gplazma: add public key size information to gPlazma results printer

Recent changes to JVMs have shown that key-size can be an importact factor when understanding why a login has failed; specifically, new JVMs now disallow certificates with RSA keys with less than 1024 bits. This patch adds support for printing the number of bits in the public key(s). Unfortunately the interface (PublicKey) provides no mechanism for discovering this information so we must down-cast to known classes to discover the information. Requires-notes: yes Requires-book: no Acked-by: Gerd Behrmann Patch: http://rb.dcache.org/r/6274 Target: master Request: 2.7 Request: 2.6 Request: 2.2
dCache · Nov 23, 2013 · 661a15e · 661a15e
1 parent efd4dee
commit 661a15e
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/modules/gplazma2/src/main/java/org/dcache/gplazma/monitor/LoginResultPrinter.java b/modules/gplazma2/src/main/java/org/dcache/gplazma/monitor/LoginResultPrinter.java
@@ -10,13 +10,15 @@
 import org.glite.voms.ac.AttributeCertificate;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import sun.security.rsa.RSAPublicKeyImpl;
 
 import javax.security.auth.x500.X500Principal;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.Principal;
+import java.security.PublicKey;
 import java.security.cert.CertPath;
 import java.security.cert.CertificateParsingException;
 import java.security.cert.X509Certificate;
@@ -240,6 +242,7 @@ private String print(X509Certificate certificate)
         }
         sb.append("  +--Validity: ").append(validityStatementFor(certificate)).append('\n');
         sb.append("  +--Algorithm: ").append(nameForOid(certificate.getSigAlgOID())).append('\n');
+        sb.append("  +--Public key: ").append(describePublicKey(certificate.getPublicKey())).append('\n');
 
         String sanInfo = subjectAlternateNameInfoFor(certificate);
         if(!sanInfo.isEmpty()) {
@@ -285,6 +288,23 @@ private String print(X509Certificate certificate)
         return sb.toString();
     }
 
+    private static String describePublicKey(PublicKey key)
+    {
+        StringBuilder sb = new StringBuilder();
+
+        sb.append(key.getAlgorithm());
+
+        if (key instanceof RSAPublicKeyImpl) {
+            int bits = (((RSAPublicKeyImpl)key).getModulus().bitLength() + 7) & ~7;
+            sb.append(' ').append(bits).append(" bits");
+        } else {
+            sb.append(" (unknown ").append(key.getClass().getCanonicalName()).
+                    append(")");
+        }
+
+        return sb.toString();
+    }
+
     private static String subjectAlternateNameInfoFor(X509Certificate certificate)
     {
         StringBuilder sb = new StringBuilder();