summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xdozentenmodul/src/main/java/org/openslx/dozmod/App.java4
-rw-r--r--dozentenmodul/src/main/java/org/openslx/dozmod/util/CombinedTrustManager.java (renamed from dozentenmodul/src/main/java/org/openslx/dozmod/util/FallbackTrustManager.java)102
-rw-r--r--dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java6
3 files changed, 59 insertions, 53 deletions
diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/App.java b/dozentenmodul/src/main/java/org/openslx/dozmod/App.java
index a5dc7464..7d31b54f 100755
--- a/dozentenmodul/src/main/java/org/openslx/dozmod/App.java
+++ b/dozentenmodul/src/main/java/org/openslx/dozmod/App.java
@@ -37,7 +37,7 @@ import org.openslx.dozmod.gui.helper.I18n;
import org.openslx.dozmod.gui.helper.Language;
import org.openslx.dozmod.gui.helper.MessageType;
import org.openslx.dozmod.util.ClientVersion;
-import org.openslx.dozmod.util.FallbackTrustManager;
+import org.openslx.dozmod.util.CombinedTrustManager;
import org.openslx.dozmod.util.ProxyConfigurator;
import org.openslx.thrifthelper.ThriftManager;
import org.openslx.util.AppUtil;
@@ -148,7 +148,7 @@ public class App {
LOGGER.info("Starting logging to " + logFilePath);
// On Windows, we use the system's trust store in addition to the Java one
- FallbackTrustManager.install();
+ CombinedTrustManager.install();
// Setting the locale
if (!setPreferredLanguage()) {
diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/util/FallbackTrustManager.java b/dozentenmodul/src/main/java/org/openslx/dozmod/util/CombinedTrustManager.java
index 3d652ba0..8bcd6bfa 100644
--- a/dozentenmodul/src/main/java/org/openslx/dozmod/util/FallbackTrustManager.java
+++ b/dozentenmodul/src/main/java/org/openslx/dozmod/util/CombinedTrustManager.java
@@ -3,6 +3,7 @@ package org.openslx.dozmod.util;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;
+import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
@@ -19,13 +20,13 @@ import javax.net.ssl.X509TrustManager;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
-public class FallbackTrustManager {
+public class CombinedTrustManager {
- private final static Logger LOGGER = LogManager.getLogger(FallbackTrustManager.class);
+ private final static Logger LOGGER = LogManager.getLogger(CombinedTrustManager.class);
private static SSLContext sslContext = null;
- private static FallbackX509TrustManager delegatingTrustManager = null;
+ private static CombinedX509TrustManager delegatingTrustManager = null;
public static void install() {
// On Windows, use system store in addition to the Java one
@@ -38,18 +39,12 @@ public class FallbackTrustManager {
// --- Load Java default trust store (cacerts) ---
String javaHome = System.getProperty("java.home");
String cacertsPath = javaHome + "/lib/security/cacerts";
-
KeyStore javaTrustStore = KeyStore.getInstance("JKS");
+
try (FileInputStream fis = new FileInputStream(cacertsPath)) {
javaTrustStore.load(fis, password);
}
-
- TrustManagerFactory javaTMF = TrustManagerFactory.getInstance(
- TrustManagerFactory.getDefaultAlgorithm());
- javaTMF.init(javaTrustStore);
- LOGGER.info("Java entries: " + javaTrustStore.size());
- X509TrustManager javaTrustManager = getX509TrustManager(javaTMF);
- managers.add(javaTrustManager);
+ addKeyStore(managers, javaTrustStore, "Java");
} catch (Exception e) {
LOGGER.warn("Error adding java certificate store", e);
}
@@ -57,43 +52,28 @@ public class FallbackTrustManager {
if (OsHelper.isWindows()) {
try {
// --- Load Windows root store ---
- KeyStore systemRoot = KeyStore.getInstance("Windows-ROOT");
- systemRoot.load(null, null);
- TrustManagerFactory windowsTMF = TrustManagerFactory.getInstance(
- TrustManagerFactory.getDefaultAlgorithm());
- windowsTMF.init(systemRoot);
- LOGGER.info("System entries: " + systemRoot.size());
- X509TrustManager windowsTrustManager = getX509TrustManager(windowsTMF);
- managers.add(windowsTrustManager);
+ KeyStore winRootStore = KeyStore.getInstance("Windows-ROOT");
+ winRootStore.load(null, null);
+ addKeyStore(managers, winRootStore, "Windows-ROOT");
} catch (Exception e) {
LOGGER.warn("Error adding Windows-ROOT certificate store", e);
}
try {
- // --- Load Windows root store ---
- KeyStore systemRoot = KeyStore.getInstance("Windows-MY");
- systemRoot.load(null, null);
- TrustManagerFactory windowsTMF = TrustManagerFactory.getInstance(
- TrustManagerFactory.getDefaultAlgorithm());
- windowsTMF.init(systemRoot);
- LOGGER.info("User entries: " + systemRoot.size());
- X509TrustManager windowsTrustManager = getX509TrustManager(windowsTMF);
- managers.add(windowsTrustManager);
+ // --- Load Windows user store ---
+ KeyStore winUserStore = KeyStore.getInstance("Windows-MY");
+ winUserStore.load(null, null);
+ addKeyStore(managers, winUserStore, "Windows-MY");
} catch (Exception e) {
LOGGER.warn("Error adding Windows-MY certificate store", e);
}
}
try {
- KeyStore systemRoot = KeyStore.getInstance("JKS");
+ KeyStore shippedStore = KeyStore.getInstance("JKS");
try (InputStream is = ResourceLoader.getStream("/data/truststore.jks")) {
- systemRoot.load(is, password);
+ shippedStore.load(is, password);
}
