opencadc · pdowler · Feb 22, 2024 · Feb 21, 2024 · Feb 22, 2024 · Feb 22, 2024
diff --git a/cadc-util/build.gradle b/cadc-util/build.gradle
@@ -16,7 +16,7 @@ sourceCompatibility = 1.8
 
 group = 'org.opencadc'
 
-version = '1.10.7'
+version = '1.11.0'
 
 description = 'OpenCADC core utility library'
 def git_url = 'https://github.com/opencadc/core'
@@ -33,12 +33,12 @@ dependencies {
     compile 'org.apache.logging.log4j:log4j-core:2.17.2'
     compile 'org.apache.logging.log4j:log4j:2.17.2'
 
-    compile 'org.bouncycastle:bcprov-jdk15on:1.46'
+    compile 'org.bouncycastle:bcprov-jdk18on:[1.70,2.0)'
+    compile 'org.bouncycastle:bcpkix-jdk18on:[1.70,2.0)'
     compile 'javax.servlet:javax.servlet-api:3.1.0'
     compile 'org.json:json:20231013'
     compile 'xerces:xercesImpl:[2.12.2,)'
     compile 'org.jdom:jdom2:2.0.6.1'
-    //compile 'org.springframework:spring-jdbc:5.2.22.RELEASE'
     compile 'org.springframework:spring-jdbc:5.2.24.RELEASE'
     compile 'org.apache.commons:commons-dbcp2:[2.8.0,2.9.0)'
 

diff --git a/cadc-util/src/intTest/java/ca/nrc/cadc/auth/SSLUtilTest.java b/cadc-util/src/intTest/java/ca/nrc/cadc/auth/SSLUtilTest.java
@@ -3,7 +3,7 @@
  *******************  CANADIAN ASTRONOMY DATA CENTRE  *******************
  **************  CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES  **************
  *
- *  (c) 2016.                            (c) 2016.
+ *  (c) 2024.                            (c) 2024.
  *  Government of Canada                 Gouvernement du Canada
  *  National Research Council            Conseil national de recherches
  *  Ottawa, Canada, K1A 0R6              Ottawa, Canada, K1A 0R6
@@ -81,6 +81,7 @@
 import java.security.cert.CertificateNotYetValidException;
 import java.util.Calendar;
 import java.util.GregorianCalendar;
+import java.util.Set;
 import javax.net.SocketFactory;
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLHandshakeException;
@@ -171,7 +172,7 @@ public static void setUpBeforeClass() throws Exception
         Log4jInit.setLevel("ca.nrc.cadc.auth", Level.INFO);
         SSL_PEM = FileUtil.getFileFromResource(TEST_PEM_FN, SSLUtilTest.class);
     }
-
+    
     @Test
     public void testReadPem() throws Exception
     {
@@ -225,6 +226,72 @@ public void testGetSocketFactoryFromFile() throws Exception
             Assert.fail("unexpected exception: " + t);
         }
     }
+
+    @Test
+    public void testReadCert() {
+        try {
+            File f = new File(System.getProperty("user.home") + "/.ssl/" + System.getProperty("user.name") + ".pem");
+            log.info("in: " + f.getAbsolutePath());
+
+            Subject s = SSLUtil.createSubject(f);
+            log.info("created: " + s);
+            Assert.assertFalse(s.getPrincipals().isEmpty());
+
+            Set<X509CertificateChain> cs = s.getPublicCredentials(X509CertificateChain.class);
+            Assert.assertFalse("chain", cs.isEmpty());
+            X509CertificateChain chain = cs.iterator().next();
+            Assert.assertNotNull(chain.getChain());
+            Assert.assertEquals(1, chain.getChain().length);
+            Assert.assertNotNull(chain.getPrivateKey());
+        } catch (Exception unexpected) {
+            log.error("unexpected exception", unexpected);
+            Assert.fail("unexpected exception: " + unexpected);
+        }
+    }
+
+    @Test
+    public void testReadUserProxyCert() {
+        try {
+            File f = new File(System.getProperty("user.home") + "/.ssl/cadcproxy.pem");
+            log.info("in: " + f.getAbsolutePath());
+
+            Subject s = SSLUtil.createSubject(f);
+            log.info("created: " + s);
+            Assert.assertFalse(s.getPrincipals().isEmpty());
+
+            Set<X509CertificateChain> cs = s.getPublicCredentials(X509CertificateChain.class);
+            Assert.assertFalse("chain", cs.isEmpty());
+            X509CertificateChain chain = cs.iterator().next();
+            Assert.assertNotNull(chain.getChain());
+            Assert.assertEquals(2, chain.getChain().length);
+            Assert.assertNotNull(chain.getPrivateKey());
+        } catch (Exception unexpected) {
+            log.error("unexpected exception", unexpected);
+            Assert.fail("unexpected exception: " + unexpected);
+        }
+    }
+
+    @Test
+    public void testReadProxyCert() {
+        try {
+            File f = SSL_PEM;
+            log.info("in: " + f.getAbsolutePath());
+
+            Subject s = SSLUtil.createSubject(f);
+            log.info("created: " + s);
+            Assert.assertFalse(s.getPrincipals().isEmpty());
+
+            Set<X509CertificateChain> cs = s.getPublicCredentials(X509CertificateChain.class);
+            Assert.assertFalse("chain", cs.isEmpty());
+            X509CertificateChain chain = cs.iterator().next();
+            Assert.assertNotNull(chain.getChain());
+            Assert.assertEquals(2, chain.getChain().length);
+            Assert.assertNotNull(chain.getPrivateKey());
+        } catch (Exception unexpected) {
+            log.error("unexpected exception", unexpected);
+            Assert.fail("unexpected exception: " + unexpected);
+        }
+    }
 
