You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by se...@apache.org on 2009/05/18 21:08:09 UTC
svn commit: r776054 [1/2] - in /directory/studio/trunk:
connection-core/src/main/java/org/apache/directory/studio/connection/core/
connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/
connection-core/src/main/java/org/apac...
Author: seelmann
Date: Mon May 18 19:08:08 2009
New Revision: 776054
URL: http://svn.apache.org/viewvc?rev=776054&view=rev
Log:
DIRSTUDIO-263 (Add certificate validation for ldaps and StartTLS): Initial implementation
Added:
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ICertificateHandler.java (with props)
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java (with props)
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java (with props)
directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUICertificateHandler.java (with props)
directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/CertificateTrustDialog.java (with props)
Modified:
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCoreConstants.java
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePlugin.java
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePreferencesInitializer.java
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/Messages.java
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/DummySSLSocketFactory.java
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/JNDIConnectionWrapper.java
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/jobs/StudioConnectionJob.java
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages.properties
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_de.properties
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_fr.properties
directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUIPlugin.java
directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages.properties
directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties
directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_fr.properties
directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/NetworkParameterPage.java
directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages.properties
directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages_de.properties
directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages_fr.properties
directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/MainPreferencePage.java
directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/messages.properties
directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/messages_de.properties
directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/messages_fr.properties
directory/studio/trunk/rcp/Studio-Runtime.launch
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCoreConstants.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCoreConstants.java?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCoreConstants.java (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCoreConstants.java Mon May 18 19:08:08 2009
@@ -38,7 +38,10 @@
/** The date format of the modification logger */
public static final String DATEFORMAT = "yyyy-MM-dd'T'HH:mm:ss.SSS"; //$NON-NLS-1$
- /** The constant used to preferred LDAP context factory */
+ /** The constant used to identify if certificates for secure connections should be validated */
+ public static final String PREFERENCE_VALIDATE_CERTIFICATES = "validateCertificates"; //$NON-NLS-1$
+
+ /** The constant used to identify the preferred LDAP context factory */
public static final String PREFERENCE_LDAP_CONTEXT_FACTORY = "ldapContextFactory"; //$NON-NLS-1$
/** The constant used to identify the "enable modification logs" preference */
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePlugin.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePlugin.java?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePlugin.java (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePlugin.java Mon May 18 19:08:08 2009
@@ -21,6 +21,7 @@
import java.io.IOException;
+import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.PropertyResourceBundle;
@@ -65,6 +66,9 @@
/** The referral handler */
private IReferralHandler referralHandler;
+ /** The certificate handler */
+ private ICertificateHandler certificateHandler;
+
/** The JNDI loggers. */
private List<IJndiLogger> jndiLoggers;
@@ -271,6 +275,42 @@
/**
+ * Gets the certificate handler
+ *
+ * @return
+ * the certificate handler
+ */
+ public ICertificateHandler getCertificateHandler()
+ {
+ if ( certificateHandler == null )
+ {
+ // if no certificate handler was set a default certificate handler is used
+ // that just returns "No"
+ certificateHandler = new ICertificateHandler()
+ {
+ public TrustLevel verifyTrustLevel( X509Certificate[] certChain )
+ {
+ return TrustLevel.Not;
+ }
+ };
+ }
+ return certificateHandler;
+ }
+
+
+ /**
+ * Sets the certificate handler
+ *
+ * @param certificateHandler
+ * the certificate handler to set
+ */
+ public void setCertificateHandler( ICertificateHandler certificateHandler )
+ {
+ this.certificateHandler = certificateHandler;
+ }
+
+
+ /**
* Gets the LDIF modification logger.
*
* @return the LDIF modification logger, null if none found.
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePreferencesInitializer.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePreferencesInitializer.java?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePreferencesInitializer.java (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePreferencesInitializer.java Mon May 18 19:08:08 2009
@@ -42,6 +42,7 @@
// LDAP context factory
String defaultLdapContextFactory = ConnectionCorePlugin.getDefault().getDefaultLdapContextFactory();
+ preferences.setDefault( ConnectionCoreConstants.PREFERENCE_VALIDATE_CERTIFICATES, true );
preferences.setDefault( ConnectionCoreConstants.PREFERENCE_LDAP_CONTEXT_FACTORY, defaultLdapContextFactory );
// Modification Logs
Added: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ICertificateHandler.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ICertificateHandler.java?rev=776054&view=auto
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ICertificateHandler.java (added)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ICertificateHandler.java Mon May 18 19:08:08 2009
@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.studio.connection.core;
+
+
+import java.security.cert.X509Certificate;
+
+
+/**
+ * Callback interface to ask for the trust level of a certificate from a
+ * higher-level layer (from the UI plugin).
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public interface ICertificateHandler
+{
+
+ /**
+ * The trust level of a certificate
+ */
+ enum TrustLevel
+ {
+ /**
+ * Don't trust a certificate.
+ */
+ Not,
+
+ /**
+ * Trust a certificate within the current session.
+ */
+ Session,
+
+ /**
+ * Trust a certificate permanently.
+ */
+ Permanent;
+ }
+
+
+ /**
+ * Verifies the trust level of the given certificate chain.
