From ca2bcb4942289edd29ba76d90242bd028638c7b5 Mon Sep 17 00:00:00 2001
From: jvergara <jvergara@localhost>
Date: Thu, 13 Sep 2007 22:20:24 +0000
Subject: [PATCH] Fix for issue 2059. Use the SHA1 and MD5 fingerprints of the certificate instead of the signature and public keys.
---
opends/src/quicksetup/org/opends/quicksetup/CliApplicationHelper.java | 14 +---
opends/src/messages/messages/quicksetup.properties | 6 -
opends/src/quicksetup/org/opends/quicksetup/ui/CertificateDialog.java | 103 ++++++++++++++++++++++------------
3 files changed, 73 insertions(+), 50 deletions(-)
diff --git a/opends/src/messages/messages/quicksetup.properties b/opends/src/messages/messages/quicksetup.properties
index 24688d1..73622a3 100644
--- a/opends/src/messages/messages/quicksetup.properties
+++ b/opends/src/messages/messages/quicksetup.properties
@@ -150,17 +150,15 @@
certificate carefully.\nAre you willing to accept this certificate for the \
purpose of identifying the server %s:%s?
INFO_CERTIFICATE_NOT_VALID_YET=%s - Not valid yet
-INFO_CERTIFICATE_PUBLIC_KEY_LABEL=Public Key:
INFO_CERTIFICATE_SERIAL_NUMBER_LABEL=Serial Number:
INFO_CERTIFICATE_SHOW_DETAILS_TEXT=<br><br><a href="">Show Certificate \
Details</a>
-INFO_CERTIFICATE_SIGNATURE_ALGORITHM_LABEL=Signature Algorithm:
-INFO_CERTIFICATE_SIGNATURE_LABEL=Signature:
+INFO_CERTIFICATE_SHA1_FINGERPRINT_LABEL=SHA1 Fingerprint:
+INFO_CERTIFICATE_MD5_FINGERPRINT_LABEL=MD5 Fingerprint:
INFO_CERTIFICATE_SUBJECT_LABEL=Subject:
INFO_CERTIFICATE_TITLE=Certificate Not Trusted
INFO_CERTIFICATE_TYPE_LABEL=Type:
INFO_CERTIFICATE_VALID_FROM_LABEL=Valid From:
-INFO_CERTIFICATE_VERSION_LABEL=Version:
INFO_CHECKBOX_COLOR=000,000,000
INFO_CLI_ERROR_READING_STDIN=Unexpected error reading standard input.
INFO_CLI_UNKNOWN_ARGUMENT=Unknown argument %s
diff --git a/opends/src/quicksetup/org/opends/quicksetup/CliApplicationHelper.java b/opends/src/quicksetup/org/opends/quicksetup/CliApplicationHelper.java
index 82df03c..1a78723 100644
--- a/opends/src/quicksetup/org/opends/quicksetup/CliApplicationHelper.java
+++ b/opends/src/quicksetup/org/opends/quicksetup/CliApplicationHelper.java
@@ -956,11 +956,9 @@
INFO_CERTIFICATE_VALID_FROM_LABEL.get(),
INFO_CERTIFICATE_EXPIRES_ON_LABEL.get(),
INFO_CERTIFICATE_TYPE_LABEL.get(),
- INFO_CERTIFICATE_SERIAL_NUMBER_LABEL.get(),
- INFO_CERTIFICATE_SIGNATURE_LABEL.get(),
- INFO_CERTIFICATE_SIGNATURE_ALGORITHM_LABEL.get(),
- INFO_CERTIFICATE_VERSION_LABEL.get(),
- INFO_CERTIFICATE_PUBLIC_KEY_LABEL.get()
+ INFO_CERTIFICATE_SERIAL_NUMBER_LABEL.get()
+ INFO_CERTIFICATE_MD5_FINGERPRINT_LABEL.get(),
+ INFO_CERTIFICATE_SHA1_FINGERPRINT_LABEL.get()
};
for (int i=0; i<udce.getChain().length; i++)
{
@@ -973,10 +971,8 @@
CertificateDialog.getExpiresOn(cert),
cert.getType(),
String.valueOf(cert.getSerialNumber()),
- CertificateDialog.getSignature(cert).toString(),
- String.valueOf(cert.getSigAlgName()),
- String.valueOf(cert.getVersion()),
- cert.getPublicKey().toString()
+ CertificateDialog.getMD5FingerPrint(cert).toString(),
+ CertificateDialog.getSHA1FingerPrint(cert).toString()
};
for (int j=0; j<labels.length; j++)
{
diff --git a/opends/src/quicksetup/org/opends/quicksetup/ui/CertificateDialog.java b/opends/src/quicksetup/org/opends/quicksetup/ui/CertificateDialog.java
index db303b0..6c0d4fd 100644
--- a/opends/src/quicksetup/org/opends/quicksetup/ui/CertificateDialog.java
+++ b/opends/src/quicksetup/org/opends/quicksetup/ui/CertificateDialog.java
@@ -36,6 +36,9 @@
import java.awt.event.ActionListener;
import java.awt.event.WindowAdapter;
import java.awt.event.WindowEvent;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.util.Date;
@@ -385,10 +388,8 @@
INFO_CERTIFICATE_EXPIRES_ON_LABEL.get(),
INFO_CERTIFICATE_TYPE_LABEL.get(),
INFO_CERTIFICATE_SERIAL_NUMBER_LABEL.get(),
- INFO_CERTIFICATE_SIGNATURE_LABEL.get(),
- INFO_CERTIFICATE_SIGNATURE_ALGORITHM_LABEL.get(),
- INFO_CERTIFICATE_VERSION_LABEL.get(),
- INFO_CERTIFICATE_PUBLIC_KEY_LABEL.get()
+ INFO_CERTIFICATE_MD5_FINGERPRINT_LABEL.get(),
+ INFO_CERTIFICATE_SHA1_FINGERPRINT_LABEL.get()
};
for (int i=0; i<ce.getChain().length; i++)
@@ -402,10 +403,8 @@
createExpiresOnComponent(cert),
createTypeComponent(cert),
createSerialNumberComponent(cert),
- createSignatureComponent(cert),
- createSignatureAlgorithmComponent(cert),
- createVersionComponent(cert),
- createPublicKeyComponent(cert)
+ createMD5FingerprintComponent(cert),
+ createSHA1FingerprintComponent(cert)
};
JPanel certPanel = UIFactory.makeJPanel();
certPanel.setLayout(new GridBagLayout());
@@ -634,48 +633,78 @@
/**
- * Returns the string representation using hexadecimal addresses of the
- * signature of a given certificate.
