From 19b359ea2974b080bab132c28f521dfea245c21c Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Wed, 20 Jan 2010 21:18:33 +0000
Subject: [PATCH] Remove extraneous generateCertificateRequest method from crypto manager. Issue 4497
---
opends/src/server/org/opends/server/util/CertificateManager.java | 35 --
opends/src/server/org/opends/server/util/Platform.java | 503 +-------------------------------------
opends/tests/unit-tests-testng/src/server/org/opends/server/util/CertificateManagerTestCase.java | 235 ------------------
3 files changed, 21 insertions(+), 752 deletions(-)
diff --git a/opends/src/server/org/opends/server/util/CertificateManager.java b/opends/src/server/org/opends/server/util/CertificateManager.java
index 4b78091..08818da 100644
--- a/opends/src/server/org/opends/server/util/CertificateManager.java
+++ b/opends/src/server/org/opends/server/util/CertificateManager.java
@@ -22,7 +22,7 @@
* CDDL HEADER END
*
*
- * Copyright 2008-2009 Sun Microsystems, Inc.
+ * Copyright 2008-2010 Sun Microsystems, Inc.
*/
package org.opends.server.util;
@@ -284,39 +284,6 @@
keyStorePath, alias, password, subjectDN, validity);
}
- /**
- * Generates a certificate signing request (CSR) using the provided
- * information.
- *
- * @param alias The nickname to use for the certificate in the key
- * store. For the server certificate, it should generally
- * be "server-cert". It must not be {@code null} or empty.
- * @param subjectDN The subject DN to use for the certificate. It must not
- * be {@code null} or empty.
- *
- * @return The file containing the generated certificate signing request.
- *
- * @throws KeyStoreException If a problem occurs while actually attempting
- * to generate the private key in the key store or
- * generate the certificate signing request based
- * on that key.
- *@throws IllegalArgumentException If the alias already exists in the
- * keystore.
- */
- public File
- generateCertificateSigningRequest(final String alias, final String subjectDN)
- throws KeyStoreException, IllegalArgumentException {
- ensureValid(alias, CERT_ALIAS_MSG);
- ensureValid(subjectDN, SUBJECT_DN_MSG);
- if (aliasInUse(alias)) {
- Message msg = ERR_CERTMGR_ALIAS_ALREADY_EXISTS.get(alias);
- throw new IllegalArgumentException(msg.toString());
- }
- keyStore = null;
- return Platform.generateCertificateRequest(getKeyStore(), keyStoreType,
- keyStorePath, alias, password, subjectDN);
- }
-
/**
diff --git a/opends/src/server/org/opends/server/util/Platform.java b/opends/src/server/org/opends/server/util/Platform.java
index d57a678..160b613 100644
--- a/opends/src/server/org/opends/server/util/Platform.java
+++ b/opends/src/server/org/opends/server/util/Platform.java
@@ -22,7 +22,7 @@
* CDDL HEADER END
*
*
- * Copyright 2010 Sun Microsystems, Inc.
+ * Copyright 2009-2010 Sun Microsystems, Inc.
*/
package org.opends.server.util;
@@ -31,22 +31,17 @@
import java.security.KeyStoreException;
import java.security.KeyStore;
import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
-import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
-import java.io.PrintStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
import org.opends.messages.Message;
import static org.opends.messages.UtilityMessages.*;
-
/**
* Provides a wrapper class that collects all of the JVM vendor
* and JDK version specific code in a single place.
@@ -57,10 +52,6 @@
//Prefix that determines which security package to use.
private static String pkgPrefix;
- //IBM security package doesn't appear to support PCKS10, this flags turns
- //off support for that.
- private static boolean certReqAllowed;
-
//The two security package prefixes (IBM and SUN).
private static final String IBM_SEC = "com.ibm.security";
private static final String SUN_SEC = "sun.security";
@@ -74,28 +65,22 @@
if(vendor.startsWith("IBM"))
{
pkgPrefix = IBM_SEC;
- certReqAllowed = false;
if(ver.startsWith("1.5"))
{
IMPL = new IBM5PlatformIMPL();
}
else
{
- IMPL = new JDK6PlatformIMPL();
+ IMPL = new DefaultPlatformIMPL();
}
}
else
{
pkgPrefix = SUN_SEC;
- certReqAllowed = true;
if(ver.startsWith("1.5"))
{
IMPL = new Sun5PlatformIMPL();
}
- else if(ver.startsWith("1.6"))
- {
- IMPL = new JDK6PlatformIMPL();
- }
else
{
IMPL = new DefaultPlatformIMPL();
@@ -111,44 +96,30 @@
//Key size, key algorithm and signature algorithms used.
