[pkg-java] r17922 - in trunk/ca-certificates-java: . debian src src/main src/main/java src/main/java/org src/main/java/org/debian src/main/java/org/debian/security src/test src/test/java src/test/java/org src/test/java/org/debian src/test/java/org/debian/security
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Mon Mar 24 10:31:35 UTC 2014
Author: ebourg-guest
Date: 2014-03-24 10:31:35 +0000 (Mon, 24 Mar 2014)
New Revision: 17922
Added:
trunk/ca-certificates-java/pom.xml
trunk/ca-certificates-java/src/
trunk/ca-certificates-java/src/main/
trunk/ca-certificates-java/src/main/java/
trunk/ca-certificates-java/src/main/java/org/
trunk/ca-certificates-java/src/main/java/org/debian/
trunk/ca-certificates-java/src/main/java/org/debian/security/
trunk/ca-certificates-java/src/main/java/org/debian/security/Exceptions.java
trunk/ca-certificates-java/src/main/java/org/debian/security/UpdateCertificates.java
trunk/ca-certificates-java/src/test/
trunk/ca-certificates-java/src/test/java/
trunk/ca-certificates-java/src/test/java/org/
trunk/ca-certificates-java/src/test/java/org/debian/
trunk/ca-certificates-java/src/test/java/org/debian/security/
trunk/ca-certificates-java/src/test/java/org/debian/security/UpdateCertificatesTest.java
Removed:
trunk/ca-certificates-java/Exceptions.java
trunk/ca-certificates-java/UpdateCertificates.java
trunk/ca-certificates-java/UpdateCertificatesTest.java
Modified:
trunk/ca-certificates-java/
trunk/ca-certificates-java/debian/changelog
trunk/ca-certificates-java/debian/rules
Log:
Mavenized the project
Property changes on: trunk/ca-certificates-java
___________________________________________________________________
Modified: svn:ignore
- bin
.classpath
.project
+ *.iml
.classpath
.project
bin
target
Deleted: trunk/ca-certificates-java/Exceptions.java
===================================================================
--- trunk/ca-certificates-java/Exceptions.java 2014-03-24 09:39:49 UTC (rev 17921)
+++ trunk/ca-certificates-java/Exceptions.java 2014-03-24 10:31:35 UTC (rev 17922)
@@ -1,61 +0,0 @@
-/*
- * Copyright (C) 2012 Damien Raude-Morvan <drazzib at debian.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
-
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
-
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- */
-
-/**
- * Custom exceptions used by {@link UpdateCertificates}
- *
- * @author Damien Raude-Morvan <drazzib at debian.org>
- */
-public class Exceptions {
-
- /**
- * Data send in stdin is invalid (neither "+" or "-" command).
- */
- public static class UnknownInput extends Exception {
- private static final long serialVersionUID = 5698253678856993527L;
- public UnknownInput(final String message) {
- super(message);
- }
-
- }
-
- /**
- * Unable to save keystore to provided location.
- */
- public static class UnableToSaveKeystore extends Exception {
- private static final long serialVersionUID = 3632154306237688490L;
- public UnableToSaveKeystore(final String message, final Exception e) {
- super(message, e);
- }
-
- }
-
- /**
- * Unable to open keystore from provided location (might be an invalid password
- * or IO error).
- */
- public static class InvalidKeystorePassword extends Exception {
- private static final long serialVersionUID = 7004201816889107694L;
- public InvalidKeystorePassword(final String message, final Exception e) {
- super(message, e);
- }
-
- }
-
-}
Deleted: trunk/ca-certificates-java/UpdateCertificates.java
===================================================================
--- trunk/ca-certificates-java/UpdateCertificates.java 2014-03-24 09:39:49 UTC (rev 17921)
+++ trunk/ca-certificates-java/UpdateCertificates.java 2014-03-24 10:31:35 UTC (rev 17922)
@@ -1,223 +0,0 @@
-/*
- * Copyright (C) 2011 Torsten Werner <twerner at debian.org>
- * Copyright (C) 2012 Damien Raude-Morvan <drazzib at debian.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
-
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
-
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- */
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.io.Reader;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateFactory;
-
-/**
- * This code is a re-implementation of the idea from Ludwig Nussel found in
- * https://github.com/openSUSE/ca-certificates/blob/41917f5a/keystore.java
- * for the Debian operating system. It updates the global JVM keystore.
