Merge pull request #198 from d-velopds/allow-multiple-certs-with-same-subject

headius · web-flow · commit 4d9fd5e48dc0 · 2020-05-15T18:24:32.000-05:00
Allow multiple Certificates with the same SubjectDN in the store
diff --git a/src/main/java/org/jruby/ext/openssl/x509store/Certificate.java b/src/main/java/org/jruby/ext/openssl/x509store/Certificate.java
@@ -54,7 +54,9 @@ public boolean isName(final Name name) {
     public boolean matches(final X509Object other) {
         if (other instanceof Certificate) {
             final Certificate that = (Certificate) other;
-            return X509AuxCertificate.equalSubjects(this.x509, that.x509);
+            if (X509AuxCertificate.equalSubjects(this.x509, that.x509)) {
+                return this.x509.hashCode() == that.x509.hashCode();
+            };
         }
         return false;
     }
diff --git a/src/main/java/org/jruby/ext/openssl/x509store/Store.java b/src/main/java/org/jruby/ext/openssl/x509store/Store.java
@@ -39,6 +39,7 @@
 import java.util.List;
 
 import javax.net.ssl.X509TrustManager;
+import javax.security.auth.x500.X500Principal;
 
 import org.jruby.Ruby;
 import org.jruby.ext.openssl.OpenSSL;
@@ -329,8 +330,25 @@ private synchronized int addObject(final X509Object xObject, final int prevLengt
                 return 0;
             }
         }
-        X509Object[] newObjects = Arrays.copyOf(objects, length + 1);
-        newObjects[ length ] = xObject;
+        X509Object[] newObjects = new X509Object[length + 1];
+
+        int idx = length;
+        if (xObject instanceof Certificate) {
+            final X500Principal p1 = ((Certificate) xObject).x509.getIssuerX500Principal();
+            final Name n1 = new Name(p1);
+
+            for (idx = 0; idx < objects.length; idx++) {
+                X509Object xMember  = objects[idx];
+                if (xMember instanceof Certificate) {
+                    X500Principal p2 = ((Certificate) xMember).x509.getIssuerX500Principal();
+                    if(n1.equalTo(p2)) break;
+                }
+            }
+        }
+
+        System.arraycopy(objects, 0, newObjects, 0, idx);
+        System.arraycopy(objects, idx, newObjects, idx + 1, length-idx);
+        newObjects[idx] = xObject;
         objects = newObjects;
         return 1;
     }

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,9 @@ public boolean isName(final Name name) {`
`54`	`54`	`public boolean matches(final X509Object other) {`
`55`	`55`	`if (other instanceof Certificate) {`
`56`	`56`	`final Certificate that = (Certificate) other;`
`57`		`- return X509AuxCertificate.equalSubjects(this.x509, that.x509);`
	`57`	`+ if (X509AuxCertificate.equalSubjects(this.x509, that.x509)) {`
	`58`	`+ return this.x509.hashCode() == that.x509.hashCode();`
	`59`	`+ };`
`58`	`60`	`}`
`59`	`61`	`return false;`
`60`	`62`	`}`