directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From seelm...@apache.org
Subject svn commit: r779740 - in /directory/studio/trunk: ./ connection-core/src/main/java/org/apache/directory/studio/connection/core/ connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/ connection-ui/src/main/java/org/apache/di...
Date Thu, 28 May 2009 19:46:35 GMT
Author: seelmann
Date: Thu May 28 19:46:35 2009
New Revision: 779740

URL: http://svn.apache.org/viewvc?rev=779740&view=rev
Log:
DIRSTUDIO-263 (Add certificate validation for ldaps and StartTLS):
o Added host name verification
o Added more info to certificate trust dialog


Modified:
    directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePlugin.java
    directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ICertificateHandler.java
    directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/JNDIConnectionWrapper.java
    directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java
    directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java
    directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUICertificateHandler.java
    directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/CertificateTrustDialog.java
    directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages.properties
    directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties
    directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_fr.properties
    directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/CertificateInfoComposite.java
    directory/studio/trunk/jars/pom.xml
    directory/studio/trunk/pom.xml

Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePlugin.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePlugin.java?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePlugin.java
(original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePlugin.java
Thu May 28 19:46:35 2009
@@ -346,7 +346,8 @@
             // that just returns "No"
             certificateHandler = new ICertificateHandler()
             {
-                public TrustLevel verifyTrustLevel( X509Certificate[] certChain )
+                public TrustLevel verifyTrustLevel( String host, X509Certificate[] certChain,
+                    List<ICertificateHandler.FailCause> failCauses )
                 {
                     return TrustLevel.Not;
                 }

Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ICertificateHandler.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ICertificateHandler.java?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ICertificateHandler.java
(original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ICertificateHandler.java
Thu May 28 19:46:35 2009
@@ -22,6 +22,7 @@
 
 
 import java.security.cert.X509Certificate;
+import java.util.List;
 
 
 /**
@@ -35,34 +36,51 @@
 {
 
     /**
-     * The trust level of a certificate
+     * The trust level of a certificate.
      */
     enum TrustLevel
     {
-        /**
-         * Don't trust a certificate.
-         */
+        /** Don't trust a certificate. */
         Not,
 
-        /**
-         * Trust a certificate within the current session.
-         */
+        /** Trust a certificate within the current session. */
         Session,
 
-        /**
-         * Trust a certificate permanently.
-         */
+        /** Trust a certificate permanently. */
         Permanent;
     }
 
+    /**
+     * The cause of certificate verification failure.
+     */
+    enum FailCause
+    {
+        /** No valid certification path, i.e. unknown issuer.  */
+        NoValidCertificationPath,
+
+        /** Certificate is not valid yet */
+        CertificateNotYetValid,
+
+        /** Certificate is expired */
+        CertificateExpired,
+
+        /** Certificate is self signed */
+        SelfSignedCertificate,
+
+        /** The host name of the server doesn't match the host name in certificate */
+        HostnameVerificationFailed
+    }
+
 
     /**
      * Verifies the trust level of the given certificate chain.
      * 
-     * @param cert the certificate chain
+     * @param certChain the certificate chain
+     * @param failCauses the causes of failed certificate validation
      * 
      * @return the trust level
      */
-    TrustLevel verifyTrustLevel( X509Certificate[] certChain );
+    TrustLevel verifyTrustLevel( String host, X509Certificate[] certChain,
+        List<ICertificateHandler.FailCause> failCauses );
 
 }

Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/JNDIConnectionWrapper.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/JNDIConnectionWrapper.java?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/JNDIConnectionWrapper.java
(original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/JNDIConnectionWrapper.java
Thu May 28 19:46:35 2009
@@ -858,7 +858,7 @@
         {
             environment.put( Context.PROVIDER_URL, LdapURL.LDAPS_SCHEME + host + ':' + port
);
             environment.put( Context.SECURITY_PROTOCOL, "ssl" ); //$NON-NLS-1$
-            // TODO: host name validation
+            // host name verification is done in StudioTrustManager
             environment.put( JAVA_NAMING_LDAP_FACTORY_SOCKET, validateCertificates ? StudioSSLSocketFactory.class
                 .getName() : DummySSLSocketFactory.class.getName() );
         }
@@ -886,7 +886,8 @@
                         {
                             StartTlsResponse tls = ( StartTlsResponse ) context
                                 .extendedOperation( new StartTlsRequest() );
-                            // TODO: host name validation
+                            // deactivate host name verification at this level,
+                            // host name verification is done in StudioTrustManager
                             tls.setHostnameVerifier( new HostnameVerifier()
                             {
                                 public boolean verify( String hostname, SSLSession session
)

Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java
(original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java
Thu May 28 19:46:35 2009
@@ -67,6 +67,9 @@
     /** The delegate. */
     private SSLSocketFactory delegate;
 
+    /** The trust managers. */
+    private StudioTrustManager[] trustManagers;
+
 
     /**
      * Creates a new instance of StudioSSLSocketFactory.
@@ -84,14 +87,15 @@
             TrustManager[] defaultTrustManagers = factory.getTrustManagers();
 
             // create wrappers around the trust managers
+            trustManagers = new StudioTrustManager[defaultTrustManagers.length];
             for ( int i = 0; i < defaultTrustManagers.length; i++ )
             {
-                defaultTrustManagers[i] = new StudioTrustManager( ( X509TrustManager ) defaultTrustManagers[i]
);
+                trustManagers[i] = new StudioTrustManager( ( X509TrustManager ) defaultTrustManagers[i]
);
             }
 
             // create the real socket factory
             SSLContext sc = SSLContext.getInstance( "TLS" ); //$NON-NLS-1$
-            sc.init( null, defaultTrustManagers, null );
+            sc.init( null, trustManagers, null );
             delegate = sc.getSocketFactory();
         }
         catch ( Exception e )
@@ -127,6 +131,7 @@
     {
         try
         {
+            updateTrustManagers( host );
             return delegate.createSocket( s, host, port, autoClose );
         }
         catch ( IOException e )
@@ -144,6 +149,7 @@
     {
         try
         {
+            updateTrustManagers( host );
             return delegate.createSocket( host, port );
         }
         catch ( IOException e )
@@ -161,6 +167,7 @@
     {
         try
         {
+            updateTrustManagers( host );
             return delegate.createSocket( host, port );
         }
         catch ( IOException e )
@@ -179,6 +186,7 @@
     {
         try
         {
+            updateTrustManagers( host );
             return delegate.createSocket( host, port, localHost, localPort );
         }
         catch ( IOException e )
@@ -192,12 +200,13 @@
     /**
      * {@inheritDoc}
      */
-    public Socket createSocket( InetAddress address, int port, InetAddress localhAddress,
int localPort )
+    public Socket createSocket( InetAddress address, int port, InetAddress localAddress,
int localPort )
         throws IOException
     {
         try
         {
-            return delegate.createSocket( address, port, localhAddress, localPort );
+            updateTrustManagers( address );
+            return delegate.createSocket( address, port, localAddress, localPort );
         }
         catch ( IOException e )
         {
@@ -206,4 +215,18 @@
         }
     }
 
+
+    private void updateTrustManagers( InetAddress address )
+    {
+        updateTrustManagers( address.getHostName() );
+    }
+
+
+    private void updateTrustManagers( String host )
+    {
+        for ( StudioTrustManager trustManager : trustManagers )
+        {
+            trustManager.setHost( host );
+        }
+    }
 }

Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java
(original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java
Thu May 28 19:46:35 2009
@@ -23,16 +23,24 @@
 
 import java.security.KeyStore;
 import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
 import java.security.cert.X509Certificate;
+import java.util.ArrayList;
 import java.util.Enumeration;
+import java.util.List;
 
+import javax.net.ssl.SSLException;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509TrustManager;
+import javax.security.auth.x500.X500Principal;
 
 import org.apache.directory.studio.connection.core.ConnectionCorePlugin;
 import org.apache.directory.studio.connection.core.ICertificateHandler;
 import org.apache.directory.studio.connection.core.Messages;
+import org.apache.directory.studio.connection.core.ICertificateHandler.FailCause;
+import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
 
 
 /**
@@ -45,6 +53,7 @@
 class StudioTrustManager implements X509TrustManager
 {
     private X509TrustManager jvmTrustManager;
+    private String host;
 