private static final int KEY_SIZE = 1024;
private static final String KEY_ALGORITHM = "rsa";
- static final String SIG_ALGORITHM = "SHA1WithRSA";
+ private static final String SIG_ALGORITHM = "SHA1WithRSA";
//Time values used in validity calculations.
private static final int SEC_IN_DAY = 24 * 60 * 60;
- static final int DEFAULT_VALIDITY = 90 * SEC_IN_DAY;
-
- //These two are used to build certificate request files.
- static final String TMPFILE_PREFIX = "CertificateManager-";
- static final String TMPFILE_EXT = ".csr";
//Methods pulled from the classes.
- static final String ENCODE_SIGN_METHOD = "encodeAndSign";
private static final String GENERATE_METHOD = "generate";
private static final String GET_PRIVATE_KEY_METHOD = "getPrivateKey";
private static final String GET_SELFSIGNED_CERT_METHOD =
"getSelfCertificate";
- static final String PRINT_METHOD = "print";
//Classes needed to manage certificates.
- static Class<?> certKeyGenClass, X500NameClass;
- static Class<?> PKCS10Class;
+ private static Class<?> certKeyGenClass, X500NameClass;
//Constructors for each of the above classes.
- static Constructor<?> certKeyGenCons, X500NameCons, pkcs10Cons;
+ private static Constructor<?> certKeyGenCons, X500NameCons;
static {
String x509pkg = pkgPrefix + ".x509";
- String pkcs10Pkg = pkgPrefix + ".pkcs";
String certAndKeyGen= x509pkg + ".CertAndKeyGen";
String X500Name = x509pkg + ".X500Name";
try {
certKeyGenClass = Class.forName(certAndKeyGen);
X500NameClass = Class.forName(X500Name);
- if(certReqAllowed) {
- String pkcs10 = pkcs10Pkg + ".PKCS10";
- PKCS10Class = Class.forName(pkcs10);
- pkcs10Cons = PKCS10Class.getConstructor(PublicKey.class);
- }
certKeyGenCons =
certKeyGenClass.getConstructor(String.class, String.class);
X500NameCons = X500NameClass.getConstructor(String.class);
@@ -164,11 +135,8 @@
}
}
- protected PlatformIMPL() {}
- public abstract File generateCertificateRequest(KeyStore ks,
- String ksType, String ksPath, String alias,
- char[] pwd, String dn) throws KeyStoreException;
+ protected PlatformIMPL() {}
/**
@@ -199,6 +167,7 @@
}
}
+
/**
* Add the certificate in the specified path to the specified keystore,
* creating the keystore using the specified type and path if it the
@@ -247,6 +216,7 @@
}
}
+
/**
* Generate a self-signed certificate using the specified alias, dn
* string and validity period. If the keystore does not exist, create it
@@ -306,6 +276,7 @@
return ks;
}
+
/**
* Generate a x509 certificate from the input stream. Verification is
* done only if it is self-signed.
@@ -321,7 +292,7 @@
private void trustedCert(String alias, CertificateFactory cf,
KeyStore ks, InputStream in) throws KeyStoreException {
try {
- if (ks.containsAlias(alias) == true) {
+ if (ks.containsAlias(alias)) {
Message msg = ERR_CERTMGR_ALIAS_ALREADY_EXISTS.get(alias);
throw new KeyStoreException(msg.toString());
}
@@ -336,6 +307,7 @@
}
}
+
/**
* Check that the issuer and subject DNs match.
*
@@ -347,41 +319,6 @@
}
/**
- * Returns the private key associated with specified alias and keystore.
- * The keystore was already checked for existance.
- *
- * @param ks The keystore to get the private key from, it must exist.
- * @param alias The alias to get the private key of.
- * @param pwd The password used to get the key from the keystore.
- * @return The private key of related to the alias.
