Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Watson2008-05-21 13:09:33 -0400
committerThomas Watson2008-05-21 13:09:33 -0400
commit5a4f6842c5752721de973b9692361ea5d482eb22 (patch)
tree09335ac64565596c300d35003286dc3061bef55d /bundles
parent4b45dc27331258136a60428daf308326b0a87ff4 (diff)
downloadrt.equinox.framework-5a4f6842c5752721de973b9692361ea5d482eb22.tar.gz
rt.equinox.framework-5a4f6842c5752721de973b9692361ea5d482eb22.tar.xz
rt.equinox.framework-5a4f6842c5752721de973b9692361ea5d482eb22.zip
Bug 232159 Can't access update site with 3.4.0 I20080502-0100
Diffstat (limited to 'bundles')
-rw-r--r--bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/service/security/KeyStoreTrustEngine.java35
1 files changed, 28 insertions, 7 deletions
diff --git a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/service/security/KeyStoreTrustEngine.java b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/service/security/KeyStoreTrustEngine.java
index 44a7f904d..643d7ca98 100644
--- a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/service/security/KeyStoreTrustEngine.java
+++ b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/service/security/KeyStoreTrustEngine.java
@@ -100,19 +100,40 @@ public class KeyStoreTrustEngine extends TrustEngine {
throw new IllegalArgumentException("Certificate chain is required"); //$NON-NLS-1$
try {
+ Certificate rootCert = null;
+
KeyStore store = getKeyStore();
for (int i = 0; i < certChain.length; i++) {
- if (i == certChain.length - 1) {
- certChain[i].verify(certChain[i].getPublicKey());
- } else {
- X509Certificate nextX509Cert = (X509Certificate) certChain[i + 1];
- certChain[i].verify(nextX509Cert.getPublicKey());
+ if (certChain[i] instanceof X509Certificate) {
+ if (i == certChain.length - 1) { //this is the last certificate in the chain
+ X509Certificate cert = (X509Certificate) certChain[i];
+ if (cert.getSubjectDN().equals(cert.getIssuerDN())) {
+ certChain[i].verify(certChain[i].getPublicKey());
+ rootCert = certChain[i]; // this is a self-signed certificate
+ } else {
+ // try to find a parent, we have an incomplete chain
+ for (Enumeration e = store.aliases(); e.hasMoreElements();) {
+ Certificate nextCert = store.getCertificate((String) e.nextElement());
+ if (nextCert instanceof X509Certificate && ((X509Certificate) nextCert).getSubjectDN().equals(cert.getIssuerDN())) {
+ cert.verify(nextCert.getPublicKey());
+ rootCert = nextCert;
+ }
+ }
+ }
+ } else {
+ X509Certificate nextX509Cert = (X509Certificate) certChain[i + 1];
+ certChain[i].verify(nextX509Cert.getPublicKey());
+ }
}
synchronized (store) {
- String alias = store.getCertificateAlias(certChain[i]);
- if (alias != null) {
+ String alias = rootCert == null ? null : store.getCertificateAlias(rootCert);
+ if (alias != null)
return store.getCertificate(alias);
+ else if (rootCert != certChain[i]) {
+ alias = store.getCertificateAlias(certChain[i]);
+ if (alias != null)
+ return store.getCertificate(alias);
}
}
}

Back to the top