ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-04-30 07:50:05 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Separate WhitelistTrustManager registration from object creation, so that adding entries to the whitelist doesn't cause partial registration errors.

Browse Source
This commit is contained in:
Matthew Nesbit 2016-08-04 12:55:09 +01:00
parent 6b844c0e41
commit 8e8a7ea60b
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
core/src/main/kotlin/com/r3corda/core/crypto/WhitelistTrustManager.kt
View File

@ -21,8 +21,15 @@ import javax.net.ssl.*
*/ */
fun registerWhitelistTrustManager() { fun registerWhitelistTrustManager() {
if (Security.getProvider("WhitelistTrustManager") == null) { if (Security.getProvider("WhitelistTrustManager") == null) {
Security.addProvider(WhitelistTrustManagerProvider) WhitelistTrustManagerProvider.register()
} }
// Forcibly change the TrustManagerFactory defaultAlgorithm to be us
// This will apply to all code using TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
// Which includes the standard HTTPS implementation and most other SSL code
// TrustManagerFactory.getInstance(WhitelistTrustManagerProvider.originalTrustProviderAlgorithm)) will
// allow access to the original implementation which is normally "PKIX"
Security.setProperty("ssl.TrustManagerFactory.algorithm", "whitelistTrustManager")
} }
/** /**
@ -46,16 +53,16 @@ object WhitelistTrustManagerProvider : Provider("WhitelistTrustManager",
// Add ourselves to whitelist as currently we have to connect to a local ArtemisMQ broker // Add ourselves to whitelist as currently we have to connect to a local ArtemisMQ broker
val host = InetAddress.getLocalHost() val host = InetAddress.getLocalHost()
addWhitelistEntry(host.hostName) addWhitelistEntry(host.hostName)
}
/**
* Security provider registration function for WhitelistTrustManagerProvider
*/
fun register() {
Security.addProvider(WhitelistTrustManagerProvider)
// Register our custom TrustManagerFactorySpi // Register our custom TrustManagerFactorySpi
put("TrustManagerFactory.whitelistTrustManager", "com.r3corda.core.crypto.WhitelistTrustManagerSpi") put("TrustManagerFactory.whitelistTrustManager", "com.r3corda.core.crypto.WhitelistTrustManagerSpi")
// Forcibly change the TrustManagerFactory defaultAlgorithm to be us
// This will apply to all code using TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
// Which includes the standard HTTPS implementation and most other SSL code
// TrustManagerFactory.getInstance(WhitelistTrustManagerProvider.originalTrustProviderAlgorithm)) will
// allow access to the original implementation which is normally "PKIX"
Security.setProperty("ssl.TrustManagerFactory.algorithm", "whitelistTrustManager")
} }
/** /**