Apache
/
activemq
mirror of https://github.com/apache/activemq.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

https://issues.apache.org/jira/browse/AMQ-5008 - fix the case then crlPath is defined and trustStoreAlgorithm is not PKIX

This commit is contained in:
Dejan Bosanac 2015-07-01 12:08:57 +02:00
parent 10ae0d9d6f
commit a53d4cf7bf
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
activemq-spring/src/main/java/org/apache/activemq/spring/SpringSslContext.java
View File

@ -98,6 +98,7 @@ public class SpringSslContext extends SslContext {
return new ArrayList<TrustManager>(0); return new ArrayList<TrustManager>(0);
} }
TrustManagerFactory tmf = TrustManagerFactory.getInstance(trustStoreAlgorithm); TrustManagerFactory tmf = TrustManagerFactory.getInstance(trustStoreAlgorithm);
boolean initialized = false;
if (crlPath != null) { if (crlPath != null) {
if (trustStoreAlgorithm.equalsIgnoreCase("PKIX")) { if (trustStoreAlgorithm.equalsIgnoreCase("PKIX")) {
Collection<? extends CRL> crlList = loadCRL(); Collection<? extends CRL> crlList = loadCRL();
@ -107,13 +108,18 @@ public class SpringSslContext extends SslContext {
pkixParams.setRevocationEnabled(true); pkixParams.setRevocationEnabled(true);
pkixParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlList))); pkixParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlList)));
tmf.init(new CertPathTrustManagerParameters(pkixParams)); tmf.init(new CertPathTrustManagerParameters(pkixParams));
initialized = true;
} }
} else { } else {
LOG.warn("Revocation checking is only supported with 'trustStoreAlgorithm=\"PKIX\"'. Ignoring CRL: " + crlPath); LOG.warn("Revocation checking is only supported with 'trustStoreAlgorithm=\"PKIX\"'. Ignoring CRL: " + crlPath);
} }
} else { }
if (!initialized) {
tmf.init(ks); tmf.init(ks);
} }
return Arrays.asList(tmf.getTrustManagers()); return Arrays.asList(tmf.getTrustManagers());
} }