Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEike Stepper2012-03-20 07:31:15 +0000
committerEike Stepper2012-03-20 07:31:15 +0000
commitd3f4f8c21807f6847cbbe0a140b359f7c96c8461 (patch)
tree59505c421b53900d671fc1ce70de0c5bb86c483a /plugins/org.eclipse.net4j.tcp
parentd5a7e6401cacf86c72a3b57ba9a7cf73a8f311ca (diff)
downloadcdo-d3f4f8c21807f6847cbbe0a140b359f7c96c8461.tar.gz
cdo-d3f4f8c21807f6847cbbe0a140b359f7c96c8461.tar.xz
cdo-d3f4f8c21807f6847cbbe0a140b359f7c96c8461.zip
[367148] SSL launch config broken
https://bugs.eclipse.org/bugs/show_bug.cgi?id=367148
Diffstat (limited to 'plugins/org.eclipse.net4j.tcp')
-rw-r--r--plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/internal/tcp/ssl/SSLEngineManager.java8
-rw-r--r--plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/internal/tcp/ssl/SSLProperties.java2
-rw-r--r--plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/tcp/ssl/SSLUtil.java85
3 files changed, 53 insertions, 42 deletions
diff --git a/plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/internal/tcp/ssl/SSLEngineManager.java b/plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/internal/tcp/ssl/SSLEngineManager.java
index 4f5f0977a8..bdd8cd3b89 100644
--- a/plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/internal/tcp/ssl/SSLEngineManager.java
+++ b/plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/internal/tcp/ssl/SSLEngineManager.java
@@ -26,11 +26,6 @@ import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.ClosedChannelException;
import java.nio.channels.SocketChannel;
-import java.security.KeyManagementException;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
import java.util.concurrent.Executor;
/**
@@ -69,8 +64,7 @@ public class SSLEngineManager
private Object writeLock = new WriteLock();
- public SSLEngineManager(boolean client, String host, int port, Executor executor) throws NoSuchAlgorithmException,
- KeyStoreException, CertificateException, IOException, UnrecoverableKeyException, KeyManagementException
+ public SSLEngineManager(boolean client, String host, int port, Executor executor) throws Exception
{
this.executor = executor;
diff --git a/plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/internal/tcp/ssl/SSLProperties.java b/plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/internal/tcp/ssl/SSLProperties.java
index 1df8f125e2..bbc01b9294 100644
--- a/plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/internal/tcp/ssl/SSLProperties.java
+++ b/plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/internal/tcp/ssl/SSLProperties.java
@@ -37,6 +37,8 @@ public class SSLProperties
public static final String HANDSHAKE_WAITTIME = "org.eclipse.net4j.tcp.ssl.handshake.waittime";
+ public static final String CHECK_VALIDITY_CERTIFICATE = "check.validity.certificate";
+
private Properties localProperties;
public SSLProperties()
diff --git a/plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/tcp/ssl/SSLUtil.java b/plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/tcp/ssl/SSLUtil.java
index 21223445f1..71dc4b230a 100644
--- a/plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/tcp/ssl/SSLUtil.java
+++ b/plugins/org.eclipse.net4j.tcp/src/org/eclipse/net4j/tcp/ssl/SSLUtil.java
@@ -21,6 +21,7 @@ import org.eclipse.net4j.tcp.ITCPConnector;
import org.eclipse.net4j.tcp.TCPUtil;
import org.eclipse.net4j.util.container.IManagedContainer;
import org.eclipse.net4j.util.io.IOUtil;
+import org.eclipse.net4j.util.om.OMPlatform;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
@@ -28,16 +29,14 @@ import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
+import javax.security.cert.X509Certificate;
-import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
-import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
+import java.security.cert.Certificate;
+import java.util.Enumeration;
/**
* A utility class with various static factory and convenience methods for SSL transport.
@@ -53,6 +52,11 @@ public class SSLUtil
*/
private static final String PROTOCOL = "TLS";
+ /**
+ * The X.509 certificate type.
+ */
+ private static final String X509_CERTIFICATE_TYPE = "X.509";
+
private static String configFile;
private static String keyPathVar;
@@ -112,9 +116,7 @@ public class SSLUtil
.getElement(TCPConnectorFactory.PRODUCT_GROUP, SSLConnectorFactory.TYPE, description);
}
- public static synchronized SSLEngine createSSLEngine(boolean client, String host, int port)
- throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, UnrecoverableKeyException,
- KeyManagementException
+ public static synchronized SSLEngine createSSLEngine(boolean client, String host, int port) throws Exception
{
// Get values from the system properties.
SSLProperties sslProperties = new SSLProperties();
@@ -187,24 +189,12 @@ public class SSLUtil
KeyManager[] keyManagers = null;
TrustManager[] trustManagers = null;
-
+ String checkValidity = OMPlatform.INSTANCE.getProperty(SSLProperties.CHECK_VALIDITY_CERTIFICATE);
+ boolean checkValidtyStatus = checkValidity == null || Boolean.valueOf(checkValidity);
if (client)
{
// Initial key material(private key) for the client.
- KeyStore ksTrust = KeyStore.getInstance(KeyStore.getDefaultType());
-
- InputStream in = null;
-
- try
- {
- in = new URL(trustPath).openStream();
- ksTrust.load(in, pass);
- }
- finally
- {
- IOUtil.close(in);
- }
-
+ KeyStore ksTrust = createKeyStore(trustPath, pass, checkValidtyStatus);
// Initial the trust manager factory
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ksTrust);
@@ -214,18 +204,7 @@ public class SSLUtil
else
{
// Initial key material (private key) for the server.
- KeyStore ksKeys = KeyStore.getInstance(KeyStore.getDefaultType());
- InputStream in = null;
-
- try
- {
- in = new URL(keyPath).openStream();
- ksKeys.load(in, pass);
- }
- finally
- {
- IOUtil.close(in);
- }
+ KeyStore ksKeys = createKeyStore(keyPath, pass, checkValidtyStatus);
// Initial the key manager factory.
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
@@ -242,6 +221,42 @@ public class SSLUtil
return sslEngine;
}
+ private static KeyStore createKeyStore(String path, char[] password, boolean checkValidity) throws Exception
+ {
+ // Initial key material
+ KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+
+ InputStream in = null;
+
+ try
+ {
+ in = new URL(path).openStream();
+ keyStore.load(in, password);
+
+ if (checkValidity)
+ {
+ // Check validity license key
+ Enumeration<String> aliasesIter = keyStore.aliases();
+ while (aliasesIter.hasMoreElements())
+ {
+ String alias = aliasesIter.nextElement();
+ Certificate cert = keyStore.getCertificate(alias);
+ if (cert.getType() == X509_CERTIFICATE_TYPE)
+ {
+ X509Certificate x509cert = X509Certificate.getInstance(cert.getEncoded());
+ x509cert.checkValidity();
+ }
+ }
+ }
+ }
+ finally
+ {
+ IOUtil.close(in);
+ }
+
+ return keyStore;
+ }
+
public static synchronized int getHandShakeTimeOut()
{
return handShakeTimeOutVar;

Back to the top