[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
AW: AW: AW: [geclipse-dev] CA certificate loading
|
Hi Romain,
> for now here is way I deal with it, to know if a certificate dire is
> present and load the CA files (untested yet, just written....) :
That looks ok so far!
> for(File caFile: caDir.listFiles()) {
> if(caFile.isFile()) {
> X509Certificate cert = >
X509Util.loadCertificate(new FileInputStream(caFile));
>
>
> Security.getCertificateManager().addCertificate( cert,
> CertTrust.AlwaysTrusted );
In terms of efficiency I would rather load all certs in an array and
then call
Security.getCertificateManager().addCertificates( certArray,
CertTrust.AlwaysTrusted );
> How will look the new interface like?
>
> guess:
>
> Security.getCertificateManager().setCAdir( ...... path ...... );
I think a shortcut like
Security.setCertificateLocation( path );
should do the trick.
But there is one thing we should always keep in mind. If we are changing
the cert managers default directory all newly loaded or imported
certificates will be stored in this directory as well! That means if you
would like to import certificates from the EuGridPMA repos these will
end up in the WNs default cert directory then most likely overwriting
the old certificates there! Since an ordinary user will not have
write-access to this directory this will end up in an exception! A way
to come around this is to add the certificates with CertTrust.Trusted
instead of CertTrust.AlwaysTrust which results in adding the certs in
memory but not on disk. But then they have to be re-imported again after
restarting g-Eclipse.
So some thinks to keep in mind when talking about this new method! One
should definitely be careful with this unless you won't be shot by your
administrator for overwriting certificates ;-)
Cheers, Mathias
