external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 9b9cc3d3 | patch | commit | ignore whitespace

Fix for issue 2059. Use the SHA1 and MD5 fingerprints of the certificate i...

jvergara

14.20.2007 ca2bcb4942289edd29ba76d90242bd028638c7b5

Fix for issue 2059.  Use the SHA1 and MD5 fingerprints of the certificate instead of the signature and public keys.

3 files modified

	opends/src/messages/messages/quicksetup.properties	6 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/quicksetup/org/opends/quicksetup/CliApplicationHelper.java	14 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/quicksetup/org/opends/quicksetup/ui/CertificateDialog.java	103 ●●●●● patch \| view \| raw \| blame \| history

 opends/src/messages/messages/quicksetup.properties

@@ -150,17 +150,15 @@
 certificate carefully.\nAre you willing to accept this certificate for the \
 purpose of identifying the server %s:%s?
INFO_CERTIFICATE_NOT_VALID_YET=%s - Not valid yet
INFO_CERTIFICATE_PUBLIC_KEY_LABEL=Public Key:
INFO_CERTIFICATE_SERIAL_NUMBER_LABEL=Serial Number:
INFO_CERTIFICATE_SHOW_DETAILS_TEXT=<br><br><a href="">Show Certificate \
 Details</a>
INFO_CERTIFICATE_SIGNATURE_ALGORITHM_LABEL=Signature Algorithm:
INFO_CERTIFICATE_SIGNATURE_LABEL=Signature:
INFO_CERTIFICATE_SHA1_FINGERPRINT_LABEL=SHA1 Fingerprint:
INFO_CERTIFICATE_MD5_FINGERPRINT_LABEL=MD5 Fingerprint:
INFO_CERTIFICATE_SUBJECT_LABEL=Subject:
INFO_CERTIFICATE_TITLE=Certificate Not Trusted
INFO_CERTIFICATE_TYPE_LABEL=Type:
INFO_CERTIFICATE_VALID_FROM_LABEL=Valid From:
INFO_CERTIFICATE_VERSION_LABEL=Version:
INFO_CHECKBOX_COLOR=000,000,000
INFO_CLI_ERROR_READING_STDIN=Unexpected error reading standard input.
INFO_CLI_UNKNOWN_ARGUMENT=Unknown argument %s

 opends/src/quicksetup/org/opends/quicksetup/CliApplicationHelper.java

@@ -956,11 +956,9 @@
        INFO_CERTIFICATE_VALID_FROM_LABEL.get(),
        INFO_CERTIFICATE_EXPIRES_ON_LABEL.get(),
        INFO_CERTIFICATE_TYPE_LABEL.get(),
        INFO_CERTIFICATE_SERIAL_NUMBER_LABEL.get(),
        INFO_CERTIFICATE_SIGNATURE_LABEL.get(),
        INFO_CERTIFICATE_SIGNATURE_ALGORITHM_LABEL.get(),
        INFO_CERTIFICATE_VERSION_LABEL.get(),
        INFO_CERTIFICATE_PUBLIC_KEY_LABEL.get()
        INFO_CERTIFICATE_SERIAL_NUMBER_LABEL.get()
        INFO_CERTIFICATE_MD5_FINGERPRINT_LABEL.get(),
        INFO_CERTIFICATE_SHA1_FINGERPRINT_LABEL.get()
    };
    for (int i=0; i<udce.getChain().length; i++)
    {
@@ -973,10 +971,8 @@
          CertificateDialog.getExpiresOn(cert),
          cert.getType(),
          String.valueOf(cert.getSerialNumber()),
          CertificateDialog.getSignature(cert).toString(),
          String.valueOf(cert.getSigAlgName()),
          String.valueOf(cert.getVersion()),
          cert.getPublicKey().toString()
          CertificateDialog.getMD5FingerPrint(cert).toString(),
          CertificateDialog.getSHA1FingerPrint(cert).toString()
      };
      for (int j=0; j<labels.length; j++)
      {

 opends/src/quicksetup/org/opends/quicksetup/ui/CertificateDialog.java

@@ -36,6 +36,9 @@
import java.awt.event.ActionListener;
import java.awt.event.WindowAdapter;
import java.awt.event.WindowEvent;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.util.Date;
@@ -385,10 +388,8 @@
          INFO_CERTIFICATE_EXPIRES_ON_LABEL.get(),
          INFO_CERTIFICATE_TYPE_LABEL.get(),
          INFO_CERTIFICATE_SERIAL_NUMBER_LABEL.get(),
          INFO_CERTIFICATE_SIGNATURE_LABEL.get(),
          INFO_CERTIFICATE_SIGNATURE_ALGORITHM_LABEL.get(),
          INFO_CERTIFICATE_VERSION_LABEL.get(),
          INFO_CERTIFICATE_PUBLIC_KEY_LABEL.get()
          INFO_CERTIFICATE_MD5_FINGERPRINT_LABEL.get(),
          INFO_CERTIFICATE_SHA1_FINGERPRINT_LABEL.get()
      };

