You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by se...@apache.org on 2009/05/28 21:46:35 UTC
svn commit: r779740 - in /directory/studio/trunk: ./
connection-core/src/main/java/org/apache/directory/studio/connection/core/
connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/
connection-ui/src/main/java/org/apache/di...
Author: seelmann
Date: Thu May 28 19:46:35 2009
New Revision: 779740
URL: http://svn.apache.org/viewvc?rev=779740&view=rev
Log:
DIRSTUDIO-263 (Add certificate validation for ldaps and StartTLS):
o Added host name verification
o Added more info to certificate trust dialog
Modified:
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePlugin.java
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ICertificateHandler.java
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/JNDIConnectionWrapper.java
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java
directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUICertificateHandler.java
directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/CertificateTrustDialog.java
directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages.properties
directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties
directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_fr.properties
directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/CertificateInfoComposite.java
directory/studio/trunk/jars/pom.xml
directory/studio/trunk/pom.xml
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePlugin.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePlugin.java?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePlugin.java (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ConnectionCorePlugin.java Thu May 28 19:46:35 2009
@@ -346,7 +346,8 @@
// that just returns "No"
certificateHandler = new ICertificateHandler()
{
- public TrustLevel verifyTrustLevel( X509Certificate[] certChain )
+ public TrustLevel verifyTrustLevel( String host, X509Certificate[] certChain,
+ List<ICertificateHandler.FailCause> failCauses )
{
return TrustLevel.Not;
}
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ICertificateHandler.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ICertificateHandler.java?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ICertificateHandler.java (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/ICertificateHandler.java Thu May 28 19:46:35 2009
@@ -22,6 +22,7 @@
import java.security.cert.X509Certificate;
+import java.util.List;
/**
@@ -35,34 +36,51 @@
{
/**
- * The trust level of a certificate
+ * The trust level of a certificate.
*/
enum TrustLevel
{
- /**
- * Don't trust a certificate.
- */
+ /** Don't trust a certificate. */
Not,
- /**
- * Trust a certificate within the current session.
- */
+ /** Trust a certificate within the current session. */
Session,
- /**
- * Trust a certificate permanently.
- */
+ /** Trust a certificate permanently. */
Permanent;
}
+ /**
+ * The cause of certificate verification failure.
+ */
+ enum FailCause
+ {
+ /** No valid certification path, i.e. unknown issuer. */
+ NoValidCertificationPath,
+
+ /** Certificate is not valid yet */
+ CertificateNotYetValid,
+
+ /** Certificate is expired */
+ CertificateExpired,
+
+ /** Certificate is self signed */
+ SelfSignedCertificate,
+
+ /** The host name of the server doesn't match the host name in certificate */
+ HostnameVerificationFailed
+ }
+
/**
* Verifies the trust level of the given certificate chain.
*
- * @param cert the certificate chain
+ * @param certChain the certificate chain
+ * @param failCauses the causes of failed certificate validation
*
* @return the trust level
*/
- TrustLevel verifyTrustLevel( X509Certificate[] certChain );
+ TrustLevel verifyTrustLevel( String host, X509Certificate[] certChain,
+ List<ICertificateHandler.FailCause> failCauses );
}
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/JNDIConnectionWrapper.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/JNDIConnectionWrapper.java?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/JNDIConnectionWrapper.java (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/JNDIConnectionWrapper.java Thu May 28 19:46:35 2009
@@ -858,7 +858,7 @@
{
environment.put( Context.PROVIDER_URL, LdapURL.LDAPS_SCHEME + host + ':' + port );
environment.put( Context.SECURITY_PROTOCOL, "ssl" ); //$NON-NLS-1$
- // TODO: host name validation
+ // host name verification is done in StudioTrustManager
environment.put( JAVA_NAMING_LDAP_FACTORY_SOCKET, validateCertificates ? StudioSSLSocketFactory.class
.getName() : DummySSLSocketFactory.class.getName() );
}
@@ -886,7 +886,8 @@
{
StartTlsResponse tls = ( StartTlsResponse ) context
.extendedOperation( new StartTlsRequest() );
- // TODO: host name validation
+ // deactivate host name verification at this level,
+ // host name verification is done in StudioTrustManager
tls.setHostnameVerifier( new HostnameVerifier()
{
public boolean verify( String hostname, SSLSession session )
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java Thu May 28 19:46:35 2009
@@ -67,6 +67,9 @@
/** The delegate. */
private SSLSocketFactory delegate;
+ /** The trust managers. */
+ private StudioTrustManager[] trustManagers;
+
/**
* Creates a new instance of StudioSSLSocketFactory.
