Unverified Commit e92adc6f authored by Dave Cridland's avatar Dave Cridland Committed by GitHub

Merge pull request #1035 from guusdk/OF-1191_Mutual-authentication

OF-1191: Use client truststores for c2s-type connections.
parents 4ddc7fc4 83c47b30
package org.jivesoftware.openfire.keystore; package org.jivesoftware.openfire.keystore;
import org.bouncycastle.bcpg.ElGamalSecretBCPGKey;
import org.jivesoftware.openfire.XMPPServer; import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.container.BasicModule; import org.jivesoftware.openfire.container.BasicModule;
import org.jivesoftware.openfire.spi.ConnectionListener; import org.jivesoftware.openfire.spi.ConnectionListener;
...@@ -12,6 +13,7 @@ import org.slf4j.LoggerFactory; ...@@ -12,6 +13,7 @@ import org.slf4j.LoggerFactory;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap; import java.util.concurrent.ConcurrentMap;
...@@ -349,7 +351,17 @@ public class CertificateStoreManager extends BasicModule ...@@ -349,7 +351,17 @@ public class CertificateStoreManager extends BasicModule
static String getTrustStoreLocation( ConnectionType type ) static String getTrustStoreLocation( ConnectionType type )
{ {
final String propertyName = type.getPrefix() + "truststore"; final String propertyName = type.getPrefix() + "truststore";
final String defaultValue = "resources" + File.separator + "security" + File.separator + "truststore"; final String defaultValue;
// OF-1191: For client-oriented connection types, Openfire traditionally uses a different truststore.
if ( Arrays.asList( ConnectionType.SOCKET_C2S, ConnectionType.BOSH_C2S, ConnectionType.WEBADMIN ).contains( type ) )
{
defaultValue = "resources" + File.separator + "security" + File.separator + "client.truststore";
}
else
{
defaultValue = "resources" + File.separator + "security" + File.separator + "truststore";
}
if ( type.getFallback() == null ) if ( type.getFallback() == null )
{ {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment