directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1777873 - in /directory/shared/branches/shared-value/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api: LdapConnectionConfig.java LdapNetworkConnection.java NoVerificationTrustManager.java
Date Sun, 08 Jan 2017 08:42:05 GMT
Author: elecharny
Date: Sun Jan  8 08:42:05 2017
New Revision: 1777873

URL: http://svn.apache.org/viewvc?rev=1777873&view=rev
Log:
Ported the changes made on the LdapNetworkConnection class

Modified:
    directory/shared/branches/shared-value/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java
    directory/shared/branches/shared-value/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
    directory/shared/branches/shared-value/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/NoVerificationTrustManager.java

Modified: directory/shared/branches/shared-value/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java
URL: http://svn.apache.org/viewvc/directory/shared/branches/shared-value/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java?rev=1777873&r1=1777872&r2=1777873&view=diff
==============================================================================
--- directory/shared/branches/shared-value/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java
(original)
+++ directory/shared/branches/shared-value/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java
Sun Jan  8 08:42:05 2017
@@ -21,14 +21,10 @@
 package org.apache.directory.ldap.client.api;
 
 
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509TrustManager;
 
 import org.apache.directory.api.ldap.codec.api.BinaryAttributeDetector;
@@ -123,38 +119,13 @@ public class LdapConnectionConfig
 
 
     /**
-     * sets the default trust manager based on the SunX509 trustManagement algorithm
-     */
+     * Sets the default trust manager based on the SunX509 trustManagement algorithm
+     * 
+     * We use a non-verification Trust Manager    
+     **/
     private void setDefaultTrustManager()
     {
-        String trustMgmtAlgo = TrustManagerFactory.getDefaultAlgorithm();
-
-        try
-        {
-            TrustManagerFactory tmFactory = TrustManagerFactory.getInstance( trustMgmtAlgo
);
-            tmFactory.init( ( KeyStore ) null );
-
-            TrustManager[] factoryTrustManagers = tmFactory.getTrustManagers();
-
-            for ( int i = 0; i < factoryTrustManagers.length; i++ )
-            {
-                if ( factoryTrustManagers[i] instanceof X509TrustManager )
-                {
-                    trustManagers = new TrustManager[]
-                        { factoryTrustManagers[i] };
-                    LOG.debug( "found X509TrustManager {}", factoryTrustManagers[i] );
-                    break;
-                }
-            }
-        }
-        catch ( NoSuchAlgorithmException e )
-        {
-            LOG.warn( "couldn't find any default X509 TrustManager with algorithm {}", trustMgmtAlgo,
e );
-        }
-        catch ( KeyStoreException e )
-        {
-            LOG.warn( "couldn't initialize TrustManagerFactory with keystore {}", KeyStore.getDefaultType(),
e );
-        }
+        trustManagers = new X509TrustManager[] { new NoVerificationTrustManager() };
     }
 
 

Modified: directory/shared/branches/shared-value/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
URL: http://svn.apache.org/viewvc/directory/shared/branches/shared-value/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java?rev=1777873&r1=1777872&r2=1777873&view=diff
==============================================================================
--- directory/shared/branches/shared-value/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
(original)
+++ directory/shared/branches/shared-value/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
Sun Jan  8 08:42:05 2017
@@ -44,6 +44,7 @@ import java.util.concurrent.atomic.Atomi
 import java.util.concurrent.locks.ReentrantLock;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
 import javax.security.auth.Subject;
 import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginContext;
@@ -402,6 +403,24 @@ public class LdapNetworkConnection exten
     {
         this( buildConfig( server, port, useSsl ) );
     }
+    
+    
+    /**
+     * Create a new instance of a LdapConnection on a given
+     * server, and a give port. This SSL connection will use the provided
+     * TrustManagers
+     *
+     * @param server The server we want to be connected to. If null or empty,
+     * we will default to LocalHost.
+     * @param port The port the server is listening to
+     * @param trustManagers The TrustManager to use
+     */
+    public LdapNetworkConnection( String server, int port, TrustManager... trustManagers
)
+    {
+        this( buildConfig( server, port, true ) );
+        
+        config.setTrustManagers( trustManagers );
+    }
 
 
     /**
@@ -680,6 +699,10 @@ public class LdapNetworkConnection exten
                             throw new LdapOtherException( e.getMessage(), e );
                         }
                     }
+                    else
+                    {
+                        break;
+                    }
                 }
             }
         }
@@ -3942,7 +3965,15 @@ public class LdapNetworkConnection exten
         try
         {
             SSLContext sslContext = SSLContext.getInstance( config.getSslProtocol() );
-            sslContext.init( config.getKeyManagers(), config.getTrustManagers(), config.getSecureRandom()
);
+            
+            TrustManager[] trustManagers = config.getTrustManagers();
+            
+            if ( ( trustManagers == null ) || ( trustManagers.length == 0 ) )
+            {
+                trustManagers = new TrustManager[] { new NoVerificationTrustManager() };
+            }
+            
+            sslContext.init( config.getKeyManagers(), trustManagers, config.getSecureRandom()
);
 
             SslFilter sslFilter = new SslFilter( sslContext, true );
             sslFilter.setUseClientMode( true );

Modified: directory/shared/branches/shared-value/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/NoVerificationTrustManager.java
URL: http://svn.apache.org/viewvc/directory/shared/branches/shared-value/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/NoVerificationTrustManager.java?rev=1777873&r1=1777872&r2=1777873&view=diff
==============================================================================
--- directory/shared/branches/shared-value/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/NoVerificationTrustManager.java
(original)
+++ directory/shared/branches/shared-value/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/NoVerificationTrustManager.java
Sun Jan  8 08:42:05 2017
@@ -21,9 +21,12 @@
 package org.apache.directory.ldap.client.api;
 
 
+import java.net.Socket;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.X509ExtendedTrustManager;
 import javax.net.ssl.X509TrustManager;
 
 import org.slf4j.Logger;
@@ -35,11 +38,49 @@ import org.slf4j.LoggerFactory;
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
-public class NoVerificationTrustManager implements X509TrustManager
+public class NoVerificationTrustManager extends X509ExtendedTrustManager
 {
-
     /** The logger. */
     private static final Logger LOG = LoggerFactory.getLogger( NoVerificationTrustManager.class
);
+    
+    
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void checkClientTrusted( X509Certificate[] x509Certificates, String authType,
Socket socket )
+        throws CertificateException 
+    {
+        LOG.debug( "checkClientTrusted {}", x509Certificates[0] );
+    }
+
+    
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void checkClientTrusted( X509Certificate[] x509Certificates, String authType,
SSLEngine engine )
+        throws CertificateException 
+    {
+        LOG.debug( "checkClientTrusted {}", x509Certificates[0] );
+    }
+    
+    
+    public void checkServerTrusted( X509Certificate[] x509Certificates, String authType,
Socket socket )
+        throws CertificateException 
+    {
+        LOG.debug( "checkServerTrusted {}", x509Certificates[0] );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void checkServerTrusted( X509Certificate[] x509Certificates, String authType,
SSLEngine engine )
+        throws CertificateException 
+    {
+        LOG.debug( "checkServerTrusted {}", x509Certificates[0] );
+    }
 
 
     /**
@@ -70,5 +111,4 @@ public class NoVerificationTrustManager
     {
         return new X509Certificate[0];
     }
-
 }



Mime
View raw message