@@ -84,14 +87,15 @@
TrustManager[] defaultTrustManagers = factory.getTrustManagers();
// create wrappers around the trust managers
+ trustManagers = new StudioTrustManager[defaultTrustManagers.length];
for ( int i = 0; i < defaultTrustManagers.length; i++ )
{
- defaultTrustManagers[i] = new StudioTrustManager( ( X509TrustManager ) defaultTrustManagers[i] );
+ trustManagers[i] = new StudioTrustManager( ( X509TrustManager ) defaultTrustManagers[i] );
}
// create the real socket factory
SSLContext sc = SSLContext.getInstance( "TLS" ); //$NON-NLS-1$
- sc.init( null, defaultTrustManagers, null );
+ sc.init( null, trustManagers, null );
delegate = sc.getSocketFactory();
}
catch ( Exception e )
@@ -127,6 +131,7 @@
{
try
{
+ updateTrustManagers( host );
return delegate.createSocket( s, host, port, autoClose );
}
catch ( IOException e )
@@ -144,6 +149,7 @@
{
try
{
+ updateTrustManagers( host );
return delegate.createSocket( host, port );
}
catch ( IOException e )
@@ -161,6 +167,7 @@
{
try
{
+ updateTrustManagers( host );
return delegate.createSocket( host, port );
}
catch ( IOException e )
@@ -179,6 +186,7 @@
{
try
{
+ updateTrustManagers( host );
return delegate.createSocket( host, port, localHost, localPort );
}
catch ( IOException e )
@@ -192,12 +200,13 @@
/**
* {@inheritDoc}
*/
- public Socket createSocket( InetAddress address, int port, InetAddress localhAddress, int localPort )
+ public Socket createSocket( InetAddress address, int port, InetAddress localAddress, int localPort )
throws IOException
{
try
{
- return delegate.createSocket( address, port, localhAddress, localPort );
+ updateTrustManagers( address );
+ return delegate.createSocket( address, port, localAddress, localPort );
}
catch ( IOException e )
{
@@ -206,4 +215,18 @@
}
}
+
+ private void updateTrustManagers( InetAddress address )
+ {
+ updateTrustManagers( address.getHostName() );
+ }
+
+
+ private void updateTrustManagers( String host )
+ {
+ for ( StudioTrustManager trustManager : trustManagers )
+ {
+ trustManager.setHost( host );
+ }
+ }
}
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java Thu May 28 19:46:35 2009
@@ -23,16 +23,24 @@
import java.security.KeyStore;
import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
import java.util.Enumeration;
+import java.util.List;
+import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
+import javax.security.auth.x500.X500Principal;
import org.apache.directory.studio.connection.core.ConnectionCorePlugin;
import org.apache.directory.studio.connection.core.ICertificateHandler;
import org.apache.directory.studio.connection.core.Messages;
+import org.apache.directory.studio.connection.core.ICertificateHandler.FailCause;
+import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
/**
@@ -45,6 +53,7 @@
class StudioTrustManager implements X509TrustManager
{
private X509TrustManager jvmTrustManager;
+ private String host;
/**
@@ -61,6 +70,17 @@
/**
+ * Sets the host, used to verify the hostname of the certificate.
