diff --git a/resources/languages/resources.properties b/resources/languages/resources.properties
index fd28ee725..7f9a8b819 100644
--- a/resources/languages/resources.properties
+++ b/resources/languages/resources.properties
@@ -1639,6 +1639,9 @@ plugin.certconfig.FILE_TYPE_DESCRIPTION=Certificate stores (PKCS#11 Module, PKCS
plugin.certconfig.ALIAS_LOAD_EXCEPTION=Unable to obtain aliases from keystore ({0}).
plugin.certconfig.INVALID_KEYSTORE_TYPE=The selected Keystore type seems to be invalid ({0}).
plugin.certconfig.BROWSE_KEYSTORE=Open KeyStore
+plugin.certconfig.REVOCATION_TITLE=Certificate revocation options
+plugin.certconfig.REVOCATION_CHECK_ENABLED=CRL (Certificate Revocation List) check enabled
+plugin.certconfig.REVOCATION_OCSP_ENABLED=OCSP (Online Certificate Status Protocol) check enabled
#Phone number contact source plugin
plugin.phonenumbercontactsource.DISPLAY_NAME=Phone numbers
diff --git a/src/net/java/sip/communicator/impl/certificate/CertificateServiceImpl.java b/src/net/java/sip/communicator/impl/certificate/CertificateServiceImpl.java
index 5090f2691..3a52c38a4 100644
--- a/src/net/java/sip/communicator/impl/certificate/CertificateServiceImpl.java
+++ b/src/net/java/sip/communicator/impl/certificate/CertificateServiceImpl.java
@@ -154,6 +154,13 @@ public CertificateServiceImpl()
{
setTrustStore();
config.addPropertyChangeListener(PNAME_TRUSTSTORE_TYPE, this);
+
+ System.setProperty("com.sun.security.enableCRLDP",
+ config.getString(PNAME_REVOCATION_CHECK_ENABLED, "false"));
+ System.setProperty("com.sun.net.ssl.checkRevocation",
+ config.getString(PNAME_REVOCATION_CHECK_ENABLED, "false"));
+ Security.setProperty("ocsp.enable",
+ config.getString(PNAME_OCSP_ENABLED, "false"));
}
public void propertyChange(PropertyChangeEvent evt)
@@ -166,17 +173,7 @@ private void setTrustStore()
String tsType = (String)config.getProperty(PNAME_TRUSTSTORE_TYPE);
String tsFile = (String)config.getProperty(PNAME_TRUSTSTORE_FILE);
String tsPassword = credService.loadPassword(PNAME_TRUSTSTORE_PASSWORD);
-
- //TODO remove this as soon as we ship with JRE 1.7
- //remove windows root from x64 on Java < 1.7
- if (!(OSUtils.IS_WINDOWS32
- || (OSUtils.IS_WINDOWS
- && System.getProperty("java.version").startsWith("1.7"))))
- {
- tsType = null;
- config.removeProperty(CertificateService.PNAME_TRUSTSTORE_TYPE);
- }
-
+
if(tsType != null)
System.setProperty("javax.net.ssl.trustStoreType", tsType);
else
diff --git a/src/net/java/sip/communicator/plugin/certconfig/CertConfigPanel.java b/src/net/java/sip/communicator/plugin/certconfig/CertConfigPanel.java
index 86e9c573c..c6e12c75e 100644
--- a/src/net/java/sip/communicator/plugin/certconfig/CertConfigPanel.java
+++ b/src/net/java/sip/communicator/plugin/certconfig/CertConfigPanel.java
@@ -8,6 +8,7 @@
import java.awt.*;
import java.awt.event.*;
+import java.security.*;
import javax.swing.*;
import javax.swing.border.*;
@@ -45,7 +46,8 @@ public class CertConfigPanel
private JTable tblCertList;
private JRadioButton rdoUseWindows;
private JRadioButton rdoUseJava;
-
+ private SIPCommCheckBox chkEnableRevocationCheck;
+ private SIPCommCheckBox chkEnableOcsp;
// ------------------------------------------------------------------------
// initialization
@@ -63,17 +65,15 @@ public CertConfigPanel()
private void initComponents()
{
- this.setLayout(new BorderLayout());
+ this.setLayout(new BoxLayout(this, BoxLayout.Y_AXIS));
