PROTON-1447 : Allow CaCertDb file to have multiple certificates

commit: ad60967463fe697800d24eaf0286dbf9e7d38473 [log] [tgz]
author: rgodfrey <rgodfrey@apache.org> Wed Mar 29 17:49:49 2017 +0200
committer: rgodfrey <rgodfrey@apache.org> Wed Mar 29 17:49:49 2017 +0200
tree: 9f1f93421f07f676c9431d5f704d4d2e50f21ae4
parent: b845e479f946cac019fe92327a8bc3ca16263050 [diff]
diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
index 4efc055..e82e1bb 100644
--- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
+++ b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java

@@ -45,6 +45,7 @@
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -350,8 +351,11 @@
                 {
                     _logger.log(Level.FINE, "_sslParams.getTrustedCaDb() : " + sslDomain.getTrustedCaDb());
                 }
-                Certificate trustedCaCert = readCertificate(sslDomain.getTrustedCaDb());
-                keystore.setCertificateEntry(caCertAlias, trustedCaCert);
+                int i = 1;
+                for(Certificate trustedCaCert : readCertificates(sslDomain.getTrustedCaDb()))
+                {
+                    keystore.setCertificateEntry(caCertAlias + (i++), trustedCaCert);
+                }
             }
 
             if (sslDomain.getCertificateFile() != null
@@ -468,6 +472,35 @@
         }
     }
 
+    Collection<? extends Certificate> readCertificates(String pemFile)
+    {
+        InputStream is = null;
+
+        try
+        {
+            CertificateFactory cFactory = CertificateFactory.getInstance("X.509");
+            is = new FileInputStream(pemFile);
+            return cFactory.generateCertificates(is);
+        }
+        catch (CertificateException ce)
+        {
+            String msg = "Failed to load certificates [" + pemFile + "]";
+            _logger.log(Level.SEVERE, msg, ce);
+            throw new TransportException(msg, ce);
+        }
+        catch (FileNotFoundException e)
+        {
+            String msg = "Certificates file not found [" + pemFile + "]";
+            _logger.log(Level.SEVERE, msg);
+            throw new TransportException(msg, e);
+        }
+        finally
+        {
+            closeSafely(is);
+        }
+    }
+
+
     PrivateKey readPrivateKey(String pemFile, String password)
     {
         if (bouncyCastleSetupException != null)
commit	ad60967463fe697800d24eaf0286dbf9e7d38473	[log] [tgz]
author	rgodfrey <rgodfrey@apache.org>	Wed Mar 29 17:49:49 2017 +0200
committer	rgodfrey <rgodfrey@apache.org>	Wed Mar 29 17:49:49 2017 +0200
tree	9f1f93421f07f676c9431d5f704d4d2e50f21ae4
parent	b845e479f946cac019fe92327a8bc3ca16263050 [diff]