Separate WhitelistTrustManager registration from object creation, so that adding entries to the whitelist doesn't cause partial registration errors.

2025-02-20 17:33:15 +00:00 · 2016-08-04 12:55:09 +01:00 · 2016-08-04 12:55:09 +01:00 · 8e8a7ea60b
commit 8e8a7ea60b
parent 6b844c0e41
1 changed files with 15 additions and 8 deletions
--- a/core/src/main/kotlin/com/r3corda/core/crypto/WhitelistTrustManager.kt
+++ b/core/src/main/kotlin/com/r3corda/core/crypto/WhitelistTrustManager.kt
@ -21,8 +21,15 @@ import javax.net.ssl.*
 */
 fun registerWhitelistTrustManager() {
    if (Security.getProvider("WhitelistTrustManager") == null) {
-        Security.addProvider(WhitelistTrustManagerProvider)
+        WhitelistTrustManagerProvider.register()
    }
+
+    // Forcibly change the TrustManagerFactory defaultAlgorithm to be us
+    // This will apply to all code using TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
+    // Which includes the standard HTTPS implementation and most other SSL code
+    // TrustManagerFactory.getInstance(WhitelistTrustManagerProvider.originalTrustProviderAlgorithm)) will
+    // allow access to the original implementation which is normally "PKIX"
+    Security.setProperty("ssl.TrustManagerFactory.algorithm", "whitelistTrustManager")
 }

 /**
@ -46,16 +53,16 @@ object WhitelistTrustManagerProvider : Provider("WhitelistTrustManager",
        // Add ourselves to whitelist as currently we have to connect to a local ArtemisMQ broker
        val host = InetAddress.getLocalHost()
        addWhitelistEntry(host.hostName)
+    }
+
+    /**
+     * Security provider registration function for WhitelistTrustManagerProvider
+     */
+    fun register() {
+        Security.addProvider(WhitelistTrustManagerProvider)

        // Register our custom TrustManagerFactorySpi
        put("TrustManagerFactory.whitelistTrustManager", "com.r3corda.core.crypto.WhitelistTrustManagerSpi")
-
-        // Forcibly change the TrustManagerFactory defaultAlgorithm to be us
-        // This will apply to all code using TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
-        // Which includes the standard HTTPS implementation and most other SSL code
-        // TrustManagerFactory.getInstance(WhitelistTrustManagerProvider.originalTrustProviderAlgorithm)) will
-        // allow access to the original implementation which is normally "PKIX"
-        Security.setProperty("ssl.TrustManagerFactory.algorithm", "whitelistTrustManager")
    }

    /**