netty3/x509certificate.patch

diff -urEbwB netty-netty-3.10.6.Final.orig/src/main/java/org/jboss/netty/handler/ssl/util/OpenJdkSelfSignedCertGenerator.java netty-netty-3.10.6.Final/src/main/java/org/jboss/netty/handler/ssl/util/OpenJdkSelfSignedCertGenerator.java
--- netty-netty-3.10.6.Final.orig/src/main/java/org/jboss/netty/handler/ssl/util/OpenJdkSelfSignedCertGenerator.java	2022-03-23 08:54:18.118666914 +0100
+++ netty-netty-3.10.6.Final/src/main/java/org/jboss/netty/handler/ssl/util/OpenJdkSelfSignedCertGenerator.java	2022-03-23 09:40:43.063658922 +0100
@@ -16,24 +16,22 @@
 
 package org.jboss.netty.handler.ssl.util;
 
-import sun.security.x509.AlgorithmId;
-import sun.security.x509.CertificateAlgorithmId;
-import sun.security.x509.CertificateIssuerName;
-import sun.security.x509.CertificateSerialNumber;
-import sun.security.x509.CertificateSubjectName;
-import sun.security.x509.CertificateValidity;
-import sun.security.x509.CertificateVersion;
-import sun.security.x509.CertificateX509Key;
-import sun.security.x509.X500Name;
-import sun.security.x509.X509CertImpl;
-import sun.security.x509.X509CertInfo;
-
 import java.math.BigInteger;
 import java.security.KeyPair;
 import java.security.PrivateKey;
 import java.security.SecureRandom;
 import java.security.cert.CertificateException;
 
+import java.security.InvalidKeyException;
+import java.security.NoSuchProviderException;
+import java.security.SignatureException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import javax.security.auth.x500.X500Principal;
+import org.bouncycastle.x509.X509V1CertificateGenerator;
+
 import static org.jboss.netty.handler.ssl.util.SelfSignedCertificate.*;
 
 /**
@@ -42,39 +40,24 @@
 final class OpenJdkSelfSignedCertGenerator {
 
     static String[] generate(String fqdn, KeyPair keypair, SecureRandom random) throws Exception {
-        PrivateKey key = keypair.getPrivate();
 
         // Prepare the information required for generating an X.509 certificate.
-        X509CertInfo info = new X509CertInfo();
-        X500Name owner = new X500Name("CN=" + fqdn);
-        info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
-        info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));
-        try {
-            info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
-        } catch (CertificateException ignore) {
-            info.set(X509CertInfo.SUBJECT, owner);
-        }
-        try {
-            info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
-        } catch (CertificateException ignore) {
-            info.set(X509CertInfo.ISSUER, owner);
-        }
-        info.set(X509CertInfo.VALIDITY, new CertificateValidity(NOT_BEFORE, NOT_AFTER));
-        info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));
-        info.set(X509CertInfo.ALGORITHM_ID,
-                new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
-
-        // Sign the cert to identify the algorithm that's used.
-        X509CertImpl cert = new X509CertImpl(info);
-        cert.sign(key, "SHA1withRSA");
-
-        // Update the algorithm and sign again.
-        info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));
-        cert = new X509CertImpl(info);
-        cert.sign(key, "SHA1withRSA");
+        X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
+        X500Principal dnName = new X500Principal("CN=" + fqdn);
+        
+        certGen.setSerialNumber(new BigInteger(64, random));
+        certGen.setIssuerDN(dnName);
+        certGen.setNotBefore(NOT_BEFORE);
+        certGen.setNotAfter(NOT_AFTER);
+        certGen.setSubjectDN(dnName);
+        certGen.setPublicKey(keypair.getPublic());
+        certGen.setSignatureAlgorithm("SHA1withRSA");
+
+        X509Certificate cert = certGen.generate(keypair.getPrivate());
+
         cert.verify(keypair.getPublic());
 
-        return newSelfSignedCertificate(fqdn, key, cert);
+        return newSelfSignedCertificate(fqdn, keypair.getPrivate(), cert);
     }
 
     private OpenJdkSelfSignedCertGenerator() { }
OBS-URL: https://build.opensuse.org/package/show/Java:packages/netty3?expand=0&rev=18 2022-03-23 08:51:16 +00:00			`diff -urEbwB netty-netty-3.10.6.Final.orig/src/main/java/org/jboss/netty/handler/ssl/util/OpenJdkSelfSignedCertGenerator.java netty-netty-3.10.6.Final/src/main/java/org/jboss/netty/handler/ssl/util/OpenJdkSelfSignedCertGenerator.java`
			`--- netty-netty-3.10.6.Final.orig/src/main/java/org/jboss/netty/handler/ssl/util/OpenJdkSelfSignedCertGenerator.java 2022-03-23 08:54:18.118666914 +0100`
			`+++ netty-netty-3.10.6.Final/src/main/java/org/jboss/netty/handler/ssl/util/OpenJdkSelfSignedCertGenerator.java 2022-03-23 09:40:43.063658922 +0100`
			`@@ -16,24 +16,22 @@`

