Skip to content

Commit

Permalink
Improved: Do not use deprecated ‘javax.security.cert.X509Certificate’
Browse files Browse the repository at this point in the history
(OFBIZ-11262)


git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/trunk@1869006 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
mthl committed Oct 26, 2019
1 parent deec38e commit 81be0b8
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 15 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -140,10 +140,6 @@ public static Map<String, String> getCertX500Map(java.security.cert.X509Certific
return getX500Map(cert.getSubjectX500Principal());
}

public static Map<String, String> getCertX500Map(javax.security.cert.X509Certificate cert) {
return getX500Map(cert.getSubjectDN());
}

public static Map<String, String> getX500Map(Principal x500) {
Map<String, String> x500Map = new HashMap<>();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,12 @@
package org.apache.ofbiz.base.util;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
Expand Down Expand Up @@ -251,24 +253,24 @@ public static HostnameVerifier getHostnameVerifier(int level) {
return new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
javax.security.cert.X509Certificate[] peerCerts;
Certificate[] peerCerts;
try {
peerCerts = session.getPeerCertificateChain();
peerCerts = session.getPeerCertificates();
} catch (SSLPeerUnverifiedException e) {
// cert not verified
Debug.logWarning(e.getMessage(), module);
return false;
}
for (javax.security.cert.X509Certificate peerCert: peerCerts) {
Principal x500s = peerCert.getSubjectDN();
Map<String, String> subjectMap = KeyStoreUtil.getX500Map(x500s);

if (Debug.infoOn()) {
Debug.logInfo(peerCert.getSerialNumber().toString(16) + " :: " + subjectMap.get("CN"), module);
}

for (Certificate peerCert : peerCerts) {
try {
peerCert.checkValidity();
Principal x500s = session.getPeerPrincipal();
Map<String, String> subjectMap = KeyStoreUtil.getX500Map(x500s);
if (Debug.infoOn()) {
byte[] encodedCert = peerCert.getEncoded();
Debug.logInfo(new BigInteger(encodedCert).toString(16)
+ " :: " + subjectMap.get("CN"), module);
}
peerCert.verify(peerCert.getPublicKey());
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
Expand Down

0 comments on commit 81be0b8

Please sign in to comment.