You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by se...@apache.org on 2009/05/21 23:34:28 UTC
svn commit: r777271 - in /directory/studio/trunk:
connection-core/src/main/java/org/apache/directory/studio/connection/core/
connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/
connection-ui/src/main/java/org/apache/direc...
Author: seelmann
Date: Thu May 21 21:34:27 2009
New Revision: 777271
URL: http://svn.apache.org/viewvc?rev=777271&view=rev
Log:
DIRSTUDIO-263 (Add certificate validation for ldaps and StartTLS): Added trust store for permanent trusted certificates
Modified:
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/Messages.java
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages.properties
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_de.properties
directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_fr.properties
directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/Messages.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/Messages.java?rev=777271&r1=777270&r2=777271&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/Messages.java (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/Messages.java Thu May 21 21:34:27 2009
@@ -85,4 +85,10 @@
public static String jobs__close_connections_error_1;
public static String jobs__close_connections_error_n;
+ public static String StudioTrustManager_CantAddCertificateToPermanentTrustStore;
+
+ public static String StudioTrustManager_CantCreatePermanentTrustManager;
+
+ public static String StudioTrustManager_CantLoadPermanentTrustStore;
+
}
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java?rev=777271&r1=777270&r2=777271&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioSSLSocketFactory.java Thu May 21 21:34:27 2009
@@ -97,6 +97,7 @@
catch ( Exception e )
{
e.printStackTrace();
+ throw new RuntimeException( e );
}
}
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java?rev=777271&r1=777270&r2=777271&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/io/jndi/StudioTrustManager.java Thu May 21 21:34:27 2009
@@ -21,10 +21,16 @@
package org.apache.directory.studio.connection.core.io.jndi;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
+import java.util.Enumeration;
import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.directory.studio.connection.core.ConnectionCorePlugin;
@@ -41,6 +47,8 @@
*/
class StudioTrustManager implements X509TrustManager
{
+ private static final char[] PERMANENT_TRUST_STORE_PASSWORD = "changeit".toCharArray(); //$NON-NLS-1$
+ private static final String PERMANENT_TRUST_STORE = "permanent.jks"; //$NON-NLS-1$
private X509TrustManager jvmTrustManager;
@@ -77,19 +85,31 @@
}
catch ( CertificateException e1 )
{
- // ask for confirmation
- ICertificateHandler ch = ConnectionCorePlugin.getDefault().getCertificateHandler();
- ICertificateHandler.TrustLevel trustLevel = ch.verifyTrustLevel( chain );
- switch ( trustLevel )
+ try
{
- case Permanent:
- // TODO: put to permanent trust store
- break;
- case Session:
- // TODO: put to session trust store???
- break;
- case Not:
- throw new CertificateException( Messages.error__untrusted_certificate, e1 );
+ X509TrustManager permanentTrustManager = getPermanentTrustManager();
+ if ( permanentTrustManager == null )
+ {
+ throw e1;
+ }
+ permanentTrustManager.checkServerTrusted( chain, authType );
+ }
+ catch ( CertificateException e2 )
+ {
+ // ask for confirmation
+ ICertificateHandler ch = ConnectionCorePlugin.getDefault().getCertificateHandler();
+ ICertificateHandler.TrustLevel trustLevel = ch.verifyTrustLevel( chain );
+ switch ( trustLevel )
+ {
+ case Permanent:
+ addToPermanentTrustStore( chain );
+ break;
+ case Session:
+ // TODO: put to session trust store???
+ break;
+ case Not:
+ throw new CertificateException( Messages.error__untrusted_certificate, e1 );
+ }
}
}
}
@@ -103,4 +123,87 @@
return jvmTrustManager.getAcceptedIssuers();
}
+
+ /**
+ * Gets the permanent trust manager, based on the permanent trust store.
+ *
+ * @return the permanent trust manager
+ *
+ * @throws CertificateException the certificate exception
+ */
+ private X509TrustManager getPermanentTrustManager() throws CertificateException
+ {
+ KeyStore permanentKeyStore = loadPermanentTrustStore();
+ try
+ {
+ Enumeration<String> aliases = permanentKeyStore.aliases();
+ if ( aliases.hasMoreElements() )
+ {
+ TrustManagerFactory factory = TrustManagerFactory.getInstance( TrustManagerFactory
+ .getDefaultAlgorithm() );
+ factory.init( permanentKeyStore );
+ TrustManager[] permanentTrustManagers = factory.getTrustManagers();
+ TrustManager permanentTrustManager = permanentTrustManagers[0];
+ return ( X509TrustManager ) permanentTrustManager;
+ }
+ }
+ catch ( Exception e )
+ {
+ throw new CertificateException( Messages.StudioTrustManager_CantCreatePermanentTrustManager, e );
+ }
+
+ return null;
+ }
+
+
+ /**
+ * Loads the permanent trust store.
