db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From be...@apache.org
Subject svn commit: r597086 - in /db/derby/code/branches/10.3/java: client/org/apache/derby/client/net/ drda/org/apache/derby/impl/drda/
Date Wed, 21 Nov 2007 13:45:05 GMT
Author: bernt
Date: Wed Nov 21 05:45:04 2007
New Revision: 597086

URL: http://svn.apache.org/viewvc?rev=597086&view=rev
Log:
DERBY-3096 Merged with svn merge -r 596982:596983  https://svn.apache.org/repos/asf/db/derby/code/trunk

Modified:
    db/derby/code/branches/10.3/java/client/org/apache/derby/client/net/NaiveTrustManager.java
    db/derby/code/branches/10.3/java/client/org/apache/derby/client/net/OpenSocketAction.java
    db/derby/code/branches/10.3/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java
    db/derby/code/branches/10.3/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java

Modified: db/derby/code/branches/10.3/java/client/org/apache/derby/client/net/NaiveTrustManager.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.3/java/client/org/apache/derby/client/net/NaiveTrustManager.java?rev=597086&r1=597085&r2=597086&view=diff
==============================================================================
--- db/derby/code/branches/10.3/java/client/org/apache/derby/client/net/NaiveTrustManager.java
(original)
+++ db/derby/code/branches/10.3/java/client/org/apache/derby/client/net/NaiveTrustManager.java
Wed Nov 21 05:45:04 2007
@@ -21,13 +21,17 @@
 
 package org.apache.derby.client.net;
 
+import java.io.FileInputStream;
 import javax.net.SocketFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
+import javax.net.ssl.KeyManagerFactory;
+import java.security.KeyStore;
 import java.security.cert.X509Certificate;
 import java.security.cert.CertificateException;
 
+
 /**
  * This is a naive trust manager we use when we don't want server
  * authentication. Any certificate will be accepted. 
@@ -52,18 +56,53 @@
      **/
     public static SocketFactory getSocketFactory()
         throws java.security.NoSuchAlgorithmException,
-               java.security.KeyManagementException
+               java.security.KeyManagementException,
+               java.security.NoSuchProviderException,
+               java.security.KeyStoreException,
+               java.security.UnrecoverableKeyException,
+               java.security.cert.CertificateException,
+               java.io.IOException
     {
         if (thisManager == null) {
             thisManager = new TrustManager [] {new NaiveTrustManager()};
         }
-        
+
         SSLContext ctx = SSLContext.getInstance("SSL");
-        ctx.init(null, // Use default key manager
-                 thisManager,
-                 null); // Use default random source
+        
+        if (ctx.getProvider().getName().equals("SunJSSE") &&
+            (System.getProperty("javax.net.ssl.keyStore") != null) &&
+            (System.getProperty("javax.net.ssl.keyStorePassword") != null)) {
+            
+            // SunJSSE does not give you a working default keystore
+            // when using your own trust manager. Since a keystore is
+            // needed on the client when the server does
+            // peerAuthentication, we have to provide one working the
+            // same way as the default one.
+
+            String keyStore = 
+                System.getProperty("javax.net.ssl.keyStore");
+            String keyStorePassword =
+                System.getProperty("javax.net.ssl.keyStorePassword");
+            
+            KeyStore ks = KeyStore.getInstance("JKS");
+            ks.load(new FileInputStream(keyStore),
+                    keyStorePassword.toCharArray());
+            
+            KeyManagerFactory kmf = 
+                KeyManagerFactory.getInstance("SunX509", "SunJSSE");
+            kmf.init(ks, keyStorePassword.toCharArray());
+
+            ctx.init(kmf.getKeyManagers(),
+                     thisManager,
+                     null); // Use default random source
+        } else {
+            ctx.init(null, // Use default key manager
+                     thisManager,
+                     null); // Use default random source
+        }
+
         return ctx.getSocketFactory();
-    }
+     }
     
     /** 
      * Checks wether the we trust the client. Since this trust manager
@@ -76,7 +115,7 @@
                                    String authType)
         throws CertificateException
     {
-        // Reject all attemtpts to truts a client. We should never end
+        // Reject all attemtpts to trust a client. We should never end
         // up here.
         throw new CertificateException();
     }

