Skip to content

Commit

Permalink
fix #4650: allowing for comments at the end of cert files
Browse files Browse the repository at this point in the history
  • Loading branch information
shawkins authored and manusa committed Jan 11, 2023
1 parent bf4d07f commit 8dc70e5
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 7 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
### 6.4-SNAPSHOT

#### Bugs
* Fix #4650: allowing for comments at the end of certificate files

#### Improvements
* Fix #4637: all pod operations that require a ready / succeeded pod may use withReadyWaitTimeout, which supersedes withLogWaitTimeout.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ private CertUtils() {
private static final String KEY_STORE_SYSTEM_PROPERTY = "javax.net.ssl.keyStore";
private static final String KEY_STORE_PASSWORD_SYSTEM_PROPERTY = "javax.net.ssl.keyStorePassword";

public static InputStream getInputStreamFromDataOrFile(String data, String file) throws IOException {
public static ByteArrayInputStream getInputStreamFromDataOrFile(String data, String file) throws IOException {
if (data != null) {
return createInputStreamFromBase64EncodedString(data);
}
Expand All @@ -73,7 +73,7 @@ public static InputStream getInputStreamFromDataOrFile(String data, String file)

public static KeyStore createTrustStore(String caCertData, String caCertFile, String trustStoreFile,
String trustStorePassphrase) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
try (InputStream pemInputStream = getInputStreamFromDataOrFile(caCertData, caCertFile)) {
try (ByteArrayInputStream pemInputStream = getInputStreamFromDataOrFile(caCertData, caCertFile)) {
return createTrustStore(pemInputStream, trustStoreFile, getTrustStorePassphrase(trustStorePassphrase));
}
}
Expand All @@ -85,7 +85,8 @@ private static char[] getTrustStorePassphrase(String trustStorePassphrase) {
return trustStorePassphrase.toCharArray();
}

private static KeyStore createTrustStore(InputStream pemInputStream, String trustStoreFile, char[] trustStorePassphrase)
private static KeyStore createTrustStore(ByteArrayInputStream pemInputStream, String trustStoreFile,
char[] trustStorePassphrase)
throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {

final String trustStoreType = System.getProperty(TRUST_STORE_TYPE_SYSTEM_PROPERTY, KeyStore.getDefaultType());
Expand All @@ -99,11 +100,19 @@ private static KeyStore createTrustStore(InputStream pemInputStream, String trus
loadDefaultTrustStoreFile(trustStore, trustStorePassphrase);
}

CertificateFactory certFactory = CertificateFactory.getInstance("X509");
while (pemInputStream.available() > 0) {
CertificateFactory certFactory = CertificateFactory.getInstance("X509");
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(pemInputStream);
String alias = cert.getSubjectX500Principal().getName() + "_" + cert.getSerialNumber().toString(16);
trustStore.setCertificateEntry(alias, cert);
try {
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(pemInputStream);
String alias = cert.getSubjectX500Principal().getName() + "_" + cert.getSerialNumber().toString(16);
trustStore.setCertificateEntry(alias, cert);
} catch (CertificateException e) {
if (pemInputStream.available() > 0) {
// any remaining input means there is an actual problem with the key contents or file format
throw e;
}
LOG.debug("The trailing entry generated a certificate exception. More than likely the contents end with comments.", e);
}
}
return trustStore;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,3 +37,5 @@ m2P1QminD5Z+YzU2yeCFOnRzueA9tFveiPVRk454bflfsW8dfixTNeU9MuG3PbtZ
Og1Ec33+jUHYySkQ3JE=
-----END CERTIFICATE-----


# some comment

0 comments on commit 8dc70e5

Please sign in to comment.