- *
- * @author Torsten Werner
- * @author Damien Raude-Morvan
- */
-public class UpdateCertificates {
-
- private char[] password = null;
-
- private String ksFilename = null;
-
- private KeyStore ks = null;
-
- private CertificateFactory certFactory = null;
-
- public static void main(String[] args) throws IOException, GeneralSecurityException {
- String passwordString = "changeit";
- if (args.length == 2 && args[0].equals("-storepass")) {
- passwordString = args[1];
- }
- else if (args.length > 0) {
- System.err.println("Usage: java UpdateCertificates [-storepass <password>]");
- System.exit(1);
- }
-
- try {
- UpdateCertificates uc = new UpdateCertificates(passwordString, "/etc/ssl/certs/java/cacerts");
- // Force reading of inputstream in UTF-8
- uc.processChanges(new InputStreamReader(System.in, "UTF8"));
- uc.writeKeyStore();
- } catch (Exceptions.InvalidKeystorePassword e) {
- e.printStackTrace(System.err);
- System.exit(1);
- } catch (Exceptions.UnableToSaveKeystore e) {
- e.printStackTrace(System.err);
- System.exit(1);
- }
- }
-
- public UpdateCertificates(final String passwordString, final String keystoreFile) throws IOException, GeneralSecurityException, Exceptions.InvalidKeystorePassword {
- this.password = passwordString.toCharArray();
- this.ksFilename = keystoreFile;
- this.ks = openKeyStore();
- this.certFactory = CertificateFactory.getInstance("X.509");
- }
-
- /**
- * Try to open a existing keystore or create an new one.
- */
- private KeyStore openKeyStore() throws GeneralSecurityException, IOException, Exceptions.InvalidKeystorePassword {
- KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
- File certInputFile = new File(this.ksFilename);
- FileInputStream certInputStream = null;
- if (certInputFile.canRead()) {
- certInputStream = new FileInputStream(certInputFile);
- }
- try {
- ks.load(certInputStream, this.password);
- }
- catch (IOException e) {
- throw new Exceptions.InvalidKeystorePassword("Cannot open Java keystore. Is the password correct?", e);
- }
- if (certInputStream != null) {
- certInputStream.close();
- }
- return ks;
- }
-
- /**
- * Until reader EOF, try to read changes and send each to {@link #parseLine(String)}.
- */
- protected void processChanges(final Reader reader)
- throws IOException, GeneralSecurityException {
- String line;
- BufferedReader bufferedStdinReader = new BufferedReader(reader);
- while((line = bufferedStdinReader.readLine()) != null) {
- try {
- parseLine(line);
- } catch (Exceptions.UnknownInput e) {
- System.err.println("Unknown input: " + line);
- // Keep processing for others lines
- }
- }
- }
-
- /**
- * Parse given line to choose between {@link #addAlias(String, Certificate)}
- * or {@link #deleteAlias(String)}.
- */
- protected void parseLine(final String line)
- throws GeneralSecurityException, IOException, Exceptions.UnknownInput {
- assert this.ks != null;
-
- String path = line.substring(1);
- String filename = path.substring(path.lastIndexOf("/") + 1);
- String alias = "debian:" + filename;
- if(line.startsWith("+")) {
- Certificate cert = loadCertificate(path);
- if (cert == null) {
- return;
- }
- addAlias(alias, cert);
- }
- else if (line.startsWith("-")) {
- deleteAlias(alias);
- // Remove old non-prefixed aliases, too. This code should be
- // removed after the release of Wheezy.
- deleteAlias(filename);
- }
- else {
- throw new Exceptions.UnknownInput(line);
- }
- }
-
- /**
- * Delete cert in keystore at given alias.
- */
- private void deleteAlias(final String alias) throws GeneralSecurityException {
- assert this.ks != null;
-
- if (contains(alias)) {
- System.out.println("Removing " + alias);
- this.ks.deleteEntry(alias);
- }
- }
-
- /**
- * Add or replace existing cert in keystore with given alias.
- */
- private void addAlias(final String alias, final Certificate cert)
- throws KeyStoreException {
- assert this.ks != null;
-
- if(contains(alias)) {
- System.out.println("Replacing " + alias);
- this.ks.deleteEntry(alias);
- }
- else {
- System.out.println("Adding " + alias);
- }
- this.ks.setCertificateEntry(alias, cert);
- }
-
- /**
- * Returns true when alias exist in keystore.
- */
- protected boolean contains(String alias) throws KeyStoreException {
- assert this.ks != null;
-
- return this.ks.containsAlias(alias);
- }
-
- /**
- * Try to load a certificate instance from given path.
