8059009: LDAPCertStore fails to retrieve CRL after LDAP server closes idle connection
Reviewed-by: vinnie
This commit is contained in:
Artem Smotrakov
Vinnie Ryan
parent
00b2f7005d
commit
f46b3d442f
jdk/src/java.naming/share/classes
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -224,6 +224,7 @@ final public class LdapCtx extends ComponentDirContext
|
|||||||
String hostname = null; // host name of server (no brackets
|
String hostname = null; // host name of server (no brackets
|
||||||
// for IPv6 literals)
|
// for IPv6 literals)
|
||||||
LdapClient clnt = null; // connection handle
|
LdapClient clnt = null; // connection handle
|
||||||
|
private boolean reconnect = false; // indicates that re-connect requested
|
||||||
Hashtable<String, java.lang.Object> envprops = null; // environment properties of context
|
Hashtable<String, java.lang.Object> envprops = null; // environment properties of context
|
||||||
int handleReferrals = DEFAULT_REFERRAL_MODE; // how referral is handled
|
int handleReferrals = DEFAULT_REFERRAL_MODE; // how referral is handled
|
||||||
boolean hasLdapsScheme = false; // true if the context was created
|
boolean hasLdapsScheme = false; // true if the context was created
|
||||||
@ -2663,6 +2664,7 @@ final public class LdapCtx extends ComponentDirContext
|
|||||||
}
|
}
|
||||||
|
|
||||||
sharable = false; // can't share with existing contexts
|
sharable = false; // can't share with existing contexts
|
||||||
|
reconnect = true;
|
||||||
ensureOpen(); // open or reauthenticated
|
ensureOpen(); // open or reauthenticated
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2739,7 +2741,7 @@ final public class LdapCtx extends ComponentDirContext
|
|||||||
try {
|
try {
|
||||||
boolean initial = (clnt == null);
|
boolean initial = (clnt == null);
|
||||||
|
|
||||||
if (initial) {
|
if (initial || reconnect) {
|
||||||
ldapVersion = (ver != null) ? Integer.parseInt(ver) :
|
ldapVersion = (ver != null) ? Integer.parseInt(ver) :
|
||||||
DEFAULT_LDAP_VERSION;
|
DEFAULT_LDAP_VERSION;
|
||||||
|
|
||||||
@ -2767,6 +2769,7 @@ final public class LdapCtx extends ComponentDirContext
|
|||||||
// Required for SASL client identity
|
// Required for SASL client identity
|
||||||
envprops);
|
envprops);
|
||||||
|
|
||||||
|
reconnect = false;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pooled connections are preauthenticated;
|
* Pooled connections are preauthenticated;
|
||||||
|
|||||||
@ -37,12 +37,13 @@ import javax.naming.NameNotFoundException;
|
|||||||
import javax.naming.directory.Attribute;
|
import javax.naming.directory.Attribute;
|
||||||
import javax.naming.directory.Attributes;
|
import javax.naming.directory.Attributes;
|
||||||
import javax.naming.directory.BasicAttributes;
|
import javax.naming.directory.BasicAttributes;
|
||||||
import javax.naming.directory.DirContext;
|
|
||||||
import javax.naming.directory.InitialDirContext;
|
|
||||||
|
|
||||||
import java.security.*;
|
import java.security.*;
|
||||||
import java.security.cert.Certificate;
|
import java.security.cert.Certificate;
|
||||||
import java.security.cert.*;
|
import java.security.cert.*;
|
||||||
|
import javax.naming.CommunicationException;
|
||||||
|
import javax.naming.ldap.InitialLdapContext;
|
||||||
|
import javax.naming.ldap.LdapContext;
|
||||||
import javax.security.auth.x500.X500Principal;
|
import javax.security.auth.x500.X500Principal;
|
||||||
|
|
||||||
import sun.misc.HexDumpEncoder;
|
import sun.misc.HexDumpEncoder;
|
||||||
@ -160,7 +161,12 @@ public final class LDAPCertStore extends CertStoreSpi {
|
|||||||
/**
|
/**
|
||||||
* The JNDI directory context.
|
* The JNDI directory context.
