6 files changed, 12 insertions, 54 deletions

diff --git a/java-compat/src/Ice/src/main/java/IceSSL/CertificateVerifier.java b/java-compat/src/Ice/src/main/java/IceSSL/CertificateVerifier.java
index c28e98ff727..423e6eb57e4 100644
--- a/java-compat/src/Ice/src/main/java/IceSSL/CertificateVerifier.java
+++ b/java-compat/src/Ice/src/main/java/IceSSL/CertificateVerifier.java
@@ -22,5 +22,5 @@ public interface CertificateVerifier
      * @return <code>true</code> if the connection should be accepted;
      * <code>false</code>, otherwise.
      **/
-    boolean verify(NativeConnectionInfo info);
+    boolean verify(ConnectionInfo info);
 }
diff --git a/java-compat/src/Ice/src/main/java/IceSSL/Instance.java b/java-compat/src/Ice/src/main/java/IceSSL/Instance.java
index 227e30ab366..04ea44d6fe0 100644
--- a/java-compat/src/Ice/src/main/java/IceSSL/Instance.java
+++ b/java-compat/src/Ice/src/main/java/IceSSL/Instance.java
@@ -47,7 +47,7 @@ class Instance extends IceInternal.ProtocolInstance
         _engine.traceConnection(desc, engine, incoming);
     }
 
-    void verifyPeer(String address, NativeConnectionInfo info, String desc)
+    void verifyPeer(String address, ConnectionInfo info, String desc)
     {
         _engine.verifyPeer(address, info, desc);
     }
diff --git a/java-compat/src/Ice/src/main/java/IceSSL/NativeConnectionInfo.java b/java-compat/src/Ice/src/main/java/IceSSL/NativeConnectionInfo.java
deleted file mode 100644
index bae146eb19e..00000000000
--- a/java-compat/src/Ice/src/main/java/IceSSL/NativeConnectionInfo.java
+++ /dev/null
@@ -1,28 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2017 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-package IceSSL;
-
-/**
- *
- * This class is a native extension of the Slice local class
- * IceSSL::ConnectionInfo. It provides access to the native Java
- * certificates.
- *
- * @see CertificateVerifier
- **/
-public class NativeConnectionInfo extends ConnectionInfo
-{
-    /**
-     * The certificate chain. This may be null if the peer did not
-     * supply a certificate. The peer's certificate (if any) is the
-     * first one in the chain.
-     **/
-    public java.security.cert.Certificate[] nativeCerts;
-}
diff --git a/java-compat/src/Ice/src/main/java/IceSSL/SSLEngine.java b/java-compat/src/Ice/src/main/java/IceSSL/SSLEngine.java
index d2ca48c2fa4..70f7152dc9e 100644
--- a/java-compat/src/Ice/src/main/java/IceSSL/SSLEngine.java
+++ b/java-compat/src/Ice/src/main/java/IceSSL/SSLEngine.java
@@ -970,7 +970,7 @@ class SSLEngine
         return _communicator;
     }
 
-    void verifyPeer(String address, NativeConnectionInfo info, String desc)
+    void verifyPeer(String address, ConnectionInfo info, String desc)
     {
         //
         // IceSSL.VerifyPeer is translated into the proper SSLEngine configuration
@@ -984,10 +984,10 @@ class SSLEngine
             }
         }
 
