stklcode/jvaultconnector
stklcode/jvaultconnector
1
0
Fork 0
Code Issues Actions Releases 33 Wiki Activity

only initialize trust managers if CA certificate is provided (#43)
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Stefan Kalscheuer 2021-01-24 12:20:45 +01:00 committed by GitHub
parent b46b59e4a0
commit dfb6d0a37c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG.md
View File

@ -1,3 +1,8 @@
## unreleased
### Fixes
* Only initialize custom trust managers, if CA certificate is actually provided (#43)
## 0.9.1 (2021-01-03) ## 0.9.1 (2021-01-03)
### Improvements ### Improvements

2
pom.xml
View File

@ -4,7 +4,7 @@
<groupId>de.stklcode.jvault</groupId> <groupId>de.stklcode.jvault</groupId>
<artifactId>jvault-connector</artifactId> <artifactId>jvault-connector</artifactId>
<version>0.9.1</version> <version>0.9.2-SNAPSHOT</version>
<packaging>jar</packaging> <packaging>jar</packaging>

26
src/main/java/de/stklcode/jvault/connector/internal/RequestHelper.java
View File

@ -367,18 +367,22 @@ public final class RequestHelper implements Serializable {
*/ */
private SSLConnectionSocketFactory createSSLSocketFactory() throws TlsException { private SSLConnectionSocketFactory createSSLSocketFactory() throws TlsException {
try { try {
// Create Keystore with trusted certificate. // Create context..
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("trustedCert", trustedCaCert);
// Initialize TrustManager.
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
// Create context using this TrustManager.
SSLContext context = SSLContext.getInstance(tlsVersion); SSLContext context = SSLContext.getInstance(tlsVersion);
context.init(null, tmf.getTrustManagers(), new SecureRandom());
if (trustedCaCert != null) {
// Create Keystore with trusted certificate.
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("trustedCert", trustedCaCert);
// Initialize TrustManager.
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
context.init(null, tmf.getTrustManagers(), null);
} else {
context.init(null, null, null);
}
return new SSLConnectionSocketFactory( return new SSLConnectionSocketFactory(
context, context,