|
@@ -29,7 +29,6 @@ import com.dmdirc.interfaces.Connection;
|
29
|
29
|
import com.dmdirc.interfaces.config.AggregateConfigProvider;
|
30
|
30
|
import com.dmdirc.interfaces.config.ConfigProvider;
|
31
|
31
|
|
32
|
|
-import java.io.File;
|
33
|
32
|
import java.io.FileInputStream;
|
34
|
33
|
import java.io.FileNotFoundException;
|
35
|
34
|
import java.io.IOException;
|
|
@@ -37,7 +36,6 @@ import java.security.GeneralSecurityException;
|
37
|
36
|
import java.security.InvalidAlgorithmParameterException;
|
38
|
37
|
import java.security.KeyStore;
|
39
|
38
|
import java.security.KeyStoreException;
|
40
|
|
-import java.security.NoSuchAlgorithmException;
|
41
|
39
|
import java.security.cert.CertificateException;
|
42
|
40
|
import java.security.cert.CertificateParsingException;
|
43
|
41
|
import java.security.cert.PKIXParameters;
|
|
@@ -101,6 +99,8 @@ public class CertificateManager implements X509TrustManager {
|
101
|
99
|
private X509Certificate[] chain;
|
102
|
100
|
/** The user settings to write to. */
|
103
|
101
|
private final ConfigProvider userSettings;
|
|
102
|
+ /** Locator to use to find a system keystore. */
|
|
103
|
+ private final KeyStoreLocator keyStoreLocator;
|
104
|
104
|
|
105
|
105
|
/**
|
106
|
106
|
* Creates a new certificate manager for a client connecting to the specified server.
|
|
@@ -124,6 +124,7 @@ public class CertificateManager implements X509TrustManager {
|
124
|
124
|
this.checkHost = config.getOptionBool("ssl", "checkhost");
|
125
|
125
|
this.userSettings = userSettings;
|
126
|
126
|
this.eventBus = eventBus;
|
|
127
|
+ this.keyStoreLocator = new KeyStoreLocator();
|
127
|
128
|
|
128
|
129
|
loadTrustedCAs();
|
129
|
130
|
}
|
|
@@ -131,19 +132,16 @@ public class CertificateManager implements X509TrustManager {
|
131
|
132
|
/**
|
132
|
133
|
* Loads the trusted CA certificates from the Java cacerts store.
|
133
|
134
|
*/
|
134
|
|
- protected void loadTrustedCAs() {
|
135
|
|
- final String filename = System.getProperty("java.home")
|
136
|
|
- + "/lib/security/cacerts".replace('/', File.separatorChar);
|
137
|
|
- try (FileInputStream is = new FileInputStream(filename)) {
|
138
|
|
- final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
|
139
|
|
- keystore.load(is, null);
|
140
|
|
-
|
141
|
|
- final PKIXParameters params = new PKIXParameters(keystore);
|
142
|
|
- globalTrustedCAs
|
143
|
|
- .addAll(params.getTrustAnchors().stream().map(TrustAnchor::getTrustedCert)
|
144
|
|
- .collect(Collectors.toList()));
|
145
|
|
- } catch (CertificateException | IOException | InvalidAlgorithmParameterException |
|
146
|
|
- KeyStoreException | NoSuchAlgorithmException ex) {
|
|
135
|
+ private void loadTrustedCAs() {
|
|
136
|
+ try {
|
|
137
|
+ final KeyStore keyStore = keyStoreLocator.getKeyStore();
|
|
138
|
+ if (keyStore != null) {
|
|
139
|
+ final PKIXParameters params = new PKIXParameters(keyStore);
|
|
140
|
+ globalTrustedCAs.addAll(params.getTrustAnchors().stream()
|
|
141
|
+ .map(TrustAnchor::getTrustedCert)
|
|
142
|
+ .collect(Collectors.toList()));
|
|
143
|
+ }
|
|
144
|
+ } catch (InvalidAlgorithmParameterException | KeyStoreException ex) {
|
147
|
145
|
LOG.warn(USER_ERROR, "Unable to load trusted certificates", ex);
|
148
|
146
|
}
|
149
|
147
|
}
|