Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
63aae8a1
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
63aae8a1
编写于
11月 28, 2011
作者:
X
xuelei
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
7115524: sun.security.provider.certpath.ssl.SSLServerCertStore no longer works
Reviewed-by: weijun
上级
b16829c9
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
118 addition
and
31 deletion
+118
-31
src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStore.java
...un/security/provider/certpath/ssl/SSLServerCertStore.java
+118
-31
未找到文件。
src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStore.java
浏览文件 @
63aae8a1
...
...
@@ -44,12 +44,16 @@ import java.security.cert.CertStoreSpi;
import
java.security.cert.CRLSelector
;
import
java.security.cert.X509Certificate
;
import
java.security.cert.X509CRL
;
import
java.net.Socket
;
import
java.net.URLConnection
;
import
javax.net.ssl.HostnameVerifier
;
import
javax.net.ssl.HttpsURLConnection
;
import
javax.net.ssl.SSLContext
;
import
javax.net.ssl.SSLSession
;
import
javax.net.ssl.SSLEngine
;
import
javax.net.ssl.SSLSocketFactory
;
import
javax.net.ssl.TrustManager
;
import
javax.net.ssl.X509TrustManager
;
import
javax.net.ssl.X509
Extended
TrustManager
;
/**
* A CertStore that retrieves an SSL server's certificate chain.
...
...
@@ -57,31 +61,74 @@ import javax.net.ssl.X509TrustManager;
public
final
class
SSLServerCertStore
extends
CertStoreSpi
{
private
final
URI
uri
;
private
final
static
GetChainTrustManager
trustManager
;
private
final
static
SSLSocketFactory
socketFactory
;
private
final
static
HostnameVerifier
hostnameVerifier
;
static
{
trustManager
=
new
GetChainTrustManager
();
hostnameVerifier
=
new
HostnameVerifier
()
{
public
boolean
verify
(
String
hostname
,
SSLSession
session
)
{
return
true
;
}
};
SSLSocketFactory
tempFactory
;
try
{
SSLContext
context
=
SSLContext
.
getInstance
(
"SSL"
);
context
.
init
(
null
,
new
TrustManager
[]
{
trustManager
},
null
);
tempFactory
=
context
.
getSocketFactory
();
}
catch
(
GeneralSecurityException
gse
)
{
tempFactory
=
null
;
}
socketFactory
=
tempFactory
;
}
SSLServerCertStore
(
URI
uri
)
throws
InvalidAlgorithmParameterException
{
super
(
null
);
this
.
uri
=
uri
;
}
public
synchronized
Collection
<
X509Certificate
>
engineGetCertificates
(
CertSelector
selector
)
throws
CertStoreException
{
public
Collection
<
X509Certificate
>
engineGetCertificates
(
CertSelector
selector
)
throws
CertStoreException
{
try
{
SSLContext
sc
=
SSLContext
.
getInstance
(
"SSL"
);
GetChainTrustManager
xtm
=
new
GetChainTrustManager
();
sc
.
init
(
null
,
new
TrustManager
[]
{
xtm
},
null
);
HttpsURLConnection
.
setDefaultSSLSocketFactory
(
sc
.
getSocketFactory
());
HttpsURLConnection
.
setDefaultHostnameVerifier
(
new
HostnameVerifier
()
{
public
boolean
verify
(
String
hostname
,
SSLSession
session
)
{
return
true
;
URLConnection
urlConn
=
uri
.
toURL
().
openConnection
();
if
(
urlConn
instanceof
HttpsURLConnection
)
{
if
(
socketFactory
==
null
)
{
throw
new
CertStoreException
(
"No initialized SSLSocketFactory"
);
}
HttpsURLConnection
https
=
(
HttpsURLConnection
)
urlConn
;
https
.
setSSLSocketFactory
(
socketFactory
);
https
.
setHostnameVerifier
(
hostnameVerifier
);
synchronized
(
trustManager
)
{
try
{
https
.
