From a2f838c8ea5c73db9651fec9cdf9d71a60efda06 Mon Sep 17 00:00:00 2001
From: Gaetan Boismal <gaetan.boismal@forgerock.com>
Date: Mon, 28 Nov 2016 15:59:48 +0000
Subject: [PATCH] OPENDJ-3532 Use JVM trust manager in connection handler by default

---
 opendj-server-legacy/src/main/java/org/opends/server/protocols/http/HTTPConnectionHandler.java |   21 ++++++++-------------
 1 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/HTTPConnectionHandler.java b/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/HTTPConnectionHandler.java
index 42442c4..e5219b0 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/HTTPConnectionHandler.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/protocols/http/HTTPConnectionHandler.java
@@ -41,6 +41,7 @@
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
+import javax.net.ssl.TrustManager;
 
 import org.forgerock.http.ApiProducer;
 import org.forgerock.http.DescribedHttpApplication;
@@ -82,11 +83,9 @@
 import org.opends.server.api.ConnectionHandler;
 import org.opends.server.api.KeyManagerProvider;
 import org.opends.server.api.ServerShutdownListener;
-import org.opends.server.api.TrustManagerProvider;
 import org.opends.server.core.DirectoryServer;
 import org.opends.server.core.ServerContext;
 import org.opends.server.extensions.NullKeyManagerProvider;
-import org.opends.server.extensions.NullTrustManagerProvider;
 import org.opends.server.loggers.HTTPAccessLogger;
 import org.opends.server.monitors.ClientConnectionMonitorProvider;
 import org.opends.server.protocols.internal.InternalClientConnection;
@@ -848,9 +847,9 @@
     {
       return null;
     }
-
-    DN keyMgrDN = config.getKeyManagerProviderDN();
-    KeyManagerProvider<?> keyManagerProvider = DirectoryServer.getKeyManagerProvider(keyMgrDN);
+    final ServerContext serverContext = DirectoryServer.getInstance().getServerContext();
+    final DN keyMgrDN = config.getKeyManagerProviderDN();
+    KeyManagerProvider<?> keyManagerProvider = serverContext.getKeyManagerProvider(keyMgrDN);
     if (keyManagerProvider == null)
     {
       logger.error(ERR_NULL_KEY_PROVIDER_MANAGER, keyMgrDN, friendlyName);
@@ -891,14 +890,10 @@
     }
 
     DN trustMgrDN = config.getTrustManagerProviderDN();
-    TrustManagerProvider<?> trustManagerProvider = DirectoryServer.getTrustManagerProvider(trustMgrDN);
-    if (trustManagerProvider == null)
-    {
-      trustManagerProvider = new NullTrustManagerProvider();
-    }
-
-    SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
-    sslContext.init(keyManagers, trustManagerProvider.getTrustManagers(), null);
+    final TrustManager[] trustManagers =
+            trustMgrDN == null ? null : serverContext.getTrustManagerProvider(trustMgrDN).getTrustManagers();
+    final SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
+    sslContext.init(keyManagers, trustManagers, null);
     return sslContext;
   }
 

--
Gitblit v1.10.0