From f2160f4bd1c8ac67e5a86a6710d431e8932877f9 Mon Sep 17 00:00:00 2001
From: matthew_swift <matthew_swift@localhost>
Date: Fri, 28 May 2010 11:47:51 +0000
Subject: [PATCH] Synchronize SDK on java.net with internal repository.
---
sdk/src/com/sun/opends/sdk/tools/PromptingTrustManager.java | 248 ++++++++++++++++++++++++-------------------------
1 files changed, 120 insertions(+), 128 deletions(-)
diff --git a/sdk/src/com/sun/opends/sdk/tools/PromptingTrustManager.java b/sdk/src/com/sun/opends/sdk/tools/PromptingTrustManager.java
index ec74304..2274f92 100644
--- a/sdk/src/com/sun/opends/sdk/tools/PromptingTrustManager.java
+++ b/sdk/src/com/sun/opends/sdk/tools/PromptingTrustManager.java
@@ -57,22 +57,11 @@
/**
- * A trust manager which prompts the user for the length of time that
- * they would like to trust a server certificate.
+ * A trust manager which prompts the user for the length of time that they would
+ * like to trust a server certificate.
*/
final class PromptingTrustManager implements X509TrustManager
{
- static private final Logger LOG = Logger
- .getLogger(PromptingTrustManager.class.getName());
-
- static private final String DEFAULT_PATH = System
- .getProperty("user.home")
- + File.separator + ".opends" + File.separator + "keystore";
-
- static private final char[] DEFAULT_PASSWORD = "OpenDS".toCharArray();
-
-
-
/**
* Enumeration description server certificate trust option.
*/
@@ -97,7 +86,7 @@
* @param msg
* the message message.
*/
- private TrustOption(int i, LocalizableMessage msg)
+ private TrustOption(final int i, final LocalizableMessage msg)
{
choice = i;
this.msg = msg;
@@ -130,6 +119,14 @@
+ static private final Logger LOG = Logger
+ .getLogger(PromptingTrustManager.class.getName());
+
+ static private final String DEFAULT_PATH = System.getProperty("user.home")
+ + File.separator + ".opends" + File.separator + "keystore";
+
+ static private final char[] DEFAULT_PASSWORD = "OpenDS".toCharArray();
+
private final KeyStore inMemoryTrustStore;
private final KeyStore onDiskTrustStore;
@@ -144,28 +141,18 @@
- PromptingTrustManager(ConsoleApplication app,
- X509TrustManager sourceTrustManager) throws KeyStoreException,
- IOException, NoSuchAlgorithmException, CertificateException
- {
- this(app, DEFAULT_PATH, sourceTrustManager);
- }
-
-
-
- PromptingTrustManager(ConsoleApplication app,
- String acceptedStorePath, X509TrustManager sourceTrustManager)
+ PromptingTrustManager(final ConsoleApplication app,
+ final String acceptedStorePath, final X509TrustManager sourceTrustManager)
throws KeyStoreException, IOException, NoSuchAlgorithmException,
CertificateException
{
Validator.ensureNotNull(app, acceptedStorePath);
this.app = app;
this.nestedTrustManager = sourceTrustManager;
- inMemoryTrustStore = KeyStore
- .getInstance(KeyStore.getDefaultType());
+ inMemoryTrustStore = KeyStore.getInstance(KeyStore.getDefaultType());
onDiskTrustStore = KeyStore.getInstance(KeyStore.getDefaultType());
- File onDiskTrustStorePath = new File(acceptedStorePath);
+ final File onDiskTrustStorePath = new File(acceptedStorePath);
inMemoryTrustStore.load(null, null);
if (!onDiskTrustStorePath.exists())
{
@@ -173,15 +160,15 @@
}
else
{
- FileInputStream fos = new FileInputStream(onDiskTrustStorePath);
+ final FileInputStream fos = new FileInputStream(onDiskTrustStorePath);
onDiskTrustStore.load(fos, DEFAULT_PASSWORD);
}
- TrustManagerFactory tmf = TrustManagerFactory
+ final TrustManagerFactory tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(inMemoryTrustStore);
X509TrustManager x509tm = null;
- for (TrustManager tm : tmf.getTrustManagers())
+ for (final TrustManager tm : tmf.getTrustManagers())
{
if (tm instanceof X509TrustManager)
{
@@ -197,7 +184,7 @@
tmf.init(onDiskTrustStore);
x509tm = null;
- for (TrustManager tm : tmf.getTrustManagers())
+ for (final TrustManager tm : tmf.getTrustManagers())
{
if (tm instanceof X509TrustManager)
{
@@ -214,20 +201,29 @@
- public void checkClientTrusted(X509Certificate[] x509Certificates,
- String s) throws CertificateException
+ PromptingTrustManager(final ConsoleApplication app,
+ final X509TrustManager sourceTrustManager) throws KeyStoreException,
+ IOException, NoSuchAlgorithmException, CertificateException
+ {
+ this(app, DEFAULT_PATH, sourceTrustManager);
+ }
+
+
+
+ public void checkClientTrusted(final X509Certificate[] x509Certificates,
+ final String s) throws CertificateException
{
try
{
inMemoryTrustManager.checkClientTrusted(x509Certificates, s);
}
- catch (Exception ce1)
+ catch (final Exception ce1)
{
try
{
onDiskTrustManager.checkClientTrusted(x509Certificates, s);
}
- catch (Exception ce2)
+ catch (final Exception ce2)
{
if (nestedTrustManager != null)
{
@@ -235,7 +231,7 @@
{
nestedTrustManager.checkClientTrusted(x509Certificates, s);
}
- catch (Exception ce3)
+ catch (final Exception ce3)
{
checkManuallyTrusted(x509Certificates, ce3);
}
@@ -250,20 +246,20 @@
- public void checkServerTrusted(X509Certificate[] x509Certificates,
- String s) throws CertificateException
+ public void checkServerTrusted(final X509Certificate[] x509Certificates,
+ final String s) throws CertificateException
{
try
{
inMemoryTrustManager.checkServerTrusted(x509Certificates, s);
}
- catch (Exception ce1)
+ catch (final Exception ce1)
{
try
{
onDiskTrustManager.checkServerTrusted(x509Certificates, s);
}
- catch (Exception ce2)
+ catch (final Exception ce2)
{
if (nestedTrustManager != null)
{
@@ -271,7 +267,7 @@
{
nestedTrustManager.checkServerTrusted(x509Certificates, s);
}
- catch (Exception ce3)
+ catch (final Exception ce3)
{
checkManuallyTrusted(x509Certificates, ce3);
}
@@ -298,33 +294,89 @@
/**
+ * This method is called when the user accepted a certificate.
+ *
+ * @param chain
+ * the certificate chain accepted by the user. certificate.
+ */
+ private void acceptCertificate(final X509Certificate[] chain,
+ final boolean permanent)
+ {
+ if (permanent)
+ {
+ LOG.log(Level.INFO, "Permanently accepting certificate chain to "
+ + "truststore");
+ }
+ else
+ {
+ LOG.log(Level.INFO, "Accepting certificate chain for this session");
+ }
+
+ for (final X509Certificate aChain : chain)
+ {
+ try
+ {
+ final String alias = aChain.getSubjectDN().getName();
+ inMemoryTrustStore.setCertificateEntry(alias, aChain);
+ if (permanent)
+ {
+ onDiskTrustStore.setCertificateEntry(alias, aChain);
+ }
+ }
+ catch (final Exception e)
+ {
+ LOG.log(Level.WARNING, "Error setting certificate to store: " + e
+ + "\nCert: " + aChain.toString());
+ }
+ }
+
+ if (permanent)
+ {
+ try
+ {
+ final File truststoreFile = new File(DEFAULT_PATH);
+ if (!truststoreFile.exists())
+ {
+ createFile(truststoreFile);
+ }
+ final FileOutputStream fos = new FileOutputStream(truststoreFile);
+ onDiskTrustStore.store(fos, DEFAULT_PASSWORD);
+ fos.close();
+ }
+ catch (final Exception e)
+ {
+ LOG.log(Level.WARNING, "Error saving store to disk: " + e);
+ }
+ }
+ }
+
+
+
+ /**
* Indicate if the certificate chain can be trusted.
*
* @param chain
* The certificate chain to validate certificate.
*/
- private void checkManuallyTrusted(X509Certificate[] chain,
- Exception exception) throws CertificateException
+ private void checkManuallyTrusted(final X509Certificate[] chain,
+ final Exception exception) throws CertificateException
{
app.println();
- app
- .println(INFO_LDAP_CONN_PROMPT_SECURITY_SERVER_CERTIFICATE
- .get());
+ app.println(INFO_LDAP_CONN_PROMPT_SECURITY_SERVER_CERTIFICATE.get());
app.println();
- for (int i = 0; i < chain.length; i++)
+ for (final X509Certificate element : chain)
{
// Certificate DN
app.println(INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE_USER_DN
- .get(chain[i].getSubjectDN().toString()));
+ .get(element.getSubjectDN().toString()));
// certificate validity
- app.println(INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE_VALIDITY
- .get(chain[i].getNotBefore().toString(), chain[i]
- .getNotAfter().toString()));
+ app.println(INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE_VALIDITY.get(
+ element.getNotBefore().toString(), element.getNotAfter().toString()));
// certificate Issuer
- app.println(INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE_ISSUER
- .get(chain[i].getIssuerDN().toString()));
+ app.println(INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE_ISSUER.get(element
+ .getIssuerDN().toString()));
app.println();
app.println();
@@ -334,21 +386,20 @@
app.println(INFO_LDAP_CONN_PROMPT_SECURITY_TRUST_OPTION.get());
app.println();
- Map<String, TrustOption> menuOptions = new HashMap<String, TrustOption>();
- for (TrustOption t : TrustOption.values())
+ final Map<String, TrustOption> menuOptions = new HashMap<String, TrustOption>();
+ for (final TrustOption t : TrustOption.values())
{
menuOptions.put(t.getChoice().toString(), t);
- LocalizableMessageBuilder builder = new LocalizableMessageBuilder();
+ final LocalizableMessageBuilder builder = new LocalizableMessageBuilder();
builder.append(t.getChoice());
builder.append(") ");
builder.append(t.getMenuMessage());
app.println(builder.toMessage(), 2 /* Indent options */);
}
- TrustOption defaultTrustMethod = TrustOption.SESSION;
- LocalizableMessage promptMsg = INFO_MENU_PROMPT_SINGLE_DEFAULT
- .get(defaultTrustMethod.getChoice().toString());
+ final TrustOption defaultTrustMethod = TrustOption.SESSION;
+ final LocalizableMessage promptMsg = INFO_MENU_PROMPT_SINGLE.get();
while (true)
{
@@ -356,10 +407,10 @@
String choice;
try
{
- choice = app.readInput(promptMsg, defaultTrustMethod
- .getChoice().toString());
+ choice = app.readInput(promptMsg, defaultTrustMethod.getChoice()
+ .toString());
}
- catch (CLIException e)
+ catch (final CLIException e)
{
// What can we do here?
throw new CertificateException(exception);
@@ -369,7 +420,7 @@
app.println();
}
- TrustOption option = menuOptions.get(choice.trim());
+ final TrustOption option = menuOptions.get(choice.trim());
if (option == null)
{
app.println(ERR_MENU_BAD_CHOICE_SINGLE.get());
@@ -389,11 +440,11 @@
throw new CertificateException(exception);
}
case CERTIFICATE_DETAILS:
- for (X509Certificate aChain : chain)
+ for (final X509Certificate aChain : chain)
{
app.println();
- app.println(INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE
- .get(aChain.toString()));
+ app.println(INFO_LDAP_CONN_SECURITY_SERVER_CERTIFICATE.get(aChain
+ .toString()));
app.println();
}
break;
@@ -407,71 +458,12 @@
- /**
- * This method is called when the user accepted a certificate.
- *
- * @param chain
- * the certificate chain accepted by the user. certificate.
- */
- void acceptCertificate(X509Certificate[] chain, boolean permanent)
- {
- if (permanent)
- {
- LOG.log(Level.INFO, "Permanently accepting certificate chain to "
- + "truststore");
- }
- else
- {
- LOG.log(Level.INFO,
- "Accepting certificate chain for this session");
- }
-
- for (X509Certificate aChain : chain)
- {
- try
- {
- String alias = aChain.getSubjectDN().getName();
- inMemoryTrustStore.setCertificateEntry(alias, aChain);
- if (permanent)
- {
- onDiskTrustStore.setCertificateEntry(alias, aChain);
- }
- }
- catch (Exception e)
- {
- LOG.log(Level.WARNING, "Error setting certificate to store: "
- + e + "\nCert: " + aChain.toString());
- }
- }
-
- if (permanent)
- {
- try
- {
- File truststoreFile = new File(DEFAULT_PATH);
- if (!truststoreFile.exists())
- {
- createFile(truststoreFile);
- }
- FileOutputStream fos = new FileOutputStream(truststoreFile);
- onDiskTrustStore.store(fos, DEFAULT_PASSWORD);
- fos.close();
- }
- catch (Exception e)
- {
- LOG.log(Level.WARNING, "Error saving store to disk: " + e);
- }
- }
- }
-
-
-
- private boolean createFile(File f) throws IOException
+ private boolean createFile(final File f) throws IOException
{
boolean success = false;
if (f != null)
{
- File parent = f.getParentFile();
+ final File parent = f.getParentFile();
if (!parent.exists())
{
parent.mkdirs();
--
Gitblit v1.10.0