this.ks.deleteEntry(alias); - } - else { - System.out.println("Adding " + alias); - } - this.ks.setCertificateEntry(alias, cert); - } - - /** - * Returns true when alias exist in keystore. - */ - protected boolean contains(String alias) throws KeyStoreException { - assert this.ks != null; - - return this.ks.containsAlias(alias); - } - - /** - * Try to load a certificate instance from given path. - */ + private void addAlias(final String alias, final Certificate cert) throws KeyStoreException { + assert this.ks != null; + + if (contains(alias)) { + System.out.println("Replacing " + alias); + this.ks.deleteEntry(alias); + } else { + System.out.println("Adding " + alias); + } + this.ks.setCertificateEntry(alias, cert); + } + + /** + * Returns true when alias exist in keystore. + */ + protected boolean contains(String alias) throws KeyStoreException { + assert this.ks != null; + + return this.ks.containsAlias(alias); + } + + /** + * Try to load a certificate instance from given path. + */ private Certificate loadCertificate(final String path) { - assert this.certFactory != null; + assert this.certFactory != null; Certificate cert = null; try { FileInputStream certFile = new FileInputStream(path); cert = this.certFactory.generateCertificate(certFile); certFile.close(); - } - catch (Exception e) { + } catch (Exception e) { System.err.println("Warning: there was a problem reading the certificate file " + - path + ". Message:\n " + e.getMessage()); + path + ". Message:\n " + e.getMessage()); } return cert; } @@ -211,15 +202,14 @@ public class UpdateCertificates { * Write actual keystore content to disk. */ protected void writeKeyStore() throws GeneralSecurityException, Exceptions.UnableToSaveKeystore { - assert this.ks != null; + assert this.ks != null; try { FileOutputStream certOutputFile = new FileOutputStream(this.ksFilename); this.ks.store(certOutputFile, this.password); certOutputFile.close(); - } - catch (IOException e) { - throw new Exceptions.UnableToSaveKeystore("There was a problem saving the new Java keystore.", e); + } catch (IOException e) { + throw new Exceptions.UnableToSaveKeystore("There was a problem saving the new Java keystore.", e); } } } diff --git a/src/test/java/org/debian/security/UpdateCertificatesTest.java b/src/test/java/org/debian/security/UpdateCertificatesTest.java index ddee418..38dbc82 100644 --- a/src/test/java/org/debian/security/UpdateCertificatesTest.java +++ b/src/test/java/org/debian/security/UpdateCertificatesTest.java @@ -5,12 +5,12 @@ * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. - + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - + * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. @@ -35,189 +35,189 @@ import org.junit.Test; */ public class UpdateCertificatesTest { - private static final String ALIAS_CACERT = "debian:spi-cacert-2008.crt"; - private static final String INVALID_CACERT = "x/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt"; - private static final String REMOVE_CACERT = "-/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt"; - private static final String ADD_CACERT = "+/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt"; - - private String ksFilename = null; - private String ksPassword = null; - - @Before - public void start() { - this.ksFilename = "./tests-cacerts"; - this.ksPassword = "changeit"; - // Delete any previous file - File keystore = new File(this.ksFilename); - keystore.delete(); - } - - /** - * Test a simple open then write without any modification. - */ - @Test - public void testNoop() throws IOException, GeneralSecurityException, - Exceptions.InvalidKeystorePassword, Exceptions.UnableToSaveKeystore { - UpdateCertificates uc = new UpdateCertificates(this.ksPassword, - this.ksFilename); - uc.writeKeyStore(); - } - - /** - * Test a to open a keystore and write without any modification - * and then try to open it again with wrong password : will throw a - * InvalidKeystorePassword - */ - @Test - public void testWriteThenOpenWrongPwd() throws IOException, - GeneralSecurityException, Exceptions.UnableToSaveKeystore { - try { - UpdateCertificates uc = new UpdateCertificates(this.ksPassword, - this.ksFilename); - uc.writeKeyStore(); - } catch (Exceptions.InvalidKeystorePassword e) { - Assert.fail(); - } - - try { - UpdateCertificates uc = new UpdateCertificates("wrongpassword", - this.ksFilename); - Assert.fail(); - uc.writeKeyStore(); - } catch (Exceptions.InvalidKeystorePassword e) { - Assert.assertEquals( - "Cannot open Java keystore. Is the password correct?", - e.getMessage()); - } - } - - /** - * Test a to open a keystore then remove its backing File (and replace it - * with a directory with the same name) and try to write in to disk : - * will throw an UnableToSaveKeystore - */ - @Test - public void testDeleteThenWrite() throws