[#4355] OpenSslServerContext reinitializes the provided TrustManagerFactory with the key cert chain.

Motivation:

OpenSslServerContext should not reinitialize the provided TrustManagerFactory with the key cert chain as the user should be able to pass a fully initialized TrustManagerFactory. This is also in line with how JdkSslServerContext works.

Modifications:

Not reinitialize the provided TrustManagerFactory with the key cert chain.

Result:

Correct and consistent behavior.
This commit is contained in:
Norman Maurer 2015-10-23 15:30:48 +02:00
parent 082e9cc722
commit 1c72b34be2

View File

@ -367,16 +367,13 @@ public final class OpenSslServerContext extends OpenSslContext {
throw new SSLException("failed to set certificate: " + keyCertChainFile + " and " + keyFile, e); throw new SSLException("failed to set certificate: " + keyCertChainFile + " and " + keyFile, e);
} }
try { try {
if (trustManagerFactory == null) { if (trustCertChainFile != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertChainFile, trustManagerFactory);
} else if (trustManagerFactory == null) {
// Mimic the way SSLContext.getInstance(KeyManager[], null, null) works // Mimic the way SSLContext.getInstance(KeyManager[], null, null) works
trustManagerFactory = TrustManagerFactory.getInstance( trustManagerFactory = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm()); TrustManagerFactory.getDefaultAlgorithm());
} trustManagerFactory.init((KeyStore) null);
if (trustCertChainFile != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertChainFile, trustManagerFactory);
} else {
KeyStore ks = buildKeyStore(keyCertChainFile, keyFile, keyPassword);
trustManagerFactory.init(ks);
} }
final X509TrustManager manager = chooseTrustManager(trustManagerFactory.getTrustManagers()); final X509TrustManager manager = chooseTrustManager(trustManagerFactory.getTrustManagers());
@ -484,16 +481,13 @@ public final class OpenSslServerContext extends OpenSslContext {
} }
} }
try { try {
if (trustManagerFactory == null) { if (trustCertChain != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertChain, trustManagerFactory);
} else if (trustManagerFactory == null) {
// Mimic the way SSLContext.getInstance(KeyManager[], null, null) works // Mimic the way SSLContext.getInstance(KeyManager[], null, null) works
trustManagerFactory = TrustManagerFactory.getInstance( trustManagerFactory = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm()); TrustManagerFactory.getDefaultAlgorithm());
} trustManagerFactory.init((KeyStore) null);
if (trustCertChain != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertChain, trustManagerFactory);
} else {
KeyStore ks = buildKeyStore(keyCertChain, key, keyPassword.toCharArray());
trustManagerFactory.init(ks);
} }
final X509TrustManager manager = chooseTrustManager(trustManagerFactory.getTrustManagers()); final X509TrustManager manager = chooseTrustManager(trustManagerFactory.getTrustManagers());