+ *
+ * @param cert the certificate chain
+ *
+ * @return the trust level
+ */
+ TrustLevel verifyTrustLevel( X509Certificate[] certChain );
+
+}
Propchange: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ICertificateHandler.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/Messages.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/Messages.java?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/Messages.java (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/Messages.java Mon May 18 19:08:08 2009
@@ -59,6 +59,7 @@
public static String error__unable_to_get_plugin_properties;
public static String error__loop_detected;
public static String error__connection_is_readonly;
+ public static String error__untrusted_certificate;
public static String model__no_auth_handler;
public static String model__no_credentials;
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/DummySSLSocketFactory.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/DummySSLSocketFactory.java?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/DummySSLSocketFactory.java (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/DummySSLSocketFactory.java Mon May 18 19:08:08 2009
@@ -29,7 +29,6 @@
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
-import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
@@ -37,7 +36,7 @@
/**
- * A SSLSocketFactory that accepts every certificat without validation.
+ * A SSLSocketFactory that accepts every certificate without validation.
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
@@ -46,7 +45,7 @@
{
/** The default instance. */
- private static SocketFactory instance;
+ private static SSLSocketFactory instance;
/**
@@ -57,7 +56,7 @@
*
* @return the default instance
*/
- public static SocketFactory getDefault()
+ public static SSLSocketFactory getDefault()
{
if ( instance == null )
{
@@ -72,6 +71,9 @@
/**
* Creates a new instance of DummySSLSocketFactory.
+ *
+ * Note: This method is invoked from the JNDI (Apache Harmony)
+ * when creating a ldaps:// connection. Must be public!
*/
public DummySSLSocketFactory()
{
@@ -108,7 +110,7 @@
/**
- * @see javax.net.ssl.SSLSocketFactory#getDefaultCipherSuites()
+ * {@inheritDoc}
*/
public String[] getDefaultCipherSuites()
{
@@ -117,7 +119,7 @@
/**
- * @see javax.net.ssl.SSLSocketFactory#getSupportedCipherSuites()
+ * {@inheritDoc}
*/
public String[] getSupportedCipherSuites()
{
@@ -126,13 +128,13 @@
/**
- * @see javax.net.ssl.SSLSocketFactory#createSocket(java.net.Socket, java.lang.String, int, boolean)
+ * {@inheritDoc}
*/
- public Socket createSocket( Socket arg0, String arg1, int arg2, boolean arg3 ) throws IOException
+ public Socket createSocket( Socket s, String host, int port, boolean autoClose ) throws IOException
{
try
{
- return delegate.createSocket( arg0, arg1, arg2, arg3 );
+ return delegate.createSocket( s, host, port, autoClose );
}
catch ( IOException e )
{
@@ -143,13 +145,13 @@
/**
- * @see javax.net.SocketFactory#createSocket(java.lang.String, int)
+ * {@inheritDoc}
*/
- public Socket createSocket( String arg0, int arg1 ) throws IOException, UnknownHostException
+ public Socket createSocket( String host, int port ) throws IOException, UnknownHostException
{
try
{
- return delegate.createSocket( arg0, arg1 );
+ return delegate.createSocket( host, port );
}
catch ( IOException e )
{
@@ -160,13 +162,13 @@
/**
- * @see javax.net.SocketFactory#createSocket(java.net.InetAddress, int)
+ * {@inheritDoc}
*/
- public Socket createSocket( InetAddress arg0, int arg1 ) throws IOException
+ public Socket createSocket( InetAddress host, int port ) throws IOException
{
try
{
- return delegate.createSocket( arg0, arg1 );
+ return delegate.createSocket( host, port );
}
catch ( IOException e )
{
@@ -177,14 +179,14 @@
/**
- * @see javax.net.SocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int)
+ * {@inheritDoc}
*/
- public Socket createSocket( String arg0, int arg1, InetAddress arg2, int arg3 ) throws IOException,
+ public Socket createSocket( String host, int port, InetAddress localHost, int localPort ) throws IOException,
UnknownHostException
{
try
{
- return delegate.createSocket( arg0, arg1, arg2, arg3 );
+ return delegate.createSocket( host, port, localHost, localPort );
}
catch ( IOException e )
{
@@ -195,13 +197,14 @@
/**
- * @see javax.net.SocketFactory#createSocket(java.net.InetAddress, int, java.net.InetAddress, int)
+ * {@inheritDoc}
*/
- public Socket createSocket( InetAddress arg0, int arg1, InetAddress arg2, int arg3 ) throws IOException
+ public Socket createSocket( InetAddress address, int port, InetAddress localhAddress, int localPort )
+ throws IOException
{
try
{
- return delegate.createSocket( arg0, arg1, arg2, arg3 );
+ return delegate.createSocket( address, port, localhAddress, localPort );
}
catch ( IOException e )
{
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/JNDIConnectionWrapper.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/JNDIConnectionWrapper.java?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/JNDIConnectionWrapper.java (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/JNDIConnectionWrapper.java Mon May 18 19:08:08 2009
@@ -838,8 +838,9 @@
environment = new Hashtable<String, String>();
Preferences preferences = ConnectionCorePlugin.getDefault().getPluginPreferences();
+ final boolean validateCertificates = preferences.getBoolean( ConnectionCoreConstants.PREFERENCE_VALIDATE_CERTIFICATES );
String ldapCtxFactory = preferences.getString( ConnectionCoreConstants.PREFERENCE_LDAP_CONTEXT_FACTORY );
- environment.put( Context.INITIAL_CONTEXT_FACTORY, ldapCtxFactory ); //$NON-NLS-1$
+ environment.put( Context.INITIAL_CONTEXT_FACTORY, ldapCtxFactory );
environment.put( JAVA_NAMING_LDAP_VERSION, "3" ); //$NON-NLS-1$
// timeouts
@@ -857,7 +858,9 @@
{
environment.put( Context.PROVIDER_URL, LdapURL.LDAPS_SCHEME + host + ':' + port );