+ *
+ * @param host the new host
+ */
+ void setHost( String host )
+ {
+ this.host = host;
+ }
+
+
+ /**
* {@inheritDoc}
*/
public void checkClientTrusted( X509Certificate[] chain, String authType ) throws CertificateException
@@ -74,51 +94,96 @@
*/
public void checkServerTrusted( X509Certificate[] chain, String authType ) throws CertificateException
{
+ // check permanent trusted certificates, return on success
+ try
+ {
+ X509TrustManager permanentTrustManager = getPermanentTrustManager();
+ if ( permanentTrustManager != null )
+ {
+ permanentTrustManager.checkServerTrusted( chain, authType );
+ return;
+ }
+ }
+ catch ( CertificateException ce )
+ {
+ }
+
+ // check temporary trusted certificates, return on success
+ try
+ {
+ X509TrustManager sessionTrustManager = getSessionTrustManager();
+ if ( sessionTrustManager != null )
+ {
+ sessionTrustManager.checkServerTrusted( chain, authType );
+ return;
+ }
+ }
+ catch ( CertificateException ce )
+ {
+ }
+
+ // below here no manually trusted certificate (either permanent or temporary) matched
+ List<ICertificateHandler.FailCause> failCauses = new ArrayList<ICertificateHandler.FailCause>();
+
+ // perform trust check of JVM trust manager
try
{
jvmTrustManager.checkServerTrusted( chain, authType );
}
- catch ( CertificateException e1 )
+ catch ( CertificateException ce )
{
- try
+ if ( ce instanceof CertificateExpiredException )
{
- X509TrustManager permanentTrustManager = getPermanentTrustManager();
- if ( permanentTrustManager == null )
- {
- throw e1;
- }
- permanentTrustManager.checkServerTrusted( chain, authType );
+ failCauses.add( FailCause.CertificateExpired );
}
- catch ( CertificateException e2 )
+ else if ( ce instanceof CertificateNotYetValidException )
{
- try
+ failCauses.add( FailCause.CertificateNotYetValid );
+ }
+ else
+ {
+ X500Principal issuerX500Principal = chain[0].getIssuerX500Principal();
+ X500Principal subjectX500Principal = chain[0].getSubjectX500Principal();
+ if ( issuerX500Principal.equals( subjectX500Principal ) )
{
- X509TrustManager sessionTrustManager = getSessionTrustManager();
- if ( sessionTrustManager == null )
- {
- throw e2;
- }
- sessionTrustManager.checkServerTrusted( chain, authType );
+ failCauses.add( FailCause.SelfSignedCertificate );
}
- catch ( CertificateException e3 )
+ else
{
- // ask for confirmation
- ICertificateHandler ch = ConnectionCorePlugin.getDefault().getCertificateHandler();
- ICertificateHandler.TrustLevel trustLevel = ch.verifyTrustLevel( chain );
- switch ( trustLevel )
- {
- case Permanent:
- ConnectionCorePlugin.getDefault().getPermanentTrustStoreManager().addCertificate( chain[0] );
- break;
- case Session:
- ConnectionCorePlugin.getDefault().getSessionTrustStoreManager().addCertificate( chain[0] );
- break;
- case Not:
- throw new CertificateException( Messages.error__untrusted_certificate, e1 );
- }
+ failCauses.add( FailCause.NoValidCertificationPath );
}
}
}
+
+ // perform host name verification
+ try
+ {
+ BrowserCompatHostnameVerifier hostnameVerifier = new BrowserCompatHostnameVerifier();
+ hostnameVerifier.verify( host, chain[0] );
+ }
+ catch ( SSLException ce )
+ {
+ failCauses.add( FailCause.HostnameVerificationFailed );
+ }
+
+ if ( !failCauses.isEmpty() )
+ {
+ // either trust check or host name verification
+ // ask for confirmation
+ ICertificateHandler ch = ConnectionCorePlugin.getDefault().getCertificateHandler();
+ ICertificateHandler.TrustLevel trustLevel = ch.verifyTrustLevel( host, chain, failCauses );
+ switch ( trustLevel )
+ {
+ case Permanent:
+ ConnectionCorePlugin.getDefault().getPermanentTrustStoreManager().addCertificate( chain[0] );
+ break;
+ case Session:
+ ConnectionCorePlugin.getDefault().getSessionTrustStoreManager().addCertificate( chain[0] );
+ break;
+ case Not:
+ throw new CertificateException( Messages.error__untrusted_certificate );
