You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by rg...@apache.org on 2017/03/29 15:49:57 UTC
qpid-proton-j git commit: PROTON-1447 : Allow CaCertDb file to have
multiple certificates
Repository: qpid-proton-j
Updated Branches:
refs/heads/master b845e479f -> ad6096746
PROTON-1447 : Allow CaCertDb file to have multiple certificates
Project: http://git-wip-us.apache.org/repos/asf/qpid-proton-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton-j/commit/ad609674
Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton-j/tree/ad609674
Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton-j/diff/ad609674
Branch: refs/heads/master
Commit: ad60967463fe697800d24eaf0286dbf9e7d38473
Parents: b845e47
Author: rgodfrey <rg...@apache.org>
Authored: Wed Mar 29 17:49:49 2017 +0200
Committer: rgodfrey <rg...@apache.org>
Committed: Wed Mar 29 17:49:49 2017 +0200
----------------------------------------------------------------------
.../engine/impl/ssl/SslEngineFacadeFactory.java | 37 ++++++++++++++++++--
1 file changed, 35 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-proton-j/blob/ad609674/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
----------------------------------------------------------------------
diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
index 4efc055..e82e1bb 100644
--- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
+++ b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
@@ -45,6 +45,7 @@ import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Collection;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -350,8 +351,11 @@ public class SslEngineFacadeFactory
{
_logger.log(Level.FINE, "_sslParams.getTrustedCaDb() : " + sslDomain.getTrustedCaDb());
}
- Certificate trustedCaCert = readCertificate(sslDomain.getTrustedCaDb());
- keystore.setCertificateEntry(caCertAlias, trustedCaCert);
+ int i = 1;
+ for(Certificate trustedCaCert : readCertificates(sslDomain.getTrustedCaDb()))
+ {
+ keystore.setCertificateEntry(caCertAlias + (i++), trustedCaCert);
+ }
}
if (sslDomain.getCertificateFile() != null
@@ -468,6 +472,35 @@ public class SslEngineFacadeFactory
}
}
+ Collection<? extends Certificate> readCertificates(String pemFile)
+ {
+ InputStream is = null;
+
+ try
+ {
+ CertificateFactory cFactory = CertificateFactory.getInstance("X.509");
+ is = new FileInputStream(pemFile);
+ return cFactory.generateCertificates(is);
+ }
+ catch (CertificateException ce)
+ {
+ String msg = "Failed to load certificates [" + pemFile + "]";
+ _logger.log(Level.SEVERE, msg, ce);
+ throw new TransportException(msg, ce);
+ }
+ catch (FileNotFoundException e)
+ {
+ String msg = "Certificates file not found [" + pemFile + "]";
+ _logger.log(Level.SEVERE, msg);
+ throw new TransportException(msg, e);
+ }
+ finally
+ {
+ closeSafely(is);
+ }
+ }
+
+
PrivateKey readPrivateKey(String pemFile, String password)
{
if (bouncyCastleSetupException != null)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org