- *
- * @throws KeyStoreException If the alias is not in the keystore, the
- * entry related to the alias is not of
- */
- PrivateKey getPrivateKey(KeyStore ks, String alias, char[] pwd)
- throws KeyStoreException {
- PrivateKey key = null;
- try {
- if(!ks.containsAlias(alias)) {
- Message msg = ERR_CERTMGR_ALIAS_DOES_NOT_EXIST.get(alias);
- throw new KeyStoreException(msg.toString());
- }
- if(!ks.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class) &&
- !ks.entryInstanceOf(alias, KeyStore.SecretKeyEntry.class)) {
- Message msg =
- ERR_CERTMGR_ALIAS_INVALID_ENTRY_TYPE.get(alias);
- throw new KeyStoreException(msg.toString());
- }
- key = (PrivateKey)ks.getKey(alias, pwd);
- } catch (Exception e) {
- Message msg =
- ERR_CERTMGR_GET_KEY.get(alias,e.getMessage());
- throw new KeyStoreException(msg.toString());
- }
- return key;
- }
-
- /**
* Normalize the data in the specified buffer.
*
* @param buffer The buffer to normalize.
@@ -431,27 +368,6 @@
/**
- * Generate a certificate request using the specified parameters.
- *
- * @param ks The keystore to use in the request creation.
- * @param ksType The keystore type.
- * @param ksPath The path to the keystore.
- * @param alias The alias to use in the request generation.
- * @param pwd The keystore password to use.
- * @param dn A dn string to use as the certificate subject.
- * @return A file object pointing at the created certificate request.
- *
- * @throws KeyStoreException If the certificate request failed.
- */
- public static File generateCertificateRequest(KeyStore ks, String ksType,
- String ksPath, String alias, char[] pwd, String dn)
- throws KeyStoreException {
- return IMPL.generateCertificateRequest(ks, ksType, ksPath, alias,
- pwd, dn);
- }
-
-
- /**
* Generate a self-signed certificate using the specified alias, dn
* string and validity period. If the keystore does not exist, it will be
* created using the specified keystore type and path.
@@ -486,40 +402,22 @@
//Normalized form method.
private static final Object FORM_NFKC;
- private static Class<?> X500SignerClass;
- private static Constructor<?> X500SignerCons;
-
static {
Method normalize = null;
Object formNFKC = null;
- String x509pkg = pkgPrefix + ".x509";
- String X500Signer = x509pkg + ".X500Signer";
try {
Class<?> normalizer = Class.forName("sun.text.Normalizer");
formNFKC = normalizer.getField("DECOMP_COMPAT").get(null);
Class<?> normalizerForm = Class.forName("sun.text.Normalizer$Mode");
normalize = normalizer.getMethod("normalize", String.class,
normalizerForm, Integer.TYPE);
- X500SignerClass = Class.forName(X500Signer);
- X500SignerCons = X500SignerClass.getConstructor(Signature.class,
- X500NameClass);
- }
- catch (ClassNotFoundException e) {
- Message msg = ERR_CERTMGR_CLASS_NOT_FOUND.get(e.getMessage());
- throw new ExceptionInInitializerError(msg.toString());
- } catch (SecurityException e) {
- Message msg = ERR_CERTMGR_SECURITY.get(e.getMessage());
- throw new ExceptionInInitializerError(msg.toString());
- } catch (NoSuchMethodException e) {
- Message msg = ERR_CERTMGR_NO_METHOD.get(e.getMessage());
- throw new ExceptionInInitializerError(msg.toString());
}
catch (Exception ex) {
- // Do not use Normalizer. The values are already set to null.
+ // Do not use Normalizer. The values are already set to null.
}
- NORMALIZE = normalize;
- FORM_NFKC = formNFKC;
- }
+ NORMALIZE = normalize;
+ FORM_NFKC = formNFKC;
+ }
@Override
@@ -533,76 +431,6 @@
//Don't do anything. buffer should be used.
}
}
-
- /**
- * Generate a certificate request. Note that this methods checks if
- * the certificate request generation is allowed and throws an
- * exception if it isn't supported. Some vendors JDKs aren't compatible
- * with Sun's certificate request generation classes so they aren't
- * supported. Note this method uses the X500Signer class which has been
- * deprecated in JDK 1.7.
- *
- * @param ks The keystore to use in the request creation.
- * @param ksType The keystore type.
- * @param ksPath The path to the keystore.
- * @param alias The alias to use in the request generation.
- * @param pwd The keystore password to use.
- * @param dn A dn string to use as the certificate subject.
- *
- * @return A file object pointing at the created certificate request.
- * @throws KeyStoreException If the certificate request failed.
