Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWinston Prakash2012-01-27 20:19:37 -0500
committerWinston Prakash2012-01-27 20:19:37 -0500
commit6a189b08da2752b3bbbb138dbd20494c9d40e176 (patch)
tree9954d9d915c119a741f313da2b2ddd6d723e1082
parent376606cc1ffa4e012dca9ffd809b8907fc29ae7a (diff)
downloadorg.eclipse.hudson.core-6a189b08da2752b3bbbb138dbd20494c9d40e176.tar.gz
org.eclipse.hudson.core-6a189b08da2752b3bbbb138dbd20494c9d40e176.tar.xz
org.eclipse.hudson.core-6a189b08da2752b3bbbb138dbd20494c9d40e176.zip
Remove the dependency on crypto-util.jar. Import the two small classes in to hudson-core (covered by java.net 2004-2009 license)
-rw-r--r--hudson-core/pom.xml5
-rw-r--r--hudson-core/src/main/java/hudson/model/UpdateSite.java4
-rw-r--r--hudson-core/src/main/java/hudson/util/CertificateUtil.java87
-rw-r--r--hudson-core/src/main/java/hudson/util/SignatureOutputStream.java60
4 files changed, 149 insertions, 7 deletions
diff --git a/hudson-core/pom.xml b/hudson-core/pom.xml
index 5697d2ca..e58c5907 100644
--- a/hudson-core/pom.xml
+++ b/hudson-core/pom.xml
@@ -343,11 +343,6 @@
<groupId>org.eclipse.hudson.main</groupId>
<artifactId>hudson-cli</artifactId>
</dependency>
- <dependency>
- <groupId>org.jvnet.hudson</groupId>
- <artifactId>crypto-util</artifactId>
- <version>${crypto-util.version}</version>
- </dependency>
<dependency>
<groupId>org.kohsuke</groupId>
diff --git a/hudson-core/src/main/java/hudson/model/UpdateSite.java b/hudson-core/src/main/java/hudson/model/UpdateSite.java
index 73e6847a..86356dd2 100644
--- a/hudson-core/src/main/java/hudson/model/UpdateSite.java
+++ b/hudson-core/src/main/java/hudson/model/UpdateSite.java
@@ -24,14 +24,14 @@ import hudson.util.IOUtils;
import hudson.util.JSONCanonicalUtils;
import hudson.util.TextFile;
import hudson.util.VersionNumber;
+import hudson.util.CertificateUtil;
+import hudson.util.SignatureOutputStream;
import static hudson.util.TimeUnit2.DAYS;
import net.sf.json.JSONObject;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
-import org.jvnet.hudson.crypto.CertificateUtil;
-import org.jvnet.hudson.crypto.SignatureOutputStream;
import org.apache.commons.io.output.NullOutputStream;
import org.apache.commons.io.output.TeeOutputStream;
diff --git a/hudson-core/src/main/java/hudson/util/CertificateUtil.java b/hudson-core/src/main/java/hudson/util/CertificateUtil.java
new file mode 100644
index 00000000..b4ae3166
--- /dev/null
+++ b/hudson-core/src/main/java/hudson/util/CertificateUtil.java
@@ -0,0 +1,87 @@
+/*******************************************************************************
+ *
+ * Copyright (c) 2004-2009 Oracle Corporation.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ *
+ * Kohsuke Kawaguchi
+ *
+ *******************************************************************************/
+
+package hudson.util;
+
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertPath;
+import java.security.cert.CertPathValidator;
+import java.security.cert.CertificateFactory;
+import java.security.cert.PKIXCertPathValidatorResult;
+import java.security.cert.PKIXParameters;
+import java.security.cert.TrustAnchor;
+import java.security.cert.X509Certificate;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * Utility code to work around horrible Java Crypto API.
+ *
+ * @author Kohsuke Kawaguchi
+ */
+public class CertificateUtil {
+ /**
+ * Obtains the list of default root CAs installed in the JRE.
+ */
+ public static Set<TrustAnchor> getDefaultRootCAs() throws NoSuchAlgorithmException, KeyStoreException {
+ X509TrustManager x509tm = getDefaultX509TrustManager();
+
+ Set<TrustAnchor> rootCAs = new HashSet<TrustAnchor>();
+ for (X509Certificate c : x509tm.getAcceptedIssuers()) {
+ rootCAs.add(new TrustAnchor(c,null));
+ }
+ return rootCAs;
+ }
+
+ /**
+ * Loads the system default {@link X509TrustManager}.
+ */
+ public static X509TrustManager getDefaultX509TrustManager() throws NoSuchAlgorithmException, KeyStoreException {
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ tmf.init((KeyStore)null);
+
+ for (TrustManager tm : tmf.getTrustManagers()) {
+ if (tm instanceof X509TrustManager) {
+ return (X509TrustManager) tm;
+ }
+ }
+ throw new IllegalStateException("X509TrustManager is not found");
+ }
+
+ /**
+ * Validate a certificate chain. Normal return indicates a successful validation.
+ */
+ public static PKIXCertPathValidatorResult validatePath(List<X509Certificate> certs) throws GeneralSecurityException {
+ return validatePath(certs,getDefaultRootCAs());
+ }
+
+ public static PKIXCertPathValidatorResult validatePath(List<X509Certificate> certs, Set<TrustAnchor> trustAnchors) throws GeneralSecurityException {
+ CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
+ PKIXParameters params = new PKIXParameters(trustAnchors);
+ params.setRevocationEnabled(false);
+
+ CertificateFactory cf = CertificateFactory.getInstance("X509");
+ CertPath path = cf.generateCertPath(certs);
+
+ return (PKIXCertPathValidatorResult) cpv.validate(path, params);
+ }
+}
diff --git a/hudson-core/src/main/java/hudson/util/SignatureOutputStream.java b/hudson-core/src/main/java/hudson/util/SignatureOutputStream.java
new file mode 100644
index 00000000..42231f08
--- /dev/null
+++ b/hudson-core/src/main/java/hudson/util/SignatureOutputStream.java
@@ -0,0 +1,60 @@
+/*******************************************************************************
+ *
+ * Copyright (c) 2004-2009 Oracle Corporation.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ *
+ * Kohsuke Kawaguchi
+ *
+ *******************************************************************************/
+
+package hudson.util;
+
+import org.apache.commons.io.output.NullOutputStream;
+
+import java.security.Signature;
+import java.security.SignatureException;
+import java.io.FilterOutputStream;
+import java.io.OutputStream;
+import java.io.IOException;
+
+/**
+ * @author Kohsuke Kawaguchi
+ */
+public class SignatureOutputStream extends FilterOutputStream {
+ private final Signature sig;
+
+ public SignatureOutputStream(OutputStream out, Signature sig) {
+ super(out);
+ this.sig = sig;
+ }
+
+ public SignatureOutputStream(Signature sig) {
+ this(new NullOutputStream(),sig);
+ }
+
+ @Override
+ public void write(int b) throws IOException {
+ try {
+ sig.update((byte)b);
+ out.write(b);
+ } catch (SignatureException e) {
+ throw (IOException)new IOException(e.getMessage()).initCause(e);
+ }
+ }
+
+ @Override
+ public void write(byte[] b, int off, int len) throws IOException {
+ try {
+ sig.update(b,off,len);
+ out.write(b,off,len);
+ } catch (SignatureException e) {
+ throw (IOException)new IOException(e.getMessage()).initCause(e);
+ }
+ }
+}

Back to the top