directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject [directory-ldap-api] branch master updated: Fix for DIRAPI-301: we use a default TrustManager, instead of a NoVerificationTrustManager one in a default config
Date Tue, 08 Jan 2019 13:32:44 GMT
This is an automated email from the ASF dual-hosted git repository.

elecharny pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-ldap-api.git


The following commit(s) were added to refs/heads/master by this push:
     new 51b35a6  Fix for DIRAPI-301: we use a default TrustManager, instead of a NoVerificationTrustManager
one in a default config
51b35a6 is described below

commit 51b35a6f6cc9587855992a3558fdaad18cf5c749
Author: Emmanuel Lecharny <elecharny@apache.org>
AuthorDate: Tue Jan 8 14:32:42 2019 +0100

    Fix for DIRAPI-301: we use a default TrustManager, instead of a
    NoVerificationTrustManager one in a default config
---
 .../java/org/apache/directory/api/i18n/I18n.java   |  2 ++
 .../apache/directory/api/i18n/errors.properties    |  3 +++
 .../ldap/client/api/LdapConnectionConfig.java      | 23 ++++++++++++++++++++--
 3 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/i18n/src/main/java/org/apache/directory/api/i18n/I18n.java b/i18n/src/main/java/org/apache/directory/api/i18n/I18n.java
index 1ba1dba..f56922a 100644
--- a/i18n/src/main/java/org/apache/directory/api/i18n/I18n.java
+++ b/i18n/src/main/java/org/apache/directory/api/i18n/I18n.java
@@ -205,6 +205,8 @@ public enum I18n
     ERR_04169_RESPONSE_QUEUE_EMPTIED( "ERR_04169_RESPONSE_QUEUE_EMPTIED" ),
     ERR_04170_TIMEOUT_OCCURED( "ERR_04170_TIMEOUT_OCCURED" ),
     ERR_04171_CANNOT_PARSE_MATCHED_DN( "ERR_04171_CANNOT_PARSE_MATCHED_DN" ),
+    ERR_04172_KEYSTORE_INIT_FAILURE( "ERR_04172_KEYSTORE_INIT_FAILURE" ),
+    ERR_04173_ALGORITHM_NOT_FOUND( "ERR_04173_ALGORITHM_NOT_FOUND" ),
 
     //     template                     4200-4300
     // None
diff --git a/i18n/src/main/resources/org/apache/directory/api/i18n/errors.properties b/i18n/src/main/resources/org/apache/directory/api/i18n/errors.properties
index 23519e1..2b765a7 100644
--- a/i18n/src/main/resources/org/apache/directory/api/i18n/errors.properties
+++ b/i18n/src/main/resources/org/apache/directory/api/i18n/errors.properties
@@ -197,6 +197,9 @@ ERR_04168_TRIM_LOWERCASE_FOR_CHAR_ARRAY=Trim and lowerCase only applicable
to ch
 ERR_04169_RESPONSE_QUEUE_EMPTIED=The response queue has been emptied, no response was found.
 ERR_04170_TIMEOUT_OCCURED=TimeOut occurred
 ERR_04171_CANNOT_PARSE_MATCHED_DN=Could not parse matchedDn while transforming Codec value
to Internal: {0}
+ERR_04172_KEYSTORE_INIT_FAILURE=Keystore initialisation failure
+ERR_04173_ALGORITHM_NOT_FOUND=Not TrustManagerFactory found for algorithm '{0}'
+
 
 
 # api-ldap-client-api template      4200-4300
diff --git a/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java
b/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java
index 822c08f..356f7c6 100644
--- a/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java
+++ b/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnectionConfig.java
@@ -21,12 +21,16 @@
 package org.apache.directory.ldap.client.api;
 
 
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
+import javax.net.ssl.TrustManagerFactory;
 
+import org.apache.directory.api.i18n.I18n;
 import org.apache.directory.api.ldap.codec.api.BinaryAttributeDetector;
 import org.apache.directory.api.ldap.codec.api.LdapApiService;
 import org.apache.directory.api.util.Network;
@@ -125,7 +129,22 @@ public class LdapConnectionConfig
      **/
     private void setDefaultTrustManager()
     {
-        trustManagers = new X509TrustManager[] { new NoVerificationTrustManager() };
+        String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
+        
+        try
+        {
+            TrustManagerFactory tmf = TrustManagerFactory.getInstance( defaultAlgorithm );
+            tmf.init( ( KeyStore ) null );
+            trustManagers = tmf.getTrustManagers();
+        }
+        catch ( KeyStoreException kse )
+        {
+            LOG.error( I18n.err( I18n.ERR_04172_KEYSTORE_INIT_FAILURE ) );
+        }
+        catch ( NoSuchAlgorithmException nsae )
+        {
+            LOG.error( I18n.err( I18n.ERR_04173_ALGORITHM_NOT_FOUND, defaultAlgorithm ) );
+        }
     }
 
 


Mime
View raw message