 
     /**
@@ -61,6 +70,17 @@
 
 
     /**
+     * Sets the host, used to verify the hostname of the certificate.
+     * 
+     * @param host the new host
+     */
+    void setHost( String host )
+    {
+        this.host = host;
+    }
+
+
+    /**
      * {@inheritDoc}
      */
     public void checkClientTrusted( X509Certificate[] chain, String authType ) throws CertificateException
@@ -74,51 +94,96 @@
      */
     public void checkServerTrusted( X509Certificate[] chain, String authType ) throws CertificateException
     {
+        // check permanent trusted certificates, return on success
+        try
+        {
+            X509TrustManager permanentTrustManager = getPermanentTrustManager();
+            if ( permanentTrustManager != null )
+            {
+                permanentTrustManager.checkServerTrusted( chain, authType );
+                return;
+            }
+        }
+        catch ( CertificateException ce )
+        {
+        }
+
+        // check temporary trusted certificates, return on success
+        try
+        {
+            X509TrustManager sessionTrustManager = getSessionTrustManager();
+            if ( sessionTrustManager != null )
+            {
+                sessionTrustManager.checkServerTrusted( chain, authType );
+                return;
+            }
+        }
+        catch ( CertificateException ce )
+        {
+        }
+
+        // below here no manually trusted certificate (either permanent or temporary) matched
+        List<ICertificateHandler.FailCause> failCauses = new ArrayList<ICertificateHandler.FailCause>();
+
+        // perform trust check of JVM trust manager
         try
         {
             jvmTrustManager.checkServerTrusted( chain, authType );
         }
-        catch ( CertificateException e1 )
+        catch ( CertificateException ce )
         {
-            try
+            if ( ce instanceof CertificateExpiredException )
             {
-                X509TrustManager permanentTrustManager = getPermanentTrustManager();
-                if ( permanentTrustManager == null )
-                {
-                    throw e1;
-                }
-                permanentTrustManager.checkServerTrusted( chain, authType );
+                failCauses.add( FailCause.CertificateExpired );
             }
-            catch ( CertificateException e2 )
+            else if ( ce instanceof CertificateNotYetValidException )
             {
-                try
+                failCauses.add( FailCause.CertificateNotYetValid );
+            }
+            else
+            {
+                X500Principal issuerX500Principal = chain[0].getIssuerX500Principal();
+                X500Principal subjectX500Principal = chain[0].getSubjectX500Principal();
+                if ( issuerX500Principal.equals( subjectX500Principal ) )
                 {
-                    X509TrustManager sessionTrustManager = getSessionTrustManager();
-                    if ( sessionTrustManager == null )
-                    {
-                        throw e2;
-                    }
-                    sessionTrustManager.checkServerTrusted( chain, authType );
+                    failCauses.add( FailCause.SelfSignedCertificate );
                 }
-                catch ( CertificateException e3 )
+                else
                 {
-                    // ask for confirmation
-                    ICertificateHandler ch = ConnectionCorePlugin.getDefault().getCertificateHandler();
-                    ICertificateHandler.TrustLevel trustLevel = ch.verifyTrustLevel( chain
);
-                    switch ( trustLevel )
-                    {
-                        case Permanent:
-                            ConnectionCorePlugin.getDefault().getPermanentTrustStoreManager().addCertificate(
chain[0] );
-                            break;
-                        case Session:
-                            ConnectionCorePlugin.getDefault().getSessionTrustStoreManager().addCertificate(
chain[0] );
-                            break;
-                        case Not:
-                            throw new CertificateException( Messages.error__untrusted_certificate,
e1 );
-                    }
+                    failCauses.add( FailCause.NoValidCertificationPath );
                 }
             }
         }
+
+        // perform host name verification
+        try
+        {
+            BrowserCompatHostnameVerifier hostnameVerifier = new BrowserCompatHostnameVerifier();
+            hostnameVerifier.verify( host, chain[0] );
+        }
+        catch ( SSLException ce )
+        {
+            failCauses.add( FailCause.HostnameVerificationFailed );
+        }
+
+        if ( !failCauses.isEmpty() )
+        {
+            // either trust check or host name verification
+            // ask for confirmation
+            ICertificateHandler ch = ConnectionCorePlugin.getDefault().getCertificateHandler();
+            ICertificateHandler.TrustLevel trustLevel = ch.verifyTrustLevel( host, chain,
failCauses );
+            switch ( trustLevel )
+            {
+                case Permanent:
+                    ConnectionCorePlugin.getDefault().getPermanentTrustStoreManager().addCertificate(
chain[0] );
+                    break;
+                case Session:
+                    ConnectionCorePlugin.getDefault().getSessionTrustStoreManager().addCertificate(
chain[0] );
+                    break;
+                case Not:
+                    throw new CertificateException( Messages.error__untrusted_certificate
);
+            }
+        }
     }
 
