File x509certificate.patch of Package netty3.23694
diff -urEbwB netty-netty-3.10.6.Final.orig/src/main/java/org/jboss/netty/handler/ssl/util/OpenJdkSelfSignedCertGenerator.java netty-netty-3.10.6.Final/src/main/java/org/jboss/netty/handler/ssl/util/OpenJdkSelfSignedCertGenerator.java
--- netty-netty-3.10.6.Final.orig/src/main/java/org/jboss/netty/handler/ssl/util/OpenJdkSelfSignedCertGenerator.java 2022-03-23 08:54:18.118666914 +0100
+++ netty-netty-3.10.6.Final/src/main/java/org/jboss/netty/handler/ssl/util/OpenJdkSelfSignedCertGenerator.java 2022-03-23 09:40:43.063658922 +0100
@@ -16,24 +16,22 @@
package org.jboss.netty.handler.ssl.util;
-import sun.security.x509.AlgorithmId;
-import sun.security.x509.CertificateAlgorithmId;
-import sun.security.x509.CertificateIssuerName;
-import sun.security.x509.CertificateSerialNumber;
-import sun.security.x509.CertificateSubjectName;
-import sun.security.x509.CertificateValidity;
-import sun.security.x509.CertificateVersion;
-import sun.security.x509.CertificateX509Key;
-import sun.security.x509.X500Name;
-import sun.security.x509.X509CertImpl;
-import sun.security.x509.X509CertInfo;
-
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchProviderException;
+import java.security.SignatureException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import javax.security.auth.x500.X500Principal;
+import org.bouncycastle.x509.X509V1CertificateGenerator;
+
import static org.jboss.netty.handler.ssl.util.SelfSignedCertificate.*;
/**
@@ -42,39 +40,24 @@
final class OpenJdkSelfSignedCertGenerator {
static String[] generate(String fqdn, KeyPair keypair, SecureRandom random) throws Exception {
- PrivateKey key = keypair.getPrivate();
// Prepare the information required for generating an X.509 certificate.
- X509CertInfo info = new X509CertInfo();
- X500Name owner = new X500Name("CN=" + fqdn);
- info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
- info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
- try {
- info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
- } catch (CertificateException ignore) {
- info.set(X509CertInfo.SUBJECT, owner);
- }
- try {
- info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
- } catch (CertificateException ignore) {
- info.set(X509CertInfo.ISSUER, owner);
- }
- info.set(X509CertInfo.VALIDITY, new CertificateValidity(NOT_BEFORE, NOT_AFTER));
- info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
- info.set(X509CertInfo.ALGORITHM_ID,
- new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
-
- // Sign the cert to identify the algorithm that's used.
- X509CertImpl cert = new X509CertImpl(info);
- cert.sign(key, "SHA1withRSA");
-
- // Update the algorithm and sign again.
- info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
- cert = new X509CertImpl(info);
- cert.sign(key, "SHA1withRSA");
+ X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
+ X500Principal dnName = new X500Principal("CN=" + fqdn);
+
+ certGen.setSerialNumber(new BigInteger(64, random));
+ certGen.setIssuerDN(dnName);
+ certGen.setNotBefore(NOT_BEFORE);
+ certGen.setNotAfter(NOT_AFTER);
+ certGen.setSubjectDN(dnName);
+ certGen.setPublicKey(keypair.getPublic());
+ certGen.setSignatureAlgorithm("SHA1withRSA");
+
+ X509Certificate cert = certGen.generate(keypair.getPrivate());
+
cert.verify(keypair.getPublic());
- return newSelfSignedCertificate(fqdn, key, cert);
+ return newSelfSignedCertificate(fqdn, keypair.getPrivate(), cert);
}
private OpenJdkSelfSignedCertGenerator() { }