environment.put( Context.SECURITY_PROTOCOL, "ssl" ); //$NON-NLS-1$
- environment.put( JAVA_NAMING_LDAP_FACTORY_SOCKET, DummySSLSocketFactory.class.getName() );
+ // TODO: host name validation
+ environment.put( JAVA_NAMING_LDAP_FACTORY_SOCKET, validateCertificates ? StudioSSLSocketFactory.class
+ .getName() : DummySSLSocketFactory.class.getName() );
}
else
{
@@ -883,15 +886,22 @@
{
StartTlsResponse tls = ( StartTlsResponse ) context
.extendedOperation( new StartTlsRequest() );
+ // TODO: host name validation
tls.setHostnameVerifier( new HostnameVerifier()
{
- public boolean verify( String arg0, SSLSession arg1 )
+ public boolean verify( String hostname, SSLSession session )
{
return true;
}
} );
- tls.negotiate( new DummySSLSocketFactory() );
-
+ if ( validateCertificates )
+ {
+ tls.negotiate( StudioSSLSocketFactory.getDefault() );
+ }
+ else
+ {
+ tls.negotiate( DummySSLSocketFactory.getDefault() );
+ }
}
catch ( Exception e )
{
Added: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java?rev=776054&view=auto
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java (added)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java Mon May 18 19:08:08 2009
@@ -0,0 +1,208 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.studio.connection.core.io.jndi;
+
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.KeyStore;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
+
+/**
+ * A {@link SSLSocketFactory} that uses a custom {@link TrustManager} ({@link StudioTrustManager}).
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class StudioSSLSocketFactory extends SSLSocketFactory
+{
+
+ /** The default instance. */
+ private static StudioSSLSocketFactory instance;
+
+
+ /**
+ * Gets the default instance.
+ *
+ * Note: This method is invoked from the JNDI (Sun) when
+ * creating a ldaps:// connection. Must be public static!
+ *
+ * @return the default instance
+ */
+ public static SSLSocketFactory getDefault()
+ {
+ if ( instance == null )
+ {
+ instance = new StudioSSLSocketFactory();
+ }
+ return instance;
+ }
+
+ /** The delegate. */
+ private SSLSocketFactory delegate;
+
+
+ /**
+ * Creates a new instance of StudioSSLSocketFactory.
+ *
+ * Note: This method is invoked from the JNDI (Apache Harmony) when
+ * creating a ldaps:// connection. Must be public!
+ */
+ public StudioSSLSocketFactory()
+ {
+ try
+ {
+ // get default trust managers (using JVM "cacerts" key store)
+ TrustManagerFactory factory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() );
+ factory.init( ( KeyStore ) null );
+ TrustManager[] defaultTrustManagers = factory.getTrustManagers();
+
+ // create wrappers around the trust managers
+ for ( int i = 0; i < defaultTrustManagers.length; i++ )
+ {
+ defaultTrustManagers[i] = new StudioTrustManager( ( X509TrustManager ) defaultTrustManagers[i] );
+ }
+
+ // create the real socket factory
+ SSLContext sc = SSLContext.getInstance( "TLS" ); //$NON-NLS-1$
+ sc.init( null, defaultTrustManagers, null );
+ delegate = sc.getSocketFactory();
+ }
+ catch ( Exception e )
+ {
+ e.printStackTrace();
+ }
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public String[] getDefaultCipherSuites()
+ {
+ return delegate.getDefaultCipherSuites();
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public String[] getSupportedCipherSuites()
+ {
+ return delegate.getSupportedCipherSuites();
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public Socket createSocket( Socket s, String host, int port, boolean autoClose ) throws IOException
+ {
+ try
+ {
+ return delegate.createSocket( s, host, port, autoClose );
+ }
+ catch ( IOException e )
+ {
+ e.printStackTrace();
+ throw e;
+ }
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public Socket createSocket( String host, int port ) throws IOException, UnknownHostException
+ {
+ try
+ {
+ return delegate.createSocket( host, port );
+ }
+ catch ( IOException e )
+ {
+ e.printStackTrace();
+ throw e;
+ }
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public Socket createSocket( InetAddress host, int port ) throws IOException
+ {
+ try
+ {
+ return delegate.createSocket( host, port );
+ }
+ catch ( IOException e )
+ {
+ e.printStackTrace();
+ throw e;
+ }
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public Socket createSocket( String host, int port, InetAddress localHost, int localPort ) throws IOException,
+ UnknownHostException
+ {
+ try
+ {
+ return delegate.createSocket( host, port, localHost, localPort );
+ }
+ catch ( IOException e )
+ {
+ e.printStackTrace();
+ throw e;
+ }
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public Socket createSocket( InetAddress address, int port, InetAddress localhAddress, int localPort )
+ throws IOException
+ {
+ try
+ {
+ return delegate.createSocket( address, port, localhAddress, localPort );
+ }
+ catch ( IOException e )
+ {
+ e.printStackTrace();
+ throw e;
+ }
+ }
+
+}
Propchange: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java?rev=776054&view=auto
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java (added)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java Mon May 18 19:08:08 2009
@@ -0,0 +1,106 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.studio.connection.core.io.jndi;
+
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+import org.apache.directory.studio.connection.core.ConnectionCorePlugin;
+import org.apache.directory.studio.connection.core.ICertificateHandler;
+import org.apache.directory.studio.connection.core.Messages;
+
+
+/**
+ * A wrapper for a real {@link TrustManager}. If the certificate chain is not trusted
+ * then ask the user.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+class StudioTrustManager implements X509TrustManager
+{
+ private X509TrustManager jvmTrustManager;
+
+
+ /**
+ * Creates a new instance of StudioTrustManager.