+ * Returns the Message representation of the SHA1 fingerprint.
* @param cert the certificate object.
- * @return the string representation using hexadecimal addresses of the
- * signature of a given certificate.
+ * @return the Message representation of the SHA1 fingerprint.
*/
- public static Message getSignature(X509Certificate cert)
+ public static Message getSHA1FingerPrint(X509Certificate cert)
{
- byte[] sig = cert.getSignature();
- MessageBuilder sb = new MessageBuilder();
- for (int i = 0; i < sig.length; i++)
- {
- if (i > 0)
+ Message msg = null;
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA1");
+
+ byte[] b = md.digest(cert.getEncoded());
+ StringBuilder sb = new StringBuilder();
+ for (int i = 0; i < b.length; i++)
{
- sb.append(":");
+ if (i > 0)
+ {
+ sb.append(":");
+ }
+ sb.append(Integer.toHexString(((int) b[i]) & 0xFF));
}
- sb.append(Integer.toHexString(((int) sig[i]) & 0xFF));
+ msg = Message.raw(sb);
}
- return sb.toMessage();
+ catch (NoSuchAlgorithmException nsae) {
+ LOG.log(Level.WARNING, "SHA1 algorithm not supported: "+nsae, nsae);
+ }
+ catch (CertificateEncodingException cee) {
+ LOG.log(Level.WARNING, "Certificate encoding exception: "+cee, cee);
+ }
+ return msg;
}
- private JComponent createSignatureComponent(X509Certificate cert)
+ /**
+ * Returns the Message representation of the MD5 fingerprint.
+ * @param cert the certificate object.
+ * @return the Message representation of the MD5 fingerprint.
+ */
+ public static Message getMD5FingerPrint(X509Certificate cert)
{
- return UIFactory.makeTextPane(getSignature(cert),
+ Message msg = null;
+ try {
+ MessageDigest md = MessageDigest.getInstance("MD5");
+
+ byte[] b = md.digest(cert.getEncoded());
+ StringBuilder sb = new StringBuilder();
+ for (int i = 0; i < b.length; i++)
+ {
+ if (i > 0)
+ {
+ sb.append(":");
+ }
+ sb.append(Integer.toHexString(((int) b[i]) & 0xFF));
+ }
+ msg = Message.raw(sb);
+ }
+ catch (NoSuchAlgorithmException nsae) {
+ LOG.log(Level.WARNING, "MD5 algorithm not supported: "+nsae, nsae);
+ }
+ catch (CertificateEncodingException cee) {
+ LOG.log(Level.WARNING, "Certificate encoding exception: "+cee, cee);
+ }
+ return msg;
+ }
+
+ private JComponent createSHA1FingerprintComponent(X509Certificate cert)
+ {
+ return UIFactory.makeTextPane(getSHA1FingerPrint(cert),
UIFactory.TextStyle.SECONDARY_FIELD_VALID);
}
- private JComponent createSignatureAlgorithmComponent(X509Certificate cert)
+ private JComponent createMD5FingerprintComponent(X509Certificate cert)
{
- Message signature = Message.raw(String.valueOf(cert.getSigAlgName()));
- return makeValueLabel(signature);
- }
-
- private JComponent createVersionComponent(X509Certificate cert)
- {
- Message version = Message.raw(String.valueOf(cert.getVersion()));
- return makeValueLabel(version);
- }
-
- private JComponent createPublicKeyComponent(X509Certificate cert)
- {
- return UIFactory.makeTextPane(Message.raw(cert.getPublicKey().toString()),
+ return UIFactory.makeTextPane(getMD5FingerPrint(cert),
UIFactory.TextStyle.SECONDARY_FIELD_VALID);
}
--
Gitblit v1.10.0