Skip to content

Use Windows system certificate store if requested by system properties#911

Open
lwahonen wants to merge 1 commit intoeclipse-ee4j:masterfrom
diktamen:master
Open

Use Windows system certificate store if requested by system properties#911
lwahonen wants to merge 1 commit intoeclipse-ee4j:masterfrom
diktamen:master

Conversation

@lwahonen
Copy link

Not sure if this is the most elegant way to handle this, but if the user has selected SunMSCAPI as the trust store provider, they probably expect Tyrus to load Windows system certificate store (=work with enterprise root signed ssl certificates)

TrustManagerFactory trustManagerFactory = null;
KeyManagerFactory keyManagerFactory = null;

if ("SunMSCAPI".equals(System.getProperty(TRUST_STORE_PROVIDER))) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lwahonen Can instead of this code block be just updated the row below:

if (trustStoreBytes != null || trustStoreFile != null) {

with if (trustStoreBytes != null || trustStoreFile != null || "SunMSCAPI".equals(trustStoreType)) { ?

keyStore.load(null, null);
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
} catch (Throwable e) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Catching Throwable is a bad practice. GeneralSecurityException would be better. Same on the other place.
However looking at the already existing code, which is swallowing exceptions, we should probably revisit these classes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants