Skip to content

Commit

Permalink
Update SSLCertificateApprovalCallback.approve()
Browse files Browse the repository at this point in the history 
The SSLCertificateApprovalCallback.approve() has been updated
to accept java.security.cert.X509Certificate instead of
org.mozilla.jss.crypto.X509Certificate so that it can be used
with certs coming from standard Java library.
  • Loading branch information
@edewata
edewata committed Jul 30, 2024
1 parent ce4289b commit e4cd862
Show file tree
Hide file tree
Showing 5 changed files with 18 additions and 7 deletions.
4 changes: 2 additions & 2 deletions base/src/main/java/org/mozilla/jss/ssl/SSLCertificateApprovalCallback.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

package org.mozilla.jss.ssl;

import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Vector;

Expand Down Expand Up @@ -43,8 +44,7 @@ public interface SSLCertificateApprovalCallback {
* <b>false</b> terminate the connection (Expect an IOException
* on the outstanding read()/write() on the socket)
*/
public boolean approve(org.mozilla.jss.crypto.X509Certificate cert,
ValidityStatus status);
public boolean approve(X509Certificate cert, ValidityStatus status);

/**
* This class holds details about the errors for each cert in
Expand Down
7 changes: 5 additions & 2 deletions base/src/main/java/org/mozilla/jss/ssl/TestCertApprovalCallback.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

package org.mozilla.jss.ssl;

import java.security.cert.X509Certificate;
import java.util.Enumeration;

import org.mozilla.jss.CryptoManager;
Expand All @@ -19,7 +20,7 @@ public class TestCertApprovalCallback

@Override
public boolean approve(
org.mozilla.jss.crypto.X509Certificate servercert,
X509Certificate servercert,
SSLCertificateApprovalCallback.ValidityStatus status) {

SSLCertificateApprovalCallback.ValidityItem item;
Expand Down Expand Up @@ -60,7 +61,9 @@ public boolean approve(
System.out.println("importing certificate.");
try {
CryptoManager cm = CryptoManager.getInstance();
PK11Cert newcert = (PK11Cert) cm.importCertToPerm(servercert, "testnick");
PK11Cert newcert = (PK11Cert) cm.importCertToPerm(
(org.mozilla.jss.crypto.X509Certificate) servercert,
"testnick");
newcert.setSSLTrust(PK11Cert.TRUSTED_PEER | PK11Cert.VALID_PEER);
} catch (Exception e) {
System.out.println("thrown exception: " + e);
Expand Down
7 changes: 5 additions & 2 deletions base/src/test/java/org/mozilla/jss/tests/TestCertificateApprovalCallback.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

package org.mozilla.jss.tests;

import java.security.cert.X509Certificate;
import java.util.Enumeration;

import org.mozilla.jss.CryptoManager;
Expand All @@ -26,7 +27,7 @@ public class TestCertificateApprovalCallback

@Override
public boolean approve(
org.mozilla.jss.crypto.X509Certificate servercert,
X509Certificate servercert,
SSLCertificateApprovalCallback.ValidityStatus status) {

SSLCertificateApprovalCallback.ValidityItem item;
Expand Down Expand Up @@ -68,7 +69,9 @@ public boolean approve(

try {
CryptoManager cm = CryptoManager.getInstance();
PK11Cert newcert = (PK11Cert) cm.importCertToPerm(servercert, "testnick");
PK11Cert newcert = (PK11Cert) cm.importCertToPerm(
(org.mozilla.jss.crypto.X509Certificate) servercert,
"testnick");
newcert.setSSLTrust(PK11Cert.TRUSTED_PEER | PK11Cert.VALID_PEER);
} catch (Exception e) {
System.out.println("thrown exception: "+e);
Expand Down
5 changes: 5 additions & 0 deletions docs/changes/v5.6.0/API-Changes.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,8 @@ The `org.mozilla.jss.ssl.SSLSocket` has been modified to extend `javax.net.ssl.S
== JSSSocket Changes ==

The `org.mozilla.jss.ssl.javax.JSSSocket` has been modified to extend `org.mozilla.jss.ssl.SSLSocket`.

== SSLCertificateApprovalCallback Changes ==

The `approve()` method in `org.mozilla.jss.ssl.SSLCertificateApprovalCallback` has been modified
to accept `java.security.cert.X509Certificate` instead of `org.mozilla.jss.crypto.X509Certificate`.
2 changes: 1 addition & 1 deletion native/src/main/native/org/mozilla/jss/util/java_ids.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -299,7 +299,7 @@ PR_BEGIN_EXTERN_C
* SSLCertificateApprovalCallback
*/
#define SSLCERT_APP_CB_APPROVE_NAME "approve"
#define SSLCERT_APP_CB_APPROVE_SIG "(Lorg/mozilla/jss/crypto/X509Certificate;Lorg/mozilla/jss/ssl/SSLCertificateApprovalCallback$ValidityStatus;)Z"
#define SSLCERT_APP_CB_APPROVE_SIG "(Ljava/security/cert/X509Certificate;Lorg/mozilla/jss/ssl/SSLCertificateApprovalCallback$ValidityStatus;)Z"

/*
* SSLSecurityStatus
Expand Down

0 comments on commit e4cd862

Please sign in to comment.