From a2f838c8ea5c73db9651fec9cdf9d71a60efda06 Mon Sep 17 00:00:00 2001
From: Gaetan Boismal <gaetan.boismal@forgerock.com>
Date: Mon, 28 Nov 2016 15:59:48 +0000
Subject: [PATCH] OPENDJ-3532 Use JVM trust manager in connection handler by default

---
 opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java |   17 +++++++----------
 1 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java b/opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java
index c254f8a..1d0eee8 100644
--- a/opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java
+++ b/opendj-server-legacy/src/main/java/org/forgerock/opendj/reactive/LDAPConnectionHandler2.java
@@ -44,6 +44,7 @@
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
+import javax.net.ssl.TrustManager;
 
 import org.forgerock.i18n.LocalizableMessage;
 import org.forgerock.i18n.slf4j.LocalizedLogger;
@@ -70,7 +71,6 @@
 import org.opends.server.api.DirectoryThread;
 import org.opends.server.api.KeyManagerProvider;
 import org.opends.server.api.ServerShutdownListener;
-import org.opends.server.api.TrustManagerProvider;
 import org.opends.server.api.plugin.PluginResult;
 import org.opends.server.core.DirectoryServer;
 import org.opends.server.core.PluginConfigManager;
@@ -78,7 +78,6 @@
 import org.opends.server.core.ServerContext;
 import org.opends.server.core.WorkQueueStrategy;
 import org.opends.server.extensions.NullKeyManagerProvider;
-import org.opends.server.extensions.NullTrustManagerProvider;
 import org.opends.server.monitors.ClientConnectionMonitorProvider;
 import org.opends.server.protocols.ldap.LDAPStatistics;
 import org.opends.server.types.DirectoryException;
@@ -897,7 +896,8 @@
     private SSLContext createSSLContext(LDAPConnectionHandlerCfg config) throws DirectoryException {
         try {
             DN keyMgrDN = config.getKeyManagerProviderDN();
-            KeyManagerProvider<?> keyManagerProvider = DirectoryServer.getKeyManagerProvider(keyMgrDN);
+            final ServerContext serverContext = DirectoryServer.getInstance().getServerContext();
+            KeyManagerProvider<?> keyManagerProvider = serverContext.getKeyManagerProvider(keyMgrDN);
             if (keyManagerProvider == null) {
                 logger.error(ERR_NULL_KEY_PROVIDER_MANAGER, keyMgrDN, friendlyName);
                 disableAndWarnIfUseSSL(config);
@@ -928,14 +928,11 @@
                         friendlyName);
             }
 
-            DN trustMgrDN = config.getTrustManagerProviderDN();
-            TrustManagerProvider<?> trustManagerProvider = DirectoryServer.getTrustManagerProvider(trustMgrDN);
-            if (trustManagerProvider == null) {
-                trustManagerProvider = new NullTrustManagerProvider();
-            }
-
+            final DN trustMgrDN = config.getTrustManagerProviderDN();
+            final TrustManager[] trustManagers =
+                    trustMgrDN == null ? null : serverContext.getTrustManagerProvider(trustMgrDN).getTrustManagers();
             SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
-            sslContext.init(keyManagers, trustManagerProvider.getTrustManagers(), null);
+            sslContext.init(keyManagers, trustManagers, null);
             return sslContext;
         } catch (Exception e) {
             logger.traceException(e);

--
Gitblit v1.10.0