mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opends/src/ads/org/opends/admin/ads/util/ApplicationKeyManager.java
@@ -31,7 +31,6 @@ import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Principal; import java.security.PrivateKey; import java.security.UnrecoverableKeyException; @@ -64,7 +63,7 @@ /** * The default keyManager. */ private X509KeyManager sunJSSEX509KeyManager = null ; private X509KeyManager keyManager = null ; /** * The default constructor. @@ -74,11 +73,10 @@ public ApplicationKeyManager(KeyStore keystore, char[] password) { KeyManagerFactory kmf = null; String algo = "SunX509"; String provider = "SunJSSE"; try { kmf = KeyManagerFactory.getInstance(algo, provider); String algo = KeyManagerFactory.getDefaultAlgorithm(); kmf = KeyManagerFactory.getInstance(algo); kmf.init(keystore, password); KeyManager kms[] = kmf.getKeyManagers(); @@ -91,11 +89,10 @@ { if (kms[i] instanceof X509KeyManager) { sunJSSEX509KeyManager = (X509KeyManager) kms[i]; keyManager = (X509KeyManager) kms[i]; break; } } } catch (NoSuchAlgorithmException e) { @@ -103,12 +100,6 @@ // in a best effor mode. LOG.log(Level.WARNING, "Error with the algorithm", e); } catch (NoSuchProviderException e) { // Nothing to do. Maybe we should avoid this and be strict, but we are // in a best effor mode. LOG.log(Level.WARNING, "Error with the provider", e); } catch (KeyStoreException e) { // Nothing to do. Maybe we should avoid this and be strict, but we are @@ -145,9 +136,9 @@ public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) { if (sunJSSEX509KeyManager != null) if (keyManager != null) { return sunJSSEX509KeyManager.chooseClientAlias(keyType, issuers, socket); return keyManager.chooseClientAlias(keyType, issuers, socket); } else { @@ -176,9 +167,9 @@ public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { if (sunJSSEX509KeyManager != null) if (keyManager != null) { return sunJSSEX509KeyManager.chooseServerAlias(keyType, issuers, socket); return keyManager.chooseServerAlias(keyType, issuers, socket); } else { @@ -197,9 +188,9 @@ */ public X509Certificate[] getCertificateChain(String alias) { if (sunJSSEX509KeyManager != null) if (keyManager != null) { return sunJSSEX509KeyManager.getCertificateChain(alias); return keyManager.getCertificateChain(alias); } else { @@ -222,9 +213,9 @@ */ public String[] getClientAliases(String keyType, Principal[] issuers) { if (sunJSSEX509KeyManager != null) if (keyManager != null) { return sunJSSEX509KeyManager.getClientAliases(keyType, issuers); return keyManager.getClientAliases(keyType, issuers); } else { @@ -241,9 +232,9 @@ */ public PrivateKey getPrivateKey(String alias) { if (sunJSSEX509KeyManager != null) if (keyManager != null) { return sunJSSEX509KeyManager.getPrivateKey(alias); return keyManager.getPrivateKey(alias); } else { @@ -266,9 +257,9 @@ */ public String[] getServerAliases(String keyType, Principal[] issuers) { if (sunJSSEX509KeyManager != null) if (keyManager != null) { return sunJSSEX509KeyManager.getServerAliases(keyType, issuers); return keyManager.getServerAliases(keyType, issuers); } else { opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java
@@ -30,7 +30,6 @@ import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.ArrayList; @@ -39,6 +38,7 @@ import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; @@ -75,7 +75,7 @@ static private final Logger LOG = Logger.getLogger(ApplicationTrustManager.class.getName()); private X509TrustManager sunJSSEX509TrustManager; private X509TrustManager trustManager; private String lastRefusedAuthType; private X509Certificate[] lastRefusedChain; private Cause lastRefusedCause = null; @@ -100,15 +100,21 @@ public ApplicationTrustManager(KeyStore keystore) { TrustManagerFactory tmf = null; String algo = "SunX509"; String provider = "SunJSSE"; this.keystore = keystore; try { tmf = TrustManagerFactory.getInstance(algo, provider); String algo = TrustManagerFactory.getDefaultAlgorithm(); tmf = TrustManagerFactory.getInstance(algo); tmf.init(keystore); sunJSSEX509TrustManager = (X509TrustManager)(tmf.getTrustManagers())[0]; TrustManager[] trustManagers = tmf.getTrustManagers(); for (int i=0; i < trustManagers.length; i++) { if (trustManagers[i] instanceof X509TrustManager) { trustManager = (X509TrustManager)trustManagers[i]; break; } } } catch (NoSuchAlgorithmException e) { @@ -117,13 +123,6 @@ // in a best effor mode. LOG.log(Level.WARNING, "Error with the algorithm", e); } catch (NoSuchProviderException e) { // Nothing to do: if this occurs we will systematically refuse the // certificates. Maybe we should avoid this and be strict, but we are // in a best effor mode. LOG.log(Level.WARNING, "Error with the provider", e); } catch (KeyStoreException e) { // Nothing to do: if this occurs we will systematically refuse the @@ -142,11 +141,11 @@ boolean explicitlyAccepted = false; try { if (sunJSSEX509TrustManager != null) if (trustManager != null) { try { sunJSSEX509TrustManager.checkClientTrusted(chain, authType); trustManager.checkClientTrusted(chain, authType); } catch (CertificateException ce) { @@ -199,11 +198,11 @@ boolean explicitlyAccepted = false; try { if (sunJSSEX509TrustManager != null) if (trustManager != null) { try { sunJSSEX509TrustManager.checkServerTrusted(chain, authType); trustManager.checkServerTrusted(chain, authType); } catch (CertificateException ce) { @@ -251,9 +250,9 @@ */ public X509Certificate[] getAcceptedIssuers() { if (sunJSSEX509TrustManager != null) if (trustManager != null) { return sunJSSEX509TrustManager.getAcceptedIssuers(); return trustManager.getAcceptedIssuers(); } else {
