Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

316382: support a more strict SSL option with certificates 

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2801 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Michael Gorovoy 2011-02-18 19:31:00 +00:00
parent fafe5c905e
commit 603942da1f
1 changed files with 29 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java
View File

@ -118,7 +118,7 @@ public class SslContextFactory extends AbstractLifeCycle
/** Keystore password */ /** Keystore password */
private transient Password _keyStorePassword; private transient Password _keyStorePassword;
/** Key manager password */ /** Key manager password */
private transient Password _keymanagerPassword; private transient Password _keyManagerPassword;
/** Truststore password */ /** Truststore password */
private transient Password _trustStorePassword; private transient Password _trustStorePassword;
@ -169,32 +169,35 @@ public class SslContextFactory extends AbstractLifeCycle
@Override @Override
protected void doStart() throws Exception protected void doStart() throws Exception
{ {
if (_keyStoreInputStream == null && _keyStorePath == null && if (_context == null)
_trustStoreInputStream == null && _trustStorePath == null )
{ {
// Create a trust manager that does not validate certificate chains if (_keyStoreInputStream == null && _keyStorePath == null &&
TrustManager trustAllCerts = new X509TrustManager() _trustStoreInputStream == null && _trustStorePath == null )
{ {
public java.security.cert.X509Certificate[] getAcceptedIssuers() // Create a trust manager that does not validate certificate chains
TrustManager trustAllCerts = new X509TrustManager()
{ {
return null; public java.security.cert.X509Certificate[] getAcceptedIssuers()
} {
return null;
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) }
{
} public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
{
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) }
{
} public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
}; {
}
_context = SSLContext.getInstance(_sslProtocol); };
_context.init(null, new TrustManager[]{trustAllCerts}, null);
} _context = SSLContext.getInstance(_sslProtocol);
else _context.init(null, new TrustManager[]{trustAllCerts}, null);
{ }
createSSLContext(); else
{
createSSLContext();
}
} }
} }
@ -548,7 +551,7 @@ public class SslContextFactory extends AbstractLifeCycle
{ {
checkStarted(); checkStarted();
_keymanagerPassword = Password.getPassword(KEYPASSWORD_PROPERTY,password,null); _keyManagerPassword = Password.getPassword(KEYPASSWORD_PROPERTY,password,null);
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
@ -791,7 +794,7 @@ public class SslContextFactory extends AbstractLifeCycle
if (keyStore != null) if (keyStore != null)
{ {
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerFactoryAlgorithm); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerFactoryAlgorithm);
keyManagerFactory.init(keyStore,_keymanagerPassword == null?(_keyStorePassword == null?null:_keyStorePassword.toString().toCharArray()):_keymanagerPassword.toString().toCharArray()); keyManagerFactory.init(keyStore,_keyManagerPassword == null?(_keyStorePassword == null?null:_keyStorePassword.toString().toCharArray()):_keyManagerPassword.toString().toCharArray());
managers = keyManagerFactory.getKeyManagers(); managers = keyManagerFactory.getKeyManagers();
if (_certAlias != null) if (_certAlias != null)