[ebxmlms-develop] Fix for TrustedAnchor

[Mattias J <mj...@ex...>]

Hi Hermes developers. I have been in a discussion on the user list, 
primarily with Ronald van Kuijk, about issues concerning trusted SSL 
certificates and Java 1.4. I asked that somebody should forward my 
conclusions to the development list but I can see in the archives that has 
not been done (is everyone else on vacation???). Now I have had time to 
perform some actual testing under Java 1.3.1 so I have joined the dev-list 
to discuss the changes that need to me made.

First off, the TrustedAnchor setting is not working, and I cannot see how 
it could have been working since revision 1.7 of 
hk.hku.cecid.phoenix.message.transport.Http and the introduction of the 
attibute TrustManager[] trustManagers, clashing with the local variable of 
the same name (existing since rev 1.6).

I discovered the problem trying to use a setting similar to the following 
under JDK 1.4 and have now verified it does not work under 1.3 either:
   <SSL>
        <!-- Trust keystore for SSL Server Authentication -->
        <TrustedAnchor>
          <KeyStore>
            <Path>/hermes</Path>
            <File>trusted.keystore</File>
            <Password>foobar</Password>
          </KeyStore>
        </TrustedAnchor>
    </SSL>

The problem is solved by removing the local TrustManager[] trustManagers 
variable on line 185 of hk.hku.cecid.phoenix.message.transport.Http so that 
the attribute is used instead. Line 186 could also be removed, since that 
variable is never used. Here is a diff applicable to revision 1.12:

185,186d184
<         TrustManager[] trustManagers = null;
<         KeyManager[] keyManagers = null;

Please incorporate this into the CVS.


   Mattias Jiderhamn
   Expert Systems