- TrustManagerFactory windowsTMF = TrustManagerFactory.getInstance(
- TrustManagerFactory.getDefaultAlgorithm());
- windowsTMF.init(systemRoot);
- LOGGER.info("Shipped entries: " + systemRoot.size());
- X509TrustManager windowsTrustManager = getX509TrustManager(windowsTMF);
- managers.add(windowsTrustManager);
+ addKeyStore(managers, shippedStore, "Shipped");
} catch (Exception e) {
LOGGER.warn("Error adding shipped certificate store", e);
}
@@ -105,7 +85,7 @@ public class FallbackTrustManager {
try {
// --- Combine using delegating trust manager ---
- delegatingTrustManager = new FallbackX509TrustManager(managers);
+ delegatingTrustManager = new CombinedX509TrustManager(managers);
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, getTrustManagers(), null);
@@ -116,6 +96,18 @@ public class FallbackTrustManager {
}
}
+ private static void addKeyStore(List<X509TrustManager> list, KeyStore store, String name)
+ throws Exception {
+ LOGGER.info(name + " entries: " + store.size());
+ if (store.size() == 0)
+ return; // Empty ones cause problems
+ TrustManagerFactory javaTMF = TrustManagerFactory.getInstance(
+ TrustManagerFactory.getDefaultAlgorithm());
+ javaTMF.init(store);
+ X509TrustManager javaTrustManager = getX509TrustManager(javaTMF);
+ list.add(javaTrustManager);
+ }
+
public static TrustManager getTrustManager() {
return delegatingTrustManager;
}
@@ -137,42 +129,52 @@ public class FallbackTrustManager {
}
// Delegating trust manager implementation
- public static class FallbackX509TrustManager implements X509TrustManager {
+ public static class CombinedX509TrustManager implements X509TrustManager {
private final List<X509TrustManager> managers;
private X509Certificate[] issuers = null;
- public FallbackX509TrustManager(List<X509TrustManager> managers) {
+ public CombinedX509TrustManager(List<X509TrustManager> managers) {
this.managers = managers;
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
- throws java.security.cert.CertificateException {
- java.security.cert.CertificateException cached = null;
+ throws CertificateException {
+ CertificateException cached = null;
+
for (X509TrustManager tm : managers) {
try {
tm.checkClientTrusted(chain, authType);
return;
- } catch (java.security.cert.CertificateException e) {
+ } catch (CertificateException e) {
cached = e;
+ } catch (RuntimeException rte) {
+ LOGGER.warn("Other exception in checkClientTrusted", rte);
}
}
- throw cached;
+ if (cached != null)
+ throw cached;
+ throw new CertificateException("Unknown exception in combined trust manager");
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
- throws java.security.cert.CertificateException {
- java.security.cert.CertificateException cached = null;
+ throws CertificateException {
+ CertificateException cached = null;
+
for (X509TrustManager tm : managers) {
try {
tm.checkServerTrusted(chain, authType);
return;
- } catch (java.security.cert.CertificateException e) {
+ } catch (CertificateException e) {
cached = e;
+ } catch (RuntimeException rte) {
+ LOGGER.warn("Other exception in checkServerTrusted", rte);
}
}
- throw cached;
+ if (cached != null)
+ throw cached;
+ throw new CertificateException("Unknown exception in combined trust manager");
}
@Override
@@ -180,7 +182,11 @@ public class FallbackTrustManager {
if (issuers == null) {
Set<X509Certificate> certs = new HashSet<>();
for (X509TrustManager tm : managers) {
- certs.addAll(Arrays.asList(tm.getAcceptedIssuers()));
+ try {
+ certs.addAll(Arrays.asList(tm.getAcceptedIssuers()));
+ } catch (Exception e) {
+ LOGGER.warn("Error adding accepted issuers to combined return value", e);
+ }
}
issuers = certs.toArray(new X509Certificate[certs.size()]);
}
diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java b/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java
index b024dae5..1d9a7b88 100644
--- a/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java
+++ b/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java
@@ -83,7 +83,7 @@ public class ProxyConfigurator {
} else {
thriftCtx = SSLContext.getInstance("TLSv1.2");
}
- thriftCtx.init(null, FallbackTrustManager.getTrustManagers(), null);
+ thriftCtx.init(null, CombinedTrustManager.getTrustManagers(), null);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
LOGGER.warn("Error creating default SSL context for thrift", e);
}
@@ -98,7 +98,7 @@ public class ProxyConfigurator {
MasterServer.Client masterClient;
try {
ctx = SSLContext.getInstance(tls[0].id);
- ctx.init(null, FallbackTrustManager.getTrustManagers(), null);
+ ctx.init(null, CombinedTrustManager.getTrustManagers(), null);
masterClient = ThriftManager.getNewMasterClient(ctx,
App.getMasterServerAddress(),
App.THRIFT_SSL_PORT, 4000);
@@ -148,7 +148,7 @@ public class ProxyConfigurator {
if (thriftCtx == null) {
try {
SSLContext ctx = SSLContext.getDefault();
- ctx.init(null, FallbackTrustManager.getTrustManagers(), null);
+ ctx.init(null, CombinedTrustManager.getTrustManagers(), null);
thriftCtx = ctx;
} catch (Exception e) {
Gui.asyncMessageBox(I18n.GUI.getString("ProxyConfigurator.Message.error.couldNotGetSslContext"),
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2026-02-27 21:21:14 +0100