QPID-8213: [Broker-J] Do not open redundant InputStream in SSLUtil#readCertificates
diff --git a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
index 520268c..edb753f 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtil.java
@@ -446,7 +446,7 @@
{
try (InputStream is = certFile.openStream())
{
- return readCertificates(certFile.openStream());
+ return readCertificates(is);
}
}
diff --git a/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java b/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
index 1da62ee..85833c0 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/transport/network/security/ssl/SSLUtilTest.java
@@ -21,14 +21,23 @@
package org.apache.qpid.server.transport.network.security.ssl;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.net.URL;
import java.nio.ByteBuffer;
import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
+import java.util.Enumeration;
import java.util.List;
import javax.net.ssl.KeyManagerFactory;
@@ -41,6 +50,8 @@
import org.junit.Test;
import org.apache.qpid.server.transport.TransportException;
+import org.apache.qpid.server.util.DataUrlUtils;
+import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
import org.apache.qpid.test.utils.UnitTestBase;
public class SSLUtilTest extends UnitTestBase
@@ -213,6 +224,40 @@
Arrays.asList("example.org", "a.mqp.example.org", "org"));
}
+ @Test
+ public void testReadCertificates() throws Exception
+ {
+ Certificate certificate = getTestCertificate();
+
+ assertNotNull("Certificate is not found", certificate);
+
+ URL certificateURL = new URL(null, DataUrlUtils.getDataUrlForBytes(certificate.getEncoded()), new Handler());
+ X509Certificate[] certificates = SSLUtil.readCertificates(certificateURL);
+
+ assertEquals("Unexpected number of certificates", 1, certificates.length);
+ assertEquals("Unexpected certificate", certificate, certificates[0]);
+ }
+
+ private Certificate getTestCertificate()
+ throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException
+ {
+ KeyStore trustStore = KeyStore.getInstance("JKS");
+ trustStore.load(new ByteArrayInputStream(TRUSTSTORE), "password".toCharArray());
+
+ Enumeration<String> aliases = trustStore.aliases();
+ Certificate certificate = null;
+ while (aliases.hasMoreElements())
+ {
+ String alias = aliases.nextElement();
+ if (trustStore.isCertificateEntry(alias))
+ {
+ certificate = trustStore.getCertificate(alias);
+ break;
+ }
+ }
+ return certificate;
+ }
+
private void doNameMatchingTest(byte[] keystoreBytes, List<String> validAddresses, List<String> invalidAddresses) throws Exception
{
KeyStore keyStore = KeyStore.getInstance("JKS");