|
||||||
*/
|
*/
|
||||||
private DirContext ctx;
|
private LdapContext ctx;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Flag indicating that communication error occurred.
|
||||||
|
*/
|
||||||
|
private boolean communicationError = false;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Flag indicating whether we should prefetch CRLs.
|
* Flag indicating whether we should prefetch CRLs.
|
||||||
@ -218,6 +224,11 @@ public final class LDAPCertStore extends CertStoreSpi {
|
|||||||
certStoreCache = Cache.newSoftMemoryCache(185);
|
certStoreCache = Cache.newSoftMemoryCache(185);
|
||||||
static synchronized CertStore getInstance(LDAPCertStoreParameters params)
|
static synchronized CertStore getInstance(LDAPCertStoreParameters params)
|
||||||
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
|
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
|
||||||
|
// if necessary, convert params to SunLDAPCertStoreParameters because
|
||||||
|
// LDAPCertStoreParameters does not override equals() and hashCode()
|
||||||
|
if (! (params instanceof SunLDAPCertStoreParameters)) {
|
||||||
|
params = new SunLDAPCertStoreParameters(params.getServerName(), params.getPort());
|
||||||
|
}
|
||||||
CertStore lcs = certStoreCache.get(params);
|
CertStore lcs = certStoreCache.get(params);
|
||||||
if (lcs == null) {
|
if (lcs == null) {
|
||||||
lcs = CertStore.getInstance("LDAP", params);
|
lcs = CertStore.getInstance("LDAP", params);
|
||||||
@ -256,7 +267,7 @@ public final class LDAPCertStore extends CertStoreSpi {
|
|||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
ctx = new InitialDirContext(env);
|
ctx = new InitialLdapContext(env, null);
|
||||||
/*
|
/*
|
||||||
* By default, follow referrals unless application has
|
* By default, follow referrals unless application has
|
||||||
* overridden property in an application resource file.
|
* overridden property in an application resource file.
|
||||||
@ -369,8 +380,17 @@ public final class LDAPCertStore extends CertStoreSpi {
|
|||||||
valueMap = new HashMap<>(8);
|
valueMap = new HashMap<>(8);
|
||||||
String[] attrIds = requestedAttributes.toArray(STRING0);
|
String[] attrIds = requestedAttributes.toArray(STRING0);
|
||||||
Attributes attrs;
|
Attributes attrs;
|
||||||
|
|
||||||
|
if (communicationError) {
|
||||||
|
ctx.reconnect(null);
|
||||||
|
communicationError = false;
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
attrs = ctx.getAttributes(name, attrIds);
|
attrs = ctx.getAttributes(name, attrIds);
|
||||||
|
} catch (CommunicationException ce) {
|
||||||
|
communicationError = true;
|
||||||
|
throw ce;
|
||||||
} catch (NameNotFoundException e) {
|
} catch (NameNotFoundException e) {
|
||||||
// name does not exist on this LDAP server
|
// name does not exist on this LDAP server
|
||||||
// treat same as not attributes found
|
// treat same as not attributes found
|
||||||
@ -884,7 +904,12 @@ public final class LDAPCertStore extends CertStoreSpi {
|
|||||||
SunLDAPCertStoreParameters() {
|
SunLDAPCertStoreParameters() {
|
||||||
super();
|
super();
|
||||||
}
|
}
|
||||||
|
@Override
|
||||||
public boolean equals(Object obj) {
|
public boolean equals(Object obj) {
|
||||||
|
if (obj == null) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
if (!(obj instanceof LDAPCertStoreParameters)) {
|
if (!(obj instanceof LDAPCertStoreParameters)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -892,6 +917,7 @@ public final class LDAPCertStore extends CertStoreSpi {
|
|||||||
return (getPort() == params.getPort() &&
|
return (getPort() == params.getPort() &&
|
||||||
getServerName().equalsIgnoreCase(params.getServerName()));
|
getServerName().equalsIgnoreCase(params.getServerName()));
|
||||||
}
|
}
|
||||||
|
@Override
|
||||||
public int hashCode() {
|
public int hashCode() {
|
||||||
if (hashCode == 0) {
|
if (hashCode == 0) {
|
||||||
int result = 17;
|
int result = 17;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user