+ }
+ }
}
Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUICertificateHandler.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUICertificateHandler.java?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUICertificateHandler.java (original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/ConnectionUICertificateHandler.java Thu May 28 19:46:35 2009
@@ -22,6 +22,7 @@
import java.security.cert.X509Certificate;
+import java.util.List;
import org.apache.directory.studio.connection.core.ICertificateHandler;
import org.apache.directory.studio.connection.ui.dialogs.CertificateTrustDialog;
@@ -40,7 +41,8 @@
/**
* {@inheritDoc}
*/
- public TrustLevel verifyTrustLevel( final X509Certificate[] certChain )
+ public TrustLevel verifyTrustLevel( final String host, final X509Certificate[] certChain,
+ final List<ICertificateHandler.FailCause> failCauses )
{
// open dialog
final TrustLevel[] trustLevel = new TrustLevel[1];
@@ -49,7 +51,7 @@
public void run()
{
CertificateTrustDialog dialog = new CertificateTrustDialog( PlatformUI.getWorkbench().getDisplay()
- .getActiveShell(), certChain );
+ .getActiveShell(), host, certChain, failCauses );
dialog.open();
trustLevel[0] = dialog.getTrustLevel();
}
Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/CertificateTrustDialog.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/CertificateTrustDialog.java?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/CertificateTrustDialog.java (original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/CertificateTrustDialog.java Thu May 28 19:46:35 2009
@@ -21,20 +21,20 @@
import java.security.cert.X509Certificate;
+import java.util.List;
import org.apache.directory.studio.connection.core.ICertificateHandler;
import org.apache.directory.studio.connection.ui.widgets.BaseWidgetUtils;
import org.eclipse.jface.dialogs.Dialog;
import org.eclipse.jface.dialogs.IDialogConstants;
+import org.eclipse.osgi.util.NLS;
import org.eclipse.swt.SWT;
import org.eclipse.swt.events.SelectionAdapter;
import org.eclipse.swt.events.SelectionEvent;
import org.eclipse.swt.layout.GridData;
-import org.eclipse.swt.layout.GridLayout;
import org.eclipse.swt.widgets.Button;
import org.eclipse.swt.widgets.Composite;
import org.eclipse.swt.widgets.Control;
-import org.eclipse.swt.widgets.Label;
import org.eclipse.swt.widgets.Shell;
@@ -53,9 +53,15 @@
/** The trust level. */
private ICertificateHandler.TrustLevel trustLevel;
+ /** The host */
+ private String host;
+
/** The certificate chain. */
private X509Certificate[] certificateChain;
+ /** The causes of failed certificate validation. */
+ private List<ICertificateHandler.FailCause> failCauses;
+
/** The "Don't trust" button. */
private Button trustNotButton;
@@ -70,14 +76,19 @@
* Creates a new instance of CertificateTrustDialog.
*
* @param parentShell the parent shell
+ * @param host the host
* @param certificateChain the certificate chain
+ * @param failCauses the causes of failed certificate validation
*/
- public CertificateTrustDialog( Shell parentShell, X509Certificate[] certificateChain )
+ public CertificateTrustDialog( Shell parentShell, String host, X509Certificate[] certificateChain,
+ List<ICertificateHandler.FailCause> failCauses )
{
super( parentShell );
super.setShellStyle( super.getShellStyle() | SWT.RESIZE );
this.title = Messages.getString( "CertificateTrustDialog.CertificateTrust" ); //$NON-NLS-1$
+ this.host = host;
this.certificateChain = certificateChain;
+ this.failCauses = failCauses;
this.trustLevel = null;
}
@@ -93,18 +104,20 @@
@Override
protected void createButtonsForButtonBar( Composite parent )
{
+ createButton( parent, IDialogConstants.DETAILS_ID, Messages
+ .getString( "CertificateTrustDialog.ViewCertificate" ), false );
createButton( parent, IDialogConstants.OK_ID, IDialogConstants.OK_LABEL, false );
}
- /**
- * Gets the trust level.