- */
- public File
- generateCertificateRequest(KeyStore ks, String ksType, String ksPath,
- String alias, char[] pwd, String dn) throws KeyStoreException {
- if(!certReqAllowed) {
- String vendor = System.getProperty("java.vendor");
- Message msg =
- ERR_CERTMGR_CERT_SIGN_REQ_NOT_SUPPORTED.get(vendor);
- throw new KeyStoreException(msg.toString());
- }
- KeyStore keyStore = generateSelfSignedCertificate(ks, ksType, ksPath,
- alias, pwd, dn, DEFAULT_VALIDITY);
- File csrFile;
- try {
- csrFile = File.createTempFile(TMPFILE_PREFIX, TMPFILE_EXT);
- csrFile.deleteOnExit();
- PrintStream printStream =
- new PrintStream(new FileOutputStream(csrFile.getAbsolutePath()));
- if(keyStore == null) {
- Message msg = ERR_CERTMGR_KEYSTORE_NONEXISTANT.get();
- throw new KeyStoreException(msg.toString());
- }
- PrivateKey privateKey = getPrivateKey(keyStore, alias, pwd);
- if(privateKey == null) {
- Message msg = ERR_CERTMGR_PRIVATE_KEY.get(alias);
- throw new KeyStoreException(msg.toString());
- }
- Certificate cert = keyStore.getCertificate(alias);
- if(cert == null) {
- Message msg = ERR_CERTMGR_ALIAS_NO_CERTIFICATE.get(alias);
- throw new KeyStoreException(msg.toString());
- }
- Signature signature = Signature.getInstance(SIG_ALGORITHM);
- signature.initSign(privateKey);
- Object request = pkcs10Cons.newInstance(cert.getPublicKey());
- Object subject = X500NameCons.newInstance(dn);
- Object signer =
- X500SignerCons.newInstance(signature, subject);
- Method encodeAndSign =
- PKCS10Class.getMethod(ENCODE_SIGN_METHOD, X500SignerClass);
- Method print =
- PKCS10Class.getMethod(PRINT_METHOD, PrintStream.class);
- encodeAndSign.invoke(request, signer);
- print.invoke(request, printStream);
- printStream.close();
- } catch (Exception e) {
- Message msg = ERR_CERTMGR_CERT_REQUEST.get(alias,e.getMessage());
- throw new KeyStoreException(msg.toString());
- }
- return csrFile;
- }
-
}
/**
@@ -643,312 +471,19 @@
//Don't do anything. buffer should be used.
}
}
-
- /**
- * Generate a certificate request. Note that this methods checks if
- * the certificate request generation is allowed and throws an
- * exception if it isn't supported. Some vendors JDKs aren't compatible
- * with Sun's certificate request generation classes so they aren't
- * supported.
- *
- * @param ks The keystore to use in the request creation.
- * @param ksType The keystore type.
- * @param ksPath The path to the keystore.
- * @param alias The alias to use in the request generation.
- * @param pwd The keystore password to use.
- * @param dn A dn string to use as the certificate subject.
- *
- * @return A file object pointing at the created certificate request.
- * @throws KeyStoreException If the certificate request failed.
