Skip to content

Commit

Permalink
the missing upgrade for bouncycastle
Browse files Browse the repository at this point in the history
  • Loading branch information
@flybyray
flybyray committed May 25, 2017
1 parent 1e80b6e commit c46a8a1
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 14 deletions.
3 changes: 2 additions & 1 deletion framework/dependencies.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,8 @@ require: &allDependencies
- oauth.signpost -> signpost-core 1.2.1.2
- org.apache.geronimo.specs -> geronimo-servlet_2.5_spec 1.2
- org.apache.ivy -> ivy 2.4.0
- org.bouncycastle -> bcprov-jdk15 1.46
- org.bouncycastle -> bcprov-jdk15on 157
- org.bouncycastle -> bcpkix-jdk15on 157
- org.codehaus.groovy -> groovy-all 2.4.11
- org.eclipse.jdt.core 3.12.3
- org.hibernate -> hibernate-core 5.2.10.patched
Expand Down
Binary file added framework/lib/bcpkix-jdk15on-157.jar
View file
Binary file not shown.
Binary file removed framework/lib/bcprov-jdk15-1.46.jar
View file
Binary file not shown.
Binary file added framework/lib/bcprov-jdk15on-157.jar
View file
Binary file not shown.
32 changes: 19 additions & 13 deletions framework/src/play/server/ssl/SslHttpServerContextFactory.java
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
package play.server.ssl;

import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMReader;
import org.bouncycastle.openssl.PasswordFinder;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import play.Logger;
import play.Play;

Expand Down Expand Up @@ -84,10 +88,20 @@ public PEMKeyManager() {
final Properties p = Play.configuration;
String keyFile = p.getProperty("certificate.key.file", "conf/host.key");

try (PEMReader keyReader = new PEMReader(new FileReader(Play.getFile(keyFile)), new PEMPasswordFinder())) {
key = ((KeyPair) keyReader.readObject()).getPrivate();
try (PEMParser keyReader = new PEMParser(new FileReader(Play.getFile(keyFile)))) {
final Object object = keyReader.readObject();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
final KeyPair keyPair;
if (object instanceof PEMEncryptedKeyPair) {
PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder()
.build(Play.configuration.getProperty("certificate.password", "secret").toCharArray());
keyPair = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
} else {
keyPair = converter.getKeyPair((PEMKeyPair) object);
}
key = keyPair.getPrivate();

try (PEMReader reader = new PEMReader(new FileReader(Play.getFile(p.getProperty("certificate.file", "conf/host.cert"))))) {
try (PEMParser reader = new PEMParser(new FileReader(Play.getFile(p.getProperty("certificate.file", "conf/host.cert"))))) {
X509Certificate cert;
List<X509Certificate> chainVector = new ArrayList<>();

Expand Down Expand Up @@ -136,12 +150,4 @@ public PrivateKey getPrivateKey(String s) {
return key;
}
}

private static class PEMPasswordFinder implements PasswordFinder {
@Override
public char[] getPassword() {
return Play.configuration.getProperty("certificate.password", "secret").toCharArray();
}
}

}

0 comments on commit c46a8a1

Please sign in to comment.