      for (int i=0; i<ce.getChain().length; i++)
@@ -402,10 +403,8 @@
            createExpiresOnComponent(cert),
            createTypeComponent(cert),
            createSerialNumberComponent(cert),
            createSignatureComponent(cert),
            createSignatureAlgorithmComponent(cert),
            createVersionComponent(cert),
            createPublicKeyComponent(cert)
            createMD5FingerprintComponent(cert),
            createSHA1FingerprintComponent(cert)
        };
        JPanel certPanel = UIFactory.makeJPanel();
        certPanel.setLayout(new GridBagLayout());
@@ -634,48 +633,78 @@


  /**
   * Returns the string representation using hexadecimal addresses of the
   * signature of a given certificate.
   * Returns the Message representation of the SHA1 fingerprint.
   * @param cert the certificate object.
   * @return the string representation using hexadecimal addresses of the
   * signature of a given certificate.
   * @return the Message representation of the SHA1 fingerprint.
   */
  public static Message getSignature(X509Certificate cert)
  public static Message getSHA1FingerPrint(X509Certificate cert)
  {
    byte[] sig = cert.getSignature();
    MessageBuilder sb = new MessageBuilder();
    for (int i = 0; i < sig.length; i++)
    {
      if (i > 0)
    Message msg = null;
    try {
      MessageDigest md = MessageDigest.getInstance("SHA1");

      byte[] b = md.digest(cert.getEncoded());
      StringBuilder sb = new StringBuilder();
      for (int i = 0; i < b.length; i++)
      {
        sb.append(":");
        if (i > 0)
        {
          sb.append(":");
        }
        sb.append(Integer.toHexString(((int) b[i]) & 0xFF));
      }
      sb.append(Integer.toHexString(((int) sig[i]) & 0xFF));
      msg = Message.raw(sb);
    }
    return sb.toMessage();
    catch (NoSuchAlgorithmException nsae) {
      LOG.log(Level.WARNING, "SHA1 algorithm not supported: "+nsae, nsae);
    }
    catch (CertificateEncodingException cee) {
      LOG.log(Level.WARNING, "Certificate encoding exception: "+cee, cee);
    }
    return msg;
  }

  private JComponent createSignatureComponent(X509Certificate cert)
  /**
   * Returns the Message representation of the MD5 fingerprint.
   * @param cert the certificate object.
   * @return the Message representation of the MD5 fingerprint.
   */
  public static Message getMD5FingerPrint(X509Certificate cert)
  {
    return UIFactory.makeTextPane(getSignature(cert),
    Message msg = null;
    try {
      MessageDigest md = MessageDigest.getInstance("MD5");

      byte[] b = md.digest(cert.getEncoded());
      StringBuilder sb = new StringBuilder();
      for (int i = 0; i < b.length; i++)
      {
        if (i > 0)
        {
          sb.append(":");
        }
        sb.append(Integer.toHexString(((int) b[i]) & 0xFF));
      }
      msg = Message.raw(sb);
    }
    catch (NoSuchAlgorithmException nsae) {
      LOG.log(Level.WARNING, "MD5 algorithm not supported: "+nsae, nsae);
    }
    catch (CertificateEncodingException cee) {
      LOG.log(Level.WARNING, "Certificate encoding exception: "+cee, cee);
    }
    return msg;
  }

  private JComponent createSHA1FingerprintComponent(X509Certificate cert)
  {
    return UIFactory.makeTextPane(getSHA1FingerPrint(cert),
        UIFactory.TextStyle.SECONDARY_FIELD_VALID);
  }

  private JComponent createSignatureAlgorithmComponent(X509Certificate cert)
  private JComponent createMD5FingerprintComponent(X509Certificate cert)
  {
    Message signature = Message.raw(String.valueOf(cert.getSigAlgName()));
    return makeValueLabel(signature);
  }

  private JComponent createVersionComponent(X509Certificate cert)
  {
    Message version = Message.raw(String.valueOf(cert.getVersion()));
    return makeValueLabel(version);
  }

  private JComponent createPublicKeyComponent(X509Certificate cert)
  {
    return UIFactory.makeTextPane(Message.raw(cert.getPublicKey().toString()),
    return UIFactory.makeTextPane(getMD5FingerPrint(cert),
        UIFactory.TextStyle.SECONDARY_FIELD_VALID);
  }