- */
- public File
- generateCertificateRequest(KeyStore ks, String ksType, String ksPath,
- String alias, char[] pwd, String dn) throws KeyStoreException {
- if(!certReqAllowed) {
- String vendor = System.getProperty("java.vendor");
- Message msg =
- ERR_CERTMGR_CERT_SIGN_REQ_NOT_SUPPORTED.get(vendor);
- throw new KeyStoreException(msg.toString());
- }
- KeyStore keyStore = generateSelfSignedCertificate(ks, ksType, ksPath,
- alias, pwd, dn, DEFAULT_VALIDITY);
- File csrFile;
- try {
- csrFile = File.createTempFile(TMPFILE_PREFIX, TMPFILE_EXT);
- csrFile.deleteOnExit();
- PrintStream printStream =
- new PrintStream(new FileOutputStream(csrFile.getAbsolutePath()));
- if(keyStore == null) {
- Message msg = ERR_CERTMGR_KEYSTORE_NONEXISTANT.get();
- throw new KeyStoreException(msg.toString());
- }
- PrivateKey privateKey = getPrivateKey(keyStore, alias, pwd);
- if(privateKey == null) {
- Message msg = ERR_CERTMGR_PRIVATE_KEY.get(alias);
- throw new KeyStoreException(msg.toString());
- }
- Certificate cert = keyStore.getCertificate(alias);
- if(cert == null) {
- Message msg = ERR_CERTMGR_ALIAS_NO_CERTIFICATE.get(alias);
- throw new KeyStoreException(msg.toString());
- }
- Signature signature = Signature.getInstance(SIG_ALGORITHM);
- signature.initSign(privateKey);
- Object request = pkcs10Cons.newInstance(cert.getPublicKey());
- Object subject = X500NameCons.newInstance(dn);
- Method encodeAndSign =
- PKCS10Class.getMethod(ENCODE_SIGN_METHOD, X500NameClass,
- Signature.class);
- Method print =
- PKCS10Class.getMethod(PRINT_METHOD, PrintStream.class);
- encodeAndSign.invoke(request, subject, signature);
- print.invoke(request, printStream);
- printStream.close();
- } catch (Exception e) {
- e.printStackTrace();
- Message msg = ERR_CERTMGR_CERT_REQUEST.get(alias,e.getMessage());
- throw new KeyStoreException(msg.toString());
- }
- return csrFile;
- }
}
/**
- * Default JDK 6 platform class.
- */
- private static class JDK6PlatformIMPL extends PlatformIMPL {
- //normalize method.
- private static final Method NORMALIZE;
- //Normalized form method.
- private static final Object FORM_NFKC;
-
- private static Class<?> X500SignerClass;
- private static Constructor<?> X500SignerCons;
-
- static {
- Method normalize = null;
- Object formNFKC = null;
- String x509pkg = pkgPrefix + ".x509";
- String X500Signer = x509pkg + ".X500Signer";
- try {
- Class<?> normalizer = Class.forName("java.text.Normalizer");
- Class<?> normalizerForm = Class.forName("java.text.Normalizer$Form");
- normalize = normalizer.getMethod("normalize", CharSequence.class,
- normalizerForm);
- formNFKC = normalizerForm.getField("NFKD").get(null);
- X500SignerClass = Class.forName(X500Signer);
- X500SignerCons = X500SignerClass.getConstructor(Signature.class,
- X500NameClass);
- }
- catch (ClassNotFoundException e) {
- Message msg = ERR_CERTMGR_CLASS_NOT_FOUND.get(e.getMessage());
- throw new ExceptionInInitializerError(msg.toString());
- } catch (SecurityException e) {
- Message msg = ERR_CERTMGR_SECURITY.get(e.getMessage());
- throw new ExceptionInInitializerError(msg.toString());
- } catch (NoSuchMethodException e) {
- Message msg = ERR_CERTMGR_NO_METHOD.get(e.getMessage());
- throw new ExceptionInInitializerError(msg.toString());
- }
- catch (Exception ex) {
- // Do not use Normalizer. The values are already set to null.
- }
- NORMALIZE = normalize;
- FORM_NFKC = formNFKC;
- }
-
-
- @Override
- public void normalize(StringBuilder buffer) {
-
- try {
- String normal = (String) NORMALIZE.invoke(null, buffer, FORM_NFKC);
- buffer.replace(0,buffer.length(),normal);
- }
- catch(Exception ex) {
- //Don't do anything. buffer should be used.
- }
- }
-
- /**
- * Generate a certificate request. Note that this methods checks if
- * the certificate request generation is allowed and throws an
- * exception if it isn't supported. Some vendors JDKs aren't compatible
- * with Sun's certificate request generation classes so they aren't
- * supported. Note this method uses the X500Signer class which has been
- * deprecated in JDK 1.7.
- *
- * @param ks The keystore to use in the request creation.
- * @param ksType The keystore type.
- * @param ksPath The path to the keystore.
- * @param alias The alias to use in the request generation.
- * @param pwd The keystore password to use.
- * @param dn A dn string to use as the certificate subject.
- *
- * @return A file object pointing at the created certificate request.
- * @throws KeyStoreException If the certificate request failed.
