Remove option for Windows as CA source on x64 for JRE != 1.7, allow setting of trustStore system properties, fail XMPP connections when our TrustManager cannot be set

4 files changed, 56 insertions, 20 deletions

diff --git a/src/net/java/sip/communicator/impl/certificate/CertificateServiceImpl.java b/src/net/java/sip/communicator/impl/certificate/CertificateServiceImpl.java
index 1b9ea8e..d0547a3 100644
--- a/src/net/java/sip/communicator/impl/certificate/CertificateServiceImpl.java
+++ b/src/net/java/sip/communicator/impl/certificate/CertificateServiceImpl.java
@@ -121,7 +121,7 @@ public class CertificateServiceImpl
     public CertificateServiceImpl()

     {

         setTrustStore();

-        config.addPropertyChangeListener(PNAME_TRUSTSTORE, this);

+        config.addPropertyChangeListener(PNAME_TRUSTSTORE_TYPE, this);

     }

 

     public void propertyChange(PropertyChangeEvent evt)

@@ -131,24 +131,43 @@ public class CertificateServiceImpl
 

     private void setTrustStore()

     {

-        String trustStore = (String)config.getProperty(PNAME_TRUSTSTORE);

-        if(trustStore != null)

+        String tsType = (String)config.getProperty(PNAME_TRUSTSTORE_TYPE);

+        String tsFile = (String)config.getProperty(PNAME_TRUSTSTORE_FILE);

+        String tsPassword = credService.loadPassword(PNAME_TRUSTSTORE_PASSWORD);

+

+        //TODO remove this after stable release 4 (rev3593 is r1, 3651 is r2)

+        //migrate the misnamed truststore property

+        if(tsFile != null && tsFile.equals("Windows-ROOT"))

         {

-            System.setProperty("javax.net.ssl.trustStoreType",

-                trustStore);

-            String password =

-                credService.loadPassword(PNAME_TRUSTSTORE_PASSWORD);

-            if(password != null)

-            {

-                System.setProperty("javax.net.ssl.trustStorePassword",

-                    password);

-            }

+            tsType = tsFile;

+            tsFile = null;

+            config.setProperty(PNAME_TRUSTSTORE_TYPE, tsType);

+            config.removeProperty(PNAME_TRUSTSTORE_FILE);

         }

-        else

+        //TODO remove this as soon as we ship with JRE 1.7

+        //remove windows root from x64 on Java < 1.7

+        if (!(OSUtils.IS_WINDOWS32

+                || (OSUtils.IS_WINDOWS

+                    && System.getProperty("java.version").startsWith("1.7"))))

         {

+            tsType = null;

+            config.removeProperty(CertificateService.PNAME_TRUSTSTORE_TYPE);

+        }

+

+        if(tsType != null)

+            System.setProperty("javax.net.ssl.trustStoreType", tsType);

+        else

             System.getProperties().remove("javax.net.ssl.trustStoreType");

+

+        if(tsFile != null)

+            System.setProperty("javax.net.ssl.trustStore", tsFile);

+        else

+            System.getProperties().remove("javax.net.ssl.trustStore");

+

+        if(tsPassword != null)

+            System.setProperty("javax.net.ssl.trustStorePassword", tsPassword);

+        else

             System.getProperties().remove("javax.net.ssl.trustStorePassword");

-        }

     }

 

     // ------------------------------------------------------------------------

diff --git a/src/net/java/sip/communicator/impl/protocol/jabber/ProtocolProviderServiceJabberImpl.java b/src/net/java/sip/communicator/impl/protocol/jabber/ProtocolProviderServiceJabberImpl.java
index 1acac1f..092cb02 100644
--- a/src/net/java/sip/communicator/impl/protocol/jabber/ProtocolProviderServiceJabberImpl.java
+++ b/src/net/java/sip/communicator/impl/protocol/jabber/ProtocolProviderServiceJabberImpl.java
@@ -900,6 +900,7 @@ public class ProtocolProviderServiceJabberImpl
         catch(GeneralSecurityException e)
         {
             logger.error("Error creating custom trust manager", e);
+            throw new XMPPException("Error creating custom trust manager", e);
         }
 
