directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject directory-fortress-core git commit: FC-207 - Fix handling of truststore
Date Sun, 30 Apr 2017 14:40:54 GMT
Repository: directory-fortress-core
Updated Branches:
  refs/heads/master 49ca32520 -> 52cb9be03


FC-207 - Fix handling of truststore


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/52cb9be0
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/52cb9be0
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/52cb9be0

Branch: refs/heads/master
Commit: 52cb9be034144308ced7e5bca560e267aa419c8a
Parents: 49ca325
Author: Shawn McKinney <smckinney@apache.org>
Authored: Sun Apr 30 00:29:00 2017 -0500
Committer: Shawn McKinney <smckinney@apache.org>
Committed: Sun Apr 30 00:29:00 2017 -0500

----------------------------------------------------------------------
 .../directory/fortress/core/GlobalIds.java      |  1 +
 .../core/ldap/LdapClientTrustStoreManager.java  | 60 ++++++++++++++++++++
 .../core/ldap/LdapConnectionProvider.java       |  3 +-
 3 files changed, 63 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/52cb9be0/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/GlobalIds.java b/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
index bc542c4..acf7a97 100755
--- a/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
+++ b/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
@@ -443,6 +443,7 @@ public final class GlobalIds
     public static final String TRUST_STORE_PW = "trust.store.password";
 
 
+    public static final String TRUST_STORE_ON_CLASSPATH = "trust.store.onclasspath";
     public static final String SET_TRUST_STORE_PROP = "trust.store.set.prop";
     public static final String LDAP_HOST = "host";
     public static final String LDAP_PORT = "port";

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/52cb9be0/src/main/java/org/apache/directory/fortress/core/ldap/LdapClientTrustStoreManager.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/LdapClientTrustStoreManager.java
b/src/main/java/org/apache/directory/fortress/core/ldap/LdapClientTrustStoreManager.java
index 040ca07..355321e 100644
--- a/src/main/java/org/apache/directory/fortress/core/ldap/LdapClientTrustStoreManager.java
+++ b/src/main/java/org/apache/directory/fortress/core/ldap/LdapClientTrustStoreManager.java
@@ -22,6 +22,8 @@ package org.apache.directory.fortress.core.ldap;
 
 import org.apache.directory.fortress.core.CfgRuntimeException;
 import org.apache.directory.fortress.core.GlobalErrIds;
+import org.apache.directory.fortress.core.GlobalIds;
+import org.apache.directory.fortress.core.util.Config;
 import org.apache.directory.fortress.core.util.ResourceUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -29,6 +31,7 @@ import org.slf4j.LoggerFactory;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509TrustManager;
+import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.Serializable;
@@ -155,6 +158,34 @@ public final class LdapClientTrustStoreManager implements X509TrustManager,
Seri
     private synchronized X509TrustManager[] getTrustManagers( final X509Certificate[] x509Chain
) throws
         CertificateException
     {
+        String szTrustStoreOnClasspath = Config.getInstance().getProperty( GlobalIds.TRUST_STORE_ON_CLASSPATH
);
+        LOG.info( CLS_NM + ".getTrustManagers trust.store.onclasspath: {}", szTrustStoreOnClasspath
);
+
+        // If false or null, read the truststore from a fully qualified filename.
+        if( szTrustStoreOnClasspath != null && szTrustStoreOnClasspath.equalsIgnoreCase(
"false" ))
+        {
+            LOG.info( CLS_NM + ".getTrustManagers on filepath" );
+            return getTrustManagersOnFilepath( x509Chain );
+        }
+        // Get it off the classpath
+        else
+        {
+            LOG.info( CLS_NM + ".getTrustManagers on classpath" );
+            return getTrustManagersOnClasspath( x509Chain );
+        }
+    }
+
+
+    /**
+     * Return array of trust managers to caller.  Will verify that current date is within
certs validity period.
+     *
+     * @param x509Chain contains input X.509 certificate chain.
+     * @return array of X.509 trust managers.
+     * @throws CertificateException if trustStoreFile instance variable is null.
+     */
+    private synchronized X509TrustManager[] getTrustManagersOnClasspath( final X509Certificate[]
x509Chain ) throws
+        CertificateException
+    {
         // If true, verify the current date is within each certificates validity period.
         if ( isExamineValidityDates )
         {
@@ -184,6 +215,35 @@ public final class LdapClientTrustStoreManager implements X509TrustManager,
Seri
 
 
     /**
+     * Return array of trust managers to caller.  Will verify that current date is within
certs validity period.
+     *
+     * @param x509Chain contains input X.509 certificate chain.
+     * @return array of X.509 trust managers.
+     * @throws CertificateException if trustStoreFile instance variable is null.
+     */
+    private synchronized X509TrustManager[] getTrustManagersOnFilepath( final X509Certificate[]
x509Chain ) throws
+        CertificateException
+    {
+        // If true, verify the current date is within each certificates validity period.
+        if ( isExamineValidityDates )
+        {
+            final Date currentDate = new Date();
+            for ( final X509Certificate x509Cert : x509Chain )
+            {
+                x509Cert.checkValidity( currentDate );
+            }
+        }
+        // The trustStoreFile should contain the fully-qualified name of a Java TrustStore
on local file system.
+        final File trustStoreFile = new File( this.trustStoreFile );
+        if ( !trustStoreFile.exists() )
+        {
+            throw new CertificateException( "FortressTrustStoreManager.getTrustManagers :
file not found" );
+        }
+        return loadTrustManagers( getTrustStore() );
+    }
+
+
+    /**
      * Return an array of X.509 TrustManagers.
      *
      * @param trustStore handle to input trustStore

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/52cb9be0/src/main/java/org/apache/directory/fortress/core/ldap/LdapConnectionProvider.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/LdapConnectionProvider.java
b/src/main/java/org/apache/directory/fortress/core/ldap/LdapConnectionProvider.java
index b9204af..d8a30dc 100644
--- a/src/main/java/org/apache/directory/fortress/core/ldap/LdapConnectionProvider.java
+++ b/src/main/java/org/apache/directory/fortress/core/ldap/LdapConnectionProvider.java
@@ -144,6 +144,7 @@ public class LdapConnectionProvider
         int logmax = Config.getInstance().getInt( LDAP_LOG_POOL_MAX, 10 );
         LOG.info( "LDAP POOL:  host=[{}], port=[{}], min=[{}], max=[{}]", host, port, min,
max );
 
+/*
         if ( IS_SET_TRUST_STORE_PROP )
         {
             LOG.info( "Set JSSE truststore properties in Apache LDAP client:" );
@@ -154,7 +155,7 @@ public class LdapConnectionProvider
                 .TRUST_STORE_PW ) );
             System.setProperty( "javax.net.debug", Boolean.valueOf( IS_SSL_DEBUG ).toString()
);
         }
-
+*/
         LdapConnectionConfig config = new LdapConnectionConfig();
         config.setLdapHost( host );
         config.setLdapPort( port );


Mime
View raw message