- */
- private Certificate loadCertificate(final String path) {
- assert this.certFactory != null;
-
- Certificate cert = null;
- try {
- FileInputStream certFile = new FileInputStream(path);
- cert = this.certFactory.generateCertificate(certFile);
- certFile.close();
- }
- catch (Exception e) {
- System.err.println("Warning: there was a problem reading the certificate file " +
- path + ". Message:\n " + e.getMessage());
- }
- return cert;
- }
-
- /**
- * Write actual keystore content to disk.
- */
- protected void writeKeyStore() throws GeneralSecurityException, Exceptions.UnableToSaveKeystore {
- assert this.ks != null;
-
- try {
- FileOutputStream certOutputFile = new FileOutputStream(this.ksFilename);
- this.ks.store(certOutputFile, this.password);
- certOutputFile.close();
- }
- catch (IOException e) {
- throw new Exceptions.UnableToSaveKeystore("There was a problem saving the new Java keystore.", e);
- }
- }
-}
Deleted: trunk/ca-certificates-java/UpdateCertificatesTest.java
===================================================================
--- trunk/ca-certificates-java/UpdateCertificatesTest.java 2014-03-24 09:39:49 UTC (rev 17921)
+++ trunk/ca-certificates-java/UpdateCertificatesTest.java 2014-03-24 10:31:35 UTC (rev 17922)
@@ -1,221 +0,0 @@
-/*
- * Copyright (C) 2012 Damien Raude-Morvan <drazzib at debian.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
-
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
-
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- */
-
-import java.io.File;
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-
-import junit.framework.Assert;
-
-import org.junit.Before;
-import org.junit.Test;
-
-/**
- * Tests for {@link UpdateCertificates}.
- *
- * @author Damien Raude-Morvan
- */
-public class UpdateCertificatesTest {
-
- private static final String ALIAS_CACERT = "debian:spi-cacert-2008.crt";
- private static final String INVALID_CACERT = "x/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt";
- private static final String REMOVE_CACERT = "-/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt";
- private static final String ADD_CACERT = "+/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt";
-
- private String ksFilename = null;
- private String ksPassword = null;
-
- @Before
- public void start() {
- this.ksFilename = "./tests-cacerts";
- this.ksPassword = "changeit";
- // Delete any previous file
- File keystore = new File(this.ksFilename);
- keystore.delete();
- }
-
- /**
- * Test a simple open then write without any modification.
- */
- @Test
- public void testNoop() throws IOException, GeneralSecurityException,
- Exceptions.InvalidKeystorePassword, Exceptions.UnableToSaveKeystore {
- UpdateCertificates uc = new UpdateCertificates(this.ksPassword,
- this.ksFilename);
- uc.writeKeyStore();
- }
-
- /**
- * Test a to open a keystore and write without any modification
- * and then try to open it again with wrong password : will throw a
- * InvalidKeystorePassword
- */
- @Test
- public void testWriteThenOpenWrongPwd() throws IOException,
- GeneralSecurityException, Exceptions.UnableToSaveKeystore {
- try {
- UpdateCertificates uc = new UpdateCertificates(this.ksPassword,
- this.ksFilename);
- uc.writeKeyStore();
- } catch (Exceptions.InvalidKeystorePassword e) {
- Assert.fail();
- }
-
- try {
- UpdateCertificates uc = new UpdateCertificates("wrongpassword",
- this.ksFilename);
- Assert.fail();
- uc.writeKeyStore();
- } catch (Exceptions.InvalidKeystorePassword e) {
- Assert.assertEquals(
- "Cannot open Java keystore. Is the password correct?",
- e.getMessage());
- }
- }
-
- /**
- * Test a to open a keystore then remove its backing File (and replace it
- * with a directory with the same name) and try to write in to disk :
- * will throw an UnableToSaveKeystore
- */
- @Test
- public void testDeleteThenWrite() throws IOException,
- GeneralSecurityException, Exceptions.InvalidKeystorePassword {
- try {
- UpdateCertificates uc = new UpdateCertificates(this.ksPassword,
- this.ksFilename);
-
- // Replace actual file by a directory !
- File keystore = new File(this.ksFilename);
- keystore.delete();
- keystore.mkdir();
-
- // Will fail with some IOException
- uc.writeKeyStore();
- Assert.fail();
- } catch (Exceptions.UnableToSaveKeystore e) {
- Assert.assertEquals(
- "There was a problem saving the new Java keystore.",
- e.getMessage());
- }
- }
-
- /**
- * Try to send an invalid command ("x") in parseLine : throw UnknownInput
- */
- @Test
- public void testWrongCommand() throws IOException,
- GeneralSecurityException, Exceptions.InvalidKeystorePassword {
- UpdateCertificates uc = new UpdateCertificates(this.ksPassword,
- this.ksFilename);
- try {
- uc.parseLine(INVALID_CACERT);
- Assert.fail();
- } catch (Exceptions.UnknownInput e) {
- Assert.assertEquals(INVALID_CACERT, e.getMessage());
- }
- }
-
- /**
- * Test to insert a valid certificate and then check if it's really in KS.
- */
- @Test
- public void testAdd() throws IOException, GeneralSecurityException,
- Exceptions.UnknownInput, Exceptions.InvalidKeystorePassword,
- Exceptions.UnableToSaveKeystore {
- UpdateCertificates uc = new UpdateCertificates(this.ksPassword,
- this.ksFilename);
- uc.parseLine(ADD_CACERT);
- uc.writeKeyStore();
-
- Assert.assertEquals(true, uc.contains(ALIAS_CACERT));
- }
-
- /**
- * Test to insert a invalide certificate : no exception, but check there
- * is no alias created with that name
- */
- @Test
- public void testAddInvalidCert() throws IOException,
- GeneralSecurityException, Exceptions.UnknownInput,
- Exceptions.InvalidKeystorePassword, Exceptions.UnableToSaveKeystore {
- UpdateCertificates uc = new UpdateCertificates(this.ksPassword,
- this.ksFilename);
- uc.parseLine("+/usr/share/ca-certificates/null.crt");
- uc.writeKeyStore();
-
- Assert.assertEquals(false, uc.contains("debian:null.crt"));
- }
-
- /**
- * Try to add same certificate multiple time : we replace it and
- * there is only one alias.
- */
- @Test
- public void testReplace() throws IOException, GeneralSecurityException,
- Exceptions.UnknownInput, Exceptions.InvalidKeystorePassword,
- Exceptions.UnableToSaveKeystore {
- UpdateCertificates uc = new UpdateCertificates(this.ksPassword,
- this.ksFilename);
- uc.parseLine(ADD_CACERT);
- uc.parseLine(ADD_CACERT);
- uc.writeKeyStore();
-
- Assert.assertEquals(true, uc.contains(ALIAS_CACERT));
- }
-
- /**
- * Try to remove a non-existant certificate : it's a no-op.
- */
- @Test
- public void testRemove() throws IOException, GeneralSecurityException,
- Exceptions.UnknownInput, Exceptions.InvalidKeystorePassword,
- Exceptions.UnableToSaveKeystore {
- UpdateCertificates uc = new UpdateCertificates(this.ksPassword,
- this.ksFilename);
- uc.parseLine(REMOVE_CACERT);
- uc.writeKeyStore();
-
- // We start with empty KS, so it shouldn't do anything
- Assert.assertEquals(false, uc.contains(ALIAS_CACERT));
- }
-
- /**
- * Try to add cert, write to disk, then open keystore again and remove.
- */
- @Test
- public void testAddThenRemove() throws IOException,
- GeneralSecurityException, Exceptions.UnknownInput,
- Exceptions.InvalidKeystorePassword, Exceptions.UnableToSaveKeystore {
- UpdateCertificates ucAdd = new UpdateCertificates(this.ksPassword,
- this.ksFilename);
- ucAdd.parseLine(ADD_CACERT);
- ucAdd.writeKeyStore();
-
- Assert.assertEquals(true, ucAdd.contains(ALIAS_CACERT));
-
- UpdateCertificates ucRemove = new UpdateCertificates(this.ksPassword,
- this.ksFilename);
- ucRemove.parseLine(REMOVE_CACERT);
- ucRemove.writeKeyStore();
-
- Assert.assertEquals(false, ucRemove.contains(ALIAS_CACERT));
- }
-
-}
Modified: trunk/ca-certificates-java/debian/changelog
===================================================================
--- trunk/ca-certificates-java/debian/changelog 2014-03-24 09:39:49 UTC (rev 17921)
+++ trunk/ca-certificates-java/debian/changelog 2014-03-24 10:31:35 UTC (rev 17922)
@@ -5,6 +5,7 @@
certificate from the ca-certificates package (Closes: #741755)
* Limit the memory used by java to 64M when updating the certificates
(Closes: 576453)
+ * Mavenized the project
* d/control: Standards-Version updated to 3.9.5 (no changes)
* Switch to debhelper level 9
Modified: trunk/ca-certificates-java/debian/rules
===================================================================
--- trunk/ca-certificates-java/debian/rules 2014-03-24 09:39:49 UTC (rev 17921)
+++ trunk/ca-certificates-java/debian/rules 2014-03-24 10:31:35 UTC (rev 17922)
@@ -16,7 +16,7 @@
JAVA_HOME := /usr/lib/jvm/default-java
export JAVA_HOME
-OPTS := --no-javadoc --main=UpdateCertificates --javacopts="-source 1.6 -target 1.6"
+OPTS := --no-javadoc --main=org.debian.security.UpdateCertificates --javacopts="-source 1.6 -target 1.6"
CLASSPATH := /usr/share/java/junit4.jar
export CLASSPATH
@@ -33,7 +33,7 @@
ifeq ($(do_junit),yes)
$(JAVA_HOME)/bin/java -cp /usr/share/java/junit4.jar:./ca-certificates-java.jar \
org.junit.runner.JUnitCore \
- UpdateCertificatesTest
+ org.debian.security.UpdateCertificatesTest
endif
touch $@
Added: trunk/ca-certificates-java/pom.xml
===================================================================
--- trunk/ca-certificates-java/pom.xml (rev 0)
+++ trunk/ca-certificates-java/pom.xml 2014-03-24 10:31:35 UTC (rev 17922)
@@ -0,0 +1,33 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <groupId>org.debian</groupId>
+ <artifactId>ca-certificates-java</artifactId>
+ <version>20130815</version>
+ <packaging>jar</packaging>
+ <name>ca-certificates-java</name>
+ <description>Common CA certificates</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.11</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>2.1</version>
+ <configuration>
+ <source>1.6</source>
+ <target>1.6</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Property changes on: trunk/ca-certificates-java/pom.xml
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision HeadURL
Added: svn:eol-style
+ native
Copied: trunk/ca-certificates-java/src/main/java/org/debian/security/Exceptions.java (from rev 17921, trunk/ca-certificates-java/Exceptions.java)
===================================================================
--- trunk/ca-certificates-java/src/main/java/org/debian/security/Exceptions.java (rev 0)
+++ trunk/ca-certificates-java/src/main/java/org/debian/security/Exceptions.java 2014-03-24 10:31:35 UTC (rev 17922)
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2012 Damien Raude-Morvan <drazzib at debian.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+package org.debian.security;
+
+/**
+ * Custom exceptions used by {@link UpdateCertificates}
+ *
+ * @author Damien Raude-Morvan <drazzib at debian.org>
+ */
+public class Exceptions {
+
+ /**
+ * Data send in stdin is invalid (neither "+" or "-" command).
+ */
+ public static class UnknownInput extends Exception {
+ private static final long serialVersionUID = 5698253678856993527L;
+ public UnknownInput(final String message) {
+ super(message);
+ }
+
+ }
+
+ /**
+ * Unable to save keystore to provided location.
+ */
+ public static class UnableToSaveKeystore extends Exception {
+ private static final long serialVersionUID = 3632154306237688490L;
+ public UnableToSaveKeystore(final String message, final Exception e) {
+ super(message, e);
+ }
+
+ }
+
+ /**
+ * Unable to open keystore from provided location (might be an invalid password
+ * or IO error).
+ */
+ public static class InvalidKeystorePassword extends Exception {
+ private static final long serialVersionUID = 7004201816889107694L;
+ public InvalidKeystorePassword(final String message, final Exception e) {
+ super(message, e);
+ }
+
+ }
+
+}
Copied: trunk/ca-certificates-java/src/main/java/org/debian/security/UpdateCertificates.java (from rev 17921, trunk/ca-certificates-java/UpdateCertificates.java)
===================================================================
--- trunk/ca-certificates-java/src/main/java/org/debian/security/UpdateCertificates.java (rev 0)
+++ trunk/ca-certificates-java/src/main/java/org/debian/security/UpdateCertificates.java 2014-03-24 10:31:35 UTC (rev 17922)
@@ -0,0 +1,225 @@
+/*
+ * Copyright (C) 2011 Torsten Werner <twerner at debian.org>
+ * Copyright (C) 2012 Damien Raude-Morvan <drazzib at debian.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+package org.debian.security;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.Reader;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+
+/**
+ * This code is a re-implementation of the idea from Ludwig Nussel found in
+ * https://github.com/openSUSE/ca-certificates/blob/41917f5a/keystore.java
+ * for the Debian operating system. It updates the global JVM keystore.
+ *
+ * @author Torsten Werner
+ * @author Damien Raude-Morvan
+ */
+public class UpdateCertificates {
+
+ private char[] password = null;
+
+ private String ksFilename = null;
+
+ private KeyStore ks = null;
+
+ private CertificateFactory certFactory = null;
+
+ public static void main(String[] args) throws IOException, GeneralSecurityException {
+ String passwordString = "changeit";
+ if (args.length == 2 && args[0].equals("-storepass")) {
+ passwordString = args[1];
+ }
+ else if (args.length > 0) {
+ System.err.println("Usage: java UpdateCertificates [-storepass <password>]");
+ System.exit(1);
+ }
+
+ try {
+ UpdateCertificates uc = new UpdateCertificates(passwordString, "/etc/ssl/certs/java/cacerts");
+ // Force reading of inputstream in UTF-8
+ uc.processChanges(new InputStreamReader(System.in, "UTF8"));
+ uc.writeKeyStore();
+ } catch (Exceptions.InvalidKeystorePassword e) {
+ e.printStackTrace(System.err);
+ System.exit(1);
+ } catch (Exceptions.UnableToSaveKeystore e) {
+ e.printStackTrace(System.err);
+ System.exit(1);
+ }
+ }
+
+ public UpdateCertificates(final String passwordString, final String keystoreFile) throws IOException, GeneralSecurityException, Exceptions.InvalidKeystorePassword {
+ this.password = passwordString.toCharArray();
+ this.ksFilename = keystoreFile;
+ this.ks = openKeyStore();
+ this.certFactory = CertificateFactory.getInstance("X.509");
+ }
+
+ /**
+ * Try to open a existing keystore or create an new one.
+ */
+ private KeyStore openKeyStore() throws GeneralSecurityException, IOException, Exceptions.InvalidKeystorePassword {
+ KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+ File certInputFile = new File(this.ksFilename);
+ FileInputStream certInputStream = null;
+ if (certInputFile.canRead()) {
+ certInputStream = new FileInputStream(certInputFile);
+ }
+ try {
+ ks.load(certInputStream, this.password);
+ }
+ catch (IOException e) {
+ throw new Exceptions.InvalidKeystorePassword("Cannot open Java keystore. Is the password correct?", e);
+ }
+ if (certInputStream != null) {
+ certInputStream.close();
+ }
+ return ks;
+ }
+
+ /**
+ * Until reader EOF, try to read changes and send each to {@link #parseLine(String)}.
+ */
+ protected void processChanges(final Reader reader)
+ throws IOException, GeneralSecurityException {
+ String line;
+ BufferedReader bufferedStdinReader = new BufferedReader(reader);
+ while((line = bufferedStdinReader.readLine()) != null) {
+ try {
+ parseLine(line);
+ } catch (Exceptions.UnknownInput e) {
+ System.err.println("Unknown input: " + line);
+ // Keep processing for others lines
+ }
+ }
+ }
+
+ /**
+ * Parse given line to choose between {@link #addAlias(String, Certificate)}
+ * or {@link #deleteAlias(String)}.
+ */
+ protected void parseLine(final String line)
+ throws GeneralSecurityException, IOException, Exceptions.UnknownInput {
+ assert this.ks != null;
+
+ String path = line.substring(1);
+ String filename = path.substring(path.lastIndexOf("/") + 1);
+ String alias = "debian:" + filename;
+ if(line.startsWith("+")) {
+ Certificate cert = loadCertificate(path);
+ if (cert == null) {
+ return;
+ }
+ addAlias(alias, cert);
+ }
+ else if (line.startsWith("-")) {
+ deleteAlias(alias);
+ // Remove old non-prefixed aliases, too. This code should be
+ // removed after the release of Wheezy.
+ deleteAlias(filename);
+ }
+ else {
+ throw new Exceptions.UnknownInput(line);
+ }
+ }
+
+ /**
+ * Delete cert in keystore at given alias.
+ */
+ private void deleteAlias(final String alias) throws GeneralSecurityException {
+ assert this.ks != null;
+
+ if (contains(alias)) {
+ System.out.println("Removing " + alias);
+ this.ks.deleteEntry(alias);
+ }
+ }
+
+ /**
+ * Add or replace existing cert in keystore with given alias.
+ */
+ private void addAlias(final String alias, final Certificate cert)
+ throws KeyStoreException {
+ assert this.ks != null;
+
+ if(contains(alias)) {
+ System.out.println("Replacing " + alias);
+ this.ks.deleteEntry(alias);
+ }
+ else {
+ System.out.println("Adding " + alias);
+ }
+ this.ks.setCertificateEntry(alias, cert);
+ }
+
+ /**
+ * Returns true when alias exist in keystore.
