Context Navigation

← Previous Change
Next Change →

openstreetmap

Timestamp:

2016-03-30T18:38:06+02:00 (9 years ago)

Author:

wiktorn

Message:

Check for certificate SHA-2 fingerprint instead of SHA-2 of PEM file.

Fixes problems due to different line endings on different systems / builds on Windows

Closes: #12264

File:

: 1 edited

trunk/src/org/openstreetmap/josm/io/CertificateAmendment.java (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/src/org/openstreetmap/josm/io/CertificateAmendment.java

-              r10079
+              r10083
     private static final String[] SHA_HASHES = {
         "139a5e4a4e0fa505378c72c5f700934ce8333f4e6b1b508886c4b0eb14f4be99",
         "916a8f9232328192968c81c8edb672fa539f726861dfe379ca722050e19962cd"
+        "0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739",
+        "c766a9bef2d4071c863a31aa4920e813b2d198608cb7b7cfe21143b836df09ea"
     };
 …
         for (int i = 0; i < CERT_AMEND.length; i++) {
             CachedFile certCF = new CachedFile(CERT_AMEND[i]);
+            MessageDigest md;
+            byte[] certBytes = certCF.getByteContent();
+            ByteArrayInputStream certIS = new ByteArrayInputStream(certBytes);
+            X509Certificate cert;
             try {
+                md = MessageDigest.getInstance("SHA-256");
+                cert = (X509Certificate) cf.generateCertificate(certIS);
+                MessageDigest md = MessageDigest.getInstance("SHA-256");
+                String sha1 = Utils.toHexString(md.digest(cert.getEncoded()));
+                if (!SHA_HASHES[i].equals(sha1)) {
+                    throw new RuntimeException(tr("Error adding certificate {0} - certificate fingerprint mismatch. Expected {1}, was {2}",
+                            CERT_AMEND[i],
+                            SHA_HASHES[i],
+                            sha1
+                            ));
+                }
+            } catch (CertificateException ex) {
+                throw new IOException(ex);
             } catch (NoSuchAlgorithmException ex) {
                 throw new RuntimeException(ex);
+            }
-            byte[] certBytes = certCF.getByteContent();
-            byte[] sha = md.digest(certBytes);
-            if (!SHA_HASHES[i].equals(Utils.toHexString(sha)))
-                throw new RuntimeException(tr("Error adding certificate {0} - hash mismatch. Expected {1}, was {2}",
-                        CERT_AMEND[i], SHA_HASHES[i], Utils.toHexString(sha)));
-            ByteArrayInputStream certIS = new ByteArrayInputStream(certBytes);
-            X509Certificate cert;
-            try {
-                cert = (X509Certificate) cf.generateCertificate(certIS);
-            } catch (CertificateException ex) {
-                throw new IOException(ex);
+            }
             if (certificateIsMissing(keyStore, cert)) {

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 10083 in josm for trunk/src/org/openstreetmap

Legend:

trunk/src/org/openstreetmap/josm/io/CertificateAmendment.java

Download in other formats: