From 3bab8f9a65a733ce85196bfbb71fc4f80e6b6bc6 Mon Sep 17 00:00:00 2001
From: jvergara <jvergara@localhost>
Date: Sat, 17 Jan 2009 00:16:44 +0000
Subject: [PATCH] Fix for issue 3724 (ApplicationTrustManager.java use hard coded provider and algorithm ~)
---
opends/src/ads/org/opends/admin/ads/util/ApplicationKeyManager.java | 41 ++++++++------------
opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java | 39 +++++++++----------
2 files changed, 35 insertions(+), 45 deletions(-)
diff --git a/opends/src/ads/org/opends/admin/ads/util/ApplicationKeyManager.java b/opends/src/ads/org/opends/admin/ads/util/ApplicationKeyManager.java
index f2f2d37..f568e4a 100644
--- a/opends/src/ads/org/opends/admin/ads/util/ApplicationKeyManager.java
+++ b/opends/src/ads/org/opends/admin/ads/util/ApplicationKeyManager.java
@@ -31,7 +31,6 @@
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
@@ -64,7 +63,7 @@
/**
* The default keyManager.
*/
- private X509KeyManager sunJSSEX509KeyManager = null ;
+ private X509KeyManager keyManager = null ;
/**
* The default constructor.
@@ -74,11 +73,10 @@
public ApplicationKeyManager(KeyStore keystore, char[] password)
{
KeyManagerFactory kmf = null;
- String algo = "SunX509";
- String provider = "SunJSSE";
try
{
- kmf = KeyManagerFactory.getInstance(algo, provider);
+ String algo = KeyManagerFactory.getDefaultAlgorithm();
+ kmf = KeyManagerFactory.getInstance(algo);
kmf.init(keystore, password);
KeyManager kms[] = kmf.getKeyManagers();
@@ -91,11 +89,10 @@
{
if (kms[i] instanceof X509KeyManager)
{
- sunJSSEX509KeyManager = (X509KeyManager) kms[i];
+ keyManager = (X509KeyManager) kms[i];
break;
}
}
-
}
catch (NoSuchAlgorithmException e)
{
@@ -103,12 +100,6 @@
// in a best effor mode.
LOG.log(Level.WARNING, "Error with the algorithm", e);
}
- catch (NoSuchProviderException e)
- {
- // Nothing to do. Maybe we should avoid this and be strict, but we are
- // in a best effor mode.
- LOG.log(Level.WARNING, "Error with the provider", e);
- }
catch (KeyStoreException e)
{
// Nothing to do. Maybe we should avoid this and be strict, but we are
@@ -145,9 +136,9 @@
public String chooseClientAlias(String[] keyType, Principal[] issuers,
Socket socket)
{
- if (sunJSSEX509KeyManager != null)
+ if (keyManager != null)
{
- return sunJSSEX509KeyManager.chooseClientAlias(keyType, issuers, socket);
+ return keyManager.chooseClientAlias(keyType, issuers, socket);
}
else
{
@@ -176,9 +167,9 @@
public String chooseServerAlias(String keyType, Principal[] issuers,
Socket socket)
{
- if (sunJSSEX509KeyManager != null)
+ if (keyManager != null)
{
- return sunJSSEX509KeyManager.chooseServerAlias(keyType, issuers, socket);
+ return keyManager.chooseServerAlias(keyType, issuers, socket);
}
else
{
@@ -197,9 +188,9 @@
*/
public X509Certificate[] getCertificateChain(String alias)
{
- if (sunJSSEX509KeyManager != null)
+ if (keyManager != null)
{
- return sunJSSEX509KeyManager.getCertificateChain(alias);
+ return keyManager.getCertificateChain(alias);
}
else
{
@@ -222,9 +213,9 @@
*/
public String[] getClientAliases(String keyType, Principal[] issuers)
{
- if (sunJSSEX509KeyManager != null)
+ if (keyManager != null)
{
- return sunJSSEX509KeyManager.getClientAliases(keyType, issuers);
+ return keyManager.getClientAliases(keyType, issuers);
}
else
{
@@ -241,9 +232,9 @@
*/
public PrivateKey getPrivateKey(String alias)
