Download
Getting Started
Members
Projects
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
How to Contribute
Working Groups
Automotive
Internet of Things
LocationTech
Long-Term Support
PolarSys
Science
OpenMDM
More
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
How to Contribute
Working Groups
Automotive
Internet of Things
LocationTech
Long-Term Support
PolarSys
Science
OpenMDM
Toggle navigation
Bugzilla – Attachment 133137 Details for
Bug 264858
[dstore] OpenRSE always picks the first trusted certificate
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
Terms of Use
|
Copyright Agent
Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read
this important communication.
[patch]
patch for allowing certificate selection via system property
patch.txt (text/plain), 6.63 KB, created by
David McKnight
on 2009-04-24 11:33:43 EDT
(
hide
)
Description:
patch for allowing certificate selection via system property
Filename:
MIME Type:
Creator:
David McKnight
Created:
2009-04-24 11:33:43 EDT
Size:
6.63 KB
patch
obsolete
>### Eclipse Workspace Patch 1.0 >#P org.eclipse.dstore.core >Index: src/org/eclipse/dstore/internal/core/util/ssl/DStoreSSLContext.java >=================================================================== >RCS file: /cvsroot/dsdp/org.eclipse.tm.rse/plugins/org.eclipse.dstore.core/src/org/eclipse/dstore/internal/core/util/ssl/DStoreSSLContext.java,v >retrieving revision 1.5 >diff -u -r1.5 DStoreSSLContext.java >--- src/org/eclipse/dstore/internal/core/util/ssl/DStoreSSLContext.java 21 Jan 2009 21:15:20 -0000 1.5 >+++ src/org/eclipse/dstore/internal/core/util/ssl/DStoreSSLContext.java 24 Apr 2009 15:30:41 -0000 >@@ -1,5 +1,5 @@ > /******************************************************************************* >- * Copyright (c) 2006, 2008 IBM Corporation and others. >+ * Copyright (c) 2006, 2009 IBM Corporation and others. > * All rights reserved. This program and the accompanying materials > * are made available under the terms of the Eclipse Public License v1.0 > * which accompanies this distribution, and is available at >@@ -15,6 +15,7 @@ > * David McKnight (IBM) - [225507][api][breaking] RSE dstore API leaks non-API types > * Noriaki Takatsu (IBM) - [259905][api] Provide a facility to use its own keystore > * David McKnight (IBM) - [259905][api] provide public API for getting/setting key managers for SSLContext >+ * David McKnight (IBM) - [264858][dstore] OpenRSE always picks the first trusted certificate > *******************************************************************************/ > > package org.eclipse.dstore.internal.core.util.ssl; >@@ -25,6 +26,7 @@ > import javax.net.ssl.KeyManagerFactory; > import javax.net.ssl.SSLContext; > import javax.net.ssl.TrustManager; >+import javax.net.ssl.X509KeyManager; > > import org.eclipse.dstore.core.util.ssl.BaseSSLContext; > import org.eclipse.dstore.core.util.ssl.DStoreKeyStore; >@@ -46,10 +48,27 @@ > KeyStore ks = DStoreKeyStore.getKeyStore(filePath, password); > String keymgrAlgorithm = KeyManagerFactory.getDefaultAlgorithm(); > KeyManagerFactory kmf = KeyManagerFactory.getInstance(keymgrAlgorithm); >- kmf.init(ks, password.toCharArray()); >- >+ kmf.init(ks, password.toCharArray()); >+ > serverContext = SSLContext.getInstance("SSL"); //$NON-NLS-1$ >- serverContext.init(kmf.getKeyManagers(), null, null); >+ >+ keyManagers = kmf.getKeyManagers(); >+ >+ // read optional system property that indicates a default certificate alias >+ String defaultAlias = System.getProperty("DSTORE_DEFAULT_CERTIFICATE_ALIAS"); //$NON-NLS-1$ >+ if (defaultAlias != null){ >+ KeyManager[] x509KeyManagers = new X509KeyManager[10]; >+ >+ for(int i=0;i<keyManagers.length; i++){ >+ if(keyManagers[i] instanceof X509KeyManager){ >+ x509KeyManagers[i] = new DStoreKeyManager((X509KeyManager)keyManagers[i], defaultAlias); >+ } >+ } >+ serverContext.init(x509KeyManagers, null, null); >+ } >+ else { >+ serverContext.init(keyManagers, null, null); >+ } > } > else > { >Index: src/org/eclipse/dstore/internal/core/util/ssl/DataStoreTrustManager.java >=================================================================== >RCS file: /cvsroot/dsdp/org.eclipse.tm.rse/plugins/org.eclipse.dstore.core/src/org/eclipse/dstore/internal/core/util/ssl/DataStoreTrustManager.java,v >retrieving revision 1.3 >diff -u -r1.3 DataStoreTrustManager.java >--- src/org/eclipse/dstore/internal/core/util/ssl/DataStoreTrustManager.java 3 Apr 2008 14:05:47 -0000 1.3 >+++ src/org/eclipse/dstore/internal/core/util/ssl/DataStoreTrustManager.java 24 Apr 2009 15:30:41 -0000 >@@ -111,8 +111,10 @@ > X509Certificate tcert = (X509Certificate)_trustedCerts.get(j); > try > { >- cert.verify(tcert.getPublicKey()); >- foundMatch = true; >+ if (cert.getSubjectDN().equals(tcert.getIssuerDN())) { >+ cert.verify(tcert.getPublicKey()); >+ foundMatch = true; >+ } > } > catch (Exception e) > { >Index: src/org/eclipse/dstore/internal/core/util/ssl/DStoreKeyManager.java >=================================================================== >RCS file: src/org/eclipse/dstore/internal/core/util/ssl/DStoreKeyManager.java >diff -N src/org/eclipse/dstore/internal/core/util/ssl/DStoreKeyManager.java >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ src/org/eclipse/dstore/internal/core/util/ssl/DStoreKeyManager.java 1 Jan 1970 00:00:00 -0000 >@@ -0,0 +1,69 @@ >+/******************************************************************************** >+ * Copyright (c) 2009 IBM Corporation. All rights reserved. >+ * This program and the accompanying materials are made available under the terms >+ * of the Eclipse Public License v1.0 which accompanies this distribution, and is >+ * available at http://www.eclipse.org/legal/epl-v10.html >+ * >+ * Initial Contributors: >+ * The following IBM employees contributed to the Remote System Explorer >+ * component that contains this file: David McKnight. >+ * >+ * Contributors: >+ * David McKnight (IBM) - [264858][dstore] OpenRSE always picks the first trusted certificate >+ ********************************************************************************/ >+package org.eclipse.dstore.internal.core.util.ssl; >+ >+import java.net.Socket; >+import java.security.Principal; >+import java.security.PrivateKey; >+import java.security.cert.X509Certificate; >+ >+import javax.net.ssl.X509KeyManager; >+ >+public class DStoreKeyManager implements X509KeyManager { >+ >+ private X509KeyManager _keyManager; >+ private String _defaultAlias; >+ >+ public DStoreKeyManager(X509KeyManager keyManager, String defaultAlias){ >+ _keyManager = keyManager; >+ _defaultAlias = defaultAlias; >+ } >+ >+ public String chooseClientAlias(String[] keyType, Principal[] issuers, >+ Socket socket) { >+ if (_defaultAlias != null){ >+ return _defaultAlias; >+ } >+ else { >+ return _keyManager.chooseClientAlias(keyType, issuers, socket); >+ } >+ } >+ >+ public String chooseServerAlias(String keyType, Principal[] issuers, >+ Socket socket) { >+ if (_defaultAlias != null){ >+ return _defaultAlias; >+ } >+ else { >+ return _keyManager.chooseServerAlias(keyType, issuers, socket); >+ } >+ } >+ >+ public X509Certificate[] getCertificateChain(String alias) { >+ return _keyManager.getCertificateChain(alias); >+ } >+ >+ public String[] getClientAliases(String keyType, Principal[] issuers) { >+ return _keyManager.getClientAliases(keyType, issuers); >+ } >+ >+ public PrivateKey getPrivateKey(String alias) { >+ return _keyManager.getPrivateKey(alias); >+ } >+ >+ public String[] getServerAliases(String keyType, Principal[] issuers) { >+ return _keyManager.getServerAliases(keyType, issuers); >+ } >+ >+}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=133137">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 264858
: 133137
