Skip to content

/ wildfly-core

Permalink
Browse files

Merge pull request #3674 from nekdozjam/WFCORE-3969 

[WFCORE-3969] ALIAS_FILTER in Elytron trustmanager ignored when crl used
  • Loading branch information
@darranl
darranl committed Apr 8, 2019
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
2 parents d1b0113 + 42f06c5 commit 7e7ca92c4b0e190142911fcee6a253fd20e67074
Unified Split
Showing with 10 additions and 2 deletions.
  1. +10 −2 elytron/src/main/java/org/wildfly/extension/elytron/SSLDefinitions.java
12 elytron/src/main/java/org/wildfly/extension/elytron/SSLDefinitions.java
View file
@@ -563,7 +563,7 @@ static ResourceDefinition getTrustManagerDefinition() {
ModelNode crlNode = CERTIFICATE_REVOCATION_LIST.resolveModelAttribute(context, model);

if (crlNode.isDefined()) {
return createX509CRLExtendedTrustManager(serviceBuilder, context, algorithm, providerName, providersInjector, keyStoreInjector, crlNode);
return createX509CRLExtendedTrustManager(serviceBuilder, context, algorithm, providerName, providersInjector, keyStoreInjector, crlNode, aliasFilter);
}

DelegatingTrustManager delegatingTrustManager = new DelegatingTrustManager();
@@ -601,7 +601,7 @@ static ResourceDefinition getTrustManagerDefinition() {
};
}

private ValueSupplier<TrustManager> createX509CRLExtendedTrustManager(ServiceBuilder<TrustManager> serviceBuilder, OperationContext context, String algorithm, String providerName, InjectedValue<Provider[]> providersInjector, InjectedValue<KeyStore> keyStoreInjector, ModelNode crlNode) throws OperationFailedException {
private ValueSupplier<TrustManager> createX509CRLExtendedTrustManager(ServiceBuilder<TrustManager> serviceBuilder, OperationContext context, String algorithm, String providerName, InjectedValue<Provider[]> providersInjector, InjectedValue<KeyStore> keyStoreInjector, ModelNode crlNode, String aliasFilter) throws OperationFailedException {
String crlPath = PATH.resolveModelAttribute(context, crlNode).asStringOrNull();
String crlRelativeTo = RELATIVE_TO.resolveModelAttribute(context, crlNode).asStringOrNull();
int certPath = MAXIMUM_CERT_PATH.resolveModelAttribute(context, crlNode).asInt();
@@ -618,6 +618,14 @@ static ResourceDefinition getTrustManagerDefinition() {
TrustManagerFactory trustManagerFactory = createTrustManagerFactory(providersInjector.getOptionalValue(), providerName, algorithm);
KeyStore keyStore = keyStoreInjector.getOptionalValue();

if (aliasFilter != null) {
try {
keyStore = FilteringKeyStore.filteringKeyStore(keyStore, AliasFilter.fromString(aliasFilter));
} catch (Exception e) {
throw new StartException(e);
}
}

if (crlPath != null) {
try {
X509CRLExtendedTrustManager trustManager = new X509CRLExtendedTrustManager(keyStore, trustManagerFactory, new FileInputStream(resolveFileLocation(crlPath, crlRelativeTo, pathManagerInjector)), certPath, null);

0 comments on commit 7e7ca92

Please sign in to comment.
You can’t perform that action at this time.