+ *
+ * @param jvmTrustManager the JVM trust manager
+ *
+ * @throws Exception the exception
+ */
+ StudioTrustManager( X509TrustManager jvmTrustManager ) throws Exception
+ {
+ this.jvmTrustManager = jvmTrustManager;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public void checkClientTrusted( X509Certificate[] chain, String authType ) throws CertificateException
+ {
+ jvmTrustManager.checkClientTrusted( chain, authType );
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public void checkServerTrusted( X509Certificate[] chain, String authType ) throws CertificateException
+ {
+ try
+ {
+ jvmTrustManager.checkServerTrusted( chain, authType );
+ }
+ catch ( CertificateException e1 )
+ {
+ // ask for confirmation
+ ICertificateHandler ch = ConnectionCorePlugin.getDefault().getCertificateHandler();
+ ICertificateHandler.TrustLevel trustLevel = ch.verifyTrustLevel( chain );
+ switch ( trustLevel )
+ {
+ case Permanent:
+ // TODO: put to permanent trust store
+ break;
+ case Session:
+ // TODO: put to session trust store???
+ break;
+ case Not:
+ throw new CertificateException( Messages.error__untrusted_certificate, e1 );
+ }
+ }
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public X509Certificate[] getAcceptedIssuers()
+ {
+ return jvmTrustManager.getAcceptedIssuers();
+ }
+
+}
Propchange: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/jobs/StudioConnectionJob.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/jobs/StudioConnectionJob.java?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/jobs/StudioConnectionJob.java (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/jobs/StudioConnectionJob.java Mon May 18 19:08:08 2009
@@ -143,7 +143,7 @@
}
else if ( monitor.errorsReported() )
{
- return Status.OK_STATUS;
+ return monitor.getErrorStatus( runnables[0].getErrorMessage() );
}
else
{
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages.properties?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages.properties (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages.properties Mon May 18 19:08:08 2009
@@ -25,6 +25,7 @@
error__unable_to_get_plugin_properties=Unable to get the plugin properties.
error__loop_detected=Loop detected while following referral: {0}
error__connection_is_readonly=Connection '{0}' is read only.
+error__untrusted_certificate=Untrusted certificate.
model__no_auth_handler=No authentification handler
model__no_credentials=No credentials
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_de.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_de.properties?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_de.properties (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_de.properties Mon May 18 19:08:08 2009
@@ -24,6 +24,7 @@
error__unable_to_create_jndi_logger=JNDI Logger konnte nicht initialisiert werden
error__unable_to_get_plugin_properties=Plugin properties nicht gefunden.
error__connection_is_readonly=Verbindung '{0}' ist schreibgesch\u00FCtzt."
+error__untrusted_certificate=Nichtvertrauliches Zertifikat.
model__no_auth_handler=Kein Authentifizierungs-Handhaber
model__no_credentials=Keine Anmeldeinformationen
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_fr.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_fr.properties?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_fr.properties (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_fr.properties Mon May 18 19:08:08 2009
@@ -25,6 +25,7 @@
error__unable_to_get_plugin_properties=Impossible de r\u00E9cup\u00E9rer les propri\u00E9t\u00E9s du plugin.
error__loop_detected=Une boucle a \u00E9t\u00E9 d\u00E9tect\u00E9 en suivant le r\u00E9f\u00E9rent suivant: {0}
error__connection_is_readonly=La connexion '{0}' est en lecture seule.
+error__untrusted_certificate=TODO:Untrusted certificate.
