This is an automated email from the ASF dual-hosted git repository.
nvazquez pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/main by this push:
new 50a0e80 CPVM: use X509ExtendedTrustManager (#5419)
50a0e80 is described below
commit 50a0e80de65ab50d7426c8e0abf31977b05c9dbb
Author: Wei Zhou <[email protected]>
AuthorDate: Wed Sep 22 20:46:57 2021 +0200
CPVM: use X509ExtendedTrustManager (#5419)
---
.../websocket/WebSocketReverseProxy.java | 32 ++++++++++++++++------
1 file changed, 23 insertions(+), 9 deletions(-)
diff --git
a/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/websocket/WebSocketReverseProxy.java
b/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/websocket/WebSocketReverseProxy.java
index e2f62d6..96293fa 100644
---
a/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/websocket/WebSocketReverseProxy.java
+++
b/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/websocket/WebSocketReverseProxy.java
@@ -25,13 +25,14 @@ import org.java_websocket.handshake.ServerHandshake;
import org.java_websocket.protocols.Protocol;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
+import javax.net.ssl.X509ExtendedTrustManager;
import java.io.IOException;
+import java.net.Socket;
import java.net.URI;
import java.nio.ByteBuffer;
-import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
@@ -54,15 +55,28 @@ public class WebSocketReverseProxy extends WebSocketClient {
private Session remoteSession;
private void acceptAllCerts() {
- TrustManager[] trustAllCerts = new TrustManager[]{new
X509TrustManager() {
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- return new java.security.cert.X509Certificate[]{};
+ TrustManager[] trustAllCerts = new TrustManager[]{new
X509ExtendedTrustManager() {
+ @Override
+ public void checkClientTrusted (X509Certificate [] chain, String
authType, Socket socket) {
}
- public void checkClientTrusted(X509Certificate[] chain,
- String authType) throws
CertificateException {
+ @Override
+ public void checkServerTrusted (X509Certificate [] chain, String
authType, Socket socket) {
}
- public void checkServerTrusted(X509Certificate[] chain,
- String authType) throws
CertificateException {
+ @Override
+ public void checkClientTrusted (X509Certificate [] chain, String
authType, SSLEngine engine) {
+ }
+ @Override
+ public void checkServerTrusted (X509Certificate [] chain, String
authType, SSLEngine engine) {
+ }
+ @Override
+ public java.security.cert.X509Certificate [] getAcceptedIssuers ()
{
+ return null;
+ }
+ @Override
+ public void checkClientTrusted (X509Certificate [] certs, String
authType) {
+ }
+ @Override
+ public void checkServerTrusted (X509Certificate [] certs, String
authType) {
}
}};
SSLContext sc;
