View | Details | Raw Unified | Return to bug 48208
Collapse All | Expand All

(-)java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (-3 / +32 lines)
Lines 577-596 Link Here
577
            if (crlf == null) {
577
            if (crlf == null) {
578
                TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
578
                TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
579
                tmf.init(trustStore);
579
                tmf.init(trustStore);
580
                tms = tmf.getTrustManagers();
580
                tms = getTrustManagers(tmf);
581
            } else {
581
            } else {
582
                TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
582
                TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
583
                CertPathParameters params = getParameters(algorithm, crlf, trustStore);
583
                CertPathParameters params = getParameters(algorithm, crlf, trustStore);
584
                ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
584
                ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
585
                tmf.init(mfp);
585
                tmf.init(mfp);
586
                tms = tmf.getTrustManagers();
586
                tms = getTrustManagers(tmf);
587
            }
587
            }
588
        }
588
        }
589
        
589
        
590
        return tms;
590
        return tms;
591
    }
591
    }
592
    
592
593
    /**
593
    /**
594
     * Gets the TrustManagers either from Connector's
595
     * <code>trustManagerClassName</code> attribute (if set) else from the
596
     * {@link TrustManagerFactory}.
597
     * @return The TrustManagers to use for this connector.
598
     * @throws NoSuchAlgorithmException 
599
     * @throws ClassNotFoundException 
600
     * @throws IllegalAccessException 
601
     * @throws InstantiationException 
602
    */
603
    protected TrustManager[] getTrustManagers(TrustManagerFactory tmf)
604
            throws NoSuchAlgorithmException, ClassNotFoundException,
605
            InstantiationException, IllegalAccessException {
606
607
        String className = (String) attributes.get("trustManageClassName");
608
        if(className != null && className.length() > 0) {
609
            ClassLoader classLoader = getClass().getClassLoader();
610
            Class<?> clazz = classLoader.loadClass(className);
611
            if(!(TrustManager.class.isAssignableFrom(clazz))){
612
                throw new InstantiationException(sm.getString(
613
                        "jsse.invalidTrustManagerClassName", className));
614
            }
615
            Object trustManagerObject = clazz.newInstance();
616
            TrustManager trustManager = (TrustManager) trustManagerObject;
617
            return new TrustManager[]{ trustManager };
618
        }      
619
        return tmf.getTrustManagers();
620
    }
621
622
    /**
594
     * Return the initialization parameters for the TrustManager.
623
     * Return the initialization parameters for the TrustManager.
595
     * Currently, only the default <code>PKIX</code> is supported.
624
     * Currently, only the default <code>PKIX</code> is supported.
596
     * 
625
     * 
(-)java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties (+1 lines)
Lines 16-18 Link Here
16
jsse.alias_no_key_entry=Alias name {0} does not identify a key entry
16
jsse.alias_no_key_entry=Alias name {0} does not identify a key entry
17
jsse.keystore_load_failed=Failed to load keystore type {0} with path {1} due to {2}
17
jsse.keystore_load_failed=Failed to load keystore type {0} with path {1} due to {2}
18
jsse.invalid_truststore_password=The provided trust store password could not be used to unlock and/or validate the trust store. Retrying to access the trust store with a null password which will skip validation.
18
jsse.invalid_truststore_password=The provided trust store password could not be used to unlock and/or validate the trust store. Retrying to access the trust store with a null password which will skip validation.
19
jsse.invalidTrustManagerClassName=The trustManagerClassName provided [{0}] does not implement javax.net.ssl.TrustManager 
(-)webapps/docs/config/http.xml (+8 lines)
Lines 740-745 Link Here
740
      specified the first key read in the keystore will be used.</p>
740
      specified the first key read in the keystore will be used.</p>
741
    </attribute>
741
    </attribute>
742
742
743
    <attribute name="trustManagerClassName" required="false">
744
      <p>The name of a custom trust manager class to use to validate client
745
      certificates. The class must have a zero argument constructor and must
746
      also implement <code>javax.net.ssl.X509TrustManager</code>. If this
747
      attribute is set, the trust store attributes may be ignored.
748
      </p>
749
    </attribute>
750
743
    <attribute name="truststoreFile" required="false">
751
    <attribute name="truststoreFile" required="false">
744
      <p>The trust store file to use to validate client certificates. The
752
      <p>The trust store file to use to validate client certificates. The
745
      default is the value of the <code>javax.net.ssl.trustStore</code> system
753
      default is the value of the <code>javax.net.ssl.trustStore</code> system

Return to bug 48208