Add thumbprint for keyvault jca when load cert from local path (Azure#23212)

gavinfish · rujche · web-flow · commit 1ef5de67db50 · 2021-07-29T16:48:41.000+08:00
* Add thumbprint for keyvault jca when load cert from local path

* Simplify code of getThumbprint().

Co-authored-by: Rujun Chen &lt;rujche@microsoft.com&gt;
diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/certificates/SpecificPathCertificates.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/certificates/SpecificPathCertificates.java
@@ -3,28 +3,30 @@
 
 package com.azure.security.keyvault.jca.implementation.certificates;
 
-import java.io.InputStream;
+import static java.util.logging.Level.INFO;
+import static java.util.logging.Level.WARNING;
+
 import java.io.BufferedInputStream;
-import java.io.IOException;
-import java.io.FileInputStream;
 import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
 import java.security.Key;
 import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
-import java.util.List;
-import java.util.Objects;
+import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
-import java.util.ArrayList;
+import java.util.Objects;
 import java.util.Optional;
-import java.util.Arrays;
 import java.util.logging.Logger;
 import java.util.stream.Stream;
-
-import static java.util.logging.Level.INFO;
-import static java.util.logging.Level.WARNING;
+import org.apache.commons.codec.digest.DigestUtils;
 
 /**
  * Store certificates loaded from file system.
@@ -90,7 +92,7 @@ private SpecificPathCertificates(String certificatePath) {
     /**
      * Add alias and certificate
      *
-     * @param alias certificate alias
+     * @param alias       certificate alias
      * @param certificate certificate value
      */
     public void setCertificateEntry(String alias, Certificate certificate) {
@@ -112,17 +114,17 @@ public void setCertificateEntry(String alias, Certificate certificate) {
     private void setCertificateByFile(File file) throws IOException {
         X509Certificate certificate;
         try (InputStream inputStream = new FileInputStream(file);
-             BufferedInputStream bytes = new BufferedInputStream(inputStream)) {
+            BufferedInputStream bytes = new BufferedInputStream(inputStream)) {
             String alias = toCertificateAlias(file);
             CertificateFactory cf = CertificateFactory.getInstance("X.509");
             certificate = (X509Certificate) cf.generateCertificate(bytes);
             if (certificate != null) {
                 setCertificateEntry(alias, certificate);
-                LOGGER.log(INFO, "Load file system certificate: {0} from: {1}",
-                    new Object[]{alias, file.getName()});
+                LOGGER.log(INFO, "Load certificate from specific path. alias = {0}, thumbprint = {1}, file = {2}",
+                    new Object[]{alias, getThumbprint(certificate), file.getName()});
             }
         } catch (CertificateException e) {
-            LOGGER.log(WARNING, "Unable to load specific path certificate from: " + file.getName(), e);
+            LOGGER.log(WARNING, "Unable to load certificate from: " + file.getName(), e);
         }
     }
 
@@ -140,6 +142,21 @@ private void loadCertificatesFromSpecificPath() {
         }
     }
 
+    /**
+     * Get thumbprint for a certificate
+     *
+     * @param certificate certificate value
+     * @return certificate thumbprint
+     */
+    String getThumbprint(Certificate certificate) {
+        try {
+            return DigestUtils.sha1Hex(certificate.getEncoded());
+        } catch (CertificateEncodingException e) {
+            LOGGER.log(WARNING, "Unable to get thumbprint for certificate", e);
+        }
+        return "";
+    }
+
     /**
      * Get alias from file
      *
diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/implementation/certificates/SpecificPathCertificatesTest.java b/sdk/keyvault/azure-security-keyvault-jca/src/test/java/com/azure/security/keyvault/jca/implementation/certificates/SpecificPathCertificatesTest.java
@@ -17,7 +17,9 @@ public static String getFilePath(String packageName) {
 
     @Test
     public void testSetCertificateEntry() {
+        String alias = "sideload";
         specificPathCertificates = SpecificPathCertificates.getSpecificPathCertificates(getFilePath("custom\\"));
-        Assertions.assertTrue(specificPathCertificates.getAliases().contains("sideload"));
+        Assertions.assertTrue(specificPathCertificates.getAliases().contains(alias));
+        Assertions.assertEquals("b7f261c05a972088bc40e458ad92227edf6b03b7", specificPathCertificates.getThumbprint(specificPathCertificates.getCertificates().get(alias)));
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,9 @@ public static String getFilePath(String packageName) {`
`17`	`17`
`18`	`18`	`@Test`
`19`	`19`	`public void testSetCertificateEntry() {`
	`20`	`+ String alias = "sideload";`
`20`	`21`	`specificPathCertificates = SpecificPathCertificates.getSpecificPathCertificates(getFilePath("custom\\"));`
`21`		`- Assertions.assertTrue(specificPathCertificates.getAliases().contains("sideload"));`
	`22`	`+ Assertions.assertTrue(specificPathCertificates.getAliases().contains(alias));`
	`23`	`+ Assertions.assertEquals("b7f261c05a972088bc40e458ad92227edf6b03b7", specificPathCertificates.getThumbprint(specificPathCertificates.getCertificates().get(alias)));`
`22`	`24`	`}`
`23`	`25`	`}`