Yair Zaslavsky has uploaded a new change for review.
Change subject: engine: Fix fingerprint presentation in case of non self signed
certificate
......................................................................
engine: Fix fingerprint presentation in case of non self signed certificate
The fingerprint to be presented is of the issuer certificate in this case.
Change-Id: I2dfb1db6fbaa387812a1113b244cd0d6b05c0530
Signed-off-by: Yair Zaslavsky <yzasl...@redhat.com>
---
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetProviderCertificateChainQuery.java
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/CertificateInfo.java
M
frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/providers/ProviderModel.java
3 files changed, 35 insertions(+), 5 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/36/36936/1
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetProviderCertificateChainQuery.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetProviderCertificateChainQuery.java
index ae871af..0dfb7cb 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetProviderCertificateChainQuery.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetProviderCertificateChainQuery.java
@@ -39,7 +39,7 @@
List<CertificateInfo> results = new
ArrayList<CertificateInfo>();
for (Certificate cert : chain) {
if (cert instanceof X509Certificate) {
- results.add(createCertificateInfo((X509Certificate)
cert));
+ results.add(createCertificateInfo(chain,
(X509Certificate) cert));
}
}
getQueryReturnValue().setReturnValue(results);
@@ -50,9 +50,17 @@
}
}
- private CertificateInfo createCertificateInfo(X509Certificate cert) throws
GeneralSecurityException {
+ private CertificateInfo createCertificateInfo(List<? extends Certificate>
chain, X509Certificate cert)
+ throws GeneralSecurityException {
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
sha1.update(cert.getEncoded());
+ X509Certificate issuer = null;
+ for (Certificate currentCert : chain) {
+ if (((X509Certificate)
currentCert).getSubjectX500Principal().equals(cert.getIssuerX500Principal())) {
+ issuer = (X509Certificate) currentCert;
+ break;
+ }
+ }
boolean selfSigned = false;
try {
@@ -62,9 +70,16 @@
// ignore
}
+ MessageDigest issuerSha1 = MessageDigest.getInstance("SHA1");
+ String issuerFingerprint = null;
+ if (issuer != null) {
+ sha1.update(issuer.getEncoded());
+ issuerFingerprint = Hex.encodeHexString(issuerSha1.digest());
+ }
+
return new CertificateInfo(new
Base64(0).encodeToString(cert.getEncoded()),
cert.getSubjectX500Principal().toString(),
cert.getIssuerX500Principal().toString(),
- selfSigned, Hex.encodeHexString(sha1.digest()));
+ selfSigned, Hex.encodeHexString(sha1.digest()),
issuerFingerprint);
}
}
diff --git
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/CertificateInfo.java
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/CertificateInfo.java
index fb191cb..9f762b9 100644
---
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/CertificateInfo.java
+++
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/CertificateInfo.java
@@ -10,16 +10,23 @@
private String issuer;
private String sha1Fingerprint;
private boolean selfSigned;
+ private String issuerFingerprint;
public CertificateInfo() {
}
- public CertificateInfo(String payload, String subject, String issuer,
boolean selfSigned, String sha1Fingerprint) {
+ public CertificateInfo(String payload,
+ String subject,
+ String issuer,
+ boolean selfSigned,
+ String sha1Fingerprint,
+ String issuerFingerprint) {
this.payload = payload;
this.subject = subject;
this.issuer = issuer;
this.selfSigned = selfSigned;
this.sha1Fingerprint = sha1Fingerprint;
+ this.issuerFingerprint = issuerFingerprint;
}
public String getPayload() {
@@ -62,4 +69,12 @@
this.sha1Fingerprint = sha1Fingerprint;
}
+ public void setSHA1IssuerFingerprint(String sha1Fingerprint) {
+ this.issuerFingerprint = sha1Fingerprint;
+ }
+
+ public String getSHA1IssuerFingerprint() {
+ return issuerFingerprint;
+ }
+
}
diff --git
a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/providers/ProviderModel.java
b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/providers/ProviderModel.java
index 813759a..23cdc91 100644
---
a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/providers/ProviderModel.java
+++
b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/providers/ProviderModel.java
@@ -391,7 +391,7 @@
} else {
confirmationModel.setMessage(
ConstantsManager.getInstance().getMessages().approveCertificateTrust(
- certInfo.getSubject(), certInfo.getIssuer(),
certInfo.getSHA1Fingerprint()));
+ certInfo.getSubject(), certInfo.getIssuer(),
certInfo.getSHA1IssuerFingerprint()));
}
confirmationModel.setTitle(ConstantsManager.getInstance().getConstants().importProviderCertificateTitle());
confirmationModel.setHelpTag(HelpTag.import_provider_certificate);
--
To view, visit http://gerrit.ovirt.org/36936
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I2dfb1db6fbaa387812a1113b244cd0d6b05c0530
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
