Commit 3ed99368 authored by Guus der Kinderen's avatar Guus der Kinderen

Prevent occasional failure of CheckChainTrustedTest

There's one unit test that occasionally fails. This occurs as a result of an unintended
collision. As part of the test, many certificates are generated and stored in keystores.
The alias used for the entry was based on the hashcode of the public ke of the certificate.
The value range of those hashcodes is fairly small (it has only a couple of digits), which
leads to occasional collisions, causing the test to fail.

This commit replaces the hashcode-based alias with the Base64-encoded public key information.
This ensures that aliases for distinct keys are also distinct, while ensuring that the
aliases for equal keys are equal.
parent e464bb87
...@@ -267,6 +267,10 @@ public class OpenfireX509TrustManager implements X509TrustManager ...@@ -267,6 +267,10 @@ public class OpenfireX509TrustManager implements X509TrustManager
// This exception generally isn't very helpful. This block attempts to print more debug information. // This exception generally isn't very helpful. This block attempts to print more debug information.
try try
{ {
Log.debug( "** Accepted Issuers (trust anchors, \"root CA's\"):" );
for ( X509Certificate acceptedIssuer : acceptedIssuers) {
Log.debug( " - " + acceptedIssuer.getSubjectDN() + "/" + acceptedIssuer.getIssuerDN() );
}
Log.debug( "** Chain to be validated:" ); Log.debug( "** Chain to be validated:" );
Log.debug( " length: " + chain.length ); Log.debug( " length: " + chain.length );
for (int i=0; i<chain.length; i++) { for (int i=0; i<chain.length; i++) {
......
...@@ -41,7 +41,7 @@ public class KeystoreTestUtils ...@@ -41,7 +41,7 @@ public class KeystoreTestUtils
private static final Provider PROVIDER = new BouncyCastleProvider(); private static final Provider PROVIDER = new BouncyCastleProvider();
private static final Object BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; private static final Object BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
private static final Object END_CERT = "-----END CERTIFICATE-----"; private static final Object END_CERT = "-----END CERTIFICATE-----";
static static
{ {
// Add the BC provider to the list of security providers // Add the BC provider to the list of security providers
...@@ -164,9 +164,9 @@ public class KeystoreTestUtils ...@@ -164,9 +164,9 @@ public class KeystoreTestUtils
private static X509Certificate generateTestCertificate( final boolean isValid, final KeyPair issuerKeyPair, final KeyPair subjectKeyPair, int indexAwayFromEndEntity) throws Exception private static X509Certificate generateTestCertificate( final boolean isValid, final KeyPair issuerKeyPair, final KeyPair subjectKeyPair, int indexAwayFromEndEntity) throws Exception
{ {
// Issuer and Subject // Issuer and Subject.
final X500Name subject = new X500Name( "CN=MyName" + subjectKeyPair.getPublic().hashCode() ); final X500Name subject = new X500Name( "CN=" + Base64.encodeBytes( subjectKeyPair.getPublic().getEncoded(), Base64.URL_SAFE ) );
final X500Name issuer = new X500Name( "CN=MyName" + issuerKeyPair.getPublic().hashCode() ); final X500Name issuer = new X500Name( "CN=" + Base64.encodeBytes( issuerKeyPair.getPublic().getEncoded(), Base64.URL_SAFE ) );
// Validity // Validity
final Date notBefore; final Date notBefore;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment