Mercurial Hosting > luan

comparison src/org/eclipse/jetty/util/security/CertificateValidator.java @ 820:8e9db0bbf4f9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
remove org.eclipse.jetty.util.log and upgrade slf4j
author Franklin Schmidt <fschmidt@gmail.com>
date Tue, 13 Sep 2016 23:13:06 -0600
parents 3428c60d7cfc
children
comparison
equal deleted inserted replaced
819:17bd0b170ed6 820:8e9db0bbf4f9
37 import java.util.ArrayList; 37 import java.util.ArrayList;
38 import java.util.Collection; 38 import java.util.Collection;
39 import java.util.Enumeration; 39 import java.util.Enumeration;
40 import java.util.concurrent.atomic.AtomicLong; 40 import java.util.concurrent.atomic.AtomicLong;
41 41
42 import org.eclipse.jetty.util.log.Log; 42 import org.slf4j.Logger;
43 import org.eclipse.jetty.util.log.Logger; 43 import org.slf4j.LoggerFactory;
44 44
45 /** 45 /**
46 * Convenience class to handle validation of certificates, aliases and keystores 46 * Convenience class to handle validation of certificates, aliases and keystores
47 * 47 *
48 * Allows specifying Certificate Revocation List (CRL), as well as enabling 48 * Allows specifying Certificate Revocation List (CRL), as well as enabling
52 * IMPORTANT: at least one of the above mechanisms *MUST* be configured and 52 * IMPORTANT: at least one of the above mechanisms *MUST* be configured and
53 * operational, otherwise certificate validation *WILL FAIL* unconditionally. 53 * operational, otherwise certificate validation *WILL FAIL* unconditionally.
54 */ 54 */
55 public class CertificateValidator 55 public class CertificateValidator
56 { 56 {
57 private static final Logger LOG = Log.getLogger(CertificateValidator.class); 57 private static final Logger LOG = LoggerFactory.getLogger(CertificateValidator.class);
58 private static AtomicLong __aliasCount = new AtomicLong(); 58 private static AtomicLong __aliasCount = new AtomicLong();
59 59
60 private KeyStore _trustStore; 60 private KeyStore _trustStore;
61 private Collection<? extends CRL> _crls; 61 private Collection<? extends CRL> _crls;
62 62
131 { 131 {
132 validate(keyStore, keyStore.getCertificate(keyAlias)); 132 validate(keyStore, keyStore.getCertificate(keyAlias));
133 } 133 }
134 catch (KeyStoreException kse) 134 catch (KeyStoreException kse)
135 { 135 {
136 LOG.debug(kse); 136 LOG.debug("",kse);
137 throw new CertificateException("Unable to validate certificate" + 137 throw new CertificateException("Unable to validate certificate" +
138 " for alias [" + keyAlias + "]: " + kse.getMessage(), kse); 138 " for alias [" + keyAlias + "]: " + kse.getMessage(), kse);
139 } 139 }
140 result = keyAlias; 140 result = keyAlias;
141 } 141 }
179 throw new IllegalStateException("Unable to retrieve certificate chain"); 179 throw new IllegalStateException("Unable to retrieve certificate chain");
180 } 180 }
181 } 181 }
182 catch (KeyStoreException kse) 182 catch (KeyStoreException kse)
183 { 183 {
184 LOG.debug(kse); 184 LOG.debug("",kse);
185 throw new CertificateException("Unable to validate certificate" + 185 throw new CertificateException("Unable to validate certificate" +
186 (certAlias == null ? "":" for alias [" +certAlias + "]") + ": " + kse.getMessage(), kse); 186 (certAlias == null ? "":" for alias [" +certAlias + "]") + ": " + kse.getMessage(), kse);
187 } 187 }
188 188
189 validate(certChain); 189 validate(certChain);
250 // Validate certification path 250 // Validate certification path
251 CertPathValidator.getInstance("PKIX").validate(buildResult.getCertPath(),pbParams); 251 CertPathValidator.getInstance("PKIX").validate(buildResult.getCertPath(),pbParams);
252 } 252 }
253 catch (GeneralSecurityException gse) 253 catch (GeneralSecurityException gse)
254 { 254 {
255 LOG.debug(gse); 255 LOG.debug("",gse);
256 throw new CertificateException("Unable to validate certificate: " + gse.getMessage(), gse); 256 throw new CertificateException("Unable to validate certificate: " + gse.getMessage(), gse);
257 } 257 }
258 } 258 }
259 259
260 public KeyStore getTrustStore() 260 public KeyStore getTrustStore()