316382: support a more strict SSL option with certificates
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2801 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
parent
fafe5c905e
commit
603942da1f
|
@ -118,7 +118,7 @@ public class SslContextFactory extends AbstractLifeCycle
|
||||||
/** Keystore password */
|
/** Keystore password */
|
||||||
private transient Password _keyStorePassword;
|
private transient Password _keyStorePassword;
|
||||||
/** Key manager password */
|
/** Key manager password */
|
||||||
private transient Password _keymanagerPassword;
|
private transient Password _keyManagerPassword;
|
||||||
/** Truststore password */
|
/** Truststore password */
|
||||||
private transient Password _trustStorePassword;
|
private transient Password _trustStorePassword;
|
||||||
|
|
||||||
|
@ -169,32 +169,35 @@ public class SslContextFactory extends AbstractLifeCycle
|
||||||
@Override
|
@Override
|
||||||
protected void doStart() throws Exception
|
protected void doStart() throws Exception
|
||||||
{
|
{
|
||||||
if (_keyStoreInputStream == null && _keyStorePath == null &&
|
if (_context == null)
|
||||||
_trustStoreInputStream == null && _trustStorePath == null )
|
|
||||||
{
|
{
|
||||||
// Create a trust manager that does not validate certificate chains
|
if (_keyStoreInputStream == null && _keyStorePath == null &&
|
||||||
TrustManager trustAllCerts = new X509TrustManager()
|
_trustStoreInputStream == null && _trustStorePath == null )
|
||||||
{
|
{
|
||||||
public java.security.cert.X509Certificate[] getAcceptedIssuers()
|
// Create a trust manager that does not validate certificate chains
|
||||||
|
TrustManager trustAllCerts = new X509TrustManager()
|
||||||
{
|
{
|
||||||
return null;
|
public java.security.cert.X509Certificate[] getAcceptedIssuers()
|
||||||
}
|
{
|
||||||
|
return null;
|
||||||
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
|
}
|
||||||
{
|
|
||||||
}
|
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
|
||||||
|
{
|
||||||
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
|
}
|
||||||
{
|
|
||||||
}
|
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
|
||||||
};
|
{
|
||||||
|
}
|
||||||
_context = SSLContext.getInstance(_sslProtocol);
|
};
|
||||||
_context.init(null, new TrustManager[]{trustAllCerts}, null);
|
|
||||||
}
|
_context = SSLContext.getInstance(_sslProtocol);
|
||||||
else
|
_context.init(null, new TrustManager[]{trustAllCerts}, null);
|
||||||
{
|
}
|
||||||
createSSLContext();
|
else
|
||||||
|
{
|
||||||
|
createSSLContext();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -548,7 +551,7 @@ public class SslContextFactory extends AbstractLifeCycle
|
||||||
{
|
{
|
||||||
checkStarted();
|
checkStarted();
|
||||||
|
|
||||||
_keymanagerPassword = Password.getPassword(KEYPASSWORD_PROPERTY,password,null);
|
_keyManagerPassword = Password.getPassword(KEYPASSWORD_PROPERTY,password,null);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ------------------------------------------------------------ */
|
/* ------------------------------------------------------------ */
|
||||||
|
@ -791,7 +794,7 @@ public class SslContextFactory extends AbstractLifeCycle
|
||||||
if (keyStore != null)
|
if (keyStore != null)
|
||||||
{
|
{
|
||||||
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerFactoryAlgorithm);
|
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerFactoryAlgorithm);
|
||||||
keyManagerFactory.init(keyStore,_keymanagerPassword == null?(_keyStorePassword == null?null:_keyStorePassword.toString().toCharArray()):_keymanagerPassword.toString().toCharArray());
|
keyManagerFactory.init(keyStore,_keyManagerPassword == null?(_keyStorePassword == null?null:_keyStorePassword.toString().toCharArray()):_keyManagerPassword.toString().toCharArray());
|
||||||
managers = keyManagerFactory.getKeyManagers();
|
managers = keyManagerFactory.getKeyManagers();
|
||||||
|
|
||||||
if (_certAlias != null)
|
if (_certAlias != null)
|
||||||
|
|
Loading…
Reference in New Issue