Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
Openfire
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Administrator
Openfire
Commits
b90fd62c
Commit
b90fd62c
authored
Jul 07, 2015
by
Victor Hong
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Shortened method names
parent
73086ef3
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
19 additions
and
19 deletions
+19
-19
ClearspaceX509TrustManager.java
...tware/openfire/clearspace/ClearspaceX509TrustManager.java
+1
-1
ClientTrustManager.java
...ava/org/jivesoftware/openfire/net/ClientTrustManager.java
+1
-1
SASLAuthentication.java
...ava/org/jivesoftware/openfire/net/SASLAuthentication.java
+2
-2
CertificateManager.java
src/java/org/jivesoftware/util/CertificateManager.java
+14
-14
security-keystore.jsp
src/web/security-keystore.jsp
+1
-1
No files found.
src/java/org/jivesoftware/openfire/clearspace/ClearspaceX509TrustManager.java
View file @
b90fd62c
...
@@ -77,7 +77,7 @@ public class ClearspaceX509TrustManager implements X509TrustManager {
...
@@ -77,7 +77,7 @@ public class ClearspaceX509TrustManager implements X509TrustManager {
if
(
verify
)
{
if
(
verify
)
{
int
nSize
=
x509Certificates
.
length
;
int
nSize
=
x509Certificates
.
length
;
List
<
String
>
peerIdentities
=
CertificateManager
.
getServer
Peer
Identities
(
x509Certificates
[
0
]);
List
<
String
>
peerIdentities
=
CertificateManager
.
getServerIdentities
(
x509Certificates
[
0
]);
if
(
getBooleanProperty
(
"clearspace.certificate.verify.chain"
,
true
))
{
if
(
getBooleanProperty
(
"clearspace.certificate.verify.chain"
,
true
))
{
// Working down the chain, for every certificate in the chain,
// Working down the chain, for every certificate in the chain,
...
...
src/java/org/jivesoftware/openfire/net/ClientTrustManager.java
View file @
b90fd62c
...
@@ -189,7 +189,7 @@ public class ClientTrustManager implements X509TrustManager {
...
@@ -189,7 +189,7 @@ public class ClientTrustManager implements X509TrustManager {
if
(
verify
)
{
if
(
verify
)
{
int
nSize
=
x509Certificates
.
length
;
int
nSize
=
x509Certificates
.
length
;
List
<
String
>
peerIdentities
=
CertificateManager
.
getClient
Peer
Identities
(
x509Certificates
[
0
]);
List
<
String
>
peerIdentities
=
CertificateManager
.
getClientIdentities
(
x509Certificates
[
0
]);
if
(
JiveGlobals
.
getBooleanProperty
(
"xmpp.client.certificate.verify.chain"
,
true
))
{
if
(
JiveGlobals
.
getBooleanProperty
(
"xmpp.client.certificate.verify.chain"
,
true
))
{
// Working down the chain, for every certificate in the chain,
// Working down the chain, for every certificate in the chain,
...
...
src/java/org/jivesoftware/openfire/net/SASLAuthentication.java
View file @
b90fd62c
...
@@ -590,7 +590,7 @@ public class SASLAuthentication {
...
@@ -590,7 +590,7 @@ public class SASLAuthentication {
authenticationFailed
(
session
,
Failure
.
NOT_AUTHORIZED
);
authenticationFailed
(
session
,
Failure
.
NOT_AUTHORIZED
);
return
Status
.
failed
;
return
Status
.
failed
;
}
}
principals
.
addAll
(
CertificateManager
.
getClient
Peer
Identities
((
X509Certificate
)
trusted
));
principals
.
addAll
(
CertificateManager
.
getClientIdentities
((
X509Certificate
)
trusted
));
if
(
principals
.
size
()
==
1
)
{
if
(
principals
.
size
()
==
1
)
{
principal
=
principals
.
get
(
0
);
principal
=
principals
.
get
(
0
);
...
@@ -640,7 +640,7 @@ public class SASLAuthentication {
...
@@ -640,7 +640,7 @@ public class SASLAuthentication {
}
}
public
static
boolean
verifyCertificate
(
X509Certificate
trustedCert
,
String
hostname
)
{
public
static
boolean
verifyCertificate
(
X509Certificate
trustedCert
,
String
hostname
)
{
for
(
String
identity
:
CertificateManager
.
getServer
Peer
Identities
(
trustedCert
))
{
for
(
String
identity
:
CertificateManager
.
getServerIdentities
(
trustedCert
))
{
// Verify that either the identity is the same as the hostname, or for wildcarded
// Verify that either the identity is the same as the hostname, or for wildcarded
// identities that the hostname ends with .domainspecified or -is- domainspecified.
// identities that the hostname ends with .domainspecified or -is- domainspecified.
if
((
identity
.
startsWith
(
"*."
)
if
((
identity
.
startsWith
(
"*."
)
...
