Skip to content

Commit

Permalink
update cert reading to use bouncycastle
Browse files Browse the repository at this point in the history
  • Loading branch information
pdowler committed Feb 21, 2024
1 parent a86a5fb commit 1f9ad73
Show file tree
Hide file tree
Showing 4 changed files with 175 additions and 220 deletions.
6 changes: 4 additions & 2 deletions cadc-util/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ sourceCompatibility = 1.8

group = 'org.opencadc'

version = '1.10.6'
version = '1.11.0'

description = 'OpenCADC core utility library'
def git_url = 'https://github.com/opencadc/core'
Expand All @@ -33,7 +33,9 @@ dependencies {
compile 'org.apache.logging.log4j:log4j-core:2.17.2'
compile 'org.apache.logging.log4j:log4j:2.17.2'

compile 'org.bouncycastle:bcprov-jdk15on:1.46'
//compile 'org.bouncycastle:bcprov-jdk15on:1.46'
compile 'org.bouncycastle:bcprov-jdk18on:[1.70,2.0)'
compile 'org.bouncycastle:bcpkix-jdk18on:[1.70,2.0)'
compile 'javax.servlet:javax.servlet-api:3.1.0'
compile 'org.json:json:20231013'
compile 'xerces:xercesImpl:[2.12.2,)'
Expand Down
116 changes: 69 additions & 47 deletions cadc-util/src/intTest/java/ca/nrc/cadc/auth/SSLUtilTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
******************* CANADIAN ASTRONOMY DATA CENTRE *******************
************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES **************
*
* (c) 2016. (c) 2016.
* (c) 2024. (c) 2024.
* Government of Canada Gouvernement du Canada
* National Research Council Conseil national de recherches
* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
Expand Down Expand Up @@ -81,6 +81,7 @@
import java.security.cert.CertificateNotYetValidException;
import java.util.Calendar;
import java.util.GregorianCalendar;
import java.util.Set;
import javax.net.SocketFactory;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLHandshakeException;
Expand Down Expand Up @@ -171,7 +172,7 @@ public static void setUpBeforeClass() throws Exception
Log4jInit.setLevel("ca.nrc.cadc.auth", Level.INFO);
SSL_PEM = FileUtil.getFileFromResource(TEST_PEM_FN, SSLUtilTest.class);
}

@Test
public void testReadPem() throws Exception
{
Expand Down Expand Up @@ -225,6 +226,72 @@ public void testGetSocketFactoryFromFile() throws Exception
Assert.fail("unexpected exception: " + t);
}
}

@Test
public void testReadCert() {
try {
File f = new File(System.getProperty("user.home") + "/.ssl/" + System.getProperty("user.name") + ".pem");
log.info("in: " + f.getAbsolutePath());

Subject s = SSLUtil.createSubject(f);
log.info("created: " + s);
Assert.assertFalse(s.getPrincipals().isEmpty());

Set<X509CertificateChain> cs = s.getPublicCredentials(X509CertificateChain.class);
Assert.assertFalse("chain", cs.isEmpty());
X509CertificateChain chain = cs.iterator().next();
Assert.assertNotNull(chain.getChain());
Assert.assertEquals(1, chain.getChain().length);
Assert.assertNotNull(chain.getPrivateKey());
} catch (Exception unexpected) {
log.error("unexpected exception", unexpected);
Assert.fail("unexpected exception: " + unexpected);
}
}

@Test
public void testReadUserProxyCert() {
try {
File f = new File(System.getProperty("user.home") + "/.ssl/cadcproxy.pem");
log.info("in: " + f.getAbsolutePath());

Subject s = SSLUtil.createSubject(f);
log.info("created: " + s);
Assert.assertFalse(s.getPrincipals().isEmpty());

Set<X509CertificateChain> cs = s.getPublicCredentials(X509CertificateChain.class);
Assert.assertFalse("chain", cs.isEmpty());
X509CertificateChain chain = cs.iterator().next();
Assert.assertNotNull(chain.getChain());
Assert.assertEquals(2, chain.getChain().length);
Assert.assertNotNull(chain.getPrivateKey());
} catch (Exception unexpected) {
log.error("unexpected exception", unexpected);
Assert.fail("unexpected exception: " + unexpected);
}
}

@Test
public void testReadProxyCert() {
try {
File f = SSL_PEM;
log.info("in: " + f.getAbsolutePath());

