PROTON-1447 : Allow CaCertDb file to have multiple certificates
diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
index 4efc055..e82e1bb 100644
--- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
+++ b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
@@ -45,6 +45,7 @@
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Collection;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -350,8 +351,11 @@
{
_logger.log(Level.FINE, "_sslParams.getTrustedCaDb() : " + sslDomain.getTrustedCaDb());
}
- Certificate trustedCaCert = readCertificate(sslDomain.getTrustedCaDb());
- keystore.setCertificateEntry(caCertAlias, trustedCaCert);
+ int i = 1;
+ for(Certificate trustedCaCert : readCertificates(sslDomain.getTrustedCaDb()))
+ {
+ keystore.setCertificateEntry(caCertAlias + (i++), trustedCaCert);
+ }
}
if (sslDomain.getCertificateFile() != null
@@ -468,6 +472,35 @@
}
}
+ Collection<? extends Certificate> readCertificates(String pemFile)
+ {
+ InputStream is = null;
+
+ try
+ {
+ CertificateFactory cFactory = CertificateFactory.getInstance("X.509");
+ is = new FileInputStream(pemFile);
+ return cFactory.generateCertificates(is);
+ }
+ catch (CertificateException ce)
+ {
+ String msg = "Failed to load certificates [" + pemFile + "]";
+ _logger.log(Level.SEVERE, msg, ce);
+ throw new TransportException(msg, ce);
+ }
+ catch (FileNotFoundException e)
+ {
+ String msg = "Certificates file not found [" + pemFile + "]";
+ _logger.log(Level.SEVERE, msg);
+ throw new TransportException(msg, e);
+ }
+ finally
+ {
+ closeSafely(is);
+ }
+ }
+
+
PrivateKey readPrivateKey(String pemFile, String password)
{
if (bouncyCastleSetupException != null)