- *
- * @return the trust level
- */
- public ICertificateHandler.TrustLevel getTrustLevel()
+ @Override
+ protected void buttonPressed( int buttonId )
{
- return trustLevel;
+ if ( buttonId == IDialogConstants.DETAILS_ID )
+ {
+ new CertificateInfoDialog( getShell(), certificateChain ).open();
+ }
+ super.buttonPressed( buttonId );
}
@@ -112,36 +125,49 @@
protected Control createDialogArea( final Composite parent )
{
Composite composite = ( Composite ) super.createDialogArea( parent );
- GridLayout gl = new GridLayout();
- composite.setLayout( gl );
GridData gd = new GridData( GridData.FILL_BOTH );
gd.widthHint = convertHorizontalDLUsToPixels( IDialogConstants.MINIMUM_MESSAGE_AREA_WIDTH );
gd.heightHint = convertHorizontalDLUsToPixels( IDialogConstants.MINIMUM_MESSAGE_AREA_WIDTH / 2 );
composite.setLayoutData( gd );
- BaseWidgetUtils.createWrappedLabel( composite, Messages.getString( "CertificateTrustDialog.Description" ), 1 ); //$NON-NLS-1$
- BaseWidgetUtils.createWrappedLabel( composite, Messages.getString( "CertificateTrustDialog.TheDnIs" ), 1 ); //$NON-NLS-1$
+ BaseWidgetUtils.createWrappedLabel( composite, NLS.bind( Messages
+ .getString( "CertificateTrustDialog.InvalidCertificate" ), host ), 1 ); //$NON-NLS-1$
- Composite innerComposite = BaseWidgetUtils.createColumnContainer( composite, 2, 1 );
- Label issuerDNLabel = BaseWidgetUtils.createWrappedLabel( innerComposite, "", 1 ); //$NON-NLS-1$
- if ( ( certificateChain != null ) && ( certificateChain.length > 0 ) )
- {
- issuerDNLabel.setText( certificateChain[0].getIssuerX500Principal().getName() );
- }
- else
- {
- issuerDNLabel.setText( " - " ); //$NON-NLS-1$
- }
- Button showCertificateDetailsButton = BaseWidgetUtils.createButton( innerComposite, Messages
- .getString( "CertificateTrustDialog.ViewCertificate" ), 1 );//$NON-NLS-1$
- showCertificateDetailsButton.addSelectionListener( new SelectionAdapter()
+ // failed cause
+ Composite failedCauseContainer = BaseWidgetUtils.createColumnContainer( composite, 1, 1 );
+ for ( ICertificateHandler.FailCause failCause : failCauses )
{
- @Override
- public void widgetSelected( SelectionEvent e )
+ // BaseWidgetUtils.createRadioIndent( failedCauseContainer, 1 );
+ switch ( failCause )
{
- new CertificateInfoDialog( getShell(), certificateChain ).open();
+ case SelfSignedCertificate:
+ BaseWidgetUtils.createWrappedLabel( failedCauseContainer, Messages
+ .getString( "CertificateTrustDialog.SelfSignedCertificate" ), 1 ); //$NON-NLS-1$
+ break;
+ case CertificateExpired:
+ BaseWidgetUtils.createWrappedLabel( failedCauseContainer, Messages
+ .getString( "CertificateTrustDialog.CertificateExpired" ), 1 ); //$NON-NLS-1$
+ break;
+ case CertificateNotYetValid:
+ BaseWidgetUtils.createWrappedLabel( failedCauseContainer, Messages
+ .getString( "CertificateTrustDialog.CertificateNotYetValid" ), 1 ); //$NON-NLS-1$
+ break;
+ case NoValidCertificationPath:
+ BaseWidgetUtils.createWrappedLabel( failedCauseContainer, Messages
+ .getString( "CertificateTrustDialog.NoValidCertificationPath" ), 1 ); //$NON-NLS-1$
+ break;
+ case HostnameVerificationFailed:
+ BaseWidgetUtils.createWrappedLabel( failedCauseContainer, Messages
+ .getString( "CertificateTrustDialog.HostnameVerificationFailed" ), 1 ); //$NON-NLS-1$
+ break;
}
- } );
+ }
+
+ BaseWidgetUtils.createSpacer( composite, 1 );
+ BaseWidgetUtils.createSpacer( composite, 1 );
+
+ BaseWidgetUtils.createWrappedLabel( composite, NLS.bind( Messages
+ .getString( "CertificateTrustDialog.ChooseTrustLevel" ), host ), 1 ); //$NON-NLS-1$
trustNotButton = BaseWidgetUtils.createRadiobutton( composite, Messages
.getString( "CertificateTrustDialog.DoNotTrust" ), 1 ); //$NON-NLS-1$
@@ -181,4 +207,15 @@
return composite;
}
+
+ /**
+ * Gets the trust level.