Subject s = SSLUtil.createSubject(f);
log.info("created: " + s);
Assert.assertFalse(s.getPrincipals().isEmpty());

Set<X509CertificateChain> cs = s.getPublicCredentials(X509CertificateChain.class);
Assert.assertFalse("chain", cs.isEmpty());
X509CertificateChain chain = cs.iterator().next();
Assert.assertNotNull(chain.getChain());
Assert.assertEquals(2, chain.getChain().length);
Assert.assertNotNull(chain.getPrivateKey());
} catch (Exception unexpected) {
log.error("unexpected exception", unexpected);
Assert.fail("unexpected exception: " + unexpected);
}
}

@Test
public void testInitSSL() throws Exception
Expand Down Expand Up @@ -287,51 +354,6 @@ public void testCadcHTTPS() throws Exception
}
}

@Test
public void testPrivateKeyParser() throws Exception
{
// tests the parser with different size keys
// 512 bit
byte[] privateKey = SSLUtil.getPrivateKey(KEY_512.getBytes());
try
{
log.debug("test parsing of RSA 512 bit key: ");
SSLUtil.parseKeySpec(privateKey);
}
catch (Throwable t)
{
t.printStackTrace();
Assert.fail("unexpected exception: " + t);
}

// 1024 bit
privateKey = SSLUtil.getPrivateKey(KEY_1024.getBytes());
try
{
log.debug("test parsing of RSA 1024 bit key: ");
SSLUtil.parseKeySpec(privateKey);
}
catch (Throwable t)
{
t.printStackTrace();
Assert.fail("unexpected exception: " + t);
}

// 2048 bit
privateKey = SSLUtil.getPrivateKey(KEY_2048.getBytes());
try
{
log.debug("test parsing of RSA 2048 bit key: ");
SSLUtil.parseKeySpec(privateKey);
}
catch (Throwable t)
{
t.printStackTrace();
Assert.fail("unexpected exception: " + t);
}

}

@Test
public void testValidSubject() throws Exception
{
Expand Down
43 changes: 2 additions & 41 deletions cadc-util/src/main/java/ca/nrc/cadc/auth/CertCmdArgUtil.java
Original file line number Diff line number Diff line change
Expand Up @@ -132,16 +132,6 @@ private static Subject initSubjectByPem(String fnPem, boolean nullOnNotFound) {
return SSLUtil.createSubject(certKeyFile);
}

private static Subject initSubjectByCertKey(String fnCert, String fnKey, boolean nullOnNotFound) {
File certFile = loadFile(fnCert, nullOnNotFound);
File keyFile = loadFile(fnKey, nullOnNotFound);
if (nullOnNotFound && certFile == null && keyFile == null) {
return null;
}

return SSLUtil.createSubject(certFile, keyFile);
}

/**
* Init a subject from the command line and throw an exception if not
* successful.
Expand Down Expand Up @@ -181,37 +171,8 @@ public static Subject initSubject(ArgumentMap argMap, boolean returnNullOnNotFou
Subject subject = null;

if (argMap.isSet(ARG_CERT)) {
if (argMap.isSet(ARG_KEY)) {
// load from cert/key
strCert = argMap.getValue(ARG_CERT);
strKey = argMap.getValue(ARG_KEY);
subject = initSubjectByCertKey(strCert, strKey, false);
} else {
// load from cert pem
strCertKey = argMap.getValue(ARG_CERT);
subject = initSubjectByPem(strCertKey, false);
}
} else {
// load from default
strCertKey = userHome + DFT_CERTKEY_FILE;
strCert = userHome + DFT_CERT_FILE;
strKey = userHome + DFT_KEY_FILE;
try {
subject = initSubjectByPem(strCertKey, returnNullOnNotFound);
} catch (RuntimeException ex1) {

// Default PEM file not exists or is not readable
if (subject == null) {
try {
subject = initSubjectByCertKey(strCert, strKey, returnNullOnNotFound);
} catch (RuntimeException ex2) {
if (!returnNullOnNotFound) {
throw new RuntimeException("Could not find valid certificate files at " + strCertKey
+ " or " + strCert + "," + strKey, ex2);
}
}
}
}
strCertKey = argMap.getValue(ARG_CERT);
subject = initSubjectByPem(strCertKey, false);
}
return subject;
}
Expand Down
Loading

0 comments on commit 1f9ad73

Please sign in to comment.