- */
- public File
- generateCertificateRequest(KeyStore ks, String ksType, String ksPath,
- String alias, char[] pwd, String dn) throws KeyStoreException {
- if(!certReqAllowed) {
- String vendor = System.getProperty("java.vendor");
- Message msg =
- ERR_CERTMGR_CERT_SIGN_REQ_NOT_SUPPORTED.get(vendor);
- throw new KeyStoreException(msg.toString());
- }
- KeyStore keyStore = generateSelfSignedCertificate(ks, ksType, ksPath,
- alias, pwd, dn, DEFAULT_VALIDITY);
- File csrFile;
- try {
- csrFile = File.createTempFile(TMPFILE_PREFIX, TMPFILE_EXT);
- csrFile.deleteOnExit();
- PrintStream printStream =
- new PrintStream(new FileOutputStream(csrFile.getAbsolutePath()));
- if(keyStore == null) {
- Message msg = ERR_CERTMGR_KEYSTORE_NONEXISTANT.get();
- throw new KeyStoreException(msg.toString());
- }
- PrivateKey privateKey = getPrivateKey(keyStore, alias, pwd);
- if(privateKey == null) {
- Message msg = ERR_CERTMGR_PRIVATE_KEY.get(alias);
- throw new KeyStoreException(msg.toString());
- }
- Certificate cert = keyStore.getCertificate(alias);
- if(cert == null) {
- Message msg = ERR_CERTMGR_ALIAS_NO_CERTIFICATE.get(alias);
- throw new KeyStoreException(msg.toString());
- }
- Signature signature = Signature.getInstance(SIG_ALGORITHM);
- signature.initSign(privateKey);
- Object request = pkcs10Cons.newInstance(cert.getPublicKey());
- Object subject = X500NameCons.newInstance(dn);
- Object signer =
- X500SignerCons.newInstance(signature, subject);
- Method encodeAndSign =
- PKCS10Class.getMethod(ENCODE_SIGN_METHOD, X500SignerClass);
- Method print =
- PKCS10Class.getMethod(PRINT_METHOD, PrintStream.class);
- encodeAndSign.invoke(request, signer);
- print.invoke(request, printStream);
- printStream.close();
- } catch (Exception e) {
- Message msg = ERR_CERTMGR_CERT_REQUEST.get(alias,e.getMessage());
- throw new KeyStoreException(msg.toString());
- }
- return csrFile;
- }
- }
-
-
-
-
- /**
* IBM JDK 5 platform class.
*/
private static class IBM5PlatformIMPL extends PlatformIMPL {
- //Classes needed to manage certificates.
- private static Class<?> X500SignerClass;
- private static Constructor<?> X500SignerCons;
-
- static {
- String x509pkg = pkgPrefix + ".x509";
- String X500Signer = x509pkg + ".X500Signer";
- try {
- X500SignerClass = Class.forName(X500Signer);
- X500SignerCons = X500SignerClass.getConstructor(Signature.class,
- X500NameClass);
- }
- catch (ClassNotFoundException e) {
- Message msg = ERR_CERTMGR_CLASS_NOT_FOUND.get(e.getMessage());
- throw new ExceptionInInitializerError(msg.toString());
- } catch (SecurityException e) {
- Message msg = ERR_CERTMGR_SECURITY.get(e.getMessage());
- throw new ExceptionInInitializerError(msg.toString());
- } catch (NoSuchMethodException e) {
- Message msg = ERR_CERTMGR_NO_METHOD.get(e.getMessage());
- throw new ExceptionInInitializerError(msg.toString());
- }
- }
-
- @Override
- public void normalize(StringBuilder buffer) {
- //No implementation.
- }
-
- /**
- * Generate a certificate request. Note that this methods checks if
- * the certificate request generation is allowed and throws an
- * exception if it isn't supported. Some vendors JDKs aren't compatible
- * with Sun's certificate request generation classes so they aren't
- * supported. Note this method uses the X500Signer class which has been
- * deprecated in JDK 1.7.
- *
- * @param ks The keystore to use in the request creation.
- * @param ksType The keystore type.
- * @param ksPath The path to the keystore.
- * @param alias The alias to use in the request generation.
- * @param pwd The keystore password to use.
- * @param dn A dn string to use as the certificate subject.
- *
- * @return A file object pointing at the created certificate request.
- * @throws KeyStoreException If the certificate request failed.