model__no_auth_handler=Pas de gestionnaire d'authentification
model__no_credentials=Pas de mot de passe
Added: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUICertificateHandler.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUICertificateHandler.java?rev=776054&view=auto
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUICertificateHandler.java (added)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUICertificateHandler.java Mon May 18 19:08:08 2009
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.studio.connection.ui;
+
+
+import java.security.cert.X509Certificate;
+
+import org.apache.directory.studio.connection.core.ICertificateHandler;
+import org.apache.directory.studio.connection.ui.dialogs.CertificateTrustDialog;
+import org.eclipse.ui.PlatformUI;
+
+
+/**
+ * Default implementation of {@link ICertificateHandler}.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class ConnectionUICertificateHandler implements ICertificateHandler
+{
+
+ /**
+ * {@inheritDoc}
+ */
+ public TrustLevel verifyTrustLevel( final X509Certificate[] certChain )
+ {
+ // open dialog
+ final TrustLevel[] trustLevel = new TrustLevel[1];
+ PlatformUI.getWorkbench().getDisplay().syncExec( new Runnable()
+ {
+ public void run()
+ {
+ CertificateTrustDialog dialog = new CertificateTrustDialog( PlatformUI.getWorkbench().getDisplay()
+ .getActiveShell(), certChain );
+ dialog.open();
+ trustLevel[0] = dialog.getTrustLevel();
+ }
+ } );
+
+ return trustLevel[0];
+ }
+
+}
Propchange: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUICertificateHandler.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUIPlugin.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUIPlugin.java?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUIPlugin.java (original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUIPlugin.java Mon May 18 19:08:08 2009
@@ -82,6 +82,7 @@
ConnectionCorePlugin.getDefault().setAuthHandler( new UIAuthHandler() );
ConnectionCorePlugin.getDefault().setReferralHandler( new ConnectionUIReferralHandler() );
+ ConnectionCorePlugin.getDefault().setCertificateHandler( new ConnectionUICertificateHandler() );
}
Added: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/CertificateTrustDialog.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/CertificateTrustDialog.java?rev=776054&view=auto
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/CertificateTrustDialog.java (added)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/CertificateTrustDialog.java Mon May 18 19:08:08 2009
@@ -0,0 +1,173 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.studio.connection.ui.dialogs;
+
+
+import java.security.cert.X509Certificate;
+
+import org.apache.directory.studio.connection.core.ICertificateHandler;
+import org.apache.directory.studio.connection.ui.widgets.BaseWidgetUtils;
+import org.eclipse.jface.dialogs.Dialog;
+import org.eclipse.jface.dialogs.IDialogConstants;
+import org.eclipse.swt.SWT;
+import org.eclipse.swt.events.SelectionAdapter;
+import org.eclipse.swt.events.SelectionEvent;
+import org.eclipse.swt.layout.GridData;
+import org.eclipse.swt.layout.GridLayout;
+import org.eclipse.swt.widgets.Button;
+import org.eclipse.swt.widgets.Composite;
+import org.eclipse.swt.widgets.Control;
+import org.eclipse.swt.widgets.Label;
+import org.eclipse.swt.widgets.Shell;
+
+
+/**
+ * Dialog to ask for certificate trust.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class CertificateTrustDialog extends Dialog
+{
+
+ /** The title. */
+ private String title;
+
+ /** The trust level. */
+ private ICertificateHandler.TrustLevel trustLevel;
+
+ /** The certificate chain. */
+ private X509Certificate[] certificateChain;
+
+ /** The "Don't trust" button. */
+ private Button trustNotButton;
+
+ /** The "Trust in current session" button. */
+ private Button trustSessionButton;
+
+ /** The "Trust permanent" button. */
+ private Button trustPermanentButton;
+
+
+ /**
+ * Creates a new instance of CertificateTrustDialog.
+ *
+ * @param parentShell the parent shell
+ * @param certificateChain the certificate chain
+ */
+ public CertificateTrustDialog( Shell parentShell, X509Certificate[] certificateChain )
+ {
+ super( parentShell );
+ super.setShellStyle( super.getShellStyle() | SWT.RESIZE );
+ this.title = Messages.getString( "CertificateTrustDialog.CertificateTrust" ); //$NON-NLS-1$
+ this.certificateChain = certificateChain;
+ this.trustLevel = null;
+ }
+
+
+ @Override
+ protected void configureShell( Shell shell )
+ {
+ super.configureShell( shell );
+ shell.setText( title );
+ }
+
+
+ @Override
+ protected void createButtonsForButtonBar( Composite parent )
+ {
+ createButton( parent, IDialogConstants.OK_ID, IDialogConstants.OK_LABEL, false );
+ }
+
+
+ /**
+ * Gets the trust level.
+ *
+ * @return the trust level
+ */
+ public ICertificateHandler.TrustLevel getTrustLevel()
+ {
+ return trustLevel;
+ }
+
+
+ @Override
+ protected Control createDialogArea( final Composite parent )
+ {
+ Composite composite = ( Composite ) super.createDialogArea( parent );
+ GridLayout gl = new GridLayout();
+ composite.setLayout( gl );
+ GridData gd = new GridData( GridData.FILL_BOTH );
+ gd.widthHint = convertHorizontalDLUsToPixels( IDialogConstants.MINIMUM_MESSAGE_AREA_WIDTH );