         if(debugger == null)
diff --git a/src/net/java/sip/communicator/plugin/certconfig/CertConfigPanel.java b/src/net/java/sip/communicator/plugin/certconfig/CertConfigPanel.java
index 0c4dd41..f3a047a 100644
--- a/src/net/java/sip/communicator/plugin/certconfig/CertConfigPanel.java
+++ b/src/net/java/sip/communicator/plugin/certconfig/CertConfigPanel.java
@@ -64,7 +64,10 @@ public class CertConfigPanel
     {

         this.setLayout(new BorderLayout());

 

-        if (OSUtils.IS_WINDOWS)

+        //TODO change to OSUtils.IS_WINDOWS as soon as we ship with JRE 1.7

+        if (OSUtils.IS_WINDOWS32

+            || (OSUtils.IS_WINDOWS

+                && System.getProperty("java.version").startsWith("1.7")))

         {

             JPanel pnlCertConfig = new TransparentPanel(new GridLayout(2, 1));

             pnlCertConfig.setBorder(BorderFactory.createTitledBorder(

@@ -88,7 +91,7 @@ public class CertConfigPanel
             pnlCertConfig.add(rdoUseWindows);

 

             if ("Windows-ROOT".equals(CertConfigActivator.getConfigService()

-                .getProperty(CertificateService.PNAME_TRUSTSTORE)))

+                .getProperty(CertificateService.PNAME_TRUSTSTORE_TYPE)))

             {

                 rdoUseWindows.setSelected(true);

             }

@@ -173,14 +176,20 @@ public class CertConfigPanel
         if (e.getSource() == rdoUseJava)

         {

             CertConfigActivator.getConfigService().removeProperty(

-                CertificateService.PNAME_TRUSTSTORE);

+                CertificateService.PNAME_TRUSTSTORE_TYPE);

+            CertConfigActivator.getConfigService().removeProperty(

+                CertificateService.PNAME_TRUSTSTORE_FILE);

             CertConfigActivator.getCredService().removePassword(

                 CertificateService.PNAME_TRUSTSTORE_PASSWORD);

         }

         if (e.getSource() == rdoUseWindows)

         {

             CertConfigActivator.getConfigService().setProperty(

-                CertificateService.PNAME_TRUSTSTORE, "Windows-ROOT");

+                CertificateService.PNAME_TRUSTSTORE_TYPE, "Windows-ROOT");

+            CertConfigActivator.getConfigService().removeProperty(

+                CertificateService.PNAME_TRUSTSTORE_FILE);

+            CertConfigActivator.getCredService().removePassword(

+                CertificateService.PNAME_TRUSTSTORE_PASSWORD);

         }

     }

 

diff --git a/src/net/java/sip/communicator/service/certificate/CertificateService.java b/src/net/java/sip/communicator/service/certificate/CertificateService.java
index 8197932..8d40805 100644
--- a/src/net/java/sip/communicator/service/certificate/CertificateService.java
+++ b/src/net/java/sip/communicator/service/certificate/CertificateService.java
@@ -49,7 +49,14 @@ public interface CertificateService
      * Property that is being applied to the system property

      * <tt>javax.net.ssl.trustStoreType</tt>

      */

-    public static final String PNAME_TRUSTSTORE =

+    public static final String PNAME_TRUSTSTORE_TYPE =

+        "net.java.sip.communicator.service.cert.truststore.type";

+

+    /**

+     * Property that is being applied to the system property

+     * <tt>javax.net.ssl.trustStore</tt>

+     */

+    public static final String PNAME_TRUSTSTORE_FILE =

         "net.java.sip.communicator.service.cert.truststore.file";

 

     /**

@@ -57,7 +64,7 @@ public interface CertificateService
      * <tt>javax.net.ssl.trustStorePassword</tt>

      */

     public static final String PNAME_TRUSTSTORE_PASSWORD =

-        "net.java.sip.communicator.service.cert.truststore";

+        "net.java.sip.communicator.service.cert.truststore.password";

 

     // ------------------------------------------------------------------------

     // constants