- */
- public File
- generateCertificateRequest(KeyStore ks, String ksType, String ksPath,
- String alias, char[] pwd, String dn) throws KeyStoreException {
- if(!certReqAllowed) {
- String vendor = System.getProperty("java.vendor");
- Message msg =
- ERR_CERTMGR_CERT_SIGN_REQ_NOT_SUPPORTED.get(vendor);
- throw new KeyStoreException(msg.toString());
- }
- KeyStore keyStore = generateSelfSignedCertificate(ks, ksType, ksPath,
- alias, pwd, dn, DEFAULT_VALIDITY);
- File csrFile;
- try {
- csrFile = File.createTempFile(TMPFILE_PREFIX, TMPFILE_EXT);
- csrFile.deleteOnExit();
- PrintStream printStream =
- new PrintStream(new FileOutputStream(csrFile.getAbsolutePath()));
- if(keyStore == null) {
- Message msg = ERR_CERTMGR_KEYSTORE_NONEXISTANT.get();
- throw new KeyStoreException(msg.toString());
- }
- PrivateKey privateKey = getPrivateKey(keyStore, alias, pwd);
- if(privateKey == null) {
- Message msg = ERR_CERTMGR_PRIVATE_KEY.get(alias);
- throw new KeyStoreException(msg.toString());
- }
- Certificate cert = keyStore.getCertificate(alias);
- if(cert == null) {
- Message msg = ERR_CERTMGR_ALIAS_NO_CERTIFICATE.get(alias);
- throw new KeyStoreException(msg.toString());
- }
- Signature signature = Signature.getInstance(SIG_ALGORITHM);
- signature.initSign(privateKey);
- Object request = pkcs10Cons.newInstance(cert.getPublicKey());
- Object subject = X500NameCons.newInstance(dn);
- Object signer =
- X500SignerCons.newInstance(signature, subject);
- Method encodeAndSign =
- PKCS10Class.getMethod(ENCODE_SIGN_METHOD, X500SignerClass);
- Method print =
- PKCS10Class.getMethod(PRINT_METHOD, PrintStream.class);
- encodeAndSign.invoke(request, signer);
- print.invoke(request, printStream);
- printStream.close();
- } catch (Exception e) {
- Message msg = ERR_CERTMGR_CERT_REQUEST.get(alias,e.getMessage());
- throw new KeyStoreException(msg.toString());
- }
- return csrFile;
- }
+ @Override
+ public void normalize(StringBuilder buffer) {
+ //No implementation.
+ }
}
-
-
/**
* Normalize the specified buffer.
*
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/util/CertificateManagerTestCase.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/util/CertificateManagerTestCase.java
index fe1b2be..11e8bb5 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/util/CertificateManagerTestCase.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/util/CertificateManagerTestCase.java
@@ -22,7 +22,7 @@
* CDDL HEADER END
*
*
- * Copyright 2008-2009 Sun Microsystems, Inc.
+ * Copyright 2008-2010 Sun Microsystems, Inc.
*/
package org.opends.server.util;
@@ -857,239 +857,6 @@
/**
- * Tests the {@code generateCertificateSigningRequest} method using a null
- * alias.
- *
- * @throws Exception If a problem occurs.
- */
- @Test()
- public void testGenerateCSRNullAlias()
- throws Exception
- {
- if (! CERT_MANAGER_AVAILABLE)
- {
- return;
- }
-
- CertificateManager certManager =
- new CertificateManager(JKS_KEY_STORE_PATH, "JKS", "password");
-
- try
- {
- certManager.generateCertificateSigningRequest(null, "CN=Test,O=test");
- fail("Expected an NPE due to a null alias");
- } catch (NullPointerException npe) {}
- }
-
-
-
- /**
- * Tests the {@code generateCertificateSigningRequest} method using an empty
- * alias.
- *
- * @throws Exception If a problem occurs.
- */
- @Test()
- public void testGenerateCSREmptyAlias()
- throws Exception
- {
- if (! CERT_MANAGER_AVAILABLE)
- {
- return;
- }
-
- CertificateManager certManager =
- new CertificateManager(JKS_KEY_STORE_PATH, "JKS", "password");
-
- try
- {
- certManager.generateCertificateSigningRequest("", "CN=Test,O=test");
- fail("Expected an NPE due to an empty alias");
- } catch (NullPointerException npe) {}
- }
-
-
-
- /**
- * Tests the {@code generateCertificateSigningRequest} method using an alias
- * that's already being used.
- *
- * @throws Exception If a problem occurs.
