diff -urN openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp openjdk/hotspot/src/os/linux/vm/os_linux.cpp
--- openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp 2007-10-12 03:46:00.000000000 -0400
+++ openjdk/hotspot/src/os/linux/vm/os_linux.cpp 2007-10-12 18:24:12.000000000 -0400
@@ -373,6 +379,20 @@
}
}
+ SystemProperty* sp = Arguments::system_properties();
+ Arguments::PropertyList_add (&sp,
+ "javax.net.ssl.trustStore",
+ "/etc/pki/tls/certs/ca-bundle.crt");
+ Arguments::PropertyList_add (&sp,
+ "javax.net.ssl.trustStoreType",
+ "CertBundle");
+ Arguments::PropertyList_add (&sp,
+ "javax.net.ssl.trustStoreProvider",
+ "");
+ Arguments::PropertyList_add (&sp,
+ "javax.net.ssl.trustStorePassword",
+ "");
+
#undef malloc
#undef getenv
#undef EXTENSIONS_DIR
diff -urN openjdk.orig/jdk/src/share/classes/sun/security/provider/CertBundleKeyStoreImpl.java openjdk/jdk/src/share/classes/sun/security/provider/CertBundleKeyStoreImpl.java
--- openjdk.orig/jdk/src/share/classes/sun/security/provider/CertBundleKeyStoreImpl.java 1969-12-31 19:00:00.000000000 -0500
+++ openjdk/jdk/src/share/classes/sun/security/provider/CertBundleKeyStoreImpl.java 2007-10-12 18:24:05.000000000 -0400
@@ -0,0 +1,199 @@
+/* CertBundleKeyStoreImpl.java
+ Copyright (C) 2007 Casey Marshall <csm@gnu.org>
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+Boston, MA 02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package sun.security.provider;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import java.io.PrintWriter;
+import java.security.Key;
+import java.security.KeyStoreException;
+import java.security.KeyStoreSpi;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Vector;
+
+/**
+ * A key store implementation for "certificate bundle" files, commonly used
+ * on many free operating systems. Certificate bundles are plain text files
+ * containing one or more "PEM" encoded X.509 certificates, which comprise
+ * a list of trusted root certificates.
+ *
+ * This class implements a read-only key store that reads in one or more
+ * certificate bundles, storing all certificates successfully read. Calling
+ * load multiple times will add certificates to the store.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class CertBundleKeyStoreImpl extends KeyStoreSpi
+{
+ private int x = 0;
+ private Map<String, Certificate> certs = new HashMap<String, Certificate>();
+
+ @Override public Enumeration<String> engineAliases()
+ {
+ return new Vector<String>(certs.keySet()).elements();
+ }
+
+ @Override public boolean engineContainsAlias(String alias)
+ {
+ return certs.containsKey(alias);
+ }
+
+ @Override public void engineDeleteEntry(String alias) throws KeyStoreException
+ {
+ certs.remove(alias);
+ }
+
+ @Override public Certificate engineGetCertificate(String alias)
+ {
+ return certs.get(alias);
+ }
+
+ @Override public String engineGetCertificateAlias(Certificate cert)
+ {
+ for (Map.Entry<String, Certificate> e : certs.entrySet())
+ {
+ if (e.getValue().equals(cert))
+ return e.getKey();
+ }
+ return null;
+ }
+
+ @Override public Certificate[] engineGetCertificateChain(String arg0)
+ {
+ return null;
+ }
+
+ @Override public Date engineGetCreationDate(String alias)
+ {
+ return new Date(0);
+ }
+
+ @Override public Key engineGetKey(String arg0, char[] arg1)
+ throws NoSuchAlgorithmException, UnrecoverableKeyException
+ {
+ return null;
+ }
+
+ @Override public boolean engineIsCertificateEntry(String alias)
+ {
+ return certs.containsKey(alias);
+ }
+
+ @Override public boolean engineIsKeyEntry(String arg0)
+ {
+ return false;
+ }
+
+ @Override public void engineLoad(InputStream in, char[] arg1)
+ throws IOException, NoSuchAlgorithmException, CertificateException
+ {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ ByteArrayOutputStream bout = new ByteArrayOutputStream();
+ PrintWriter out = new PrintWriter(new OutputStreamWriter(bout));
+ BufferedReader rin = new BufferedReader(new InputStreamReader(in));
+ String line;
+ boolean push = false;
+ while ((line = rin.readLine()) != null)
+ {
+ if (line.equals("-----BEGIN CERTIFICATE-----"))
+ {
+ push = true;
+ out.println(line);
+ }
+ else if (push)
+ {
+ out.println(line);
+ if (line.equals("-----END CERTIFICATE-----"))
+ {
+ push = false;
+ out.flush();
+ byte[] bytes = bout.toByteArray();
+ Certificate cert = cf.generateCertificate(new ByteArrayInputStream(bytes));
+ bout.reset();
+ String alias = "cert-" + (x++);
+ certs.put(alias, cert);
+ }
+ }
+ }
+ }
+
+ @Override public void engineSetCertificateEntry(String alias, Certificate cert)
+ throws KeyStoreException
+ {
+ certs.put(alias, cert);
+ }
+
+ @Override public void engineSetKeyEntry(String arg0, byte[] arg1,
+ Certificate[] arg2)
+ throws KeyStoreException
+ {
+ throw new KeyStoreException("not supported");
+ }
+
+ @Override public void engineSetKeyEntry(String arg0, Key arg1, char[] arg2,
+ Certificate[] arg3)
+ throws KeyStoreException
+ {
+ throw new KeyStoreException("not supported");
+ }
+
+ @Override public int engineSize()
+ {
+ return certs.size();
+ }
+
+ @Override public void engineStore(OutputStream arg0, char[] arg1)
+ throws IOException, NoSuchAlgorithmException, CertificateException
+ {
+ throw new UnsupportedOperationException("read-only key stores");
+ }
+}
--- ../opeinjdkb23/openjdk/jdk/src/share/classes/sun/security/provider/SunEntries.java 2007-10-30 04:38:07.000000000 -0400
+++ openjdk/jdk/src/share/classes/sun/security/provider/SunEntries.java 2007-11-13 13:13:21.000000000 -0500
@@ -178,6 +178,7 @@
map.put("KeyStore.JKS", "sun.security.provider.JavaKeyStore$JKS");
map.put("KeyStore.CaseExactJKS",
"sun.security.provider.JavaKeyStore$CaseExactJKS");
+ map.put("KeyStore.CertBundle", "sun.security.provider.CertBundleKeyStoreImpl");
/*
* Policy
distrib
>
Mandriva
>
2008.1
>
x86_64
>
media
>
main-release
>
by-pkgid
>
193665cc3e55a06f990e31ec956aee6b
>
files
>
72
