Hi,
I'm developing a server component using MINA and spring. The clients
connecting to this server are authenticated using certificates on
smartcards.
I need to check if the certificate used to setup/authenticate a
connection is revoked. This is done by periodically downloading a set
of CRLs, these CRLs are stored in a CertStore.
This CertStore can linked to a TrustManagerFactory using the init
(ManagerFactoryParameters spec) method.
The current implementation of SSLContextFactoryBean will always call
trustManagerFactory init(keyStore) if a TrustManagerFactory is
configured.
I'd like to suggest the changes shown below to
SSLContextFactoryBean.java.
The trustManager can still be configured using a keystore only.
When trustManagerFactoryParameters is set these will be used instead.
A keystore can still be configured using the
trustManagerFactoryParameters.
Regards,
Wolter Eldering
--- SSLContextFactoryBean.java (revision 449402)
+++ SSLContextFactoryBean.java (working copy)
@@ -27,7 +27,9 @@
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.ManagerFactoryParameters;
+
import org.springframework.beans.factory.config.AbstractFactoryBean;
import org.springframework.util.Assert;
@@ -73,6 +75,7 @@
private String trustManagerFactoryAlgorithm = null;
private String trustManagerFactoryProvider = null;
private boolean trustManagerFactoryAlgorithmUseDefault = false;
+ private ManagerFactoryParameters trustManagerFactoryParameters =
null;
protected Object createInstance() throws Exception
{
@@ -131,7 +134,14 @@
TrustManager[] trustManagers = null;
if( tmf != null )
{
- tmf.init( trustManagerFactoryKeyStore );
+ if( trustManagerFactoryParameters != null )
+ {
+ tmf.init( trustManagerFactoryParameters );
+ }
+ else
+ {
+ tmf.init( trustManagerFactoryKeyStore );
+ }
trustManagers = tmf.getTrustManagers();
}
@@ -324,6 +334,10 @@
* Sets the [EMAIL PROTECTED] KeyStore} which will be used in the call to
* [EMAIL PROTECTED] TrustManagerFactory#init(java.security.KeyStore)} when
* the [EMAIL PROTECTED] SSLContext} is created.
+ * <p>
+ * This property will be ignored if [EMAIL PROTECTED]
ManagerFactoryParameters} has been
+ * set directly using [EMAIL PROTECTED] #setTrustManagerFactoryParameters
(ManagerFactoryParameters)}.
+ * </p>
*
* @param keyStore the key store.
*/
@@ -333,6 +347,18 @@
}
/**
+ * Sets the [EMAIL PROTECTED] ManagerFactoryParameters} which will be used
in the call to
+ * [EMAIL PROTECTED] TrustManagerFactory#init
(javax.net.ssl.ManagerFactoryParameters)} when
+ * the [EMAIL PROTECTED] SSLContext} is created.
+ *
+ * @param parameters describing provider-specific trust material
+ */
+ public void setTrustManagerFactoryParameters
( ManagerFactoryParameters parameters )
+ {
+ this.trustManagerFactoryParameters = parameters;
+ }
+
+ /**
* Sets the provider to use when creating the [EMAIL PROTECTED]
TrustManagerFactory}
* using
* [EMAIL PROTECTED] TrustManagerFactory#getInstance(java.lang.String,
java.lang.String)}.
