Attachment #26732 for bug #48208

View | Details | Raw Unified | Return to bug 48208
Collapse All | Expand All




            if (crlf == null) {
                TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
                tmf.init(trustStore);
                tms = getTrustManagers(tmf);
            } else {
                TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
                CertPathParameters params = getParameters(algorithm, crlf, trustStore);
                ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
                tmf.init(mfp);
                tms = getTrustManagers(tmf);
            }
        }
        
        return tms;
    }

    /**
     * Gets the TrustManagers either from Connector's
     * <code>trustManagerClassName</code> attribute (if set) else from the
     * {@link TrustManagerFactory}.
     * @return The TrustManagers to use for this connector.
     * @throws NoSuchAlgorithmException 
     * @throws ClassNotFoundException 
     * @throws IllegalAccessException 
     * @throws InstantiationException 
    */
    protected TrustManager[] getTrustManagers(TrustManagerFactory tmf)
            throws NoSuchAlgorithmException, ClassNotFoundException,
            InstantiationException, IllegalAccessException {

        String className = (String) attributes.get("trustManageClassName");
        if(className != null && className.length() > 0) {
            ClassLoader classLoader = getClass().getClassLoader();
            Class<?> clazz = classLoader.loadClass(className);
            if(!(TrustManager.class.isAssignableFrom(clazz))){
                throw new InstantiationException(sm.getString(
                        "jsse.invalidTrustManagerClassName", className));
            }
            Object trustManagerObject = clazz.newInstance();
            TrustManager trustManager = (TrustManager) trustManagerObject;
            return new TrustManager[]{ trustManager };
        }      
        return tmf.getTrustManagers();
    }

    /**
     * Return the initialization parameters for the TrustManager.
     * Currently, only the default <code>PKIX</code> is supported.
     * 

Lines 16-18 Link Here

(-)java/org/apache/tomcat/util/net/jsse/res/LocalStrings.properties (+1 lines)
16	jsse.alias_no_key_entry=Alias name {0} does not identify a key entry	16	jsse.alias_no_key_entry=Alias name {0} does not identify a key entry
17	jsse.keystore_load_failed=Failed to load keystore type {0} with path {1} due to {2}	17	jsse.keystore_load_failed=Failed to load keystore type {0} with path {1} due to {2}
18	jsse.invalid_truststore_password=The provided trust store password could not be used to unlock and/or validate the trust store. Retrying to access the trust store with a null password which will skip validation.	18	jsse.invalid_truststore_password=The provided trust store password could not be used to unlock and/or validate the trust store. Retrying to access the trust store with a null password which will skip validation.
		19	jsse.invalidTrustManagerClassName=The trustManagerClassName provided [{0}] does not implement javax.net.ssl.TrustManager

Lines 740-745 Link Here

(-)webapps/docs/config/http.xml (+8 lines)
740	specified the first key read in the keystore will be used.</p>	740	specified the first key read in the keystore will be used.</p>
741	</attribute>	741	</attribute>
742		742
		743	<attribute name="trustManagerClassName" required="false">
		744	<p>The name of a custom trust manager class to use to validate client
		745	certificates. The class must have a zero argument constructor and must
		746	also implement <code>javax.net.ssl.X509TrustManager</code>. If this
		747	attribute is set, the trust store attributes may be ignored.
		748	</p>
		749	</attribute>
		750
743	<attribute name="truststoreFile" required="false">	751	<attribute name="truststoreFile" required="false">
744	<p>The trust store file to use to validate client certificates. The	752	<p>The trust store file to use to validate client certificates. The
745	default is the value of the <code>javax.net.ssl.trustStore</code> system	753	default is the value of the <code>javax.net.ssl.trustStore</code> system

Return to bug 48208

Lines 577-596 Link Here

(-)java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (-3 / +32 lines)
577	if (crlf == null) {	577	if (crlf == null) {
578	TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);	578	TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
579	tmf.init(trustStore);	579	tmf.init(trustStore);
580	tms = tmf.getTrustManagers();	580	tms = getTrustManagers(tmf);
581	} else {	581	} else {
582	TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);	582	TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
583	CertPathParameters params = getParameters(algorithm, crlf, trustStore);	583	CertPathParameters params = getParameters(algorithm, crlf, trustStore);
584	ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);	584	ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
585	tmf.init(mfp);	585	tmf.init(mfp);
586	tms = tmf.getTrustManagers();	586	tms = getTrustManagers(tmf);
587	}	587	}
588	}	588	}
589		589
590	return tms;	590	return tms;
591	}	591	}
592		592
593	/**	593	/**
		594	* Gets the TrustManagers either from Connector's
		595	* <code>trustManagerClassName</code> attribute (if set) else from the
		596	* {@link TrustManagerFactory}.
		597	* @return The TrustManagers to use for this connector.
		598	* @throws NoSuchAlgorithmException
		599	* @throws ClassNotFoundException
		600	* @throws IllegalAccessException
		601	* @throws InstantiationException
		602	*/
		603	protected TrustManager[] getTrustManagers(TrustManagerFactory tmf)
		604	throws NoSuchAlgorithmException, ClassNotFoundException,
		605	InstantiationException, IllegalAccessException {
		606
		607	String className = (String) attributes.get("trustManageClassName");
		608	if(className != null && className.length() > 0) {
		609	ClassLoader classLoader = getClass().getClassLoader();
		610	Class<?> clazz = classLoader.loadClass(className);
		611	if(!(TrustManager.class.isAssignableFrom(clazz))){
		612	throw new InstantiationException(sm.getString(
		613	"jsse.invalidTrustManagerClassName", className));
		614	}
		615	Object trustManagerObject = clazz.newInstance();
		616	TrustManager trustManager = (TrustManager) trustManagerObject;
		617	return new TrustManager[]{ trustManager };
		618	}
		619	return tmf.getTrustManagers();
		620	}
		621
		622	/**
594	* Return the initialization parameters for the TrustManager.	623	* Return the initialization parameters for the TrustManager.
595	* Currently, only the default <code>PKIX</code> is supported.	624	* Currently, only the default <code>PKIX</code> is supported.
596	*	625	*