...
src/java/org/jivesoftware/util/CertificateManager.java
View file @
b90fd62c
...
@@ -116,9 +116,9 @@ public class CertificateManager {
...
@@ -116,9 +116,9 @@ public class CertificateManager {
private
static
List
<
CertificateEventListener
>
listeners
=
new
CopyOnWriteArrayList
<
CertificateEventListener
>();
private
static
List
<
CertificateEventListener
>
listeners
=
new
CopyOnWriteArrayList
<
CertificateEventListener
>();
private
static
List
<
CertificateIdentityMapping
>
serverCert
Identity
Mapping
=
new
ArrayList
<
CertificateIdentityMapping
>();
private
static
List
<
CertificateIdentityMapping
>
serverCertMapping
=
new
ArrayList
<
CertificateIdentityMapping
>();
private
static
List
<
CertificateIdentityMapping
>
clientCert
Identity
Mapping
=
new
ArrayList
<
CertificateIdentityMapping
>();
private
static
List
<
CertificateIdentityMapping
>
clientCertMapping
=
new
ArrayList
<
CertificateIdentityMapping
>();
static
{
static
{
// Add the BC provider to the list of security providers
// Add the BC provider to the list of security providers
...
@@ -134,7 +134,7 @@ public class CertificateManager {
...
@@ -134,7 +134,7 @@ public class CertificateManager {
CertificateIdentityMapping
provider
=
CertificateIdentityMapping
provider
=
(
CertificateIdentityMapping
)(
c_provider
.
newInstance
());
(
CertificateIdentityMapping
)(
c_provider
.
newInstance
());
Log
.
debug
(
"CertificateManager: Loaded server identity mapping "
+
s_provider
);
Log
.
debug
(
"CertificateManager: Loaded server identity mapping "
+
s_provider
);
serverCert
Identity
Mapping
.
add
(
provider
);
serverCertMapping
.
add
(
provider
);
}
}
catch
(
Exception
e
)
{
catch
(
Exception
e
)
{
Log
.
error
(
"CertificateManager: Error loading CertificateIdentityMapping: "
+
s_provider
+
"\n"
+
e
);
Log
.
error
(
"CertificateManager: Error loading CertificateIdentityMapping: "
+
s_provider
+
"\n"
+
e
);
...
@@ -142,10 +142,10 @@ public class CertificateManager {
...
@@ -142,10 +142,10 @@ public class CertificateManager {
}
}
}
}
if
(
serverCert
Identity
Mapping
.
isEmpty
())
{
if
(
serverCertMapping
.
isEmpty
())
{
Log
.
debug
(
"CertificateManager: No server CertificateIdentityMapping's found. Loading default mappings"
);
Log
.
debug
(
"CertificateManager: No server CertificateIdentityMapping's found. Loading default mappings"
);
serverCert
Identity
Mapping
.
add
(
new
SANCertificateIdentityMapping
());
serverCertMapping
.
add
(
new
SANCertificateIdentityMapping
());
serverCert
Identity
Mapping
.
add
(
new
CNCertificateIdentityMapping
());
serverCertMapping
.
add
(
new
CNCertificateIdentityMapping
());
}
}
String
clientCertMapList
=
JiveGlobals
.
getProperty
(
"provider.clientCertIdentityMap.classList"
);
String
clientCertMapList
=
JiveGlobals
.
getProperty
(
"provider.clientCertIdentityMap.classList"
);
...
@@ -158,7 +158,7 @@ public class CertificateManager {
...
@@ -158,7 +158,7 @@ public class CertificateManager {
CertificateIdentityMapping
provider
=
CertificateIdentityMapping
provider
=
(
CertificateIdentityMapping
)(
c_provider
.
newInstance
());
(
CertificateIdentityMapping
)(
c_provider
.
newInstance
());
Log
.
debug
(
"CertificateManager: Loaded client identity mapping "
+
s_provider
);
Log
.
debug
(
"CertificateManager: Loaded client identity mapping "
+
s_provider
);
clientCert
Identity
Mapping
.
add
(
provider
);
clientCertMapping
.
add
(
provider
);
}
}
catch
(
Exception
e
)
{
catch
(
Exception
e
)
{
Log
.
error
(
"CertificateManager: Error loading CertificateIdentityMapping: "
+
s_provider
+
"\n"
+
e
);
Log
.
error
(
"CertificateManager: Error loading CertificateIdentityMapping: "
+
s_provider
+
"\n"
+
e
);
...
@@ -166,9 +166,9 @@ public class CertificateManager {
...
@@ -166,9 +166,9 @@ public class CertificateManager {
}
}
}
}
if
(
clientCert
Identity
Mapping
.
isEmpty
())
{
if
(
clientCertMapping
.
isEmpty
())
{
Log
.
debug
(
"CertificateManager: No client CertificateIdentityMapping's found. Loading default mappings"
);
Log
.
debug
(
"CertificateManager: No client CertificateIdentityMapping's found. Loading default mappings"
);
clientCert
Identity
Mapping
.
add
(
new
CNCertificateIdentityMapping
());
clientCertMapping
.
add
(
new
CNCertificateIdentityMapping
());
}
}
}
}
...