			`package org.jboss.netty.handler.ssl.util;`

			`-import sun.security.x509.AlgorithmId;`
			`-import sun.security.x509.CertificateAlgorithmId;`
			`-import sun.security.x509.CertificateIssuerName;`
			`-import sun.security.x509.CertificateSerialNumber;`
			`-import sun.security.x509.CertificateSubjectName;`
			`-import sun.security.x509.CertificateValidity;`
			`-import sun.security.x509.CertificateVersion;`
			`-import sun.security.x509.CertificateX509Key;`
			`-import sun.security.x509.X500Name;`
			`-import sun.security.x509.X509CertImpl;`
			`-import sun.security.x509.X509CertInfo;`
			`-`
			`import java.math.BigInteger;`
			`import java.security.KeyPair;`
			`import java.security.PrivateKey;`
			`import java.security.SecureRandom;`
			`import java.security.cert.CertificateException;`

			`+import java.security.InvalidKeyException;`
			`+import java.security.NoSuchProviderException;`
			`+import java.security.SignatureException;`
			`+import java.security.cert.CertificateEncodingException;`
			`+import java.security.cert.CertificateException;`
			`+import java.security.cert.CertificateFactory;`
			`+import java.security.cert.X509Certificate;`
			`+import javax.security.auth.x500.X500Principal;`
			`+import org.bouncycastle.x509.X509V1CertificateGenerator;`
			`+`
			`import static org.jboss.netty.handler.ssl.util.SelfSignedCertificate.*;`

			`/**`
			`@@ -42,39 +40,24 @@`
			`final class OpenJdkSelfSignedCertGenerator {`

			`static String[] generate(String fqdn, KeyPair keypair, SecureRandom random) throws Exception {`
			`- PrivateKey key = keypair.getPrivate();`

			`// Prepare the information required for generating an X.509 certificate.`
			`- X509CertInfo info = new X509CertInfo();`
			`- X500Name owner = new X500Name("CN=" + fqdn);`
			`- info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));`
			`- info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(64, random)));`
			`- try {`
			`- info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));`
			`- } catch (CertificateException ignore) {`
			`- info.set(X509CertInfo.SUBJECT, owner);`
			`- }`
			`- try {`
			`- info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));`
			`- } catch (CertificateException ignore) {`
			`- info.set(X509CertInfo.ISSUER, owner);`
			`- }`
			`- info.set(X509CertInfo.VALIDITY, new CertificateValidity(NOT_BEFORE, NOT_AFTER));`
			`- info.set(X509CertInfo.KEY, new CertificateX509Key(keypair.getPublic()));`
			`- info.set(X509CertInfo.ALGORITHM_ID,`
			`- new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));`
			`-`
			`- // Sign the cert to identify the algorithm that's used.`
			`- X509CertImpl cert = new X509CertImpl(info);`
			`- cert.sign(key, "SHA1withRSA");`
			`-`
			`- // Update the algorithm and sign again.`
			`- info.set(CertificateAlgorithmId.NAME + '.' + CertificateAlgorithmId.ALGORITHM, cert.get(X509CertImpl.SIG_ALG));`
			`- cert = new X509CertImpl(info);`
			`- cert.sign(key, "SHA1withRSA");`
			`+ X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();`
			`+ X500Principal dnName = new X500Principal("CN=" + fqdn);`
			`+`
			`+ certGen.setSerialNumber(new BigInteger(64, random));`
			`+ certGen.setIssuerDN(dnName);`
			`+ certGen.setNotBefore(NOT_BEFORE);`
			`+ certGen.setNotAfter(NOT_AFTER);`
			`+ certGen.setSubjectDN(dnName);`
			`+ certGen.setPublicKey(keypair.getPublic());`
			`+ certGen.setSignatureAlgorithm("SHA1withRSA");`
			`+`
			`+ X509Certificate cert = certGen.generate(keypair.getPrivate());`
			`+`
			`cert.verify(keypair.getPublic());`

			`- return newSelfSignedCertificate(fqdn, key, cert);`
			`+ return newSelfSignedCertificate(fqdn, keypair.getPrivate(), cert);`
			`}`

			`private OpenJdkSelfSignedCertGenerator() { }`