     @Test
     public void testInitSSL() throws Exception
@@ -287,51 +354,6 @@ public void testCadcHTTPS() throws Exception
         }
     }
 
-    @Test
-    public void testPrivateKeyParser() throws Exception
-    {
-        // tests the parser with different size keys
-        // 512 bit
-        byte[] privateKey = SSLUtil.getPrivateKey(KEY_512.getBytes());
-        try
-        {
-            log.debug("test parsing of RSA 512 bit key: ");
-            SSLUtil.parseKeySpec(privateKey);
-        }
-        catch (Throwable t)
-        {
-            t.printStackTrace();
-            Assert.fail("unexpected exception: " + t);
-        }
-
-        // 1024 bit
-        privateKey = SSLUtil.getPrivateKey(KEY_1024.getBytes());
-        try
-        {
-            log.debug("test parsing of RSA 1024 bit key: ");
-            SSLUtil.parseKeySpec(privateKey);
-        }
-        catch (Throwable t)
-        {
-            t.printStackTrace();
-            Assert.fail("unexpected exception: " + t);
-        }
-
-        // 2048 bit
-        privateKey = SSLUtil.getPrivateKey(KEY_2048.getBytes());
-        try
-        {
-            log.debug("test parsing of RSA 2048 bit key: ");
-            SSLUtil.parseKeySpec(privateKey);
-        }
-        catch (Throwable t)
-        {
-            t.printStackTrace();
-            Assert.fail("unexpected exception: " + t);
-        }
-
-    }
-
     @Test
     public void testValidSubject() throws Exception
     {

diff --git a/cadc-util/src/main/java/ca/nrc/cadc/auth/CertCmdArgUtil.java b/cadc-util/src/main/java/ca/nrc/cadc/auth/CertCmdArgUtil.java
@@ -132,16 +132,6 @@ private static Subject initSubjectByPem(String fnPem, boolean nullOnNotFound) {
         return SSLUtil.createSubject(certKeyFile);
     }
 
-    private static Subject initSubjectByCertKey(String fnCert, String fnKey, boolean nullOnNotFound) {
-        File certFile = loadFile(fnCert, nullOnNotFound);
-        File keyFile = loadFile(fnKey, nullOnNotFound);
-        if (nullOnNotFound && certFile == null && keyFile == null) {
-            return null;
-        }
-
-        return SSLUtil.createSubject(certFile, keyFile);
-    }
-
     /**
      * Init a subject from the command line and throw an exception if not
      * successful.
@@ -181,37 +171,8 @@ public static Subject initSubject(ArgumentMap argMap, boolean returnNullOnNotFou
         Subject subject = null;
 
         if (argMap.isSet(ARG_CERT)) {
-            if (argMap.isSet(ARG_KEY)) {
-                // load from cert/key
-                strCert = argMap.getValue(ARG_CERT);
-                strKey = argMap.getValue(ARG_KEY);
-                subject = initSubjectByCertKey(strCert, strKey, false);
-            } else {
-                // load from cert pem
-                strCertKey = argMap.getValue(ARG_CERT);
-                subject = initSubjectByPem(strCertKey, false);
-            }
-        } else {
-            // load from default
-            strCertKey = userHome + DFT_CERTKEY_FILE;
-            strCert = userHome + DFT_CERT_FILE;
-            strKey = userHome + DFT_KEY_FILE;
-            try {
-                subject = initSubjectByPem(strCertKey, returnNullOnNotFound);
-            } catch (RuntimeException ex1) {
-
-                // Default PEM file not exists or is not readable
-                if (subject == null) {
-                    try {
-                        subject = initSubjectByCertKey(strCert, strKey, returnNullOnNotFound);
-                    } catch (RuntimeException ex2) {
-                        if (!returnNullOnNotFound) {
-                            throw new RuntimeException("Could not find valid certificate files at " + strCertKey
-                                    + " or " + strCert + "," + strKey, ex2);
-                        }
-                    }
-                }
-            }
+            strCertKey = argMap.getValue(ARG_CERT);
+            subject = initSubjectByPem(strCertKey, false);
         }
         return subject;
     }