Github user jburwell commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/1799#discussion_r90310924
--- Diff:
utils/src/main/java/com/cloud/utils/security/CertificateHelper.java ---
@@ -40,123 +46,122 @@
import java.util.ArrayList;
import java.util.List;
-import com.cloud.utils.exception.CloudRuntimeException;
-import org.apache.commons.codec.binary.Base64;
-
-import com.cloud.utils.Ternary;
-import org.bouncycastle.openssl.PEMReader;
-
public class CertificateHelper {
- public static byte[] buildAndSaveKeystore(String alias, String cert,
String privateKey, String storePassword) throws KeyStoreException,
CertificateException,
- NoSuchAlgorithmException, InvalidKeySpecException, IOException {
- KeyStore ks = buildKeystore(alias, cert, privateKey,
storePassword);
-
- ByteArrayOutputStream os = new ByteArrayOutputStream();
- ks.store(os, storePassword != null ? storePassword.toCharArray() :
null);
- os.close();
- return os.toByteArray();
+ public static byte[] buildAndSaveKeystore(final String alias, final
String cert, final String privateKey, final String storePassword) throws
KeyStoreException, CertificateException,
+ NoSuchAlgorithmException, InvalidKeySpecException, IOException {
+ final KeyStore ks = buildKeystore(alias, cert, privateKey,
storePassword);
+
+ try (final ByteArrayOutputStream os = new ByteArrayOutputStream())
{
+ ks.store(os, storePassword != null ?
storePassword.toCharArray() : null);
+ return os.toByteArray();
+ }
}
- public static byte[] buildAndSaveKeystore(List<Ternary<String, String,
String>> certs, String storePassword) throws KeyStoreException,
NoSuchAlgorithmException,
- CertificateException, IOException, InvalidKeySpecException {
- KeyStore ks = KeyStore.getInstance("JKS");
+ public static byte[] buildAndSaveKeystore(final List<Ternary<String,
String, String>> certs, final String storePassword) throws KeyStoreException,
NoSuchAlgorithmException,
+ CertificateException, IOException, InvalidKeySpecException {
+ final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, storePassword != null ? storePassword.toCharArray()
: null);
//name,cert,key
- for (Ternary<String, String, String> cert : certs) {
+ for (final Ternary<String, String, String> cert : certs) {
if (cert.third() == null) {
- Certificate c = buildCertificate(cert.second());
+ final Certificate c = buildCertificate(cert.second());
ks.setCertificateEntry(cert.first(), c);
} else {
- Certificate[] c = new Certificate[certs.size()];
+ final Certificate[] c = new Certificate[certs.size()];
int i = certs.size();
- for (Ternary<String, String, String> ct : certs) {
+ for (final Ternary<String, String, String> ct : certs) {
c[i - 1] = buildCertificate(ct.second());
i--;
}
ks.setKeyEntry(cert.first(),
buildPrivateKey(cert.third()), storePassword != null ?
storePassword.toCharArray() : null, c);
}
}
- ByteArrayOutputStream os = new ByteArrayOutputStream();
- ks.store(os, storePassword != null ? storePassword.toCharArray() :
null);
- os.close();
- return os.toByteArray();
+ try (final ByteArrayOutputStream os = new ByteArrayOutputStream())
{
+ ks.store(os, storePassword != null ?
storePassword.toCharArray() : null);
+ return os.toByteArray();
+ }
}
- public static KeyStore loadKeystore(byte[] ksData, String
storePassword) throws KeyStoreException, CertificateException,
NoSuchAlgorithmException, IOException {
- assert (ksData != null);
- KeyStore ks = KeyStore.getInstance("JKS");
- ks.load(new ByteArrayInputStream(ksData), storePassword != null ?
storePassword.toCharArray() : null);
+ public static KeyStore loadKeystore(final byte[] ksData, final String
storePassword) throws KeyStoreException, CertificateException,
NoSuchAlgorithmException, IOException {
+ assert ksData != null;
+ final KeyStore ks = KeyStore.getInstance("JKS");
+ try (final ByteArrayInputStream is = new
ByteArrayInputStream(ksData)) {
+ ks.load(is, storePassword != null ?
storePassword.toCharArray() : null);
+ }
return ks;
}
- public static KeyStore buildKeystore(String alias, String cert, String
privateKey, String storePassword) throws KeyStoreException,
CertificateException,
- NoSuchAlgorithmException, InvalidKeySpecException, IOException {
+ public static KeyStore buildKeystore(final String alias, final String
cert, final String privateKey, final String storePassword) throws
KeyStoreException, CertificateException,
+ NoSuchAlgorithmException, InvalidKeySpecException, IOException {
- KeyStore ks = KeyStore.getInstance("JKS");
+ final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, storePassword != null ? storePassword.toCharArray()
: null);
- Certificate[] certs = new Certificate[1];
+ final Certificate[] certs = new Certificate[1];
certs[0] = buildCertificate(cert);
ks.setKeyEntry(alias, buildPrivateKey(privateKey), storePassword
!= null ? storePassword.toCharArray() : null, certs);
return ks;
}
- public static Certificate buildCertificate(String content) throws
CertificateException {
- assert (content != null);
+ public static Certificate buildCertificate(final String content)
throws CertificateException {
+ assert content != null;
--- End diff --
Since we don't usually run with assertions enabled, please consider
converting `assert` to `Preconditions.checkArgument`. Also, should we check
that `content` is not blank as well as not `null`?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
