Changeset 7349

Timestamp:

Apr 28, 2017, 1:18:19 PM (6 years ago)

Author:

Nicklas Nordborg

Message:

Fixes #2082: Fix problems with short-lived SSL certificate in TestFile?

Location:

branches/3.10-stable/src/test

Files:

• TestFileServer.java (modified) (3 diffs)
• data/base.onk.lu.se.crt (deleted)

branches/3.10-stable/src/test/TestFileServer.java

@@ -26 +26 @@
 import java.io.ByteArrayOutputStream;
 import java.io.FileInputStream;
+import java.io.FileWriter;
+import java.security.SecureRandom;
+import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
+import java.util.Base64;
 import java.util.Set;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
 
 public class TestFileServer
@@ -75 +85 @@
       if (serverCertificateFile != null)
       {
+        java.io.File certFile = new java.io.File(serverCertificateFile);
+        if (!certFile.exists())
+        {
+          downloadCertificate(name, certFile);
+        }
+        
         ByteArrayOutputStream out = new ByteArrayOutputStream();
-        FileUtil.copy(new FileInputStream(serverCertificateFile), out);
+        FileUtil.copy(new FileInputStream(certFile), out);
         out.close();
         fs.setServerCertificate(out.toByteArray());
@@ -223 +239 @@
     System.out.println(message);
   }
+  
+  private static void downloadCertificate(String host, java.io.File certFile)
+    throws Exception
+  {
+    // TrustManager implemenation that trusts all certificates
+    
+    TrustManager trustAll = new X509TrustManager()
+    {
+      @Override
+      public X509Certificate[] getAcceptedIssuers()
+      {
+        return null;
+      }
+      @Override
+      public void checkClientTrusted(X509Certificate[] certs, String authType)
+      {}
+      @Override
+      public void checkServerTrusted(X509Certificate[] certs, String authType) 
+      {}
+    };
+    
+    SSLSocket socket = null;
+    FileWriter out = null;
+    try
+    {
+      
+      // Creates a new SSL context and factory with our trust-all trust manager
+      SSLContext sc = SSLContext.getInstance("SSL");
+      sc.init(null, new TrustManager[] { trustAll }, new SecureRandom());
+      SSLSocketFactory factory = sc.getSocketFactory();
+      
+      // Connect to the host
+      socket = (SSLSocket) factory.createSocket(host, 443);
+      socket.startHandshake();
+      
+      // And get the certificate
+      Certificate[] certs = socket.getSession().getPeerCertificates();
+      Certificate cert = certs[0];
+      
+      // Save it to the file
+      out = new FileWriter(certFile);
+      out.write("-----BEGIN CERTIFICATE-----\n");
+      out.write(Base64.getEncoder().encodeToString(cert.getEncoded()));
+      out.write("\n-----END CERTIFICATE-----\n");
+      out.close();
+    }
+    finally
+    {
+      if (socket != null) socket.close();
+      if (out != null) out.close();
+    }
+  }
 }