From e4cd862f6975f860393839b39a94929c179a211f Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 26 Jul 2024 10:50:30 -0500 Subject: [PATCH] Update SSLCertificateApprovalCallback.approve() The SSLCertificateApprovalCallback.approve() has been updated to accept java.security.cert.X509Certificate instead of org.mozilla.jss.crypto.X509Certificate so that it can be used with certs coming from standard Java library. --- .../mozilla/jss/ssl/SSLCertificateApprovalCallback.java | 4 ++-- .../java/org/mozilla/jss/ssl/TestCertApprovalCallback.java | 7 +++++-- .../mozilla/jss/tests/TestCertificateApprovalCallback.java | 7 +++++-- docs/changes/v5.6.0/API-Changes.adoc | 5 +++++ native/src/main/native/org/mozilla/jss/util/java_ids.h | 2 +- 5 files changed, 18 insertions(+), 7 deletions(-) diff --git a/base/src/main/java/org/mozilla/jss/ssl/SSLCertificateApprovalCallback.java b/base/src/main/java/org/mozilla/jss/ssl/SSLCertificateApprovalCallback.java index 93f33a6a2..4c0d40bff 100644 --- a/base/src/main/java/org/mozilla/jss/ssl/SSLCertificateApprovalCallback.java +++ b/base/src/main/java/org/mozilla/jss/ssl/SSLCertificateApprovalCallback.java @@ -8,6 +8,7 @@ package org.mozilla.jss.ssl; +import java.security.cert.X509Certificate; import java.util.Enumeration; import java.util.Vector; @@ -43,8 +44,7 @@ public interface SSLCertificateApprovalCallback { * false terminate the connection (Expect an IOException * on the outstanding read()/write() on the socket) */ - public boolean approve(org.mozilla.jss.crypto.X509Certificate cert, - ValidityStatus status); + public boolean approve(X509Certificate cert, ValidityStatus status); /** * This class holds details about the errors for each cert in diff --git a/base/src/main/java/org/mozilla/jss/ssl/TestCertApprovalCallback.java b/base/src/main/java/org/mozilla/jss/ssl/TestCertApprovalCallback.java index 355e33e0e..ffc30fd4a 100644 --- a/base/src/main/java/org/mozilla/jss/ssl/TestCertApprovalCallback.java +++ b/base/src/main/java/org/mozilla/jss/ssl/TestCertApprovalCallback.java @@ -4,6 +4,7 @@ package org.mozilla.jss.ssl; +import java.security.cert.X509Certificate; import java.util.Enumeration; import org.mozilla.jss.CryptoManager; @@ -19,7 +20,7 @@ public class TestCertApprovalCallback @Override public boolean approve( - org.mozilla.jss.crypto.X509Certificate servercert, + X509Certificate servercert, SSLCertificateApprovalCallback.ValidityStatus status) { SSLCertificateApprovalCallback.ValidityItem item; @@ -60,7 +61,9 @@ public boolean approve( System.out.println("importing certificate."); try { CryptoManager cm = CryptoManager.getInstance(); - PK11Cert newcert = (PK11Cert) cm.importCertToPerm(servercert, "testnick"); + PK11Cert newcert = (PK11Cert) cm.importCertToPerm( + (org.mozilla.jss.crypto.X509Certificate) servercert, + "testnick"); newcert.setSSLTrust(PK11Cert.TRUSTED_PEER | PK11Cert.VALID_PEER); } catch (Exception e) { System.out.println("thrown exception: " + e); diff --git a/base/src/test/java/org/mozilla/jss/tests/TestCertificateApprovalCallback.java b/base/src/test/java/org/mozilla/jss/tests/TestCertificateApprovalCallback.java index c8776828b..f898c8def 100644 --- a/base/src/test/java/org/mozilla/jss/tests/TestCertificateApprovalCallback.java +++ b/base/src/test/java/org/mozilla/jss/tests/TestCertificateApprovalCallback.java @@ -4,6 +4,7 @@ package org.mozilla.jss.tests; +import java.security.cert.X509Certificate; import java.util.Enumeration; import org.mozilla.jss.CryptoManager; @@ -26,7 +27,7 @@ public class TestCertificateApprovalCallback @Override public boolean approve( - org.mozilla.jss.crypto.X509Certificate servercert, + X509Certificate servercert, SSLCertificateApprovalCallback.ValidityStatus status) { SSLCertificateApprovalCallback.ValidityItem item; @@ -68,7 +69,9 @@ public boolean approve( try { CryptoManager cm = CryptoManager.getInstance(); - PK11Cert newcert = (PK11Cert) cm.importCertToPerm(servercert, "testnick"); + PK11Cert newcert = (PK11Cert) cm.importCertToPerm( + (org.mozilla.jss.crypto.X509Certificate) servercert, + "testnick"); newcert.setSSLTrust(PK11Cert.TRUSTED_PEER | PK11Cert.VALID_PEER); } catch (Exception e) { System.out.println("thrown exception: "+e); diff --git a/docs/changes/v5.6.0/API-Changes.adoc b/docs/changes/v5.6.0/API-Changes.adoc index 66aa39ccb..3bb615a28 100644 --- a/docs/changes/v5.6.0/API-Changes.adoc +++ b/docs/changes/v5.6.0/API-Changes.adoc @@ -12,3 +12,8 @@ The `org.mozilla.jss.ssl.SSLSocket` has been modified to extend `javax.net.ssl.S == JSSSocket Changes == The `org.mozilla.jss.ssl.javax.JSSSocket` has been modified to extend `org.mozilla.jss.ssl.SSLSocket`. + +== SSLCertificateApprovalCallback Changes == + +The `approve()` method in `org.mozilla.jss.ssl.SSLCertificateApprovalCallback` has been modified +to accept `java.security.cert.X509Certificate` instead of `org.mozilla.jss.crypto.X509Certificate`. diff --git a/native/src/main/native/org/mozilla/jss/util/java_ids.h b/native/src/main/native/org/mozilla/jss/util/java_ids.h index 51de7c036..be5740dc5 100644 --- a/native/src/main/native/org/mozilla/jss/util/java_ids.h +++ b/native/src/main/native/org/mozilla/jss/util/java_ids.h @@ -299,7 +299,7 @@ PR_BEGIN_EXTERN_C * SSLCertificateApprovalCallback */ #define SSLCERT_APP_CB_APPROVE_NAME "approve" -#define SSLCERT_APP_CB_APPROVE_SIG "(Lorg/mozilla/jss/crypto/X509Certificate;Lorg/mozilla/jss/ssl/SSLCertificateApprovalCallback$ValidityStatus;)Z" +#define SSLCERT_APP_CB_APPROVE_SIG "(Ljava/security/cert/X509Certificate;Lorg/mozilla/jss/ssl/SSLCertificateApprovalCallback$ValidityStatus;)Z" /* * SSLSecurityStatus