 

Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUICertificateHandler.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUICertificateHandler.java?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUICertificateHandler.java
(original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUICertificateHandler.java
Thu May 28 19:46:35 2009
@@ -22,6 +22,7 @@
 
 
 import java.security.cert.X509Certificate;
+import java.util.List;
 
 import org.apache.directory.studio.connection.core.ICertificateHandler;
 import org.apache.directory.studio.connection.ui.dialogs.CertificateTrustDialog;
@@ -40,7 +41,8 @@
     /**
      * {@inheritDoc}
      */
-    public TrustLevel verifyTrustLevel( final X509Certificate[] certChain )
+    public TrustLevel verifyTrustLevel( final String host, final X509Certificate[] certChain,
+        final List<ICertificateHandler.FailCause> failCauses )
     {
         // open dialog
         final TrustLevel[] trustLevel = new TrustLevel[1];
@@ -49,7 +51,7 @@
             public void run()
             {
                 CertificateTrustDialog dialog = new CertificateTrustDialog( PlatformUI.getWorkbench().getDisplay()
-                    .getActiveShell(), certChain );
+                    .getActiveShell(), host, certChain, failCauses );
                 dialog.open();
                 trustLevel[0] = dialog.getTrustLevel();
             }

Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/CertificateTrustDialog.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/CertificateTrustDialog.java?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/CertificateTrustDialog.java
(original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/CertificateTrustDialog.java
Thu May 28 19:46:35 2009
@@ -21,20 +21,20 @@
 
 
 import java.security.cert.X509Certificate;
+import java.util.List;
 
 import org.apache.directory.studio.connection.core.ICertificateHandler;
 import org.apache.directory.studio.connection.ui.widgets.BaseWidgetUtils;
 import org.eclipse.jface.dialogs.Dialog;
 import org.eclipse.jface.dialogs.IDialogConstants;
+import org.eclipse.osgi.util.NLS;
 import org.eclipse.swt.SWT;
 import org.eclipse.swt.events.SelectionAdapter;
 import org.eclipse.swt.events.SelectionEvent;
 import org.eclipse.swt.layout.GridData;
-import org.eclipse.swt.layout.GridLayout;
 import org.eclipse.swt.widgets.Button;
 import org.eclipse.swt.widgets.Composite;
 import org.eclipse.swt.widgets.Control;
-import org.eclipse.swt.widgets.Label;
 import org.eclipse.swt.widgets.Shell;
 
 
@@ -53,9 +53,15 @@
     /** The trust level. */
     private ICertificateHandler.TrustLevel trustLevel;
 
+    /** The host */
+    private String host;
+
     /** The certificate chain. */
     private X509Certificate[] certificateChain;
 
+    /** The causes of failed certificate validation. */
+    private List<ICertificateHandler.FailCause> failCauses;
+
     /** The "Don't trust" button. */
     private Button trustNotButton;
 
@@ -70,14 +76,19 @@
      * Creates a new instance of CertificateTrustDialog.
      * 
      * @param parentShell the parent shell
+     * @param host the host
      * @param certificateChain the certificate chain
+     * @param failCauses the causes of failed certificate validation
      */
-    public CertificateTrustDialog( Shell parentShell, X509Certificate[] certificateChain
)
+    public CertificateTrustDialog( Shell parentShell, String host, X509Certificate[] certificateChain,
+        List<ICertificateHandler.FailCause> failCauses )
     {
         super( parentShell );
         super.setShellStyle( super.getShellStyle() | SWT.RESIZE );
         this.title = Messages.getString( "CertificateTrustDialog.CertificateTrust" ); //$NON-NLS-1$
+        this.host = host;
         this.certificateChain = certificateChain;
+        this.failCauses = failCauses;
         this.trustLevel = null;
     }
 