			@@ -150,17 +150,15 @@
			certificate carefully.\nAre you willing to accept this certificate for the \
			purpose of identifying the server %s:%s?
			INFO_CERTIFICATE_NOT_VALID_YET=%s - Not valid yet
			INFO_CERTIFICATE_PUBLIC_KEY_LABEL=Public Key:
			INFO_CERTIFICATE_SERIAL_NUMBER_LABEL=Serial Number:
			INFO_CERTIFICATE_SHOW_DETAILS_TEXT=<br><br><a href="">Show Certificate \
			Details</a>
			INFO_CERTIFICATE_SIGNATURE_ALGORITHM_LABEL=Signature Algorithm:
			INFO_CERTIFICATE_SIGNATURE_LABEL=Signature:
			INFO_CERTIFICATE_SHA1_FINGERPRINT_LABEL=SHA1 Fingerprint:
			INFO_CERTIFICATE_MD5_FINGERPRINT_LABEL=MD5 Fingerprint:
			INFO_CERTIFICATE_SUBJECT_LABEL=Subject:
			INFO_CERTIFICATE_TITLE=Certificate Not Trusted
			INFO_CERTIFICATE_TYPE_LABEL=Type:
			INFO_CERTIFICATE_VALID_FROM_LABEL=Valid From:
			INFO_CERTIFICATE_VERSION_LABEL=Version:
			INFO_CHECKBOX_COLOR=000,000,000
			INFO_CLI_ERROR_READING_STDIN=Unexpected error reading standard input.
			INFO_CLI_UNKNOWN_ARGUMENT=Unknown argument %s

			@@ -956,11 +956,9 @@
			INFO_CERTIFICATE_VALID_FROM_LABEL.get(),
			INFO_CERTIFICATE_EXPIRES_ON_LABEL.get(),
			INFO_CERTIFICATE_TYPE_LABEL.get(),
			INFO_CERTIFICATE_SERIAL_NUMBER_LABEL.get(),
			INFO_CERTIFICATE_SIGNATURE_LABEL.get(),
			INFO_CERTIFICATE_SIGNATURE_ALGORITHM_LABEL.get(),
			INFO_CERTIFICATE_VERSION_LABEL.get(),
			INFO_CERTIFICATE_PUBLIC_KEY_LABEL.get()
			INFO_CERTIFICATE_SERIAL_NUMBER_LABEL.get()
			INFO_CERTIFICATE_MD5_FINGERPRINT_LABEL.get(),
			INFO_CERTIFICATE_SHA1_FINGERPRINT_LABEL.get()
			};
			for (int i=0; i<udce.getChain().length; i++)
			{
			@@ -973,10 +971,8 @@
			CertificateDialog.getExpiresOn(cert),
			cert.getType(),
			String.valueOf(cert.getSerialNumber()),
			CertificateDialog.getSignature(cert).toString(),
			String.valueOf(cert.getSigAlgName()),
			String.valueOf(cert.getVersion()),
			cert.getPublicKey().toString()
			CertificateDialog.getMD5FingerPrint(cert).toString(),
			CertificateDialog.getSHA1FingerPrint(cert).toString()
			};
			for (int j=0; j<labels.length; j++)
			{

			@@ -36,6 +36,9 @@
			import java.awt.event.ActionListener;
			import java.awt.event.WindowAdapter;
			import java.awt.event.WindowEvent;
			import java.security.MessageDigest;
			import java.security.NoSuchAlgorithmException;
			import java.security.cert.CertificateEncodingException;
			import java.security.cert.X509Certificate;
			import java.text.DateFormat;
			import java.util.Date;
			@@ -385,10 +388,8 @@
			INFO_CERTIFICATE_EXPIRES_ON_LABEL.get(),
			INFO_CERTIFICATE_TYPE_LABEL.get(),
			INFO_CERTIFICATE_SERIAL_NUMBER_LABEL.get(),
			INFO_CERTIFICATE_SIGNATURE_LABEL.get(),
			INFO_CERTIFICATE_SIGNATURE_ALGORITHM_LABEL.get(),
			INFO_CERTIFICATE_VERSION_LABEL.get(),
			INFO_CERTIFICATE_PUBLIC_KEY_LABEL.get()
			INFO_CERTIFICATE_MD5_FINGERPRINT_LABEL.get(),
			INFO_CERTIFICATE_SHA1_FINGERPRINT_LABEL.get()
			};

