From f185d956682e96272b5a74db6b2b208f467bcdb6 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 23 Nov 2012 18:18:02 -0500
Subject: [PATCH] Eliminate internal Sun api for CRLs and include X509 tests in suite

---
 src/com/gitblit/utils/X509Utils.java |   17 +++++++++++++----
 1 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/com/gitblit/utils/X509Utils.java b/src/com/gitblit/utils/X509Utils.java
index e27d7bc..3caff35 100644
--- a/src/com/gitblit/utils/X509Utils.java
+++ b/src/com/gitblit/utils/X509Utils.java
@@ -21,6 +21,7 @@
 import java.io.FileOutputStream;
 import java.io.FileWriter;
 import java.io.IOException;
+import java.io.InputStream;
 import java.lang.reflect.Field;
 import java.math.BigInteger;
 import java.security.InvalidKeyException;
@@ -36,6 +37,7 @@
 import java.security.cert.CertPathBuilderException;
 import java.security.cert.CertStore;
 import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
 import java.security.cert.CollectionCertStoreParameters;
 import java.security.cert.PKIXBuilderParameters;
 import java.security.cert.PKIXCertPathBuilderResult;
@@ -81,8 +83,6 @@
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-
-import sun.security.x509.X509CRLImpl;
 
 import com.gitblit.Constants;
 
@@ -1034,13 +1034,22 @@
 		if (!caRevocationList.exists()) {
 			return false;
 		}
+		InputStream inStream = null;
 		try {
-			byte [] data = FileUtils.readContent(caRevocationList);
-			X509CRL crl = new X509CRLImpl(data);
+			inStream = new FileInputStream(caRevocationList);
+			CertificateFactory cf = CertificateFactory.getInstance("X.509");
+			X509CRL crl = (X509CRL)cf.generateCRL(inStream);
 			return crl.isRevoked(cert);
 		} catch (Exception e) {
 			logger.error(MessageFormat.format("Failed to check revocation status for certificate {0,number,0} [{1}] in {2}",
 					cert.getSerialNumber(), cert.getSubjectDN().getName(), caRevocationList));
+		} finally {
+			if (inStream != null) {
+				try {
+					inStream.close();
+				} catch (Exception e) {
+				}
+			}
 		}
 		return false;
 	}

--
Gitblit v1.9.1