From de38d491e77f8501800587d5829d02214eedac38 Mon Sep 17 00:00:00 2001
From: jvergara <jvergara@localhost>
Date: Wed, 29 Jul 2009 16:09:59 +0000
Subject: [PATCH] Fix for issue 4155 (UI keystore does not handle properly certificates from the same host) If the provided certificate to be accepted in the key store is not already there, use a unique alias for the certificate.

---
 opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/util/UIKeyStore.java |   39 +++++++++++++++++++++++++++++++++++++--
 1 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/util/UIKeyStore.java b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/util/UIKeyStore.java
index d1cf8c5..cec5be2 100644
--- a/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/util/UIKeyStore.java
+++ b/opendj-sdk/opends/src/quicksetup/org/opends/quicksetup/util/UIKeyStore.java
@@ -35,6 +35,7 @@
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
@@ -143,8 +144,17 @@
     KeyStore k = getInstance();
     for (int i = 0; i < chain.length; i++)
     {
-      String alias = chain[i].getSubjectDN().getName();
-      k.setCertificateEntry(alias, chain[i]);
+      if (!containsCertificate(chain[i], k))
+      {
+        String alias = chain[i].getSubjectDN().getName();
+        int j = 1;
+        while (k.containsAlias(alias))
+        {
+          alias = chain[i].getSubjectDN().getName()+ "-" + j;
+          j++;
+        }
+        k.setCertificateEntry(alias, chain[i]);
+      }
     }
     String keyStorePath = getKeyStorePath();
     File f = new File(keyStorePath);
@@ -254,4 +264,29 @@
     return  instancePath + File.separator + "config" +
     File.separator + "admin-truststore";
   }
+
+  /**
+   * Returns whether the key store contains the provided certificate or not.
+   * @param cert the certificate.
+   * @param keyStore the key store.
+   * @return whether the key store contains the provided certificate or not.
+   * @throws KeyStoreException if an error occurs reading the contents of the
+   * key store.
+   */
+  private static boolean containsCertificate(X509Certificate cert,
+      KeyStore keyStore) throws KeyStoreException
+  {
+    boolean found = false;
+    Enumeration<String> aliases = keyStore.aliases();
+    while (aliases.hasMoreElements() && !found)
+    {
+      String alias = aliases.nextElement();
+      if (keyStore.isCertificateEntry(alias))
+      {
+        Certificate c = keyStore.getCertificate(alias);
+        found = c.equals(cert);
+      }
+    }
+    return found;
+  }
 }

--
Gitblit v1.10.0