+ gd.heightHint = convertHorizontalDLUsToPixels( IDialogConstants.MINIMUM_MESSAGE_AREA_WIDTH / 2 );
+ composite.setLayoutData( gd );
+
+ BaseWidgetUtils.createWrappedLabel( composite, Messages.getString( "CertificateTrustDialog.Description" ), 1 ); //$NON-NLS-1$
+ BaseWidgetUtils.createWrappedLabel( composite, Messages.getString( "CertificateTrustDialog.TheDnIs" ), 1 ); //$NON-NLS-1$
+
+ Label issuerDNLabel = BaseWidgetUtils.createWrappedLabel( composite, "", 1 ); //$NON-NLS-1$
+ if ( ( certificateChain != null ) && ( certificateChain.length > 0 ) )
+ {
+ issuerDNLabel.setText( certificateChain[0].getIssuerX500Principal().getName() );
+ }
+ else
+ {
+ issuerDNLabel.setText( "Unknown" ); //$NON-NLS-1$
+ }
+
+ trustNotButton = BaseWidgetUtils.createRadiobutton( composite, Messages
+ .getString( "CertificateTrustDialog.DoNotTrust" ), 1 ); //$NON-NLS-1$
+ trustNotButton.addSelectionListener( new SelectionAdapter()
+ {
+ public void widgetSelected( final SelectionEvent e )
+ {
+ CertificateTrustDialog.this.trustLevel = ICertificateHandler.TrustLevel.Not;
+ }
+ } );
+
+ trustSessionButton = BaseWidgetUtils.createRadiobutton( composite, Messages
+ .getString( "CertificateTrustDialog.TrustForThisSession" ), 1 ); //$NON-NLS-1$
+
+ trustSessionButton.addSelectionListener( new SelectionAdapter()
+ {
+ public void widgetSelected( final SelectionEvent e )
+ {
+ CertificateTrustDialog.this.trustLevel = ICertificateHandler.TrustLevel.Session;
+ }
+ } );
+
+ trustPermanentButton = BaseWidgetUtils.createRadiobutton( composite, Messages
+ .getString( "CertificateTrustDialog.AlwaysTrust" ), 1 ); //$NON-NLS-1$
+ trustPermanentButton.addSelectionListener( new SelectionAdapter()
+ {
+ public void widgetSelected( final SelectionEvent e )
+ {
+ CertificateTrustDialog.this.trustLevel = ICertificateHandler.TrustLevel.Permanent;
+ }
+ } );
+
+ // default settings
+ trustNotButton.setSelection( true );
+ trustLevel = ICertificateHandler.TrustLevel.Not;
+
+ return composite;
+ }
+
+}
Propchange: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/CertificateTrustDialog.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages.properties?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages.properties (original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages.properties Mon May 18 19:08:08 2009
@@ -17,3 +17,9 @@
SelectReferralConnectionDialog.SelectConnectionToHandleReferral=Please select a connection to handle referral
SelectReferralConnectionDialog.SelectReferralConenction=Select Referral Connection
+CertificateTrustDialog.AlwaysTrust=Always trust this certificate.
+CertificateTrustDialog.CertificateTrust=Certificate Trust
+CertificateTrustDialog.Description=A secured LDAP connection requires to trust a certificate. The certificate is issued by an unknown Certificate Authority (CA). Please verify if you trust the certificate.
+CertificateTrustDialog.DoNotTrust=Don't trust this certificate.
+CertificateTrustDialog.TheDnIs=The issuer of the certificate is:
+CertificateTrustDialog.TrustForThisSession=Trust this certificate for this session.
Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties (original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties Mon May 18 19:08:08 2009
@@ -17,3 +17,9 @@
SelectReferralConnectionDialog.SelectConnectionToHandleReferral=Bitte w\u00E4hlen Sie den Verweis verwaltende Verbindung aus
SelectReferralConnectionDialog.SelectReferralConenction=W\u00E4hlen Sie die verweisende Verbindung aus
+CertificateTrustDialog.AlwaysTrust=Diesem Zertifikat immer vertrauten.
+CertificateTrustDialog.CertificateTrust=Ung\u00FCltiges Zertifikat
+CertificateTrustDialog.Description=Eine sichere LDAP Verbindung erfordert ein gültiges Zertifikat. Das Zertifikat wurde durch eine unbekannten Stelle (CA) ausgestellt. Bitte bestätigen Sie, ob Sie dem Zertifikat vertrauen wollen.
+CertificateTrustDialog.DoNotTrust=Diesem Zertifikat nicht vertrauten.
+CertificateTrustDialog.TheDnIs=Der Aussteller des Zertifikates ist:
+CertificateTrustDialog.TrustForThisSession=Diesem Zertifikat für diese Sitzung vertrauen.
\ No newline at end of file
Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_fr.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_fr.properties?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_fr.properties (original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_fr.properties Mon May 18 19:08:08 2009
@@ -17,3 +17,9 @@
SelectReferralConnectionDialog.SelectConnectionToHandleReferral=Veuillez s\u00E9lectionner une connexion vers un referral
SelectReferralConnectionDialog.SelectReferralConenction=S\u00E9lectionnez la connexion vers le referral de votre choix
+CertificateTrustDialog.AlwaysTrust=TODO:Always trust this certificate.
+CertificateTrustDialog.CertificateTrust=TODO:Certificate Trust
+CertificateTrustDialog.Description=TODO:A secured LDAP connection requires to trust a certificate. The certificate is issued by an unknown Certificate Authority (CA). Please verify if you trust the certificate.
+CertificateTrustDialog.DoNotTrust=TODO:Don't trust this certificate.
+CertificateTrustDialog.TheDnIs=TODO:The issuer of the certificate is:
+CertificateTrustDialog.TrustForThisSession=TODO:Trust this certificate for this session.
Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/NetworkParameterPage.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/NetworkParameterPage.java?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/NetworkParameterPage.java (original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/NetworkParameterPage.java Mon May 18 19:08:08 2009
@@ -28,6 +28,7 @@
import org.apache.directory.shared.ldap.util.LdapURL;
import org.apache.directory.shared.ldap.util.LdapURL.Extension;
import org.apache.directory.studio.connection.core.Connection;
+import org.apache.directory.studio.connection.core.ConnectionCoreConstants;
import org.apache.directory.studio.connection.core.ConnectionCorePlugin;
import org.apache.directory.studio.connection.core.ConnectionParameter;
import org.apache.directory.studio.connection.core.ConnectionParameter.EncryptionMethod;
@@ -197,9 +198,15 @@
int index = 0;
BaseWidgetUtils.createLabel( groupComposite, Messages.getString( "NetworkParameterPage.EncryptionMethod" ), 1 ); //$NON-NLS-1$
encryptionMethodCombo = BaseWidgetUtils.createReadonlyCombo( groupComposite, encMethods, index, 2 );
- BaseWidgetUtils.createSpacer( groupComposite, 1 );
- BaseWidgetUtils.createLabel( groupComposite, Messages
- .getString( "NetworkParameterPage.WarningCertificateValidation" ), 2 ); //$NON-NLS-1$
+
+ boolean validateCertificates = ConnectionCorePlugin.getDefault().getPluginPreferences().getBoolean(
+ ConnectionCoreConstants.PREFERENCE_VALIDATE_CERTIFICATES );
+ if ( !validateCertificates )
+ {
+ BaseWidgetUtils.createSpacer( groupComposite, 1 );
+ BaseWidgetUtils.createLabel( groupComposite, Messages
+ .getString( "NetworkParameterPage.WarningCertificateValidation" ), 2 ); //$NON-NLS-1$
+ }
BaseWidgetUtils.createSpacer( groupComposite, 2 );
checkConnectionButton = new Button( groupComposite, SWT.PUSH );
Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages.properties?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages.properties (original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages.properties Mon May 18 19:08:08 2009
@@ -44,4 +44,4 @@
NetworkParameterPage.Port=Port:
NetworkParameterPage.UseSSLEncryption=Use SSL encryption (ldaps://)
NetworkParameterPage.UseStartTLS=Use StartTLS extension
-NetworkParameterPage.WarningCertificateValidation=Warning\:\nThe current version doesn't support certificate validation, \naware of invalid certificates or man-in-the-middle attacks\!
+NetworkParameterPage.WarningCertificateValidation=Warning\:\nCertificate validation is disabled, \nbe aware of invalid certificates or man-in-the-middle attacks\!
Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages_de.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages_de.properties?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages_de.properties (original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages_de.properties Mon May 18 19:08:08 2009
@@ -41,4 +41,4 @@
NetworkParameterPage.PleaseEnterPort=Geben Sie bitte einen Port ein. LDAP Standard ist Port 389.
NetworkParameterPage.UseSSLEncryption=SSL Verschl\u00FCsselung (ldaps\://)
NetworkParameterPage.UseStartTLS=StartTLS Erweiterung
-NetworkParameterPage.WarningCertificateValidation=Warnung\:\nDie aktuelle Version unterst\u00FCtzt keine Zertifikat\u00FCberpr\u00FCfung,\nsind Sie sich der Gefahr von ung\u00FCltigen Zertifikaten\noder 'man-in-the-middle' Angriffen bewusst\!
+NetworkParameterPage.WarningCertificateValidation=Warnung\:\nZertifikat Validierung ist deaktiviert,\nsind Sie sich der Gefahr von ung\u00FCltigen Zertifikaten\noder 'man-in-the-middle' Angriffen bewusst\!
Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages_fr.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages_fr.properties?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages_fr.properties (original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages_fr.properties Mon May 18 19:08:08 2009
@@ -41,4 +41,4 @@
NetworkParameterPage.PleaseEnterPort=Veuillez entrer un port. Le port par d\u00E9fault pour LDAP est 389.
NetworkParameterPage.UseSSLEncryption=Utilise l'encryption SSL (ldaps://)
NetworkParameterPage.UseStartTLS=Utilise l'extension StartTLS
-NetworkParameterPage.WarningCertificateValidation=Attention :\n la version actuelle ne supporte pas la validation de certificat, \nm\u00E9fiez-vous des certificats invalides ou des attaques par interposition (man-in-the-middle)\!
+NetworkParameterPage.WarningCertificateValidation=TODO:Attention :\n Certificate validation is disabled, \nm\u00E9fiez-vous des certificats invalides ou des attaques par interposition (man-in-the-middle)\!
Modified: directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/MainPreferencePage.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/MainPreferencePage.java?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/MainPreferencePage.java (original)
+++ directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/MainPreferencePage.java Mon May 18 19:08:08 2009
@@ -28,6 +28,7 @@
import org.eclipse.core.runtime.Preferences;
import org.eclipse.jface.preference.PreferencePage;
import org.eclipse.osgi.util.NLS;
+import org.eclipse.swt.widgets.Button;
import org.eclipse.swt.widgets.Composite;
import org.eclipse.swt.widgets.Control;
import org.eclipse.swt.widgets.Group;
@@ -47,6 +48,8 @@
private Text jndiLdapContextProvider;
+ private Button verifyCertificatesButton;
+
/**
*
@@ -54,9 +57,9 @@
*/
public MainPreferencePage()
{
