https://issues.apache.org/jira/browse/AMQ-5008 - fix the case then crlPath is defined and trustStoreAlgorithm is not PKIX

This commit is contained in:
Dejan Bosanac 2015-07-01 12:08:57 +02:00
parent 10ae0d9d6f
commit a53d4cf7bf
1 changed files with 7 additions and 1 deletions

View File

@ -98,6 +98,7 @@ public class SpringSslContext extends SslContext {
return new ArrayList<TrustManager>(0);
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance(trustStoreAlgorithm);
boolean initialized = false;
if (crlPath != null) {
if (trustStoreAlgorithm.equalsIgnoreCase("PKIX")) {
Collection<? extends CRL> crlList = loadCRL();
@ -107,13 +108,18 @@ public class SpringSslContext extends SslContext {
pkixParams.setRevocationEnabled(true);
pkixParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlList)));
tmf.init(new CertPathTrustManagerParameters(pkixParams));
initialized = true;
}
} else {
LOG.warn("Revocation checking is only supported with 'trustStoreAlgorithm=\"PKIX\"'. Ignoring CRL: " + crlPath);
}
} else {
}
if (!initialized) {
tmf.init(ks);
}
return Arrays.asList(tmf.getTrustManagers());
}