+ *
+ * @return the trust level
+ */
+ public ICertificateHandler.TrustLevel getTrustLevel()
+ {
+ return trustLevel;
+ }
+
}
Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages.properties?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages.properties (original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages.properties Thu May 28 19:46:35 2009
@@ -18,10 +18,15 @@
SelectReferralConnectionDialog.SelectConnectionToHandleReferral=Please select a connection to handle referral
SelectReferralConnectionDialog.SelectReferralConenction=Select Referral Connection
CertificateInfoDialog.CertificateViewer=Certificate Viewer
-CertificateTrustDialog.AlwaysTrust=Always trust this certificate.
CertificateTrustDialog.CertificateTrust=Certificate Trust
-CertificateTrustDialog.Description=A secured LDAP connection requires to trust a certificate. The certificate is issued by an unknown Certificate Authority (CA). Please verify if you trust the certificate.
+CertificateTrustDialog.InvalidCertificate=''{0}'' uses an invalid certificate:
+CertificateTrustDialog.NoValidCertificationPath=- The issuer certificate is unknown
+CertificateTrustDialog.CertificateNotYetValid=- The certificate is not yet valid
+CertificateTrustDialog.CertificateExpired=- The certificate is expired
+CertificateTrustDialog.SelfSignedCertificate=- The certificate is self-signed
+CertificateTrustDialog.HostnameVerificationFailed=- The server's host name doesn't match the certificate's host name
+CertificateTrustDialog.ChooseTrustLevel=Please examine the certificate and choose if you trust it:
+CertificateTrustDialog.ViewCertificate=View Certificate...
CertificateTrustDialog.DoNotTrust=Don't trust this certificate.
-CertificateTrustDialog.TheDnIs=The issuer of the certificate is:
CertificateTrustDialog.TrustForThisSession=Trust this certificate for this session.
-CertificateTrustDialog.ViewCertificate=View...
+CertificateTrustDialog.AlwaysTrust=Always trust this certificate.
Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties (original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties Thu May 28 19:46:35 2009
@@ -18,10 +18,15 @@
SelectReferralConnectionDialog.SelectConnectionToHandleReferral=Bitte w\u00E4hlen Sie den Verweis verwaltende Verbindung aus
SelectReferralConnectionDialog.SelectReferralConenction=W\u00E4hlen Sie die verweisende Verbindung aus
CertificateInfoDialog.CertificateViewer=Zertifikat Ansicht
-CertificateTrustDialog.AlwaysTrust=Diesem Zertifikat immer vertrauen.
CertificateTrustDialog.CertificateTrust=Ung\u00FCltiges Zertifikat
-CertificateTrustDialog.Description=Eine sichere LDAP Verbindung erfordert ein gültiges Zertifikat. Das Zertifikat wurde durch eine unbekannten Stelle (CA) ausgestellt. Bitte bestätigen Sie, ob Sie dem Zertifikat vertrauen wollen.