IOException, - GeneralSecurityException, Exceptions.InvalidKeystorePassword { - try { - UpdateCertificates uc = new UpdateCertificates(this.ksPassword, - this.ksFilename); - - // Replace actual file by a directory ! - File keystore = new File(this.ksFilename); - keystore.delete(); - keystore.mkdir(); - - // Will fail with some IOException - uc.writeKeyStore(); - Assert.fail(); - } catch (Exceptions.UnableToSaveKeystore e) { - Assert.assertEquals( - "There was a problem saving the new Java keystore.", - e.getMessage()); - } - } - - /** - * Try to send an invalid command ("x") in parseLine : throw UnknownInput - */ - @Test - public void testWrongCommand() throws IOException, - GeneralSecurityException, Exceptions.InvalidKeystorePassword { - UpdateCertificates uc = new UpdateCertificates(this.ksPassword, - this.ksFilename); - try { - uc.parseLine(INVALID_CACERT); - Assert.fail(); - } catch (Exceptions.UnknownInput e) { - Assert.assertEquals(INVALID_CACERT, e.getMessage()); - } - } - - /** - * Test to insert a valid certificate and then check if it's really in KS. - */ - @Test - public void testAdd() throws IOException, GeneralSecurityException, - Exceptions.UnknownInput, Exceptions.InvalidKeystorePassword, - Exceptions.UnableToSaveKeystore { - UpdateCertificates uc = new UpdateCertificates(this.ksPassword, - this.ksFilename); - uc.parseLine(ADD_CACERT); - uc.writeKeyStore(); - - Assert.assertEquals(true, uc.contains(ALIAS_CACERT)); - } - - /** - * Test to insert a invalide certificate : no exception, but check there - * is no alias created with that name - */ - @Test - public void testAddInvalidCert() throws IOException, - GeneralSecurityException, Exceptions.UnknownInput, - Exceptions.InvalidKeystorePassword, Exceptions.UnableToSaveKeystore { - UpdateCertificates uc = new UpdateCertificates(this.ksPassword, - this.ksFilename); - uc.parseLine("+/usr/share/ca-certificates/null.crt"); - uc.writeKeyStore(); - - Assert.assertEquals(false, uc.contains("debian:null.crt")); - } - - /** - * Try to add same certificate multiple time : we replace it and - * there is only one alias. - */ - @Test - public void testReplace() throws IOException, GeneralSecurityException, - Exceptions.UnknownInput, Exceptions.InvalidKeystorePassword, - Exceptions.UnableToSaveKeystore { - UpdateCertificates uc = new UpdateCertificates(this.ksPassword, - this.ksFilename); - uc.parseLine(ADD_CACERT); - uc.parseLine(ADD_CACERT); - uc.writeKeyStore(); - - Assert.assertEquals(true, uc.contains(ALIAS_CACERT)); - } - - /** - * Try to remove a non-existant certificate : it's a no-op. - */ - @Test - public void testRemove() throws IOException, GeneralSecurityException, - Exceptions.UnknownInput, Exceptions.InvalidKeystorePassword, - Exceptions.UnableToSaveKeystore { - UpdateCertificates uc = new UpdateCertificates(this.ksPassword, - this.ksFilename); - uc.parseLine(REMOVE_CACERT); - uc.writeKeyStore(); - - // We start with empty KS, so it shouldn't do anything - Assert.assertEquals(false, uc.contains(ALIAS_CACERT)); - } - - /** - * Try to add cert, write to disk, then open keystore again and remove. - */ - @Test - public void testAddThenRemove() throws IOException, - GeneralSecurityException, Exceptions.UnknownInput, - Exceptions.InvalidKeystorePassword, Exceptions.UnableToSaveKeystore { - UpdateCertificates ucAdd = new UpdateCertificates(this.ksPassword, - this.ksFilename); - ucAdd.parseLine(ADD_CACERT); - ucAdd.writeKeyStore(); - - Assert.assertEquals(true, ucAdd.contains(ALIAS_CACERT)); - - UpdateCertificates ucRemove = new UpdateCertificates(this.ksPassword, - this.ksFilename); - ucRemove.parseLine(REMOVE_CACERT); - ucRemove.writeKeyStore(); - - Assert.assertEquals(false, ucRemove.contains(ALIAS_CACERT)); - } + private static final String ALIAS_CACERT = "debian:spi-cacert-2008.crt"; + private static final String INVALID_CACERT = "x/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt"; + private static final String REMOVE_CACERT = "-/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt"; + private static final String ADD_CACERT = "+/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt"; + + private String ksFilename = null; + private String ksPassword = null; + + @Before + public void start() { + this.ksFilename = "./tests-cacerts"; + this.ksPassword = "changeit"; + // Delete any previous file + File keystore = new File(this.ksFilename); + keystore.delete(); + } + + /** + * Test a simple open then write without any modification. + */ + @Test + public void testNoop() throws IOException, GeneralSecurityException, + Exceptions.InvalidKeystorePassword, Exceptions.UnableToSaveKeystore { + UpdateCertificates uc = new UpdateCertificates(this.ksPassword, + this.ksFilename); + uc.writeKeyStore(); + } + + /** + * Test a to open a keystore and write without any modification + * and then