ASF Bugzilla – Attachment 24546 Details for
Bug 48208
allow to configure a custom client certificate Trust Manager in server.xml per connector attribute "trustManagerClassName"
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
patch_48158_c5_wildCard.txt
patch_48158_c5_wildCard.txt (text/plain), 3.45 KB, created by
Ralf Hauser
on 2009-11-17 00:44:09 UTC
(
hide
)
Description:
patch_48158_c5_wildCard.txt
Filename:
MIME Type:
Creator:
Ralf Hauser
Created:
2009-11-17 00:44:09 UTC
Size:
3.45 KB
patch
obsolete
>Index: AcceptAllTrustManager.java >=================================================================== >--- AcceptAllTrustManager.java (revision 0) >+++ AcceptAllTrustManager.java (revision 0) >@@ -0,0 +1,40 @@ >+/* >+ * $Id$ >+ */ >+package org.apache.tomcat.util.net.jsse; >+ >+import java.security.cert.CertificateException; >+import java.security.cert.X509Certificate; >+ >+import javax.net.ssl.X509TrustManager; >+ >+ >+/** >+ * See http://forum.java.sun.com/thread.jsp?forum=2&thread=411937 as per >+ * >+ * This Trust Manager accepts any kind of certificate provided by the user >+ */ >+ >+public class AcceptAllTrustManager implements X509TrustManager { >+ >+ public boolean isClientTrusted(X509Certificate[] cert) { >+ return true; >+ } >+ >+ public boolean isServerTrusted(X509Certificate[] cert) { >+ return true; >+ } >+ >+ public X509Certificate[] getAcceptedIssuers() { >+ return new X509Certificate[0]; >+ } >+ >+ public void checkClientTrusted(X509Certificate[] chain, String authType) >+ throws CertificateException { >+ } >+ >+ public void checkServerTrusted(X509Certificate[] chain, String authType) >+ throws CertificateException { >+ } >+ >+} > >Property changes on: AcceptAllTrustManager.java >___________________________________________________________________ >Added: svn:keywords > + Id >Added: svn:executable > + * > >Index: JSSE14SocketFactory.java >=================================================================== >--- JSSE14SocketFactory.java (revision 792102) >+++ JSSE14SocketFactory.java (working copy) >@@ -65,6 +65,11 @@ > * Flag to state that we would like client authentication. > */ > protected boolean wantClientAuth = false; >+ >+ /** >+ * Flag to state that we accept any client certificate. >+ */ >+ protected boolean acceptAllCerts = false; > > public JSSE14SocketFactory () { > super(); >@@ -105,6 +110,13 @@ > if( trustAlgorithm == null ) { > trustAlgorithm = algorithm; > } >+ String acceptAll = (String)attributes.get("acceptAllCerts"); >+ if("true".equalsIgnoreCase(acceptAll) || >+ "yes".equalsIgnoreCase(acceptAll)) { >+ acceptAllCerts = true; >+ } else { >+ acceptAllCerts = false; >+ } > // Create and init SSLContext > SSLContext context = SSLContext.getInstance(protocol); > context.init(getKeyManagers(keystoreType, algorithm, >@@ -168,17 +180,20 @@ > > TrustManager[] tms = null; > >- String truststoreType = (String)attributes.get("truststoreType"); >- if(truststoreType == null) { >- truststoreType = keystoreType; >- } >- KeyStore trustStore = getTrustStore(truststoreType); >- if (trustStore != null) { >- TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm); >- tmf.init(trustStore); >- tms = tmf.getTrustManagers(); >+ if(acceptAllCerts){ >+ tms = new TrustManager[]{ new AcceptAllTrustManager() }; >+ } else { >+ String truststoreType = (String)attributes.get("truststoreType"); >+ if(truststoreType == null) { >+ truststoreType = keystoreType; >+ } >+ KeyStore trustStore = getTrustStore(truststoreType); >+ if (trustStore != null) { >+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm); >+ tmf.init(trustStore); >+ tms = tmf.getTrustManagers(); >+ } > } >- > return tms; > } > protected void setEnabledProtocols(SSLServerSocket socket, String []protocols){
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 48208
:
24546
|
26581
|
26732