connect
();
return
getMatchingCerts
(
trustManager
.
serverChain
,
selector
);
}
catch
(
IOException
ioe
)
{
// If the server certificate has already been
// retrieved, don't mind the connection state.
if
(
trustManager
.
exchangedServerCerts
)
{
return
getMatchingCerts
(
trustManager
.
serverChain
,
selector
);
}
// otherwise, rethrow the exception
throw
ioe
;
}
finally
{
trustManager
.
cleanup
();
}
});
uri
.
toURL
().
openConnection
().
connect
();
return
getMatchingCerts
(
xtm
.
serverChain
,
selector
);
}
catch
(
GeneralSecurityException
|
IOException
e
)
{
throw
new
CertStoreException
(
e
);
}
}
}
catch
(
IOException
ioe
)
{
throw
new
CertStoreException
(
ioe
);
}
return
Collections
.<
X509Certificate
>
emptySet
();
}
private
static
List
<
X509Certificate
>
getMatchingCerts
...
...
@@ -106,37 +153,77 @@ public final class SSLServerCertStore extends CertStoreSpi {
throw
new
UnsupportedOperationException
();
}
static
synchronized
CertStore
getInstance
(
URI
uri
)
static
CertStore
getInstance
(
URI
uri
)
throws
InvalidAlgorithmParameterException
{
return
new
CS
(
new
SSLServerCertStore
(
uri
),
null
,
"SSLServer"
,
null
);
}
/*
* An X509
TrustManager that simply stores a reference to the server's
*
certificate chai
n.
* An X509
ExtendedTrustManager that ignores the server certificate
*
validatio
n.
*/
private
static
class
GetChainTrustManager
implements
X509TrustManager
{
private
List
<
X509Certificate
>
serverChain
;
private
static
class
GetChainTrustManager
extends
X509ExtendedTrustManager
{
private
List
<
X509Certificate
>
serverChain
=
Collections
.<
X509Certificate
>
emptyList
();
private
boolean
exchangedServerCerts
=
false
;
@Override
public
X509Certificate
[]
getAcceptedIssuers
()
{
throw
new
UnsupportedOperationException
()
;
return
new
X509Certificate
[
0
]
;
}
@Override
public
void
checkClientTrusted
(
X509Certificate
[]
chain
,
String
authType
)
throws
CertificateException
{
String
authType
)
throws
CertificateException
{
throw
new
UnsupportedOperationException
();
}
@Override
public
void
checkClientTrusted
(
X509Certificate
[]
chain
,
String
authType
,
Socket
socket
)
throws
CertificateException
{
throw
new
UnsupportedOperationException
();
}
@Override
public
void
checkClientTrusted
(
X509Certificate
[]
chain
,
String
authType
,
SSLEngine
engine
)
throws
CertificateException
{
throw
new
UnsupportedOperationException
();
}
@Override
public
void
checkServerTrusted
(
X509Certificate
[]
chain
,
String
authType
)
throws
CertificateException
{
String
authType
)
throws
CertificateException
{
exchangedServerCerts
=
true
;
this
.
serverChain
=
(
chain
==
null
)
?
Collections
.<
X509Certificate
>
emptyList
()
:
Arrays
.
asList
(
chain
);
?
Collections
.<
X509Certificate
>
emptyList
()
:
Arrays
.<
X509Certificate
>
asList
(
chain
);
}
@Override
public
void
checkServerTrusted
(
X509Certificate
[]
chain
,
String
authType
,
Socket
socket
)
throws
CertificateException
{
checkServerTrusted
(
chain
,
authType
);
}
@Override
public
void
checkServerTrusted
(
X509Certificate
[]
chain
,
String
authType
,
SSLEngine
engine
)
throws
CertificateException
{
checkServerTrusted
(
chain
,
authType
);
}
void
cleanup
()
{
exchangedServerCerts
=
false
;
serverChain
=
Collections
.<
X509Certificate
>
emptyList
();
}
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录