You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2015/11/24 16:08:25 UTC
svn commit: r1716155 -
/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
Author: orudyy
Date: Tue Nov 24 15:08:24 2015
New Revision: 1716155
URL: http://svn.apache.org/viewvc?rev=1716155&view=rev
Log:
QPID-6873: Fix NPE in SiteSpecificTrustStoreImpl when certificate cannot be retrieved from given site
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java?rev=1716155&r1=1716154&r2=1716155&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java Tue Nov 24 15:08:24 2015
@@ -118,14 +118,18 @@ public class SiteSpecificTrustStoreImpl
@Override
public String getCertificate()
{
- try
- {
- return DatatypeConverter.printBase64Binary(_x509Certificate.getEncoded());
- }
- catch (CertificateEncodingException e)
+ if (_x509Certificate != null)
{
- throw new IllegalConfigurationException("Unable to encode certificate");
+ try
+ {
+ return DatatypeConverter.printBase64Binary(_x509Certificate.getEncoded());
+ }
+ catch (CertificateEncodingException e)
+ {
+ throw new IllegalConfigurationException("Unable to encode certificate");
+ }
}
+ return null;
}
@Override
@@ -217,21 +221,22 @@ public class SiteSpecificTrustStoreImpl
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(new KeyManager[0], new TrustManager[] {new AlwaysTrustManager()}, null);
- SSLSocket socket = (SSLSocket) sslContext.getSocketFactory().createSocket(url.getHost(), url.getPort());
- socket.startHandshake();
- final Certificate[] certificateChain =
- socket.getSession().getPeerCertificates();
- if(certificateChain != null && certificateChain.length != 0 && certificateChain[0] instanceof X509Certificate)
+ try(SSLSocket socket = (SSLSocket) sslContext.getSocketFactory().createSocket(url.getHost(), url.getPort()))
{
- _x509Certificate = (X509Certificate) certificateChain[0];
+ socket.startHandshake();
+ final Certificate[] certificateChain = socket.getSession().getPeerCertificates();
+ if (certificateChain != null && certificateChain.length != 0 && certificateChain[0] instanceof X509Certificate)
+ {
+ _x509Certificate = (X509Certificate) certificateChain[0];
- final String certificate = getCertificate();
- attributeSet(CERTIFICATE, certificate, certificate);
+ final String certificate = getCertificate();
+ attributeSet(CERTIFICATE, certificate, certificate);
- }
- else
- {
- LOGGER.info("No valid certificates available from " + getSiteUrl());
+ }
+ else
+ {
+ LOGGER.info("No valid certificates available from " + getSiteUrl());
+ }
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org