From 3bab8f9a65a733ce85196bfbb71fc4f80e6b6bc6 Mon Sep 17 00:00:00 2001
From: jvergara <jvergara@localhost>
Date: Sat, 17 Jan 2009 00:16:44 +0000
Subject: [PATCH] Fix for issue 3724 (ApplicationTrustManager.java use hard coded provider and algorithm ~)
---
opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java | 39 +++++++++++++++++++--------------------
1 files changed, 19 insertions(+), 20 deletions(-)
diff --git a/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java b/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java
index 9d67b12..6136813 100644
--- a/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java
+++ b/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java
@@ -30,7 +30,6 @@
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@@ -39,6 +38,7 @@
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
+import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
@@ -75,7 +75,7 @@
static private final Logger LOG =
Logger.getLogger(ApplicationTrustManager.class.getName());
- private X509TrustManager sunJSSEX509TrustManager;
+ private X509TrustManager trustManager;
private String lastRefusedAuthType;
private X509Certificate[] lastRefusedChain;
private Cause lastRefusedCause = null;
@@ -100,15 +100,21 @@
public ApplicationTrustManager(KeyStore keystore)
{
TrustManagerFactory tmf = null;
- String algo = "SunX509";
- String provider = "SunJSSE";
this.keystore = keystore;
try
{
- tmf = TrustManagerFactory.getInstance(algo, provider);
+ String algo = TrustManagerFactory.getDefaultAlgorithm();
+ tmf = TrustManagerFactory.getInstance(algo);
tmf.init(keystore);
- sunJSSEX509TrustManager =
- (X509TrustManager)(tmf.getTrustManagers())[0];
+ TrustManager[] trustManagers = tmf.getTrustManagers();
+ for (int i=0; i < trustManagers.length; i++)
+ {
+ if (trustManagers[i] instanceof X509TrustManager)
+ {
+ trustManager = (X509TrustManager)trustManagers[i];
+ break;
+ }
+ }
}
catch (NoSuchAlgorithmException e)
{
@@ -117,13 +123,6 @@
// in a best effor mode.
LOG.log(Level.WARNING, "Error with the algorithm", e);
}
- catch (NoSuchProviderException e)
- {
- // Nothing to do: if this occurs we will systematically refuse the
- // certificates. Maybe we should avoid this and be strict, but we are
- // in a best effor mode.
- LOG.log(Level.WARNING, "Error with the provider", e);
- }
catch (KeyStoreException e)
{
// Nothing to do: if this occurs we will systematically refuse the
@@ -142,11 +141,11 @@
boolean explicitlyAccepted = false;
try
{
- if (sunJSSEX509TrustManager != null)
+ if (trustManager != null)
{
try
{
- sunJSSEX509TrustManager.checkClientTrusted(chain, authType);
+ trustManager.checkClientTrusted(chain, authType);
}
catch (CertificateException ce)
{
@@ -199,11 +198,11 @@
boolean explicitlyAccepted = false;
try
{
- if (sunJSSEX509TrustManager != null)
+ if (trustManager != null)
{
try
{
- sunJSSEX509TrustManager.checkServerTrusted(chain, authType);
+ trustManager.checkServerTrusted(chain, authType);
}
catch (CertificateException ce)
{
@@ -251,9 +250,9 @@
*/
public X509Certificate[] getAcceptedIssuers()
{
- if (sunJSSEX509TrustManager != null)
+ if (trustManager != null)
{
- return sunJSSEX509TrustManager.getAcceptedIssuers();
+ return trustManager.getAcceptedIssuers();
}
else
{
--
Gitblit v1.10.0