@@ -93,18 +104,20 @@
     @Override
     protected void createButtonsForButtonBar( Composite parent )
     {
+        createButton( parent, IDialogConstants.DETAILS_ID, Messages
+            .getString( "CertificateTrustDialog.ViewCertificate" ), false );
         createButton( parent, IDialogConstants.OK_ID, IDialogConstants.OK_LABEL, false );
     }
 
 
-    /**
-     * Gets the trust level.
-     * 
-     * @return the trust level
-     */
-    public ICertificateHandler.TrustLevel getTrustLevel()
+    @Override
+    protected void buttonPressed( int buttonId )
     {
-        return trustLevel;
+        if ( buttonId == IDialogConstants.DETAILS_ID )
+        {
+            new CertificateInfoDialog( getShell(), certificateChain ).open();
+        }
+        super.buttonPressed( buttonId );
     }
 
 
@@ -112,36 +125,49 @@
     protected Control createDialogArea( final Composite parent )
     {
         Composite composite = ( Composite ) super.createDialogArea( parent );
-        GridLayout gl = new GridLayout();
-        composite.setLayout( gl );
         GridData gd = new GridData( GridData.FILL_BOTH );
         gd.widthHint = convertHorizontalDLUsToPixels( IDialogConstants.MINIMUM_MESSAGE_AREA_WIDTH
);
         gd.heightHint = convertHorizontalDLUsToPixels( IDialogConstants.MINIMUM_MESSAGE_AREA_WIDTH
/ 2 );
         composite.setLayoutData( gd );
 
-        BaseWidgetUtils.createWrappedLabel( composite, Messages.getString( "CertificateTrustDialog.Description"
), 1 ); //$NON-NLS-1$
-        BaseWidgetUtils.createWrappedLabel( composite, Messages.getString( "CertificateTrustDialog.TheDnIs"
), 1 ); //$NON-NLS-1$
+        BaseWidgetUtils.createWrappedLabel( composite, NLS.bind( Messages
+            .getString( "CertificateTrustDialog.InvalidCertificate" ), host ), 1 ); //$NON-NLS-1$
 
-        Composite innerComposite = BaseWidgetUtils.createColumnContainer( composite, 2, 1
);
-        Label issuerDNLabel = BaseWidgetUtils.createWrappedLabel( innerComposite, "", 1 );
//$NON-NLS-1$
-        if ( ( certificateChain != null ) && ( certificateChain.length > 0 ) )
-        {
-            issuerDNLabel.setText( certificateChain[0].getIssuerX500Principal().getName()
);
-        }
-        else
-        {
-            issuerDNLabel.setText( " - " ); //$NON-NLS-1$
-        }
-        Button showCertificateDetailsButton = BaseWidgetUtils.createButton( innerComposite,
Messages
-            .getString( "CertificateTrustDialog.ViewCertificate" ), 1 );//$NON-NLS-1$
-        showCertificateDetailsButton.addSelectionListener( new SelectionAdapter()
+        // failed cause
+        Composite failedCauseContainer = BaseWidgetUtils.createColumnContainer( composite,
1, 1 );
+        for ( ICertificateHandler.FailCause failCause : failCauses )
         {
-            @Override
-            public void widgetSelected( SelectionEvent e )
+            // BaseWidgetUtils.createRadioIndent( failedCauseContainer, 1 );
+            switch ( failCause )
             {
-                new CertificateInfoDialog( getShell(), certificateChain ).open();
+                case SelfSignedCertificate:
+                    BaseWidgetUtils.createWrappedLabel( failedCauseContainer, Messages
+                        .getString( "CertificateTrustDialog.SelfSignedCertificate" ), 1 );
//$NON-NLS-1$
+                    break;
+                case CertificateExpired:
+                    BaseWidgetUtils.createWrappedLabel( failedCauseContainer, Messages
+                        .getString( "CertificateTrustDialog.CertificateExpired" ), 1 ); //$NON-NLS-1$
+                    break;
+                case CertificateNotYetValid:
+                    BaseWidgetUtils.createWrappedLabel( failedCauseContainer, Messages
+                        .getString( "CertificateTrustDialog.CertificateNotYetValid" ), 1
); //$NON-NLS-1$
+                    break;
+                case NoValidCertificationPath:
+                    BaseWidgetUtils.createWrappedLabel( failedCauseContainer, Messages
+                        .getString( "CertificateTrustDialog.NoValidCertificationPath" ),
1 ); //$NON-NLS-1$
+                    break;
+                case HostnameVerificationFailed:
+                    BaseWidgetUtils.createWrappedLabel( failedCauseContainer, Messages
+                        .getString( "CertificateTrustDialog.HostnameVerificationFailed" ),
1 ); //$NON-NLS-1$
+                    break;
             }
-        } );
+        }
+
+        BaseWidgetUtils.createSpacer( composite, 1 );
+        BaseWidgetUtils.createSpacer( composite, 1 );
+
+        BaseWidgetUtils.createWrappedLabel( composite, NLS.bind( Messages
+            .getString( "CertificateTrustDialog.ChooseTrustLevel" ), host ), 1 ); //$NON-NLS-1$
 
