directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1777246 - in /directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api: LdapConnectionConfig.java LdapNetworkConnection.java NoVerificationTrustManager.java
Date Tue, 03 Jan 2017 23:52:23 GMT
Author: elecharny
Date: Tue Jan  3 23:52:23 2017
New Revision: 1777246

URL: http://svn.apache.org/viewvc?rev=1777246&view=rev
Log:
o Fixed the connect() method (the removal of a break was leaving the connect to fail)
o Used a different default TrustManager that works well with Java 8

Modified:
    directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java
    directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
    directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/NoVerificationTrustManager.java

Modified: directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java?rev=1777246&r1=1777245&r2=1777246&view=diff
==============================================================================
--- directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java
(original)
+++ directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java
Tue Jan  3 23:52:23 2017
@@ -21,14 +21,10 @@
 package org.apache.directory.ldap.client.api;
 
 
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509TrustManager;
 
 import org.apache.directory.api.ldap.codec.api.BinaryAttributeDetector;
@@ -123,38 +119,13 @@ public class LdapConnectionConfig
 
 
     /**
-     * sets the default trust manager based on the SunX509 trustManagement algorithm
+     * sets the default trust manager based on the SunX509 trustManagement algorithm.
+     * 
+     * We use a non-verification Trust Manager
      */
     private void setDefaultTrustManager()
     {
-        String trustMgmtAlgo = TrustManagerFactory.getDefaultAlgorithm();
-
-        try
-        {
-            TrustManagerFactory tmFactory = TrustManagerFactory.getInstance( trustMgmtAlgo
);
-            tmFactory.init( ( KeyStore ) null );
-
-            TrustManager[] factoryTrustManagers = tmFactory.getTrustManagers();
-
-            for ( int i = 0; i < factoryTrustManagers.length; i++ )
-            {
-                if ( factoryTrustManagers[i] instanceof X509TrustManager )
-                {
-                    trustManagers = new TrustManager[]
-                        { factoryTrustManagers[i] };
-                    LOG.debug( "found X509TrustManager {}", factoryTrustManagers[i] );
-                    break;
-                }
-            }
-        }
-        catch ( NoSuchAlgorithmException e )
-        {
-            LOG.warn( "couldn't find any default X509 TrustManager with algorithm {}", trustMgmtAlgo
);
-        }
-        catch ( KeyStoreException e )
-        {
-            LOG.warn( "couldn't initialize TrustManagerFactory with keystore {}", KeyStore.getDefaultType()
);
-        }
+        trustManagers = new X509TrustManager[] { new NoVerificationTrustManager() };
     }
 
 

Modified: directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java?rev=1777246&r1=1777245&r2=1777246&view=diff
==============================================================================
--- directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
(original)
+++ directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
Tue Jan  3 23:52:23 2017
@@ -44,6 +44,7 @@ import java.util.concurrent.atomic.Atomi
 import java.util.concurrent.locks.ReentrantLock;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
 import javax.security.auth.Subject;
 import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginContext;
@@ -612,7 +613,7 @@ public class LdapNetworkConnection exten
             // No need to connect if we already have a connected session
             return true;
         }
-
+        
         // Create the connector if needed
         if ( connector == null )
         {
@@ -681,6 +682,10 @@ public class LdapNetworkConnection exten
                             throw new LdapOtherException( e.getMessage(), e );
                         }
                     }
+                    else
+                    {
+                        break;
+                    }
                 }
             }
         }
@@ -3944,6 +3949,14 @@ public class LdapNetworkConnection exten
         try
         {
             SSLContext sslContext = SSLContext.getInstance( config.getSslProtocol() );
+            
+            TrustManager[] trustManagers = config.getTrustManagers();
+            
+            if ( ( trustManagers == null ) || ( trustManagers.length == 0 ) )
+            {
+                trustManagers = new TrustManager[] { new NoVerificationTrustManager() };
+            }
+            
             sslContext.init( config.getKeyManagers(), config.getTrustManagers(), config.getSecureRandom()
);
 
             SslFilter sslFilter = new SslFilter( sslContext, true );
@@ -4204,6 +4217,7 @@ public class LdapNetworkConnection exten
                     }
                     else
                     {
+                        exception.printStackTrace();
                         throw new InvalidConnectionException( exception.getMessage() );
                     }
                 }

Modified: directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/NoVerificationTrustManager.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/NoVerificationTrustManager.java?rev=1777246&r1=1777245&r2=1777246&view=diff
==============================================================================
--- directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/NoVerificationTrustManager.java
(original)
+++ directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/NoVerificationTrustManager.java
Tue Jan  3 23:52:23 2017
@@ -21,10 +21,12 @@
 package org.apache.directory.ldap.client.api;
 
 
+import java.net.Socket;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 
-import javax.net.ssl.X509TrustManager;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.X509ExtendedTrustManager;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -35,9 +37,8 @@ import org.slf4j.LoggerFactory;
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
-public class NoVerificationTrustManager implements X509TrustManager
+public class NoVerificationTrustManager extends X509ExtendedTrustManager
 {
-
     /** The logger. */
     private static final Logger LOG = LoggerFactory.getLogger( NoVerificationTrustManager.class
);
 
@@ -50,6 +51,28 @@ public class NoVerificationTrustManager
     {
         LOG.debug( "checkClientTrusted {}", x509Certificates[0] );
     }
+    
+    
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void checkClientTrusted( X509Certificate[] x509Certificates, String authType,
Socket socket )
+        throws CertificateException 
+    {
+        LOG.debug( "checkClientTrusted {}", x509Certificates[0] );
+    }
+
+    
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void checkClientTrusted( X509Certificate[] x509Certificates, String authType,
SSLEngine engine )
+        throws CertificateException 
+    {
+        LOG.debug( "checkClientTrusted {}", x509Certificates[0] );
+    }
 
 
     /**
@@ -66,9 +89,29 @@ public class NoVerificationTrustManager
      * {@inheritDoc}
      */
     @Override
+    public void checkServerTrusted( X509Certificate[] x509Certificates, String authType,
Socket socket )
+        throws CertificateException 
+    {
+        LOG.debug( "checkServerTrusted {}", x509Certificates[0] );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void checkServerTrusted( X509Certificate[] x509Certificates, String authType,
SSLEngine engine )
+        throws CertificateException 
+    {
+        LOG.debug( "checkServerTrusted {}", x509Certificates[0] );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
     public X509Certificate[] getAcceptedIssuers()
     {
         return new X509Certificate[0];
     }
-
 }



Mime
View raw message