From 35c28ddda8dd6217a7fdfc2002e3ac5141229a9b Mon Sep 17 00:00:00 2001 From: Chris Barbara Date: Thu, 13 Aug 2015 16:26:20 -0700 Subject: [PATCH] Support certificate chains in cert.pem Issue 294 --- .../dockerjava/core/CertificateUtils.java | 34 +++++++++++++------ 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/src/main/java/com/github/dockerjava/core/CertificateUtils.java b/src/main/java/com/github/dockerjava/core/CertificateUtils.java index 7490ba54e..13482b0a1 100644 --- a/src/main/java/com/github/dockerjava/core/CertificateUtils.java +++ b/src/main/java/com/github/dockerjava/core/CertificateUtils.java @@ -1,5 +1,11 @@ package com.github.dockerjava.core; +import org.apache.commons.io.IOUtils; +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +import org.bouncycastle.openssl.PEMKeyPair; +import org.bouncycastle.openssl.PEMParser; + import java.io.BufferedReader; import java.io.File; import java.io.FileReader; @@ -16,12 +22,8 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; - -import org.apache.commons.io.IOUtils; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; -import org.bouncycastle.openssl.PEMKeyPair; -import org.bouncycastle.openssl.PEMParser; +import java.util.ArrayList; +import java.util.List; public class CertificateUtils { @@ -41,13 +43,13 @@ public static boolean verifyCertificatesExist(String dockerCertPath) { public static KeyStore createKeyStore(final String dockerCertPath) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, CertificateException, KeyStoreException { KeyPair keyPair = loadPrivateKey(dockerCertPath); - Certificate privateCertificate = loadCertificate(dockerCertPath); + List privateCertificates = loadCertificates(dockerCertPath); KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null); keyStore.setKeyEntry("docker", keyPair.getPrivate(), "docker".toCharArray(), - new Certificate[] { privateCertificate }); + privateCertificates.toArray(new Certificate[privateCertificates.size()]) ); return keyStore; } @@ -80,15 +82,25 @@ public static KeyStore createTrustStore(final String dockerCertPath) throws IOEx } - private static Certificate loadCertificate(final String dockerCertPath) throws IOException, CertificateException { + private static List loadCertificates(final String dockerCertPath) throws IOException, CertificateException { File certificate = new File(dockerCertPath, "cert.pem"); BufferedReader reader = new BufferedReader(new FileReader(certificate)); PEMParser pemParser = null; try { + List certificates = new ArrayList<>(); pemParser = new PEMParser(reader); - X509CertificateHolder certificateHolder = (X509CertificateHolder) pemParser.readObject(); - return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder); + JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter().setProvider("BC"); + Object certObj = pemParser.readObject(); + + while (certObj != null) { + X509CertificateHolder certificateHolder = (X509CertificateHolder) certObj; + certificates.add(certificateConverter.getCertificate(certificateHolder)); + + certObj = pemParser.readObject(); + } + + return certificates; } finally { if (pemParser != null) { IOUtils.closeQuietly(pemParser);