- */
- @Test()
- public void testGenerateCSRAliasInUse()
- throws Exception
- {
- if (! CERT_MANAGER_AVAILABLE || Platform.isVendor("IBM"))
- {
- return;
- }
-
- CertificateManager certManager =
- new CertificateManager(JKS_KEY_STORE_PATH, "JKS", "password");
-
- try
- {
- certManager.generateCertificateSigningRequest("server-cert",
- "CN=Test,O=test");
- fail("Expected an illegal argument exception to a duplicate alias");
- } catch (IllegalArgumentException iae) {}
- }
-
-
-
- /**
- * Tests the {@code generateCertificateSigningRequest} method using a null
- * subject.
- *
- * @throws Exception If a problem occurs.
- */
- @Test()
- public void testGenerateCSRNullSubject()
- throws Exception
- {
- if (! CERT_MANAGER_AVAILABLE)
- {
- return;
- }
-
- CertificateManager certManager =
- new CertificateManager(JKS_KEY_STORE_PATH, "JKS", "password");
-
- try
- {
- certManager.generateCertificateSigningRequest("test-cert", null);
- fail("Expected an NPE due to a null subject");
- } catch (NullPointerException npe) {}
- }
-
-
-
- /**
- * Tests the {@code generateCertificateSigningRequest} method using an empty
- * subject.
- *
- * @throws Exception If a problem occurs.
- */
- @Test()
- public void testGenerateCSREmptySubject()
- throws Exception
- {
- if (! CERT_MANAGER_AVAILABLE)
- {
- return;
- }
-
- CertificateManager certManager =
- new CertificateManager(JKS_KEY_STORE_PATH, "JKS", "password");
-
- try
- {
- certManager.generateCertificateSigningRequest("test-cert", "");
- fail("Expected an NPE due to an empty subject");
- } catch (NullPointerException npe) {}
- }
-
-
-
- /**
- * Tests the {@code generateCertificateSigningRequest} method using an invalid
- * subject.
- *
- * @throws Exception If a problem occurs.
- */
- @Test()
- public void testGenerateCSRInvalidSubject()
- throws Exception
- {
- if (! CERT_MANAGER_AVAILABLE || Platform.isVendor("IBM"))
- {
- return;
- }
-
- File path = File.createTempFile("testGenerateCSRJKS",
- ".keystore");
- path.deleteOnExit();
- path.delete();
-
- CertificateManager certManager =
- new CertificateManager(path.getAbsolutePath(), "JKS", "password");
-
- try
- {
- File requestFile =
- certManager.generateCertificateSigningRequest("test-cert",
- "invalid");
- requestFile.delete();
- fail("Expected a key store exception due to an invalid subject");
- } catch (KeyStoreException cse) {}
- }
-
-
-
- /**
- * Tests the {@code generateCertificateSigningRequest} method for a JKS key
- * store.
- *
- * @throws Exception If a problem occurs.
- */
- @Test()
- public void testGenerateCSRJKS()
- throws Exception
- {
- if (! CERT_MANAGER_AVAILABLE || Platform.isVendor("IBM"))
- {
- return;
- }
-
- File path = File.createTempFile("testGenerateCSRJKS",
- ".keystore");
- path.deleteOnExit();
- path.delete();
-
- CertificateManager certManager =
- new CertificateManager(path.getAbsolutePath(), "JKS", "password");
- File csrFile = certManager.generateCertificateSigningRequest("test-cert",
- "CN=Test,o=test");
- assertNotNull(csrFile);
- assertTrue(csrFile.length() > 0);
- path.delete();
- }
-
-
-
- /**
- * Tests the {@code generateCertificateSigningRequest} method for a PKCS12 key
- * store.
- *
- * @throws Exception If a problem occurs.
- */
- @Test(groups="slow")
- public void testGenerateCSRPKCS12()
- throws Exception
- {
- if (! CERT_MANAGER_AVAILABLE || Platform.isVendor("IBM"))
- {
- return;
- }
-
- File path = File.createTempFile("testGenerateCSRPKCS12",
- ".p12");
- path.deleteOnExit();
- path.delete();
-
- CertificateManager certManager =
- new CertificateManager(path.getAbsolutePath(), "PKCS12", "password");
- File csrFile = certManager.generateCertificateSigningRequest("test-cert",
- "CN=Test,o=test");
- assertNotNull(csrFile);
- assertTrue(csrFile.length() > 0);
- path.delete();
- }
-
-
-
- /**
* Tests the {@code addCertificate} method using a null alias.
*
* @throws Exception If a problem occurs.
--
Gitblit v1.10.0