			for (int i=0; i<ce.getChain().length; i++)
			@@ -402,10 +403,8 @@
			createExpiresOnComponent(cert),
			createTypeComponent(cert),
			createSerialNumberComponent(cert),
			createSignatureComponent(cert),
			createSignatureAlgorithmComponent(cert),
			createVersionComponent(cert),
			createPublicKeyComponent(cert)
			createMD5FingerprintComponent(cert),
			createSHA1FingerprintComponent(cert)
			};
			JPanel certPanel = UIFactory.makeJPanel();
			certPanel.setLayout(new GridBagLayout());
			@@ -634,48 +633,78 @@


			/**
			* Returns the string representation using hexadecimal addresses of the
			* signature of a given certificate.
			* Returns the Message representation of the SHA1 fingerprint.
			* @param cert the certificate object.
			* @return the string representation using hexadecimal addresses of the
			* signature of a given certificate.
			* @return the Message representation of the SHA1 fingerprint.
			*/
			public static Message getSignature(X509Certificate cert)
			public static Message getSHA1FingerPrint(X509Certificate cert)
			{
			byte[] sig = cert.getSignature();
			MessageBuilder sb = new MessageBuilder();
			for (int i = 0; i < sig.length; i++)
			{
			if (i > 0)
			Message msg = null;
			try {
			MessageDigest md = MessageDigest.getInstance("SHA1");

			byte[] b = md.digest(cert.getEncoded());
			StringBuilder sb = new StringBuilder();
			for (int i = 0; i < b.length; i++)
			{
			sb.append(":");
			if (i > 0)
			{
			sb.append(":");
			}
			sb.append(Integer.toHexString(((int) b[i]) & 0xFF));
			}
			sb.append(Integer.toHexString(((int) sig[i]) & 0xFF));
			msg = Message.raw(sb);
			}
			return sb.toMessage();
			catch (NoSuchAlgorithmException nsae) {
			LOG.log(Level.WARNING, "SHA1 algorithm not supported: "+nsae, nsae);
			}
			catch (CertificateEncodingException cee) {
			LOG.log(Level.WARNING, "Certificate encoding exception: "+cee, cee);
			}
			return msg;
			}

			private JComponent createSignatureComponent(X509Certificate cert)
			/**
			* Returns the Message representation of the MD5 fingerprint.
			* @param cert the certificate object.
			* @return the Message representation of the MD5 fingerprint.
			*/
			public static Message getMD5FingerPrint(X509Certificate cert)
			{
			return UIFactory.makeTextPane(getSignature(cert),
			Message msg = null;
			try {
			MessageDigest md = MessageDigest.getInstance("MD5");

			byte[] b = md.digest(cert.getEncoded());
			StringBuilder sb = new StringBuilder();
			for (int i = 0; i < b.length; i++)
			{
			if (i > 0)
			{
			sb.append(":");
			}
			sb.append(Integer.toHexString(((int) b[i]) & 0xFF));
			}
			msg = Message.raw(sb);
			}
			catch (NoSuchAlgorithmException nsae) {
			LOG.log(Level.WARNING, "MD5 algorithm not supported: "+nsae, nsae);
			}
			catch (CertificateEncodingException cee) {
			LOG.log(Level.WARNING, "Certificate encoding exception: "+cee, cee);
			}
			return msg;
			}

			private JComponent createSHA1FingerprintComponent(X509Certificate cert)
			{
			return UIFactory.makeTextPane(getSHA1FingerPrint(cert),
			UIFactory.TextStyle.SECONDARY_FIELD_VALID);
			}

			private JComponent createSignatureAlgorithmComponent(X509Certificate cert)
			private JComponent createMD5FingerprintComponent(X509Certificate cert)
			{
			Message signature = Message.raw(String.valueOf(cert.getSigAlgName()));
			return makeValueLabel(signature);
			}

			private JComponent createVersionComponent(X509Certificate cert)
			{
			Message version = Message.raw(String.valueOf(cert.getVersion()));
			return makeValueLabel(version);
			}

			private JComponent createPublicKeyComponent(X509Certificate cert)
			{
			return UIFactory.makeTextPane(Message.raw(cert.getPublicKey().toString()),
			return UIFactory.makeTextPane(getMD5FingerPrint(cert),
			UIFactory.TextStyle.SECONDARY_FIELD_VALID);
			}