Skip to content
Permalink
Browse files

Improved: Do not use deprecated ‘javax.security.cert.X509Certificate’

(OFBIZ-11262)


git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/trunk@1869006 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
mthl committed Oct 26, 2019
1 parent deec38e commit 81be0b893c2110b81d1685dd21e30f5af0753f3f
@@ -140,10 +140,6 @@ public static X509Certificate readCertificate(byte[] certChain) throws Certifica
return getX500Map(cert.getSubjectX500Principal());
}

public static Map<String, String> getCertX500Map(javax.security.cert.X509Certificate cert) {
return getX500Map(cert.getSubjectDN());
}

public static Map<String, String> getX500Map(Principal x500) {
Map<String, String> x500Map = new HashMap<>();

@@ -19,10 +19,12 @@
package org.apache.ofbiz.base.util;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
@@ -251,24 +253,24 @@ public static HostnameVerifier getHostnameVerifier(int level) {
return new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
javax.security.cert.X509Certificate[] peerCerts;
Certificate[] peerCerts;
try {
peerCerts = session.getPeerCertificateChain();
peerCerts = session.getPeerCertificates();
} catch (SSLPeerUnverifiedException e) {
// cert not verified
Debug.logWarning(e.getMessage(), module);
return false;
}
for (javax.security.cert.X509Certificate peerCert: peerCerts) {
Principal x500s = peerCert.getSubjectDN();
Map<String, String> subjectMap = KeyStoreUtil.getX500Map(x500s);

if (Debug.infoOn()) {
Debug.logInfo(peerCert.getSerialNumber().toString(16) + " :: " + subjectMap.get("CN"), module);
}

for (Certificate peerCert : peerCerts) {
try {
peerCert.checkValidity();
Principal x500s = session.getPeerPrincipal();
Map<String, String> subjectMap = KeyStoreUtil.getX500Map(x500s);
if (Debug.infoOn()) {
byte[] encodedCert = peerCert.getEncoded();
Debug.logInfo(new BigInteger(encodedCert).toString(16)
+ " :: " + subjectMap.get("CN"), module);
}
peerCert.verify(peerCert.getPublicKey());
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {

0 comments on commit 81be0b8

Please sign in to comment.
You can’t perform that action at this time.