Modified: db/derby/code/branches/10.3/java/client/org/apache/derby/client/net/OpenSocketAction.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.3/java/client/org/apache/derby/client/net/OpenSocketAction.java?rev=597086&r1=597085&r2=597086&view=diff
==============================================================================
--- db/derby/code/branches/10.3/java/client/org/apache/derby/client/net/OpenSocketAction.java
(original)
+++ db/derby/code/branches/10.3/java/client/org/apache/derby/client/net/OpenSocketAction.java
Wed Nov 21 05:45:04 2007
@@ -41,7 +41,12 @@
         throws java.net.UnknownHostException, 
                java.io.IOException,
                java.security.NoSuchAlgorithmException,
-               java.security.KeyManagementException {
+               java.security.KeyManagementException,
+               java.security.NoSuchProviderException,
+               java.security.KeyStoreException,
+               java.security.UnrecoverableKeyException,
+               java.security.cert.CertificateException
+    {
         
         SocketFactory sf;
         switch (clientSSLMode_) {

Modified: db/derby/code/branches/10.3/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.3/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java?rev=597086&r1=597085&r2=597086&view=diff
==============================================================================
--- db/derby/code/branches/10.3/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java
(original)
+++ db/derby/code/branches/10.3/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java
Wed Nov 21 05:45:04 2007
@@ -21,12 +21,17 @@
 
 package org.apache.derby.impl.drda;
 
+import java.io.FileInputStream;
 import javax.net.SocketFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
+import javax.net.ssl.KeyManagerFactory;
+import java.security.KeyStore;
 import java.security.cert.X509Certificate;
 import java.security.cert.CertificateException;
+import org.apache.derby.iapi.services.property.PropertyUtil;
+
 
 /**
  * This is a naive trust manager we use when we don't want server
@@ -52,16 +57,51 @@
      **/
     public static SocketFactory getSocketFactory()
         throws java.security.NoSuchAlgorithmException,
-               java.security.KeyManagementException
+               java.security.KeyManagementException,
+               java.security.NoSuchProviderException,
+               java.security.KeyStoreException,
+               java.security.UnrecoverableKeyException,
+               java.security.cert.CertificateException,
+               java.io.IOException
     {
         if (thisManager == null) {
             thisManager = new TrustManager [] {new NaiveTrustManager()};
         }
-        
+
         SSLContext ctx = SSLContext.getInstance("SSL");
-        ctx.init(null, // Use default key manager
-                 thisManager,
-                 null); // Use default random source
+        
+        if (ctx.getProvider().getName().equals("SunJSSE") &&
+            (PropertyUtil.getSystemProperty("javax.net.ssl.keyStore") != null) &&
+            (PropertyUtil.getSystemProperty("javax.net.ssl.keyStorePassword") != null)) {
+            
+            // SunJSSE does not give you a working default keystore
+            // when using your own trust manager. Since a keystore is
+            // needed on the client when the server does
+            // peerAuthentication, we have to provide one working the
+            // same way as the default one.
+
+            String keyStore = 
+                PropertyUtil.getSystemProperty("javax.net.ssl.keyStore");
+            String keyStorePassword =
+                PropertyUtil.getSystemProperty("javax.net.ssl.keyStorePassword");
+            
+            KeyStore ks = KeyStore.getInstance("JKS");
+            ks.load(new FileInputStream(keyStore),
+                    keyStorePassword.toCharArray());
+            
+            KeyManagerFactory kmf = 
+                KeyManagerFactory.getInstance("SunX509", "SunJSSE");
+            kmf.init(ks, keyStorePassword.toCharArray());
+
+            ctx.init(kmf.getKeyManagers(),
+                     thisManager,
+                     null); // Use default random source
+        } else {
+            ctx.init(null, // Use default key manager
+                     thisManager,
+                     null); // Use default random source
+        }
+
         return ctx.getSocketFactory();
     }
     
@@ -76,7 +116,7 @@
                                    String authType)
         throws CertificateException
     {
-        // Reject all attemtpts to truts a client. We should never end
+        // Reject all attemtpts to trust a client. We should never end
         // up here.
         throw new CertificateException();
     }

Modified: db/derby/code/branches/10.3/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.3/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java?rev=597086&r1=597085&r2=597086&view=diff
==============================================================================
--- db/derby/code/branches/10.3/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
(original)
+++ db/derby/code/branches/10.3/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
Wed Nov 21 05:45:04 2007
@@ -2251,7 +2251,11 @@
 										throws UnknownHostException,
 											   IOException, 
 											   java.security.NoSuchAlgorithmException,
-											   java.security.KeyManagementException
+											   java.security.KeyManagementException,
+                                               java.security.NoSuchProviderException,
+                                               java.security.KeyStoreException,
+                                               java.security.UnrecoverableKeyException,
+                                               java.security.cert.CertificateException
 									{
 										if (hostAddress == null)
 											hostAddress = InetAddress.getByName(hostArg);



Mime
View raw message