ca.crt and add them.

jfclere Fri, 26 Jul 2019 05:00:16 -0700

This is an automated email from the ASF dual-hosted git repository.

jfclere pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git



The following commit(s) were added to refs/heads/master by this push:
     new 7988d73  Read all the certificates from 
/var/run/secrets/kubernetes.io/serviceaccount/ca.crt and add them.
7988d73 is described below

commit 7988d7313c04080dc9989f003a3c480b4ff4234a
Author: Jean-Frederic Clere <jfcl...@gmail.com>
AuthorDate: Fri Jul 26 10:31:07 2019 +0200

    Read all the certificates from 
/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
    and add them.
---
 .../tribes/membership/cloud/AbstractStreamProvider.java      | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git 
a/java/org/apache/catalina/tribes/membership/cloud/AbstractStreamProvider.java 
b/java/org/apache/catalina/tribes/membership/cloud/AbstractStreamProvider.java
index a3da2d7..1aa68bf 100644
--- 
a/java/org/apache/catalina/tribes/membership/cloud/AbstractStreamProvider.java
+++ 
b/java/org/apache/catalina/tribes/membership/cloud/AbstractStreamProvider.java
@@ -28,6 +28,8 @@ import java.security.KeyStore;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.Iterator;
 import java.util.Map;
 
 import javax.net.ssl.HttpsURLConnection;
@@ -113,13 +115,17 @@ public abstract class AbstractStreamProvider implements 
StreamProvider {
         if (caCertFile != null) {
             try (InputStream pemInputStream = new BufferedInputStream(new 
FileInputStream(caCertFile))) {
                 CertificateFactory certFactory = 
CertificateFactory.getInstance("X509");
-                X509Certificate cert = 
(X509Certificate)certFactory.generateCertificate(pemInputStream);
 
                 KeyStore trustStore = KeyStore.getInstance("JKS");
                 trustStore.load(null);
 
-                String alias = cert.getSubjectX500Principal().getName();
-                trustStore.setCertificateEntry(alias, cert);
+                Collection c = 
certFactory.generateCertificates(pemInputStream);
+                Iterator i = c.iterator();
+                while (i.hasNext()) {
+                   X509Certificate cert = (X509Certificate)i.next();
+                   String alias = cert.getSubjectX500Principal().getName();
+                   trustStore.setCertificateEntry(alias, cert);
+                }
 
                 TrustManagerFactory trustManagerFactory = 
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                 trustManagerFactory.init(trustStore);


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: Read all the certificates from /var/run/secrets/kubernetes.io/serviceaccount/ca.crt and add them.

Reply via email to