+ *
+ * @return the permanent trust store
+ */
+ private KeyStore loadPermanentTrustStore() throws CertificateException
+ {
+ try
+ {
+ KeyStore permanentKeyStore = KeyStore.getInstance( "JKS" ); //$NON-NLS-1$
+ File file = ConnectionCorePlugin.getDefault().getStateLocation().append( PERMANENT_TRUST_STORE ).toFile();
+ if ( file.exists() && file.isFile() && file.canRead() )
+ {
+ permanentKeyStore.load( new FileInputStream( file ), PERMANENT_TRUST_STORE_PASSWORD );
+ }
+ else
+ {
+ permanentKeyStore.load( null, null );
+ }
+
+ return permanentKeyStore;
+ }
+ catch ( Exception e )
+ {
+ throw new CertificateException( Messages.StudioTrustManager_CantLoadPermanentTrustStore, e );
+ }
+ }
+
+
+ /**
+ * Adds the certificate to the permanent trust store.
+ *
+ * @param chain the certificate chain
+ */
+ private void addToPermanentTrustStore( X509Certificate[] chain ) throws CertificateException
+ {
+ try
+ {
+ KeyStore permanentKeyStore = loadPermanentTrustStore();
+ String alias = chain[0].getSubjectX500Principal().getName();
+ permanentKeyStore.setCertificateEntry( alias, chain[0] );
+ File file = ConnectionCorePlugin.getDefault().getStateLocation().append( PERMANENT_TRUST_STORE ).toFile();
+ permanentKeyStore.store( new FileOutputStream( file ), PERMANENT_TRUST_STORE_PASSWORD );
+ }
+ catch ( Exception e )
+ {
+ throw new CertificateException( Messages.StudioTrustManager_CantAddCertificateToPermanentTrustStore, e );
+ }
+ }
+
}
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages.properties?rev=777271&r1=777270&r2=777271&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages.properties (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages.properties Thu May 21 21:34:27 2009
@@ -50,3 +50,7 @@
jobs__close_connections_task=Closing connection {0}
jobs__close_connections_error_1=Error while closing connection
jobs__close_connections_error_n=Error while closing connections
+
+StudioTrustManager_CantAddCertificateToPermanentTrustStore=Can't add certificate to permanent trust store.
+StudioTrustManager_CantCreatePermanentTrustManager=Can't create permanent trust manager.
+StudioTrustManager_CantLoadPermanentTrustStore=Can't load permanent trust store.
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_de.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_de.properties?rev=777271&r1=777270&r2=777271&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_de.properties (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_de.properties Thu May 21 21:34:27 2009
@@ -49,3 +49,7 @@
jobs__close_connections_task=Verbindungen am Schliessen {0}
jobs__close_connections_error_1=Fehler beim Schliessen der Verbindung
jobs__close_connections_error_n=Fehler beim Schliessen der Verbindungen
+
+StudioTrustManager_CantAddCertificateToPermanentTrustStore=Fehler beim hinzuf\u00FCgen des Zertifikates zum Zertifikatsspeicher.
+StudioTrustManager_CantCreatePermanentTrustManager=Fehler beim Erzeugen des Trust Managers.
+StudioTrustManager_CantLoadPermanentTrustStore=Fehler beim Laden des Zertifikatsspeichers.
\ No newline at end of file
Modified: directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_fr.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_fr.properties?rev=777271&r1=777270&r2=777271&view=diff
==============================================================================
--- directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_fr.properties (original)
+++ directory/studio/trunk/connection-core/src/main/java/org/apache/directory/studio/connection/core/messages_fr.properties Thu May 21 21:34:27 2009
@@ -50,3 +50,7 @@
jobs__close_connections_task=Fermeture de la connexion {0}
jobs__close_connections_error_1=Une erreur est survenue lors de la fermeture de la connexion
jobs__close_connections_error_n=Une erreur est survenue lors de la fermeture des connexions
+
+StudioTrustManager_CantAddCertificateToPermanentTrustStore=TODO:Can't add certificate to permanent trust store.
+StudioTrustManager_CantCreatePermanentTrustManager=TODO:Can't create permanent trust manager.
+StudioTrustManager_CantLoadPermanentTrustStore=TODO:Can't load permanent trust store.
\ No newline at end of file
Modified: directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties
URL: http://svn.apache.org/viewvc/directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties?rev=777271&r1=777270&r2=777271&view=diff
==============================================================================
--- directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties (original)
+++ directory/studio/trunk/connection-ui/src/main/java/org/apache/directory/studio/connection/ui/dialogs/messages_de.properties Thu May 21 21:34:27 2009
@@ -18,7 +18,7 @@
SelectReferralConnectionDialog.SelectConnectionToHandleReferral=Bitte w\u00E4hlen Sie den Verweis verwaltende Verbindung aus
SelectReferralConnectionDialog.SelectReferralConenction=W\u00E4hlen Sie die verweisende Verbindung aus
CertificateInfoDialog.CertificateViewer=Zertifikat Ansicht
-CertificateTrustDialog.AlwaysTrust=Diesem Zertifikat immer vertrauten.
+CertificateTrustDialog.AlwaysTrust=Diesem Zertifikat immer vertrauen.
CertificateTrustDialog.CertificateTrust=Ung\u00FCltiges Zertifikat
CertificateTrustDialog.Description=Eine sichere LDAP Verbindung erfordert ein gültiges Zertifikat. Das Zertifikat wurde durch eine unbekannten Stelle (CA) ausgestellt. Bitte bestätigen Sie, ob Sie dem Zertifikat vertrauen wollen.
CertificateTrustDialog.DoNotTrust=Diesem Zertifikat nicht vertrauen.