         trustNotButton = BaseWidgetUtils.createRadiobutton( composite, Messages
             .getString( "CertificateTrustDialog.DoNotTrust" ), 1 ); //$NON-NLS-1$
@@ -181,4 +207,15 @@
         return composite;
     }
 
+
+    /**
+     * Gets the trust level.
+     * 
+     * @return the trust level
+     */
+    public ICertificateHandler.TrustLevel getTrustLevel()
+    {
+        return trustLevel;
+    }
+
 }

Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages.properties?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages.properties
(original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages.properties
Thu May 28 19:46:35 2009
@@ -18,10 +18,15 @@
 SelectReferralConnectionDialog.SelectConnectionToHandleReferral=Please select a connection
to handle referral 
 SelectReferralConnectionDialog.SelectReferralConenction=Select Referral Connection
 CertificateInfoDialog.CertificateViewer=Certificate Viewer
-CertificateTrustDialog.AlwaysTrust=Always trust this certificate.
 CertificateTrustDialog.CertificateTrust=Certificate Trust
-CertificateTrustDialog.Description=A secured LDAP connection requires to trust a certificate.
The certificate is issued by an unknown Certificate Authority (CA). Please verify if you trust
the certificate.
+CertificateTrustDialog.InvalidCertificate=''{0}'' uses an invalid certificate:
+CertificateTrustDialog.NoValidCertificationPath=- The issuer certificate is unknown
+CertificateTrustDialog.CertificateNotYetValid=- The certificate is not yet valid
+CertificateTrustDialog.CertificateExpired=- The certificate is expired
+CertificateTrustDialog.SelfSignedCertificate=- The certificate is self-signed
+CertificateTrustDialog.HostnameVerificationFailed=- The server's host name doesn't match
the certificate's host name
+CertificateTrustDialog.ChooseTrustLevel=Please examine the certificate and choose if you
trust it:
+CertificateTrustDialog.ViewCertificate=View Certificate...
 CertificateTrustDialog.DoNotTrust=Don't trust this certificate.
-CertificateTrustDialog.TheDnIs=The issuer of the certificate is:
 CertificateTrustDialog.TrustForThisSession=Trust this certificate for this session.
-CertificateTrustDialog.ViewCertificate=View...
+CertificateTrustDialog.AlwaysTrust=Always trust this certificate.

Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties
(original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties
Thu May 28 19:46:35 2009
@@ -18,10 +18,15 @@
 SelectReferralConnectionDialog.SelectConnectionToHandleReferral=Bitte w\u00E4hlen Sie den
Verweis verwaltende Verbindung aus 
 SelectReferralConnectionDialog.SelectReferralConenction=W\u00E4hlen Sie die verweisende Verbindung
aus
 CertificateInfoDialog.CertificateViewer=Zertifikat Ansicht
-CertificateTrustDialog.AlwaysTrust=Diesem Zertifikat immer vertrauen.
 CertificateTrustDialog.CertificateTrust=Ung\u00FCltiges Zertifikat
-CertificateTrustDialog.Description=Eine sichere LDAP Verbindung erfordert ein gültiges Zertifikat.
Das Zertifikat wurde durch eine unbekannten Stelle (CA) ausgestellt. Bitte bestätigen Sie,
ob Sie dem Zertifikat vertrauen wollen.
+CertificateTrustDialog.InvalidCertificate=''{0}'' benutzt ein ung\u00FCltiges Zertifikat:
+CertificateTrustDialog.NoValidCertificationPath=- Der Aussteller des Zertifikates ist unbekannt
+CertificateTrustDialog.CertificateNotYetValid=- Das Zertifikat ist noch nicht g\u00FCltig
+CertificateTrustDialog.CertificateExpired=- Das Zertifikat ist abgelaufen
+CertificateTrustDialog.SelfSignedCertificate=- Das Zertifikat ist selbst signiert
+CertificateTrustDialog.HostnameVerificationFailed=- Der Hostname des Servers und des Zertifikates
stimmen nicht \u00FCberein
+CertificateTrustDialog.ChooseTrustLevel=Bitte \u00FCberpr\u00FCfen Sie das Zertifikat und
w\u00E4hlen Sie aus, ob Sie dem Zertifikat vertrauen: 
+CertificateTrustDialog.ViewCertificate=Zertifikat anzeigen...
 CertificateTrustDialog.DoNotTrust=Diesem Zertifikat nicht vertrauen.
-CertificateTrustDialog.TheDnIs=Der Aussteller des Zertifikates ist:
 CertificateTrustDialog.TrustForThisSession=Diesem Zertifikat für diese Sitzung vertrauen.
-CertificateTrustDialog.ViewCertificate=Anzeigen...
\ No newline at end of file
+CertificateTrustDialog.AlwaysTrust=Diesem Zertifikat immer vertrauen.

Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_fr.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_fr.properties?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_fr.properties
(original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_fr.properties
Thu May 28 19:46:35 2009
@@ -1,4 +1,4 @@
-# Licensed to the Apache Software Foundation (ASF) under one
+# Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
@@ -18,10 +18,15 @@
 SelectReferralConnectionDialog.SelectConnectionToHandleReferral=Veuillez s\u00E9lectionner
une connexion vers un referral 
 SelectReferralConnectionDialog.SelectReferralConenction=S\u00E9lectionnez la connexion vers
le referral de votre choix
 CertificateInfoDialog.CertificateViewer=Visualisateur de certificat
-CertificateTrustDialog.AlwaysTrust=Toujours faire confiance \u00E0 ce certificat.
 CertificateTrustDialog.CertificateTrust=Confiance de certificat
-CertificateTrustDialog.Description=Une connexion LDAP s\u00E9curis\u00E9e requiert de faire
confiance \u00E0 un certificat. Le certification a \u00E9t\u00E9 \u00E9mis par une autorit\u00E9
de certification (CA). Veuillez v\u00E9rifier si vous faites confiance au certificat.
+CertificateTrustDialog.InvalidCertificate=TODO:''{0}'' uses an invalid certificate:
+CertificateTrustDialog.NoValidCertificationPath=TODO:- The issuer certificate is unknown
+CertificateTrustDialog.CertificateNotYetValid=TODO:- The certificate is not yet valid
+CertificateTrustDialog.CertificateExpired=TODO:- The certificate is expired
+CertificateTrustDialog.SelfSignedCertificate=TODO:- The certificate is self-signed
+CertificateTrustDialog.HostnameVerificationFailed=TODO:- The server's host name doesn't match
the certificate's host name
+CertificateTrustDialog.ChooseTrustLevel=TODO:Please examine the certificate and choose if
you trust it:
+CertificateTrustDialog.ViewCertificate=TODO:View Certificate...
 CertificateTrustDialog.DoNotTrust=Ne pas faire confiance \u00E0 ce certificat.
-CertificateTrustDialog.TheDnIs=L'\u00E9metteur de ce certificat est:
 CertificateTrustDialog.TrustForThisSession=Faire confiance \u00E0 ce certificat pour cette
session.
-CertificateTrustDialog.ViewCertificate=Afficher...
+CertificateTrustDialog.AlwaysTrust=Toujours faire confiance \u00E0 ce certificat.

Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/CertificateInfoComposite.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/CertificateInfoComposite.java?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/CertificateInfoComposite.java
(original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/CertificateInfoComposite.java
Thu May 28 19:46:35 2009
@@ -146,8 +146,8 @@
     {
         tabFolder = new TabFolder( this, SWT.TOP );
         GridLayout mainLayout = new GridLayout();
-        mainLayout.marginWidth = 0;
-        mainLayout.marginHeight = 0;
+        mainLayout.marginWidth = 50;
+        mainLayout.marginHeight = 50;
         tabFolder.setLayout( mainLayout );
         tabFolder.setLayoutData( new GridData( GridData.FILL, GridData.FILL, true, true )
);
     }
@@ -161,6 +161,8 @@
         // create inner container
         Composite generalContainer = new Composite( tabFolder, SWT.NONE );
         GridLayout currentLayout = new GridLayout( 1, false );
+        currentLayout.marginHeight = 10;
+        currentLayout.marginWidth = 10;
         generalContainer.setLayout( currentLayout );
         generalContainer.setLayoutData( new GridData( GridData.FILL_HORIZONTAL ) );
 
@@ -237,7 +239,10 @@
         detailsForm.setLayout( new FillLayout() );
 
         Composite hierarchyContainer = new Composite( detailsForm, SWT.NONE );
-        hierarchyContainer.setLayout( new GridLayout( 1, false ) );
+        GridLayout hierarchyLayout = new GridLayout( 1, false );
+        hierarchyLayout.marginTop = 10;
+        hierarchyLayout.marginWidth = 10;
+        hierarchyContainer.setLayout( hierarchyLayout );
         BaseWidgetUtils.createLabel( hierarchyContainer, Messages
             .getString( "CertificateInfoComposite.CertificateHierarchyLabel" ), 1 ); //$NON-NLS-1$
         hierarchyTreeViewer = new TreeViewer( hierarchyContainer );
@@ -253,7 +258,9 @@
         } );
 
         Composite certificateContainer = new Composite( detailsForm, SWT.NONE );
-        certificateContainer.setLayout( new GridLayout( 1, false ) );
+        GridLayout certificateLayout = new GridLayout( 1, false );
+        certificateLayout.marginWidth = 10;
+        certificateContainer.setLayout( certificateLayout );
         BaseWidgetUtils.createLabel( certificateContainer, Messages
             .getString( "CertificateInfoComposite.CertificateFieldsLabel" ), 1 ); //$NON-NLS-1$
         certificateTree = new Tree( certificateContainer, SWT.BORDER );
@@ -275,7 +282,10 @@
         } );
 
         Composite valueContainer = new Composite( detailsForm, SWT.NONE );
-        valueContainer.setLayout( new GridLayout( 1, false ) );
+        GridLayout valueLayout = new GridLayout( 1, false );
+        valueLayout.marginWidth = 10;
+        valueLayout.marginBottom = 10;
+        valueContainer.setLayout( valueLayout );
         BaseWidgetUtils.createLabel( valueContainer,
             Messages.getString( "CertificateInfoComposite.FieldValuesLabel" ), 1 ); //$NON-NLS-1$
         valueText = new Text( valueContainer, SWT.MULTI | SWT.BORDER | SWT.H_SCROLL | SWT.V_SCROLL
| SWT.READ_ONLY );

Modified: directory/studio/trunk/jars/pom.xml
URL: http://svn.apache.org/viewvc/directory/studio/trunk/jars/pom.xml?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/jars/pom.xml (original)
+++ directory/studio/trunk/jars/pom.xml Thu May 28 19:46:35 2009
@@ -138,6 +138,10 @@
       <artifactId>commons-lang</artifactId>
     </dependency>
     <dependency>
+      <groupId>org.apache.httpcomponents</groupId>
+      <artifactId>httpclient</artifactId>
+    </dependency>
+    <dependency>
       <groupId>dom4j</groupId>
       <artifactId>dom4j</artifactId>
       <exclusions>

Modified: directory/studio/trunk/pom.xml
URL: http://svn.apache.org/viewvc/directory/studio/trunk/pom.xml?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/pom.xml (original)
+++ directory/studio/trunk/pom.xml Thu May 28 19:46:35 2009
@@ -1055,6 +1055,11 @@
         <version>3.2</version>
       </dependency>
       <dependency>
+        <groupId>org.apache.httpcomponents</groupId>
+        <artifactId>httpclient</artifactId>
+        <version>4.0-beta2</version>
+      </dependency>
+      <dependency>
         <groupId>xpp3</groupId>
         <artifactId>xpp3</artifactId>
         <version>1.1.3.4.O</version>



Mime
View raw message