+ */
+ protected boolean contains(String alias) throws KeyStoreException {
+ assert this.ks != null;
+
+ return this.ks.containsAlias(alias);
+ }
+
+ /**
+ * Try to load a certificate instance from given path.
+ */
+ private Certificate loadCertificate(final String path) {
+ assert this.certFactory != null;
+
+ Certificate cert = null;
+ try {
+ FileInputStream certFile = new FileInputStream(path);
+ cert = this.certFactory.generateCertificate(certFile);
+ certFile.close();
+ }
+ catch (Exception e) {
+ System.err.println("Warning: there was a problem reading the certificate file " +
+ path + ". Message:\n " + e.getMessage());
+ }
+ return cert;
+ }
+
+ /**
+ * Write actual keystore content to disk.
+ */
+ protected void writeKeyStore() throws GeneralSecurityException, Exceptions.UnableToSaveKeystore {
+ assert this.ks != null;
+
+ try {
+ FileOutputStream certOutputFile = new FileOutputStream(this.ksFilename);
+ this.ks.store(certOutputFile, this.password);
+ certOutputFile.close();
+ }
+ catch (IOException e) {
+ throw new Exceptions.UnableToSaveKeystore("There was a problem saving the new Java keystore.", e);
+ }
+ }
+}
Copied: trunk/ca-certificates-java/src/test/java/org/debian/security/UpdateCertificatesTest.java (from rev 17921, trunk/ca-certificates-java/UpdateCertificatesTest.java)
===================================================================
--- trunk/ca-certificates-java/src/test/java/org/debian/security/UpdateCertificatesTest.java (rev 0)
+++ trunk/ca-certificates-java/src/test/java/org/debian/security/UpdateCertificatesTest.java 2014-03-24 10:31:35 UTC (rev 17922)
@@ -0,0 +1,223 @@
+/*
+ * Copyright (C) 2012 Damien Raude-Morvan <drazzib at debian.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+package org.debian.security;
+
+import java.io.File;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+
+import junit.framework.Assert;
+
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * Tests for {@link UpdateCertificates}.
+ *
+ * @author Damien Raude-Morvan
+ */
+public class UpdateCertificatesTest {
+
+ private static final String ALIAS_CACERT = "debian:spi-cacert-2008.crt";
+ private static final String INVALID_CACERT = "x/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt";
+ private static final String REMOVE_CACERT = "-/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt";
+ private static final String ADD_CACERT = "+/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt";
+
+ private String ksFilename = null;
+ private String ksPassword = null;
+
+ @Before
+ public void start() {
+ this.ksFilename = "./tests-cacerts";
+ this.ksPassword = "changeit";
+ // Delete any previous file
+ File keystore = new File(this.ksFilename);
+ keystore.delete();
+ }
+
+ /**
+ * Test a simple open then write without any modification.
+ */
+ @Test
+ public void testNoop() throws IOException, GeneralSecurityException,
+ Exceptions.InvalidKeystorePassword, Exceptions.UnableToSaveKeystore {
+ UpdateCertificates uc = new UpdateCertificates(this.ksPassword,
+ this.ksFilename);
+ uc.writeKeyStore();
+ }
+
+ /**
+ * Test a to open a keystore and write without any modification
+ * and then try to open it again with wrong password : will throw a
+ * InvalidKeystorePassword
+ */
+ @Test
+ public void testWriteThenOpenWrongPwd() throws IOException,
+ GeneralSecurityException, Exceptions.UnableToSaveKeystore {
+ try {
+ UpdateCertificates uc = new UpdateCertificates(this.ksPassword,
+ this.ksFilename);
+ uc.writeKeyStore();
+ } catch (Exceptions.InvalidKeystorePassword e) {
+ Assert.fail();
+ }
+
+ try {
+ UpdateCertificates uc = new UpdateCertificates("wrongpassword",
+ this.ksFilename);
+ Assert.fail();
+ uc.writeKeyStore();
+ } catch (Exceptions.InvalidKeystorePassword e) {
+ Assert.assertEquals(
+ "Cannot open Java keystore. Is the password correct?",
+ e.getMessage());
+ }
+ }
+
+ /**
+ * Test a to open a keystore then remove its backing File (and replace it
+ * with a directory with the same name) and try to write in to disk :
+ * will throw an UnableToSaveKeystore
+ */
+ @Test
+ public void testDeleteThenWrite() throws IOException,
+ GeneralSecurityException, Exceptions.InvalidKeystorePassword {
+ try {
+ UpdateCertificates uc = new UpdateCertificates(this.ksPassword,
+ this.ksFilename);
+
+ // Replace actual file by a directory !
