Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
Openfire
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Administrator
Openfire
Commits
fea65b9b
Commit
fea65b9b
authored
Dec 01, 2015
by
Guus der Kinderen
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Adding debug logging to trust manager.
parent
bdd91418
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
11 additions
and
1 deletion
+11
-1
OpenfireX509TrustManager.java
...esoftware/openfire/keystore/OpenfireX509TrustManager.java
+11
-1
No files found.
src/java/org/jivesoftware/openfire/keystore/OpenfireX509TrustManager.java
View file @
fea65b9b
...
@@ -168,6 +168,8 @@ public class OpenfireX509TrustManager implements X509TrustManager
...
@@ -168,6 +168,8 @@ public class OpenfireX509TrustManager implements X509TrustManager
throw
new
IllegalArgumentException
(
"Argument 'chain' cannot be null or an empty array."
);
throw
new
IllegalArgumentException
(
"Argument 'chain' cannot be null or an empty array."
);
}
}
Log
.
debug
(
"Attempting to verify a chain of {} certificates."
,
chain
.
length
);
// The set of trusted issuers (for this invocation), based on the issuers from the truststore.
// The set of trusted issuers (for this invocation), based on the issuers from the truststore.
final
Set
<
X509Certificate
>
trustedIssuers
=
new
HashSet
<>();
final
Set
<
X509Certificate
>
trustedIssuers
=
new
HashSet
<>();
trustedIssuers
.
addAll
(
this
.
trustedIssuers
);
trustedIssuers
.
addAll
(
this
.
trustedIssuers
);
...
@@ -177,11 +179,18 @@ public class OpenfireX509TrustManager implements X509TrustManager
...
@@ -177,11 +179,18 @@ public class OpenfireX509TrustManager implements X509TrustManager
// as expiration checking.
// as expiration checking.
if
(
acceptSelfSigned
&&
chain
.
length
==
1
)
if
(
acceptSelfSigned
&&
chain
.
length
==
1
)
{
{
Log
.
debug
(
"Attempting to accept the self-signed certificate of this chain of length one, as instructed by configuration."
);
final
X509Certificate
cert
=
chain
[
0
];
final
X509Certificate
cert
=
chain
[
0
];
if
(
cert
.
getSubjectDN
().
equals
(
cert
.
getIssuerDN
()
)
)
if
(
cert
.
getSubjectDN
().
equals
(
cert
.
getIssuerDN
()
)
)
{
{
Log
.
debug
(
"Chain of one appears to be self-signed. Adding it to the set of trusted issuers."
);
trustedIssuers
.
add
(
cert
);
trustedIssuers
.
add
(
cert
);
}
}
else
{
Log
.
debug
(
"Chain of one is not self-signed. Not adding it to the set of trusted issuers."
);
}
}
}
// Turn trusted into accepted issuers.
// Turn trusted into accepted issuers.
...
@@ -208,6 +217,8 @@ public class OpenfireX509TrustManager implements X509TrustManager
...
@@ -208,6 +217,8 @@ public class OpenfireX509TrustManager implements X509TrustManager
// Validity checks are enabled by default in the CertPathBuilder implementation.
// Validity checks are enabled by default in the CertPathBuilder implementation.
if
(
!
checkValidity
)
if
(
!
checkValidity
)
{
{
Log
.
debug
(
"Attempting to ignore any validity (expiry) issues, as instructed by configuration."
);
// There is no way to configure the pathBuilder to ignore date validity. When validity checks are to be
// There is no way to configure the pathBuilder to ignore date validity. When validity checks are to be
// ignored, try to find a point in time where all certificates in the chain are valid.
// ignored, try to find a point in time where all certificates in the chain are valid.
final
Date
validPointInTime
=
CertificateUtils
.
findValidPointInTime
(
chain
);
final
Date
validPointInTime
=
CertificateUtils
.
findValidPointInTime
(
chain
);
...
@@ -233,7 +244,6 @@ public class OpenfireX509TrustManager implements X509TrustManager
...
@@ -233,7 +244,6 @@ public class OpenfireX509TrustManager implements X509TrustManager
Log
.
debug
(
"Validating chain with {} certificates, using {} trust anchors."
,
chain
.
length
,
trustAnchors
.
size
()
);
Log
.
debug
(
"Validating chain with {} certificates, using {} trust anchors."
,
chain
.
length
,
trustAnchors
.
size
()
);
// Try to use BouncyCastle - if that doesn't work, pick one.
// Try to use BouncyCastle - if that doesn't work, pick one.
CertPathBuilder
pathBuilder
;
CertPathBuilder
pathBuilder
;
try
try
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment