Update IceSSL::ConnectionInfo to use native certs and remove NativeConnectionInfo

7 files changed, 21 insertions, 63 deletions

diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/CertificateVerifier.java b/java/src/Ice/src/main/java/com/zeroc/IceSSL/CertificateVerifier.java
index a78009c865f..9210f8a703d 100644
--- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/CertificateVerifier.java
+++ b/java/src/Ice/src/main/java/com/zeroc/IceSSL/CertificateVerifier.java
@@ -22,5 +22,5 @@ public interface CertificateVerifier
      * @return <code>true</code> if the connection should be accepted;
      * <code>false</code>, otherwise.
      **/
-    boolean verify(NativeConnectionInfo info);
+    boolean verify(ConnectionInfo info);
 }
diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/Instance.java b/java/src/Ice/src/main/java/com/zeroc/IceSSL/Instance.java
index 6612814e329..4302a129fc4 100644
--- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/Instance.java
+++ b/java/src/Ice/src/main/java/com/zeroc/IceSSL/Instance.java
@@ -47,7 +47,7 @@ class Instance extends com.zeroc.IceInternal.ProtocolInstance
         _engine.traceConnection(desc, engine, incoming);
     }
 
-    void verifyPeer(String address, NativeConnectionInfo info, String desc)
+    void verifyPeer(String address, ConnectionInfo info, String desc)
     {
         _engine.verifyPeer(address, info, desc);
     }
diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/NativeConnectionInfo.java b/java/src/Ice/src/main/java/com/zeroc/IceSSL/NativeConnectionInfo.java
deleted file mode 100644
index 4815c468641..00000000000
--- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/NativeConnectionInfo.java
+++ /dev/null
@@ -1,28 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2017 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-package com.zeroc.IceSSL;
-
-/**
- *
- * This class is a native extension of the Slice local class
- * IceSSL::ConnectionInfo. It provides access to the native Java
- * certificates.
- *
- * @see CertificateVerifier
- **/
-public class NativeConnectionInfo extends ConnectionInfo
-{
-    /**
-     * The certificate chain. This may be null if the peer did not
-     * supply a certificate. The peer's certificate (if any) is the
-     * first one in the chain.
-     **/
-    public java.security.cert.Certificate[] nativeCerts;
-}
diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/SSLEngine.java b/java/src/Ice/src/main/java/com/zeroc/IceSSL/SSLEngine.java
index 048c63c081e..da0ba6d11d0 100644
--- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/SSLEngine.java
+++ b/java/src/Ice/src/main/java/com/zeroc/IceSSL/SSLEngine.java
@@ -976,7 +976,7 @@ class SSLEngine
         return _communicator;
     }
 
-    void verifyPeer(String address, NativeConnectionInfo info, String desc)
+    void verifyPeer(String address, ConnectionInfo info, String desc)
     {
         //
         // IceSSL.VerifyPeer is translated into the proper SSLEngine configuration
@@ -990,10 +990,10 @@ class SSLEngine
             }
         }
 
-        if(_verifyDepthMax > 0 && info.nativeCerts != null && info.nativeCerts.length > _verifyDepthMax)
+        if(_verifyDepthMax > 0 && info.certs != null && info.certs.length > _verifyDepthMax)
         {
             String msg = (info.incoming ? "incoming" : "outgoing") + " connection rejected:\n" +
-                "length of peer's certificate chain (" + info.nativeCerts.length + ") exceeds maximum of " +
+                "length of peer's certificate chain (" + info.certs.length + ") exceeds maximum of " +
                 _verifyDepthMax + "\n" + desc;
             if(_securityTraceLevel >= 1)
             {
diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/TransceiverI.java b/java/src/Ice/src/main/java/com/zeroc/IceSSL/TransceiverI.java
index b69a8858564..6cc60684096 100644
--- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/TransceiverI.java
+++ b/java/src/Ice/src/main/java/com/zeroc/IceSSL/TransceiverI.java
@@ -74,29 +74,17 @@ final class TransceiverI implements com.zeroc.IceInternal.Transceiver
             java.security.cert.Certificate[] pcerts = session.getPeerCertificates();
             java.security.cert.Certificate[] vcerts = _instance.engine().getVerifiedCertificateChain(pcerts);
             _verified = vcerts != null;
-            _nativeCerts = _verified ? vcerts : pcerts;
-            java.util.ArrayList<String> certs = new java.util.ArrayList<>();
-            for(java.security.cert.Certificate c : _nativeCerts)
-            {
-                StringBuilder s = new StringBuilder("-----BEGIN CERTIFICATE-----\n");
-                s.append(Base64.getEncoder().encodeToString(c.getEncoded()));
-                s.append("\n-----END CERTIFICATE-----");
-                certs.add(s.toString());
-            }
-            _certs = certs.toArray(new String[certs.size()]);
+            _certs = _verified ? vcerts : pcerts;
         }
         catch(javax.net.ssl.SSLPeerUnverifiedException ex)
         {
             // No peer certificates.
         }
-        catch(java.security.cert.CertificateEncodingException ex)
-        {
-        }
 
         //
         // Additional verification.
         //
-        _instance.verifyPeer(_host, (NativeConnectionInfo)getInfo(), _delegate.toString());
+        _instance.verifyPeer(_host, (com.zeroc.IceSSL.ConnectionInfo)getInfo(), _delegate.toString());
 
         if(_instance.securityTraceLevel() >= 1)
         {
@@ -293,14 +281,13 @@ final class TransceiverI implements com.zeroc.IceInternal.Transceiver
     @Override
     public com.zeroc.Ice.ConnectionInfo getInfo()
     {
-        NativeConnectionInfo info = new NativeConnectionInfo();
+        ConnectionInfo info = new ConnectionInfo();
         info.underlying = _delegate.getInfo();
         info.incoming = _incoming;
         info.adapterName = _adapterName;
         info.cipher = _cipher;
         info.certs = _certs;
         info.verified = _verified;
-        info.nativeCerts = _nativeCerts;
         return info;
     }
 
@@ -594,7 +581,6 @@ final class TransceiverI implements com.zeroc.IceInternal.Transceiver
     private static ByteBuffer _emptyBuffer = ByteBuffer.allocate(0); // Used during handshaking.
 
     private String _cipher;
-    private String[] _certs;
+    private java.security.cert.Certificate[] _certs;
     private boolean _verified;
-    private java.security.cert.Certificate[] _nativeCerts;
 }
diff --git a/java/src/Ice/src/main/java/com/zeroc/IceSSL/TrustManager.java b/java/src/Ice/src/main/java/com/zeroc/IceSSL/TrustManager.java
index 222791df9d6..12ced2676c0 100644
--- a/java/src/Ice/src/main/java/com/zeroc/IceSSL/TrustManager.java
+++ b/java/src/Ice/src/main/java/com/zeroc/IceSSL/TrustManager.java
@@ -55,7 +55,7 @@ class TrustManager
     }
 
     boolean
-    verify(NativeConnectionInfo info, String desc)
+    verify(ConnectionInfo info, String desc)
     {
         java.util.List<java.util.List<java.util.List<RFC2253.RDNPair> > >
             reject = new java.util.LinkedList<java.util.List<java.util.List<RFC2253.RDNPair> > >(),
@@ -126,10 +126,10 @@ class TrustManager
         //
         // If there is no certificate then we match false.
         //
-        if(info.nativeCerts != null && info.nativeCerts.length > 0)
+        if(info.certs != null && info.certs.length > 0)
         {
             javax.security.auth.x500.X500Principal subjectDN =
-                ((java.security.cert.X509Certificate)info.nativeCerts[0]).getSubjectX500Principal();
+                ((java.security.cert.X509Certificate)info.certs[0]).getSubjectX500Principal();
             String subjectName = subjectDN.getName(javax.security.auth.x500.X500Principal.RFC2253);
             assert subjectName != null;
             try
diff --git a/java/src/IceGridGUI/src/main/java/com/zeroc/IceGridGUI/Coordinator.java b/java/src/IceGridGUI/src/main/java/com/zeroc/IceGridGUI/Coordinator.java
index 4e117317372..96d86274fd5 100644
--- a/java/src/IceGridGUI/src/main/java/com/zeroc/IceGridGUI/Coordinator.java
+++ b/java/src/IceGridGUI/src/main/java/com/zeroc/IceGridGUI/Coordinator.java
@@ -1331,7 +1331,7 @@ public class Coordinator
 
             class AcceptInvalidCertDialog implements Runnable
             {
-                public TrustDecision show(com.zeroc.IceSSL.NativeConnectionInfo info, boolean validDate,
+                public TrustDecision show(com.zeroc.IceSSL.ConnectionInfo info, boolean validDate,
                                           boolean validAlternateName, boolean trustedCA)
                 {
                     _info = info;
@@ -1377,7 +1377,7 @@ public class Coordinator
                     }
                 }
 
-                private com.zeroc.IceSSL.NativeConnectionInfo _info;
+                private com.zeroc.IceSSL.ConnectionInfo _info;
                 private boolean _validDate;
                 private boolean _validAlternateName;
                 private boolean _trustedCA;
@@ -1385,14 +1385,14 @@ public class Coordinator
             }
 
             @Override
-            public boolean verify(com.zeroc.IceSSL.NativeConnectionInfo info)
+            public boolean verify(com.zeroc.IceSSL.ConnectionInfo info)
             {
-                if(!(info.nativeCerts[0] instanceof X509Certificate))
+                if(!(info.certs[0] instanceof X509Certificate))
                 {
                     return false;
                 }
 
-                X509Certificate cert = (X509Certificate) info.nativeCerts[0];
+                X509Certificate cert = (X509Certificate) info.certs[0];
                 byte[] encoded;
                 try
                 {
@@ -1585,7 +1585,7 @@ public class Coordinator
 
                 if(decision == TrustDecision.YesThisTime)
                 {
-                    _transientCert = (X509Certificate) info.nativeCerts[0];
+                    _transientCert = (X509Certificate) info.certs[0];
                     return true;
                 }
                 else if(decision == TrustDecision.YesAlways)
@@ -1602,7 +1602,7 @@ public class Coordinator
                                 break;
                             }
                         }
-                        _trustedServerKeyStore.setCertificateEntry(CN, info.nativeCerts[0]);
+                        _trustedServerKeyStore.setCertificateEntry(CN, info.certs[0]);
                         _trustedServerKeyStore.store(new FileOutputStream(getDataDirectory() + "/ServerCerts.jks"),
                                                      new char[]{});
                         sessionKeeper.certificateManager(parent).load();
@@ -3604,7 +3604,7 @@ public class Coordinator
 
     static class UntrustedCertificateDialog extends JDialog
     {
-        public UntrustedCertificateDialog(java.awt.Window owner, com.zeroc.IceSSL.NativeConnectionInfo info,
+        public UntrustedCertificateDialog(java.awt.Window owner, com.zeroc.IceSSL.ConnectionInfo info,
                                           boolean validDate, boolean validAlternateName, boolean trustedCA)
             throws java.security.GeneralSecurityException, java.io.IOException,
             javax.naming.InvalidNameException
@@ -3615,7 +3615,7 @@ public class Coordinator
             Container contentPane = getContentPane();
             contentPane.setLayout(new BoxLayout(contentPane, BoxLayout.Y_AXIS));
 
-            X509Certificate cert = (X509Certificate)info.nativeCerts[0];
+            X509Certificate cert = (X509Certificate)info.certs[0];
             {
                 DefaultFormBuilder builder = new DefaultFormBuilder(new FormLayout("pref", "pref"));
                 builder.border(Borders.DIALOG);