From 603942da1f82ebc059fb80d592066349119e32cc Mon Sep 17 00:00:00 2001 From: Michael Gorovoy Date: Fri, 18 Feb 2011 19:31:00 +0000 Subject: [PATCH] 316382: support a more strict SSL option with certificates git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2801 7e9141cc-0065-0410-87d8-b60c137991c4 --- .../jetty/http/ssl/SslContextFactory.java | 55 ++++++++++--------- 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java b/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java index fa247331007..3742a9ebe9e 100644 --- a/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java +++ b/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java @@ -118,7 +118,7 @@ public class SslContextFactory extends AbstractLifeCycle /** Keystore password */ private transient Password _keyStorePassword; /** Key manager password */ - private transient Password _keymanagerPassword; + private transient Password _keyManagerPassword; /** Truststore password */ private transient Password _trustStorePassword; @@ -169,32 +169,35 @@ public class SslContextFactory extends AbstractLifeCycle @Override protected void doStart() throws Exception { - if (_keyStoreInputStream == null && _keyStorePath == null && - _trustStoreInputStream == null && _trustStorePath == null ) + if (_context == null) { - // Create a trust manager that does not validate certificate chains - TrustManager trustAllCerts = new X509TrustManager() + if (_keyStoreInputStream == null && _keyStorePath == null && + _trustStoreInputStream == null && _trustStorePath == null ) { - public java.security.cert.X509Certificate[] getAcceptedIssuers() + // Create a trust manager that does not validate certificate chains + TrustManager trustAllCerts = new X509TrustManager() { - return null; - } - - public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) - { - } - - public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) - { - } - }; - - _context = SSLContext.getInstance(_sslProtocol); - _context.init(null, new TrustManager[]{trustAllCerts}, null); - } - else - { - createSSLContext(); + public java.security.cert.X509Certificate[] getAcceptedIssuers() + { + return null; + } + + public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) + { + } + + public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) + { + } + }; + + _context = SSLContext.getInstance(_sslProtocol); + _context.init(null, new TrustManager[]{trustAllCerts}, null); + } + else + { + createSSLContext(); + } } } @@ -548,7 +551,7 @@ public class SslContextFactory extends AbstractLifeCycle { checkStarted(); - _keymanagerPassword = Password.getPassword(KEYPASSWORD_PROPERTY,password,null); + _keyManagerPassword = Password.getPassword(KEYPASSWORD_PROPERTY,password,null); } /* ------------------------------------------------------------ */ @@ -791,7 +794,7 @@ public class SslContextFactory extends AbstractLifeCycle if (keyStore != null) { KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerFactoryAlgorithm); - keyManagerFactory.init(keyStore,_keymanagerPassword == null?(_keyStorePassword == null?null:_keyStorePassword.toString().toCharArray()):_keymanagerPassword.toString().toCharArray()); + keyManagerFactory.init(keyStore,_keyManagerPassword == null?(_keyStorePassword == null?null:_keyStorePassword.toString().toCharArray()):_keyManagerPassword.toString().toCharArray()); managers = keyManagerFactory.getKeyManagers(); if (_certAlias != null)