+ File keystore = new File(this.ksFilename);
+ keystore.delete();
+ keystore.mkdir();
+
+ // Will fail with some IOException
+ uc.writeKeyStore();
+ Assert.fail();
+ } catch (Exceptions.UnableToSaveKeystore e) {
+ Assert.assertEquals(
+ "There was a problem saving the new Java keystore.",
+ e.getMessage());
+ }
+ }
+
+ /**
+ * Try to send an invalid command ("x") in parseLine : throw UnknownInput
+ */
+ @Test
+ public void testWrongCommand() throws IOException,
+ GeneralSecurityException, Exceptions.InvalidKeystorePassword {
+ UpdateCertificates uc = new UpdateCertificates(this.ksPassword,
+ this.ksFilename);
+ try {
+ uc.parseLine(INVALID_CACERT);
+ Assert.fail();
+ } catch (Exceptions.UnknownInput e) {
+ Assert.assertEquals(INVALID_CACERT, e.getMessage());
+ }
+ }
+
+ /**
+ * Test to insert a valid certificate and then check if it's really in KS.
+ */
+ @Test
+ public void testAdd() throws IOException, GeneralSecurityException,
+ Exceptions.UnknownInput, Exceptions.InvalidKeystorePassword,
+ Exceptions.UnableToSaveKeystore {
+ UpdateCertificates uc = new UpdateCertificates(this.ksPassword,
+ this.ksFilename);
+ uc.parseLine(ADD_CACERT);
+ uc.writeKeyStore();
+
+ Assert.assertEquals(true, uc.contains(ALIAS_CACERT));
+ }
+
+ /**
+ * Test to insert a invalide certificate : no exception, but check there
+ * is no alias created with that name
+ */
+ @Test
+ public void testAddInvalidCert() throws IOException,
+ GeneralSecurityException, Exceptions.UnknownInput,
+ Exceptions.InvalidKeystorePassword, Exceptions.UnableToSaveKeystore {
+ UpdateCertificates uc = new UpdateCertificates(this.ksPassword,
+ this.ksFilename);
+ uc.parseLine("+/usr/share/ca-certificates/null.crt");
+ uc.writeKeyStore();
+
+ Assert.assertEquals(false, uc.contains("debian:null.crt"));
+ }
+
+ /**
+ * Try to add same certificate multiple time : we replace it and
+ * there is only one alias.
+ */
+ @Test
+ public void testReplace() throws IOException, GeneralSecurityException,
+ Exceptions.UnknownInput, Exceptions.InvalidKeystorePassword,
+ Exceptions.UnableToSaveKeystore {
+ UpdateCertificates uc = new UpdateCertificates(this.ksPassword,
+ this.ksFilename);
+ uc.parseLine(ADD_CACERT);
+ uc.parseLine(ADD_CACERT);
+ uc.writeKeyStore();
+
+ Assert.assertEquals(true, uc.contains(ALIAS_CACERT));
+ }
+
+ /**
+ * Try to remove a non-existant certificate : it's a no-op.
+ */
+ @Test
+ public void testRemove() throws IOException, GeneralSecurityException,
+ Exceptions.UnknownInput, Exceptions.InvalidKeystorePassword,
+ Exceptions.UnableToSaveKeystore {
+ UpdateCertificates uc = new UpdateCertificates(this.ksPassword,
+ this.ksFilename);
+ uc.parseLine(REMOVE_CACERT);
+ uc.writeKeyStore();
+
+ // We start with empty KS, so it shouldn't do anything
+ Assert.assertEquals(false, uc.contains(ALIAS_CACERT));
+ }
+
+ /**
+ * Try to add cert, write to disk, then open keystore again and remove.
+ */
+ @Test
+ public void testAddThenRemove() throws IOException,
+ GeneralSecurityException, Exceptions.UnknownInput,
+ Exceptions.InvalidKeystorePassword, Exceptions.UnableToSaveKeystore {
+ UpdateCertificates ucAdd = new UpdateCertificates(this.ksPassword,
+ this.ksFilename);
+ ucAdd.parseLine(ADD_CACERT);
+ ucAdd.writeKeyStore();
+
+ Assert.assertEquals(true, ucAdd.contains(ALIAS_CACERT));
+
+ UpdateCertificates ucRemove = new UpdateCertificates(this.ksPassword,
+ this.ksFilename);
+ ucRemove.parseLine(REMOVE_CACERT);
+ ucRemove.writeKeyStore();
+
+ Assert.assertEquals(false, ucRemove.contains(ALIAS_CACERT));
+ }
+
+}
More information about the pkg-java-commits
mailing list