Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
6829d886
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
3
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
6829d886
编写于
10月 09, 2009
作者:
A
alanb
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
6889552: Sun provider should not require LDAP CertStore to be present
Reviewed-by: vinnie, mullan
上级
60a92837
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
177 addition
and
7 deletion
+177
-7
src/share/classes/sun/security/provider/SunEntries.java
src/share/classes/sun/security/provider/SunEntries.java
+1
-1
src/share/classes/sun/security/provider/certpath/CertStoreHelper.java
...asses/sun/security/provider/certpath/CertStoreHelper.java
+68
-0
src/share/classes/sun/security/provider/certpath/URICertStore.java
.../classes/sun/security/provider/certpath/URICertStore.java
+33
-5
src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java
...es/sun/security/provider/certpath/ldap/LDAPCertStore.java
+2
-1
src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java
.../security/provider/certpath/ldap/LDAPCertStoreHelper.java
+73
-0
未找到文件。
src/share/classes/sun/security/provider/SunEntries.java
浏览文件 @
6829d886
...
...
@@ -210,7 +210,7 @@ final class SunEntries {
* CertStores
*/
map
.
put
(
"CertStore.LDAP"
,
"sun.security.provider.certpath.LDAPCertStore"
);
"sun.security.provider.certpath.
ldap.
LDAPCertStore"
);
map
.
put
(
"CertStore.LDAP LDAPSchema"
,
"RFC2587"
);
map
.
put
(
"CertStore.Collection"
,
"sun.security.provider.certpath.CollectionCertStore"
);
...
...
src/share/classes/sun/security/provider/certpath/CertStoreHelper.java
0 → 100644
浏览文件 @
6829d886
/*
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Sun designates this
* particular file as subject to the "Classpath" exception as provided
* by Sun in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
package
sun.security.provider.certpath
;
import
java.net.URI
;
import
java.util.Collection
;
import
java.security.NoSuchAlgorithmException
;
import
java.security.InvalidAlgorithmParameterException
;
import
java.security.cert.CertStore
;
import
java.security.cert.X509CertSelector
;
import
java.security.cert.X509CRLSelector
;
import
javax.security.auth.x500.X500Principal
;
import
java.io.IOException
;
/**
* Helper used by URICertStore when delegating to another CertStore to
* fetch certs and CRLs.
*/
public
interface
CertStoreHelper
{
/**
* Returns a CertStore using the given URI as parameters.
*/
CertStore
getCertStore
(
URI
uri
)
throws
NoSuchAlgorithmException
,
InvalidAlgorithmParameterException
;
/**
* Wraps an existing X509CertSelector when needing to avoid DN matching
* issues.
*/
X509CertSelector
wrap
(
X509CertSelector
selector
,
X500Principal
certSubject
,
String
dn
)
throws
IOException
;
/**
* Wraps an existing X509CRLSelector when needing to avoid DN matching
* issues.
*/
X509CRLSelector
wrap
(
X509CRLSelector
selector
,
Collection
<
X500Principal
>
certIssuers
,
String
dn
)
throws
IOException
;
}
src/share/classes/sun/security/provider/certpath/URICertStore.java
浏览文件 @
6829d886
...
...
@@ -30,6 +30,8 @@ import java.io.IOException;
import
java.net.HttpURLConnection
;
import
java.net.URI
;
import
java.net.URLConnection
;
import
java.security.AccessController
;
import
java.security.PrivilegedAction
;
import
java.security.InvalidAlgorithmParameterException
;
import
java.security.NoSuchAlgorithmException
;
import
java.security.Provider
;
...
...
@@ -120,6 +122,32 @@ class URICertStore extends CertStoreSpi {
private
CertStore
ldapCertStore
;
private
String
ldapPath
;
/**
* Holder class to lazily load LDAPCertStoreHelper if present.
*/
private
static
class
LDAP
{
private
static
final
String
CERT_STORE_HELPER
=
"sun.security.provider.certpath.ldap.LDAPCertStoreHelper"
;
private
static
final
CertStoreHelper
helper
=
AccessController
.
doPrivileged
(
new
PrivilegedAction
<
CertStoreHelper
>()
{
public
CertStoreHelper
run
()
{
try
{
Class
<?>
c
=
Class
.
forName
(
CERT_STORE_HELPER
,
true
,
null
);
return
(
CertStoreHelper
)
c
.
newInstance
();
}
catch
(
ClassNotFoundException
cnf
)
{
return
null
;
}
catch
(
InstantiationException
e
)
{
throw
new
AssertionError
(
e
);
}
catch
(
IllegalAccessException
e
)
{
throw
new
AssertionError
(
e
);
}
}});
static
CertStoreHelper
helper
()
{
return
helper
;
}
}
/**
* Creates a URICertStore.