+CertificateTrustDialog.InvalidCertificate=''{0}'' benutzt ein ung\u00FCltiges Zertifikat:
+CertificateTrustDialog.NoValidCertificationPath=- Der Aussteller des Zertifikates ist unbekannt
+CertificateTrustDialog.CertificateNotYetValid=- Das Zertifikat ist noch nicht g\u00FCltig
+CertificateTrustDialog.CertificateExpired=- Das Zertifikat ist abgelaufen
+CertificateTrustDialog.SelfSignedCertificate=- Das Zertifikat ist selbst signiert
+CertificateTrustDialog.HostnameVerificationFailed=- Der Hostname des Servers und des Zertifikates stimmen nicht \u00FCberein
+CertificateTrustDialog.ChooseTrustLevel=Bitte \u00FCberpr\u00FCfen Sie das Zertifikat und w\u00E4hlen Sie aus, ob Sie dem Zertifikat vertrauen:
+CertificateTrustDialog.ViewCertificate=Zertifikat anzeigen...
CertificateTrustDialog.DoNotTrust=Diesem Zertifikat nicht vertrauen.
-CertificateTrustDialog.TheDnIs=Der Aussteller des Zertifikates ist:
CertificateTrustDialog.TrustForThisSession=Diesem Zertifikat für diese Sitzung vertrauen.
-CertificateTrustDialog.ViewCertificate=Anzeigen...
\ No newline at end of file
+CertificateTrustDialog.AlwaysTrust=Diesem Zertifikat immer vertrauen.
Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_fr.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_fr.properties?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_fr.properties (original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_fr.properties Thu May 28 19:46:35 2009
@@ -1,4 +1,4 @@
-# Licensed to the Apache Software Foundation (ASF) under one
+# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
@@ -18,10 +18,15 @@
SelectReferralConnectionDialog.SelectConnectionToHandleReferral=Veuillez s\u00E9lectionner une connexion vers un referral
SelectReferralConnectionDialog.SelectReferralConenction=S\u00E9lectionnez la connexion vers le referral de votre choix
CertificateInfoDialog.CertificateViewer=Visualisateur de certificat
-CertificateTrustDialog.AlwaysTrust=Toujours faire confiance \u00E0 ce certificat.
CertificateTrustDialog.CertificateTrust=Confiance de certificat
-CertificateTrustDialog.Description=Une connexion LDAP s\u00E9curis\u00E9e requiert de faire confiance \u00E0 un certificat. Le certification a \u00E9t\u00E9 \u00E9mis par une autorit\u00E9 de certification (CA). Veuillez v\u00E9rifier si vous faites confiance au certificat.
+CertificateTrustDialog.InvalidCertificate=TODO:''{0}'' uses an invalid certificate:
+CertificateTrustDialog.NoValidCertificationPath=TODO:- The issuer certificate is unknown
+CertificateTrustDialog.CertificateNotYetValid=TODO:- The certificate is not yet valid
+CertificateTrustDialog.CertificateExpired=TODO:- The certificate is expired
+CertificateTrustDialog.SelfSignedCertificate=TODO:- The certificate is self-signed
+CertificateTrustDialog.HostnameVerificationFailed=TODO:- The server's host name doesn't match the certificate's host name
+CertificateTrustDialog.ChooseTrustLevel=TODO:Please examine the certificate and choose if you trust it:
+CertificateTrustDialog.ViewCertificate=TODO:View Certificate...
CertificateTrustDialog.DoNotTrust=Ne pas faire confiance \u00E0 ce certificat.
-CertificateTrustDialog.TheDnIs=L'\u00E9metteur de ce certificat est:
CertificateTrustDialog.TrustForThisSession=Faire confiance \u00E0 ce certificat pour cette session.
-CertificateTrustDialog.ViewCertificate=Afficher...
+CertificateTrustDialog.AlwaysTrust=Toujours faire confiance \u00E0 ce certificat.
Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/CertificateInfoComposite.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/CertificateInfoComposite.java?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/CertificateInfoComposite.java (original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/CertificateInfoComposite.java Thu May 28 19:46:35 2009
@@ -146,8 +146,8 @@
{
tabFolder = new TabFolder( this, SWT.TOP );
GridLayout mainLayout = new GridLayout();
- mainLayout.marginWidth = 0;
- mainLayout.marginHeight = 0;
+ mainLayout.marginWidth = 50;
+ mainLayout.marginHeight = 50;
tabFolder.setLayout( mainLayout );
tabFolder.setLayoutData( new GridData( GridData.FILL, GridData.FILL, true, true ) );
}
@@ -161,6 +161,8 @@
// create inner container
Composite generalContainer = new Composite( tabFolder, SWT.NONE );
GridLayout currentLayout = new GridLayout( 1, false );
+ currentLayout.marginHeight = 10;
+ currentLayout.marginWidth = 10;
generalContainer.setLayout( currentLayout );
generalContainer.setLayoutData( new GridData( GridData.FILL_HORIZONTAL ) );
@@ -237,7 +239,10 @@
detailsForm.setLayout( new FillLayout() );
Composite hierarchyContainer = new Composite( detailsForm, SWT.NONE );
- hierarchyContainer.setLayout( new GridLayout( 1, false ) );
+ GridLayout hierarchyLayout = new GridLayout( 1, false );
+ hierarchyLayout.marginTop = 10;
+ hierarchyLayout.marginWidth = 10;
+ hierarchyContainer.setLayout( hierarchyLayout );
BaseWidgetUtils.createLabel( hierarchyContainer, Messages
.getString( "CertificateInfoComposite.CertificateHierarchyLabel" ), 1 ); //$NON-NLS-1$
hierarchyTreeViewer = new TreeViewer( hierarchyContainer );
@@ -253,7 +258,9 @@
} );
Composite certificateContainer = new Composite( detailsForm, SWT.NONE );
- certificateContainer.setLayout( new GridLayout( 1, false ) );
+ GridLayout certificateLayout = new GridLayout( 1, false );
+ certificateLayout.marginWidth = 10;
+ certificateContainer.setLayout( certificateLayout );
BaseWidgetUtils.createLabel( certificateContainer, Messages
.getString( "CertificateInfoComposite.CertificateFieldsLabel" ), 1 ); //$NON-NLS-1$
certificateTree = new Tree( certificateContainer, SWT.BORDER );
@@ -275,7 +282,10 @@
} );
Composite valueContainer = new Composite( detailsForm, SWT.NONE );
- valueContainer.setLayout( new GridLayout( 1, false ) );
+ GridLayout valueLayout = new GridLayout( 1, false );
+ valueLayout.marginWidth = 10;
+ valueLayout.marginBottom = 10;
+ valueContainer.setLayout( valueLayout );
BaseWidgetUtils.createLabel( valueContainer,
Messages.getString( "CertificateInfoComposite.FieldValuesLabel" ), 1 ); //$NON-NLS-1$
valueText = new Text( valueContainer, SWT.MULTI | SWT.BORDER | SWT.H_SCROLL | SWT.V_SCROLL | SWT.READ_ONLY );
Modified: directory/studio/trunk/jars/pom.xml
URL: http://svn.apache.org/viewvc/directory/studio/trunk/jars/pom.xml?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/jars/pom.xml (original)
+++ directory/studio/trunk/jars/pom.xml Thu May 28 19:46:35 2009
@@ -138,6 +138,10 @@
<artifactId>commons-lang</artifactId>
</dependency>
<dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+ </dependency>
+ <dependency>
<groupId>dom4j</groupId>
<artifactId>dom4j</artifactId>
<exclusions>
Modified: directory/studio/trunk/pom.xml
URL: http://svn.apache.org/viewvc/directory/studio/trunk/pom.xml?rev=779740&r1=779739&r2=779740&view=diff
==============================================================================
--- directory/studio/trunk/pom.xml (original)
+++ directory/studio/trunk/pom.xml Thu May 28 19:46:35 2009
@@ -1055,6 +1055,11 @@
<version>3.2</version>
</dependency>
<dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+ <version>4.0-beta2</version>
+ </dependency>
+ <dependency>
<groupId>xpp3</groupId>
<artifactId>xpp3</artifactId>
<version>1.1.3.4.O</version>