try to open it again with wrong password : will throw a + * InvalidKeystorePassword + */ + @Test + public void testWriteThenOpenWrongPwd() throws IOException, + GeneralSecurityException, Exceptions.UnableToSaveKeystore { + try { + UpdateCertificates uc = new UpdateCertificates(this.ksPassword, + this.ksFilename); + uc.writeKeyStore(); + } catch (Exceptions.InvalidKeystorePassword e) { + Assert.fail(); + } + + try { + UpdateCertificates uc = new UpdateCertificates("wrongpassword", + this.ksFilename); + Assert.fail(); + uc.writeKeyStore(); + } catch (Exceptions.InvalidKeystorePassword e) { + Assert.assertEquals( + "Cannot open Java keystore. Is the password correct?", + e.getMessage()); + } + } + + /** + * Test a to open a keystore then remove its backing File (and replace it + * with a directory with the same name) and try to write in to disk : + * will throw an UnableToSaveKeystore + */ + @Test + public void testDeleteThenWrite() throws IOException, + GeneralSecurityException, Exceptions.InvalidKeystorePassword { + try { + UpdateCertificates uc = new UpdateCertificates(this.ksPassword, + this.ksFilename); + + // Replace actual file by a directory ! + File keystore = new File(this.ksFilename); + keystore.delete(); + keystore.mkdir(); + + // Will fail with some IOException + uc.writeKeyStore(); + Assert.fail(); + } catch (Exceptions.UnableToSaveKeystore e) { + Assert.assertEquals( + "There was a problem saving the new Java keystore.", + e.getMessage()); + } + } + + /** + * Try to send an invalid command ("x") in parseLine : throw UnknownInput + */ + @Test + public void testWrongCommand() throws IOException, + GeneralSecurityException, Exceptions.InvalidKeystorePassword { + UpdateCertificates uc = new UpdateCertificates(this.ksPassword, + this.ksFilename); + try { + uc.parseLine(INVALID_CACERT); + Assert.fail(); + } catch (Exceptions.UnknownInput e) { + Assert.assertEquals(INVALID_CACERT, e.getMessage()); + } + } + + /** + * Test to insert a valid certificate and then check if it's really in KS. + */ + @Test + public void testAdd() throws IOException, GeneralSecurityException, + Exceptions.UnknownInput, Exceptions.InvalidKeystorePassword, + Exceptions.UnableToSaveKeystore { + UpdateCertificates uc = new UpdateCertificates(this.ksPassword, + this.ksFilename); + uc.parseLine(ADD_CACERT); + uc.writeKeyStore(); + + Assert.assertEquals(true, uc.contains(ALIAS_CACERT)); + } + + /** + * Test to insert a invalide certificate : no exception, but check there + * is no alias created with that name + */ + @Test + public void testAddInvalidCert() throws IOException, + GeneralSecurityException, Exceptions.UnknownInput, + Exceptions.InvalidKeystorePassword, Exceptions.UnableToSaveKeystore { + UpdateCertificates uc = new UpdateCertificates(this.ksPassword, + this.ksFilename); + uc.parseLine("+/usr/share/ca-certificates/null.crt"); + uc.writeKeyStore(); + + Assert.assertEquals(false, uc.contains("debian:null.crt")); + } + + /** + * Try to add same certificate multiple time : we replace it and + * there is only one alias. + */ + @Test + public void testReplace() throws IOException, GeneralSecurityException, + Exceptions.UnknownInput, Exceptions.InvalidKeystorePassword, + Exceptions.UnableToSaveKeystore { + UpdateCertificates uc = new UpdateCertificates(this.ksPassword, + this.ksFilename); + uc.parseLine(ADD_CACERT); + uc.parseLine(ADD_CACERT); + uc.writeKeyStore(); + + Assert.assertEquals(true, uc.contains(ALIAS_CACERT)); + } + + /** + * Try to remove a non-existant certificate : it's a no-op. + */ + @Test + public void testRemove() throws IOException, GeneralSecurityException, + Exceptions.UnknownInput, Exceptions.InvalidKeystorePassword, + Exceptions.UnableToSaveKeystore { + UpdateCertificates uc = new UpdateCertificates(this.ksPassword, + this.ksFilename); + uc.parseLine(REMOVE_CACERT); + uc.writeKeyStore(); + + // We start with empty KS, so it shouldn't do anything + Assert.assertEquals(false, uc.contains(ALIAS_CACERT)); + } + + /** + * Try to add cert, write to disk, then open keystore again and remove. + */ + @Test + public void testAddThenRemove() throws IOException, + GeneralSecurityException, Exceptions.UnknownInput, + Exceptions.InvalidKeystorePassword, Exceptions.UnableToSaveKeystore { + UpdateCertificates ucAdd = new UpdateCertificates(this.ksPassword, + this.ksFilename); + ucAdd.parseLine(ADD_CACERT); + ucAdd.writeKeyStore(); + + Assert.assertEquals(true, ucAdd.contains(ALIAS_CACERT)); + + UpdateCertificates ucRemove = new UpdateCertificates(this.ksPassword, + this.ksFilename); + ucRemove.parseLine(REMOVE_CACERT); + ucRemove.writeKeyStore(); + + Assert.assertEquals(false, ucRemove.contains(ALIAS_CACERT)); + } } -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/ca-certificates-java.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