- super( Messages.getString("MainPreferencePage.LDAP") ); //$NON-NLS-1$
+ super( Messages.getString( "MainPreferencePage.LDAP" ) ); //$NON-NLS-1$
super.setPreferenceStore( BrowserCommonActivator.getDefault().getPreferenceStore() );
- super.setDescription( Messages.getString("MainPreferencePage.GeneralSettings") ); //$NON-NLS-1$
+ super.setDescription( Messages.getString( "MainPreferencePage.GeneralSettings" ) ); //$NON-NLS-1$
}
@@ -78,18 +81,25 @@
BaseWidgetUtils.createSpacer( composite, 1 );
BaseWidgetUtils.createSpacer( composite, 1 );
- Group group = BaseWidgetUtils.createGroup( BaseWidgetUtils.createColumnContainer( composite, 1, 1 ),
- Messages.getString("MainPreferencePage.ContextProvider"), 1 ); //$NON-NLS-1$
+ Group group = BaseWidgetUtils.createGroup( BaseWidgetUtils.createColumnContainer( composite, 1, 1 ), Messages
+ .getString( "MainPreferencePage.ContextProvider" ), 1 ); //$NON-NLS-1$
Preferences preferences = ConnectionCorePlugin.getDefault().getPluginPreferences();
String ldapCtxFactory = preferences.getString( ConnectionCoreConstants.PREFERENCE_LDAP_CONTEXT_FACTORY );
String defaultLdapCtxFactory = preferences
.getDefaultString( ConnectionCoreConstants.PREFERENCE_LDAP_CONTEXT_FACTORY );
- String note = NLS.bind(Messages.getString("MainPreferencePage.SystemDetectedContextFactory"), defaultLdapCtxFactory); //$NON-NLS-1$
+ String note = NLS.bind(
+ Messages.getString( "MainPreferencePage.SystemDetectedContextFactory" ), defaultLdapCtxFactory ); //$NON-NLS-1$
jndiLdapContextProvider = BaseWidgetUtils.createText( group, ldapCtxFactory, 1 );
BaseWidgetUtils.createWrappedLabel( group, note, 1 );
+ boolean validateCertificates = preferences
+ .getBoolean( ConnectionCoreConstants.PREFERENCE_VALIDATE_CERTIFICATES );
+ verifyCertificatesButton = BaseWidgetUtils.createCheckbox( composite, Messages
+ .getString( "MainPreferencePage.ValidateCertificates" ), 1 ); //$NON-NLS-1$
+ verifyCertificatesButton.setSelection( validateCertificates );
+
return composite;
}
@@ -101,6 +111,8 @@
{
jndiLdapContextProvider.setText( ConnectionCorePlugin.getDefault().getPluginPreferences().getDefaultString(
ConnectionCoreConstants.PREFERENCE_LDAP_CONTEXT_FACTORY ) );
+ verifyCertificatesButton.setSelection( ConnectionCorePlugin.getDefault().getPluginPreferences()
+ .getDefaultBoolean( ConnectionCoreConstants.PREFERENCE_VALIDATE_CERTIFICATES ) );
super.performDefaults();
}
@@ -112,6 +124,8 @@
{
ConnectionCorePlugin.getDefault().getPluginPreferences().setValue(
ConnectionCoreConstants.PREFERENCE_LDAP_CONTEXT_FACTORY, jndiLdapContextProvider.getText() );
+ ConnectionCorePlugin.getDefault().getPluginPreferences().setValue(
+ ConnectionCoreConstants.PREFERENCE_VALIDATE_CERTIFICATES, verifyCertificatesButton.getSelection() );
return true;
}
Modified: directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/messages.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/messages.properties?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/messages.properties (original)
+++ directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/messages.properties Mon May 18 19:08:08 2009
@@ -81,6 +81,7 @@
MainPreferencePage.GeneralSettings=General settings for the LDAP browser:
MainPreferencePage.LDAP=LDAP
MainPreferencePage.SystemDetectedContextFactory=Note: The system detected ''{0}''.
+MainPreferencePage.ValidateCertificates=Validate certificates for secure LDAP connections
SyntaxDialog.SelectSyntaxOID=Select Syntax OID
SyntaxDialog.SyntaxOID=Syntax OID:
SyntaxValueEditorDialog.AttributeValueEditor=Attribute Value Editor
Modified: directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/messages_de.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/messages_de.properties?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/messages_de.properties (original)
+++ directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/messages_de.properties Mon May 18 19:08:08 2009
@@ -81,6 +81,7 @@
MainPreferencePage.GeneralSettings=Allgemeine Einstellungen f\u00FCr den LDAP Browser:
MainPreferencePage.LDAP=LDAP
MainPreferencePage.SystemDetectedContextFactory=Hinweis: Das System hat ''{0}'' ermittelt.
+MainPreferencePage.ValidateCertificates=Zertifikate für sichere LDAP Verbindungen validieren
SyntaxDialog.SelectSyntaxOID=Syntax OID ausw\u00E4hlen
SyntaxDialog.SyntaxOID=Syntax OID:
SyntaxValueEditorDialog.AttributeValueEditor=Attribut Wert Editor
Modified: directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/messages_fr.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/messages_fr.properties?rev=776054&r1=776053&r2=776054&view=diff
==============================================================================
--- directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/messages_fr.properties (original)
+++ directory/studio/trunk/ldapbrowser-common/src/main/java/org/apache/directory/studio/ldapbrowser/common/dialogs/preferences/messages_fr.properties Mon May 18 19:08:08 2009
@@ -81,6 +81,7 @@
MainPreferencePage.GeneralSettings=R\u00E9glages g\u00E9n\u00E9raux pour le navigateur LDAP:
MainPreferencePage.LDAP=LDAP
MainPreferencePage.SystemDetectedContextFactory=Note: Le syst\u00E8me a d\u00E9tect\u00E9 ''{0}''.
+MainPreferencePage.ValidateCertificates=TODO:Validate certificates for secure LDAP connections
SyntaxDialog.SelectSyntaxOID=S\u00E9lectionner l'OID de la syntaxe
SyntaxDialog.SyntaxOID=OID de la syntaxe:
SyntaxValueEditorDialog.AttributeValueEditor=Attribut d'\u00E9diteur de valeur