Skip to content

/ wildfly-core

Permalink
Browse files
Loading status checks…

[WFCORE-3969] ALIAS_FILTER in Elytron trustmanager ignored when crl used 

https://issues.jboss.org/browse/WFCORE-3969
  • Loading branch information
@nekdozjam
nekdozjam committed Feb 14, 2019
1 parent 5f45f02 commit 42f06c5541e50956ad5c7453db4a10d6bee2503b
Unified Split
Showing with 10 additions and 2 deletions.
  1. +10 −2 elytron/src/main/java/org/wildfly/extension/elytron/SSLDefinitions.java
12 elytron/src/main/java/org/wildfly/extension/elytron/SSLDefinitions.java
View file
@@ -543,7 +543,7 @@ static ResourceDefinition getTrustManagerDefinition() {
ModelNode crlNode = CERTIFICATE_REVOCATION_LIST.resolveModelAttribute(context, model);

if (crlNode.isDefined()) {
return createX509CRLExtendedTrustManager(serviceBuilder, context, algorithm, providerName, providersInjector, keyStoreInjector, crlNode);
return createX509CRLExtendedTrustManager(serviceBuilder, context, algorithm, providerName, providersInjector, keyStoreInjector, crlNode, aliasFilter);
}

DelegatingTrustManager delegatingTrustManager = new DelegatingTrustManager();
@@ -581,7 +581,7 @@ static ResourceDefinition getTrustManagerDefinition() {
};
}

private ValueSupplier<TrustManager> createX509CRLExtendedTrustManager(ServiceBuilder<TrustManager> serviceBuilder, OperationContext context, String algorithm, String providerName, InjectedValue<Provider[]> providersInjector, InjectedValue<KeyStore> keyStoreInjector, ModelNode crlNode) throws OperationFailedException {
private ValueSupplier<TrustManager> createX509CRLExtendedTrustManager(ServiceBuilder<TrustManager> serviceBuilder, OperationContext context, String algorithm, String providerName, InjectedValue<Provider[]> providersInjector, InjectedValue<KeyStore> keyStoreInjector, ModelNode crlNode, String aliasFilter) throws OperationFailedException {
String crlPath = PATH.resolveModelAttribute(context, crlNode).asStringOrNull();
String crlRelativeTo = RELATIVE_TO.resolveModelAttribute(context, crlNode).asStringOrNull();
int certPath = MAXIMUM_CERT_PATH.resolveModelAttribute(context, crlNode).asInt();
@@ -598,6 +598,14 @@ static ResourceDefinition getTrustManagerDefinition() {
TrustManagerFactory trustManagerFactory = createTrustManagerFactory(providersInjector.getOptionalValue(), providerName, algorithm);
KeyStore keyStore = keyStoreInjector.getOptionalValue();

if (aliasFilter != null) {
try {
keyStore = FilteringKeyStore.filteringKeyStore(keyStore, AliasFilter.fromString(aliasFilter));
} catch (Exception e) {
throw new StartException(e);
}
}

if (crlPath != null) {
try {
X509CRLExtendedTrustManager trustManager = new X509CRLExtendedTrustManager(keyStore, trustManagerFactory, new FileInputStream(resolveFileLocation(crlPath, crlRelativeTo, pathManagerInjector)), certPath, null);

0 comments on commit 42f06c5

Please sign in to comment.
You can’t perform that action at this time.