*
...
...
@@ -135,9 +163,10 @@ class URICertStore extends CertStoreSpi {
this
.
uri
=
((
URICertStoreParameters
)
params
).
uri
;
// if ldap URI, use an LDAPCertStore to fetch certs and CRLs
if
(
uri
.
getScheme
().
toLowerCase
().
equals
(
"ldap"
))
{
if
(
LDAP
.
helper
()
==
null
)
throw
new
NoSuchAlgorithmException
(
"LDAP not present"
);
ldap
=
true
;
ldapCertStore
=
LDAPCertStore
.
getInstance
(
LDAPCertStore
.
getParameters
(
uri
));
ldapCertStore
=
LDAP
.
helper
().
getCertStore
(
uri
);
ldapPath
=
uri
.
getPath
();
// strip off leading '/'
if
(
ldapPath
.
charAt
(
0
)
==
'/'
)
{
...
...
@@ -219,8 +248,7 @@ class URICertStore extends CertStoreSpi {
if
(
ldap
)
{
X509CertSelector
xsel
=
(
X509CertSelector
)
selector
;
try
{
xsel
=
new
LDAPCertStore
.
LDAPCertSelector
(
xsel
,
xsel
.
getSubject
(),
ldapPath
);
xsel
=
LDAP
.
helper
().
wrap
(
xsel
,
xsel
.
getSubject
(),
ldapPath
);
}
catch
(
IOException
ioe
)
{
throw
new
CertStoreException
(
ioe
);
}
...
...
@@ -340,7 +368,7 @@ class URICertStore extends CertStoreSpi {
if
(
ldap
)
{
X509CRLSelector
xsel
=
(
X509CRLSelector
)
selector
;
try
{
xsel
=
new
LDAPCertStore
.
LDAPCRLSelector
(
xsel
,
null
,
ldapPath
);
xsel
=
LDAP
.
helper
().
wrap
(
xsel
,
null
,
ldapPath
);
}
catch
(
IOException
ioe
)
{
throw
new
CertStoreException
(
ioe
);
}
...
...
src/share/classes/sun/security/provider/certpath/LDAPCertStore.java
→
src/share/classes/sun/security/provider/certpath/
ldap/
LDAPCertStore.java
浏览文件 @
6829d886
...
...
@@ -23,7 +23,7 @@
* have any questions.
*/
package
sun.security.provider.certpath
;
package
sun.security.provider.certpath
.ldap
;
import
java.io.ByteArrayInputStream
;
import
java.io.IOException
;
...
...
@@ -46,6 +46,7 @@ import java.security.cert.*;
import
javax.security.auth.x500.X500Principal
;
import
sun.misc.HexDumpEncoder
;
import
sun.security.provider.certpath.X509CertificatePair
;
import
sun.security.util.Cache
;
import
sun.security.util.Debug
;
import
sun.security.x509.X500Name
;
...
...
src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java
0 → 100644
浏览文件 @
6829d886
/*
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Sun designates this
* particular file as subject to the "Classpath" exception as provided
* by Sun in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
package
sun.security.provider.certpath.ldap
;
import
java.net.URI
;
import
java.util.Collection
;
import
java.security.NoSuchAlgorithmException
;
import
java.security.InvalidAlgorithmParameterException
;
import
java.security.cert.CertStore
;
import
java.security.cert.X509CertSelector
;
import
java.security.cert.X509CRLSelector
;
import
javax.security.auth.x500.X500Principal
;
import
java.io.IOException
;
import
sun.security.provider.certpath.CertStoreHelper
;
/**
* LDAP implementation of CertStoreHelper.
*/
public
class
LDAPCertStoreHelper
implements
CertStoreHelper
{
public
LDAPCertStoreHelper
()
{
}
@Override
public
CertStore
getCertStore
(
URI
uri
)
throws
NoSuchAlgorithmException
,
InvalidAlgorithmParameterException
{
return
LDAPCertStore
.
getInstance
(
LDAPCertStore
.
getParameters
(
uri
));
}
@Override
public
X509CertSelector
wrap
(
X509CertSelector
selector
,
X500Principal
certSubject
,
String
ldapDN
)
throws
IOException
{
return
new
LDAPCertStore
.
LDAPCertSelector
(
selector
,
certSubject
,
ldapDN
);
}
@Override
public
X509CRLSelector
wrap
(
X509CRLSelector
selector
,
Collection
<
X500Principal
>
certIssuers
,
String
ldapDN
)
throws
IOException
{
return
new
LDAPCertStore
.
LDAPCRLSelector
(
selector
,
certIssuers
,
ldapDN
);
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录