From 6b33835fe2763ff5b47aa22f5daea13341237546 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Sat, 07 Jul 2007 21:50:13 +0000
Subject: [PATCH] Update the file-based trust manager provider so that it will reject client certificates that are expired or not yet valid.  Also update the SSL connection factory used by the client tools so that if an explicit trust store is provided, the validity of the server certificate will also be checked.

---
 opendj-sdk/opends/src/server/org/opends/server/extensions/FileBasedTrustManagerProvider.java |   11 ++++++++++-
 1 files changed, 10 insertions(+), 1 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/extensions/FileBasedTrustManagerProvider.java b/opendj-sdk/opends/src/server/org/opends/server/extensions/FileBasedTrustManagerProvider.java
index b3d710e..c6e73e6 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/extensions/FileBasedTrustManagerProvider.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/extensions/FileBasedTrustManagerProvider.java
@@ -38,6 +38,7 @@
 import java.util.List;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
 
 import org.opends.server.admin.server.ConfigurationChangeListener;
 import org.opends.server.admin.std.server.FileBasedTrustManagerCfg;
@@ -49,6 +50,7 @@
 import org.opends.server.types.DN;
 import org.opends.server.types.InitializationException;
 import org.opends.server.types.ResultCode;
+import org.opends.server.util.ExpirationCheckTrustManager;
 
 import static org.opends.server.loggers.debug.DebugLogger.*;
 import org.opends.server.loggers.debug.DebugTracer;
@@ -326,7 +328,14 @@
       TrustManagerFactory trustManagerFactory =
            TrustManagerFactory.getInstance(trustManagerAlgorithm);
       trustManagerFactory.init(trustStore);
-      return trustManagerFactory.getTrustManagers();
+      TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
+      TrustManager[] newTrustManagers = new TrustManager[trustManagers.length];
+      for (int i=0; i < trustManagers.length; i++)
+      {
+        newTrustManagers[i] = new ExpirationCheckTrustManager(
+                                       (X509TrustManager) trustManagers[i]);
+      }
+      return newTrustManagers;
     }
     catch (Exception e)
     {

--
Gitblit v1.10.0