@@ -391,10 +391,10 @@ public class CertificateManager {
...
@@ -391,10 +391,10 @@ public class CertificateManager {
* @param x509Certificate the certificate the holds the identities of the remote server.
* @param x509Certificate the certificate the holds the identities of the remote server.
* @return the identities of the remote client as defined in the specified certificate.
* @return the identities of the remote client as defined in the specified certificate.
*/
*/
public
static
List
<
String
>
getClient
Peer
Identities
(
X509Certificate
x509Certificate
)
{
public
static
List
<
String
>
getClientIdentities
(
X509Certificate
x509Certificate
)
{
List
<
String
>
names
=
new
ArrayList
<
String
>();
List
<
String
>
names
=
new
ArrayList
<
String
>();
for
(
CertificateIdentityMapping
mapping
:
clientCert
Identity
Mapping
)
{
for
(
CertificateIdentityMapping
mapping
:
clientCertMapping
)
{
List
<
String
>
identities
=
mapping
.
mapIdentity
(
x509Certificate
);
List
<
String
>
identities
=
mapping
.
mapIdentity
(
x509Certificate
);
Log
.
debug
(
"CertificateManager: "
+
mapping
.
name
()
+
" returned "
+
identities
.
toString
());
Log
.
debug
(
"CertificateManager: "
+
mapping
.
name
()
+
" returned "
+
identities
.
toString
());
names
.
addAll
(
identities
);
names
.
addAll
(
identities
);
...
@@ -414,10 +414,10 @@ public class CertificateManager {
...
@@ -414,10 +414,10 @@ public class CertificateManager {
* @param x509Certificate the certificate the holds the identities of the remote server.
* @param x509Certificate the certificate the holds the identities of the remote server.
* @return the identities of the remote server as defined in the specified certificate.
* @return the identities of the remote server as defined in the specified certificate.
*/
*/
public
static
List
<
String
>
getServer
Peer
Identities
(
X509Certificate
x509Certificate
)
{
public
static
List
<
String
>
getServerIdentities
(
X509Certificate
x509Certificate
)
{
List
<
String
>
names
=
new
ArrayList
<
String
>();
List
<
String
>
names
=
new
ArrayList
<
String
>();
for
(
CertificateIdentityMapping
mapping
:
serverCert
Identity
Mapping
)
{
for
(
CertificateIdentityMapping
mapping
:
serverCertMapping
)
{
List
<
String
>
identities
=
mapping
.
mapIdentity
(
x509Certificate
);
List
<
String
>
identities
=
mapping
.
mapIdentity
(
x509Certificate
);
Log
.
debug
(
"CertificateManager: "
+
mapping
.
name
()
+
" returned "
+
identities
.
toString
());
Log
.
debug
(
"CertificateManager: "
+
mapping
.
name
()
+
" returned "
+
identities
.
toString
());
names
.
addAll
(
identities
);
names
.
addAll
(
identities
);
...
@@ -484,7 +484,7 @@ public class CertificateManager {
...
@@ -484,7 +484,7 @@ public class CertificateManager {
}
}
else
{
else
{
// Only accept certified domains that match the specified domain
// Only accept certified domains that match the specified domain
for
(
String
identity
:
getServer
Peer
Identities
(
certificate
))
{
for
(
String
identity
:
getServerIdentities
(
certificate
))
{
if
(
identity
.
endsWith
(
domain
)
&&
certificate
.
getPublicKey
().
getAlgorithm
().
equals
(
algorithm
))
{
if
(
identity
.
endsWith
(
domain
)
&&
certificate
.
getPublicKey
().
getAlgorithm
().
equals
(
algorithm
))
{
result
=
true
;
result
=
true
;
}
}
...
...
src/web/security-keystore.jsp
View file @
b90fd62c
...
@@ -210,7 +210,7 @@
...
@@ -210,7 +210,7 @@
String
a
=
(
String
)
aliases
.
nextElement
();
String
a
=
(
String
)
aliases
.
nextElement
();
X509Certificate
c
=
(
X509Certificate
)
keyStore
.
getCertificate
(
a
);
X509Certificate
c
=
(
X509Certificate
)
keyStore
.
getCertificate
(
a
);
StringBuffer
identities
=
new
StringBuffer
();
StringBuffer
identities
=
new
StringBuffer
();
for
(
String
identity
:
CertificateManager
.
getServer
Peer
Identities
(
c
))
{
for
(
String
identity
:
CertificateManager
.
getServerIdentities
(
c
))
{
identities
.
append
(
identity
).
append
(
", "
);
identities
.
append
(
identity
).
append
(
", "
);
}
}
if
(
identities
.
length
()
>
0
)
{
if
(
identities
.
length
()
>
0
)
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment