diff options
| author | Matthew Newhook <matthew@zeroc.com> | 2006-06-05 15:11:48 +0000 |
|---|---|---|
| committer | Matthew Newhook <matthew@zeroc.com> | 2006-06-05 15:11:48 +0000 |
| commit | c7830493b1a04964c872095e7b924d86c08b2b52 (patch) | |
| tree | 106dd9f15a637962b24dd870e023f7b3dd236f61 /java/ssl/jdk1.5/IceSSL/Instance.java | |
| parent | Add addressFilter to build (diff) | |
| download | ice-c7830493b1a04964c872095e7b924d86c08b2b52.tar.bz2 ice-c7830493b1a04964c872095e7b924d86c08b2b52.tar.xz ice-c7830493b1a04964c872095e7b924d86c08b2b52.zip | |
added support for TrustOnly.
Diffstat (limited to 'java/ssl/jdk1.5/IceSSL/Instance.java')
| -rw-r--r-- | java/ssl/jdk1.5/IceSSL/Instance.java | 36 |
1 files changed, 24 insertions, 12 deletions
diff --git a/java/ssl/jdk1.5/IceSSL/Instance.java b/java/ssl/jdk1.5/IceSSL/Instance.java index d92202190b1..ff8f0a17469 100644 --- a/java/ssl/jdk1.5/IceSSL/Instance.java +++ b/java/ssl/jdk1.5/IceSSL/Instance.java @@ -17,6 +17,7 @@ class Instance _facade = Ice.Util.getProtocolPluginFacade(communicator); _securityTraceLevel = communicator.getProperties().getPropertyAsIntWithDefault("IceSSL.Trace.Security", 0); _securityTraceCategory = "Security"; + _trustManager = new TrustManager(communicator); // // Register the endpoint factory. We have to do this now, rather than @@ -658,22 +659,32 @@ class Instance } } - if(_verifier != null) + if(!_trustManager.verify(info)) { - if(!_verifier.verify(info)) + String msg = (incoming ? "incoming" : "outgoing") + " connection rejected by trust manager\n" + + IceInternal.Network.fdToString(fd); + if(_securityTraceLevel >= 1) { - String msg = (incoming ? "incoming" : "outgoing") + " connection rejected by certificate verifier\n" + - IceInternal.Network.fdToString(fd); - - if(_securityTraceLevel > 0) - { - _logger.trace(_securityTraceCategory, msg); - } + _logger.trace(_securityTraceCategory, msg); + } + Ice.SecurityException ex = new Ice.SecurityException(); + ex.reason = msg; + throw ex; + } - Ice.SecurityException ex = new Ice.SecurityException(); - ex.reason = msg; - throw ex; + if(_verifier != null && !_verifier.verify(info)) + { + String msg = (incoming ? "incoming" : "outgoing") + " connection rejected by certificate verifier\n" + + IceInternal.Network.fdToString(fd); + + if(_securityTraceLevel > 0) + { + _logger.trace(_securityTraceCategory, msg); } + + Ice.SecurityException ex = new Ice.SecurityException(); + ex.reason = msg; + throw ex; } } @@ -805,4 +816,5 @@ class Instance private String[] _protocols; private boolean _checkCertName; private CertificateVerifier _verifier; + private TrustManager _trustManager; } |