{
- if (sunJSSEX509KeyManager != null)
+ if (keyManager != null)
{
- return sunJSSEX509KeyManager.getPrivateKey(alias);
+ return keyManager.getPrivateKey(alias);
}
else
{
@@ -266,9 +257,9 @@
*/
public String[] getServerAliases(String keyType, Principal[] issuers)
{
- if (sunJSSEX509KeyManager != null)
+ if (keyManager != null)
{
- return sunJSSEX509KeyManager.getServerAliases(keyType, issuers);
+ return keyManager.getServerAliases(keyType, issuers);
}
else
{
diff --git a/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java b/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java
index 9d67b12..6136813 100644
--- a/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java
+++ b/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java
@@ -30,7 +30,6 @@
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@@ -39,6 +38,7 @@
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
+import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
@@ -75,7 +75,7 @@
static private final Logger LOG =
Logger.getLogger(ApplicationTrustManager.class.getName());
- private X509TrustManager sunJSSEX509TrustManager;
+ private X509TrustManager trustManager;
private String lastRefusedAuthType;
private X509Certificate[] lastRefusedChain;
private Cause lastRefusedCause = null;
@@ -100,15 +100,21 @@
public ApplicationTrustManager(KeyStore keystore)
{
TrustManagerFactory tmf = null;
- String algo = "SunX509";
- String provider = "SunJSSE";
this.keystore = keystore;
try
{
- tmf = TrustManagerFactory.getInstance(algo, provider);
+ String algo = TrustManagerFactory.getDefaultAlgorithm();
+ tmf = TrustManagerFactory.getInstance(algo);
tmf.init(keystore);
- sunJSSEX509TrustManager =
- (X509TrustManager)(tmf.getTrustManagers())[0];
+ TrustManager[] trustManagers = tmf.getTrustManagers();
+ for (int i=0; i < trustManagers.length; i++)
+ {
+ if (trustManagers[i] instanceof X509TrustManager)
+ {
+ trustManager = (X509TrustManager)trustManagers[i];
+ break;
+ }
+ }
}
catch (NoSuchAlgorithmException e)
{
@@ -117,13 +123,6 @@
// in a best effor mode.
LOG.log(Level.WARNING, "Error with the algorithm", e);
}
- catch (NoSuchProviderException e)
- {
- // Nothing to do: if this occurs we will systematically refuse the
- // certificates. Maybe we should avoid this and be strict, but we are
- // in a best effor mode.
- LOG.log(Level.WARNING, "Error with the provider", e);
- }
catch (KeyStoreException e)
{
// Nothing to do: if this occurs we will systematically refuse the
@@ -142,11 +141,11 @@
boolean explicitlyAccepted = false;
try
{
- if (sunJSSEX509TrustManager != null)
+ if (trustManager != null)
{
try
{
- sunJSSEX509TrustManager.checkClientTrusted(chain, authType);
+ trustManager.checkClientTrusted(chain, authType);
}
catch (CertificateException ce)
{
@@ -199,11 +198,11 @@
boolean explicitlyAccepted = false;
try
{
- if (sunJSSEX509TrustManager != null)
+ if (trustManager != null)
{
try
{
- sunJSSEX509TrustManager.checkServerTrusted(chain, authType);
+ trustManager.checkServerTrusted(chain, authType);
}
catch (CertificateException ce)
{
@@ -251,9 +250,9 @@
*/
public X509Certificate[] getAcceptedIssuers()
{
- if (sunJSSEX509TrustManager != null)
+ if (trustManager != null)
{
- return sunJSSEX509TrustManager.getAcceptedIssuers();
+ return trustManager.getAcceptedIssuers();
}
else
{
--
Gitblit v1.10.0