-        if(_verifyDepthMax > 0 && info.nativeCerts != null && info.nativeCerts.length > _verifyDepthMax)
+        if(_verifyDepthMax > 0 && info.certs != null && info.certs.length > _verifyDepthMax)
         {
             String msg = (info.incoming ? "incoming" : "outgoing") + " connection rejected:\n" +
-                "length of peer's certificate chain (" + info.nativeCerts.length + ") exceeds maximum of " +
+                "length of peer's certificate chain (" + info.certs.length + ") exceeds maximum of " +
                 _verifyDepthMax + "\n" + desc;
             if(_securityTraceLevel >= 1)
             {
diff --git a/java-compat/src/Ice/src/main/java/IceSSL/TransceiverI.java b/java-compat/src/Ice/src/main/java/IceSSL/TransceiverI.java
index 0f2f54492b9..91d30c6c244 100644
--- a/java-compat/src/Ice/src/main/java/IceSSL/TransceiverI.java
+++ b/java-compat/src/Ice/src/main/java/IceSSL/TransceiverI.java
@@ -72,29 +72,17 @@ final class TransceiverI implements IceInternal.Transceiver
             java.security.cert.Certificate[] pcerts = session.getPeerCertificates();
             java.security.cert.Certificate[] vcerts = _instance.engine().getVerifiedCertificateChain(pcerts);
             _verified = vcerts != null;
-            _nativeCerts = _verified ? vcerts : pcerts;
-            java.util.ArrayList<String> certs = new java.util.ArrayList<>();
-            for(java.security.cert.Certificate c : _nativeCerts)
-            {
-                StringBuilder s = new StringBuilder("-----BEGIN CERTIFICATE-----\n");
-                s.append(IceUtilInternal.Base64.encode(c.getEncoded()));
-                s.append("\n-----END CERTIFICATE-----");
-                certs.add(s.toString());
-            }
-            _certs = certs.toArray(new String[certs.size()]);
+            _certs = _verified ? vcerts : pcerts;
         }
         catch(javax.net.ssl.SSLPeerUnverifiedException ex)
         {
             // No peer certificates.
         }
-        catch(java.security.cert.CertificateEncodingException ex)
-        {
-        }
 
         //
         // Additional verification.
         //
-        _instance.verifyPeer(_host, (NativeConnectionInfo)getInfo(), _delegate.toString());
+        _instance.verifyPeer(_host, (ConnectionInfo)getInfo(), _delegate.toString());
 
         if(_instance.securityTraceLevel() >= 1)
         {
@@ -291,14 +279,13 @@ final class TransceiverI implements IceInternal.Transceiver
     @Override
     public Ice.ConnectionInfo getInfo()
     {
-        NativeConnectionInfo info = new NativeConnectionInfo();
+        ConnectionInfo info = new ConnectionInfo();
         info.underlying = _delegate.getInfo();
         info.incoming = _incoming;
         info.adapterName = _adapterName;
         info.cipher = _cipher;
         info.certs = _certs;
         info.verified = _verified;
-        info.nativeCerts = _nativeCerts;
         return info;
     }
 
@@ -591,7 +578,6 @@ final class TransceiverI implements IceInternal.Transceiver
     private static ByteBuffer _emptyBuffer = ByteBuffer.allocate(0); // Used during handshaking.
 
     private String _cipher;
-    private String[] _certs;
+    private java.security.cert.Certificate[] _certs;
     private boolean _verified;
-    private java.security.cert.Certificate[] _nativeCerts;
 }
diff --git a/java-compat/src/Ice/src/main/java/IceSSL/TrustManager.java b/java-compat/src/Ice/src/main/java/IceSSL/TrustManager.java
index 71c52026f65..7310a52adfa 100644
--- a/java-compat/src/Ice/src/main/java/IceSSL/TrustManager.java
+++ b/java-compat/src/Ice/src/main/java/IceSSL/TrustManager.java
@@ -55,7 +55,7 @@ class TrustManager
     }
 
     boolean
-    verify(NativeConnectionInfo info, String desc)
+    verify(ConnectionInfo info, String desc)
     {
         java.util.List<java.util.List<java.util.List<RFC2253.RDNPair> > >
             reject = new java.util.LinkedList<java.util.List<java.util.List<RFC2253.RDNPair> > >(),
@@ -126,9 +126,9 @@ class TrustManager
         //
         // If there is no certificate then we match false.
         //
-        if(info.nativeCerts != null && info.nativeCerts.length > 0)
+        if(info.certs != null && info.certs.length > 0)
         {
-            javax.security.auth.x500.X500Principal subjectDN = ((java.security.cert.X509Certificate)info.nativeCerts[0]).getSubjectX500Principal();
+            javax.security.auth.x500.X500Principal subjectDN = ((java.security.cert.X509Certificate)info.certs[0]).getSubjectX500Principal();
             String subjectName = subjectDN.getName(javax.security.auth.x500.X500Principal.RFC2253);
             assert subjectName != null;
             try