mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opendj3-server-dev/src/ads/org/opends/admin/ads/util/ApplicationKeyManager.java
@@ -59,7 +59,7 @@ * it cannot be retrieved this class will only accept the certificates * explicitly accepted by the user (and specified by calling acceptCertificate). * * NOTE: this class is not aimed to be used when we have connections in paralel. * NOTE: this class is not aimed to be used when we have connections in parallel. */ public class ApplicationKeyManager implements X509KeyManager { @@ -86,28 +86,24 @@ //Handle IBM specific cases if the user did not specify a algorithm and/or //provider. if(userSpecifiedAlgo == null && Platform.isVendor("IBM")) { userSpecifiedAlgo = "IbmX509"; } if(userSpecifiedProvider == null && Platform.isVendor("IBM")) { userSpecifiedProvider = "IBMJSSE2"; } // Have some fallbacks to choose the provider and algorith of the key // manager. First see if the user wanted to use something specific, // then try with the SunJSSE provider and SunX509 algorithm. Finally, // fallback to the default algorithm of the JVM. String[] preferredProvider = { userSpecifiedProvider, "SunJSSE", null, null }; { userSpecifiedProvider, "SunJSSE", null, null }; String[] preferredAlgo = { userSpecifiedAlgo, "SunX509", "SunX509", TrustManagerFactory.getDefaultAlgorithm() }; { userSpecifiedAlgo, "SunX509", "SunX509", TrustManagerFactory.getDefaultAlgorithm() }; for (int i=0; i<preferredProvider.length && keyManager == null; i++) { String provider = preferredProvider[i]; @@ -145,25 +141,25 @@ catch (NoSuchAlgorithmException e) { // Nothing to do. Maybe we should avoid this and be strict, but we are // in a best effor mode. // in a best effort mode. logger.warn(LocalizableMessage.raw("Error with the algorithm", e)); } catch (KeyStoreException e) { // Nothing to do. Maybe we should avoid this and be strict, but we are // in a best effor mode.. // in a best effort mode. logger.warn(LocalizableMessage.raw("Error with the keystore", e)); } catch (UnrecoverableKeyException e) { // Nothing to do. Maybe we should avoid this and be strict, but we are // in a best effor mode. // in a best effort mode. logger.warn(LocalizableMessage.raw("Error with the key", e)); } catch (NoSuchProviderException e) { // Nothing to do. Maybe we should avoid this and be strict, but we are // in a best effor mode. // in a best effort mode. logger.warn(LocalizableMessage.raw("Error with the provider", e)); } } @@ -195,11 +191,8 @@ { return keyManager.chooseClientAlias(keyType, issuers, socket); } else { return null ; } } /** * Choose an alias to authenticate the client side of a secure @@ -226,11 +219,8 @@ { return keyManager.chooseServerAlias(keyType, issuers, socket); } else { return null; } } /** * Returns the certificate chain associated with the given alias. @@ -247,11 +237,8 @@ { return keyManager.getCertificateChain(alias); } else { return null; } } /** * Get the matching aliases for authenticating the server side of a @@ -272,11 +259,8 @@ { return keyManager.getClientAliases(keyType, issuers); } else { return null; } } /** * Returns the key associated with the given alias. @@ -291,11 +275,8 @@ { return keyManager.getPrivateKey(alias); } else { return null; } } /** * Get the matching aliases for authenticating the server side of a @@ -316,9 +297,6 @@ { return keyManager.getServerAliases(keyType, issuers); } else { return null; } } } opendj3-server-dev/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java
@@ -86,7 +86,7 @@ private Cause lastRefusedCause = null; private KeyStore keystore = null; /* /** * The following ArrayList contain information about the certificates * explicitly accepted by the user. */ @@ -115,28 +115,24 @@ //Handle IBM specific cases if the user did not specify a algorithm and/or //provider. if(userSpecifiedAlgo == null && Platform.isVendor("IBM")) { userSpecifiedAlgo = "IbmX509"; } if(userSpecifiedProvider == null && Platform.isVendor("IBM")) { userSpecifiedProvider = "IBMJSSE2"; } // Have some fallbacks to choose the provider and algorith of the key // manager. First see if the user wanted to use something specific, // then try with the SunJSSE provider and SunX509 algorithm. Finally, // fallback to the default algorithm of the JVM. String[] preferredProvider = { userSpecifiedProvider, "SunJSSE", null, null }; { userSpecifiedProvider, "SunJSSE", null, null }; String[] preferredAlgo = { userSpecifiedAlgo, "SunX509", "SunX509", TrustManagerFactory.getDefaultAlgorithm() }; { userSpecifiedAlgo, "SunX509", "SunX509", TrustManagerFactory.getDefaultAlgorithm() }; for (int i=0; i<preferredProvider.length && trustManager == null; i++) { String provider = preferredProvider[i]; @@ -181,9 +177,7 @@ } } /** * {@inheritDoc} */ /** {@inheritDoc} */ public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { @@ -210,13 +204,7 @@ } catch (CertificateException ce) { lastRefusedChain = chain; lastRefusedAuthType = authType; lastRefusedCause = Cause.NOT_TRUSTED; OpendsCertificateException e = new OpendsCertificateException( chain); e.initCause(ce); throw e; manageException(chain, authType, ce, Cause.NOT_TRUSTED); } if (!explicitlyAccepted) @@ -227,20 +215,12 @@ } catch (CertificateException ce) { lastRefusedChain = chain; lastRefusedAuthType = authType; lastRefusedCause = Cause.HOST_NAME_MISMATCH; OpendsCertificateException e = new OpendsCertificateException( chain); e.initCause(ce); throw e; manageException(chain, authType, ce, Cause.HOST_NAME_MISMATCH); } } } /** * {@inheritDoc} */ /** {@inheritDoc} */ public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { @@ -267,12 +247,7 @@ } catch (CertificateException ce) { lastRefusedChain = chain; lastRefusedAuthType = authType; lastRefusedCause = Cause.NOT_TRUSTED; OpendsCertificateException e = new OpendsCertificateException(chain); e.initCause(ce); throw e; manageException(chain, authType, ce, Cause.NOT_TRUSTED); } if (!explicitlyAccepted) @@ -283,31 +258,32 @@ } catch (CertificateException ce) { lastRefusedChain = chain; lastRefusedAuthType = authType; lastRefusedCause = Cause.HOST_NAME_MISMATCH; OpendsCertificateException e = new OpendsCertificateException( chain); e.initCause(ce); throw e; manageException(chain, authType, ce, Cause.HOST_NAME_MISMATCH); } } } /** * {@inheritDoc} */ private void manageException(final X509Certificate[] chain, final String authType, final CertificateException ce, final Cause cause) throws OpendsCertificateException { lastRefusedChain = chain; lastRefusedAuthType = authType; lastRefusedCause = cause; final OpendsCertificateException e = new OpendsCertificateException(chain); e.initCause(ce); throw e; } /** {@inheritDoc} */ public X509Certificate[] getAcceptedIssuers() { if (trustManager != null) { return trustManager.getAcceptedIssuers(); } else { return new X509Certificate[0]; } } /** * This method is called when the user accepted a certificate. @@ -506,7 +482,7 @@ boolean hostMatch = h1.length == h2.length; for (int i=0; i<h1.length && hostMatch; i++) { if (!h1[i].equals("*") && !h2[i].equals("*")) if (!"*".equals(h1[i]) && !"*".equals(h2[i])) { hostMatch = h1[i].equalsIgnoreCase(h2[i]); }