- //TODO change to OSUtils.IS_WINDOWS as soon as we ship with JRE 1.7
- if (OSUtils.IS_WINDOWS32
- || (OSUtils.IS_WINDOWS
- && System.getProperty("java.version").startsWith("1.7")))
+ // trusted root CA source selection
+ if (OSUtils.IS_WINDOWS)
{
JPanel pnlCertConfig = new TransparentPanel(new GridLayout(2, 1));
pnlCertConfig.setBorder(BorderFactory.createTitledBorder(
R.getI18NString("plugin.certconfig.TRUSTSTORE_CONFIG")));
- add(pnlCertConfig, BorderLayout.NORTH);
+ add(pnlCertConfig);
ButtonGroup grpTrustStore = new ButtonGroup();
@@ -102,10 +102,33 @@ private void initComponents()
}
}
+ // revocation options
+ JPanel pnlRevocation = new TransparentPanel(new GridLayout(2, 1));
+ pnlRevocation.setBorder(BorderFactory.createTitledBorder(
+ R.getI18NString("plugin.certconfig.REVOCATION_TITLE")));
+ add(pnlRevocation);
+
+ chkEnableRevocationCheck = new SIPCommCheckBox(
+ R.getI18NString("plugin.certconfig.REVOCATION_CHECK_ENABLED"));
+ chkEnableRevocationCheck.addActionListener(this);
+ chkEnableRevocationCheck.setSelected(
+ "true".equals(
+ System.getProperty("com.sun.net.ssl.checkRevocation")));
+ pnlRevocation.add(chkEnableRevocationCheck);
+
+ chkEnableOcsp = new SIPCommCheckBox(
+ R.getI18NString("plugin.certconfig.REVOCATION_OCSP_ENABLED"));
+ chkEnableOcsp.addActionListener(this);
+ chkEnableOcsp.setSelected(
+ "true".equals(Security.getProperty("ocsp.enable")));
+ chkEnableOcsp.setEnabled(chkEnableRevocationCheck.isSelected());
+ pnlRevocation.add(chkEnableOcsp);
+
+ // Client certificate authentication list
JPanel pnlCertList = new TransparentPanel(new BorderLayout());
pnlCertList.setBorder(BorderFactory.createTitledBorder(
R.getI18NString("plugin.certconfig.CERT_LIST_TITLE")));
- add(pnlCertList, BorderLayout.CENTER);
+ add(pnlCertList);
JLabel lblNote = new JLabel();
lblNote.setText(
@@ -192,6 +215,27 @@ public void actionPerformed(ActionEvent e)
CertConfigActivator.getCredService().removePassword(
CertificateService.PNAME_TRUSTSTORE_PASSWORD);
}
+ if (e.getSource() == chkEnableRevocationCheck)
+ {
+ CertConfigActivator.getConfigService().setProperty(
+ CertificateService.PNAME_REVOCATION_CHECK_ENABLED,
+ chkEnableRevocationCheck.isSelected());
+
+ String enabled = new Boolean(
+ chkEnableRevocationCheck.isSelected()).toString();
+ System.setProperty("com.sun.security.enableCRLDP", enabled);
+ System.setProperty("com.sun.net.ssl.checkRevocation", enabled);
+ chkEnableOcsp.setEnabled(chkEnableRevocationCheck.isSelected());
+ }
+ if (e.getSource() == chkEnableOcsp)
+ {
+ CertConfigActivator.getConfigService().setProperty(
+ CertificateService.PNAME_OCSP_ENABLED,
+ chkEnableOcsp.isSelected());
+
+ Security.setProperty("ocsp.enable",
+ new Boolean(chkEnableOcsp.isSelected()).toString());
+ }
}
// ------------------------------------------------------------------------
diff --git a/src/net/java/sip/communicator/service/certificate/CertificateService.java b/src/net/java/sip/communicator/service/certificate/CertificateService.java
index 77bd91bcc..01581bbe1 100644
--- a/src/net/java/sip/communicator/service/certificate/CertificateService.java
+++ b/src/net/java/sip/communicator/service/certificate/CertificateService.java
@@ -67,6 +67,21 @@ public interface CertificateService
public static final String PNAME_TRUSTSTORE_PASSWORD =
"net.java.sip.communicator.service.cert.truststore.password";
+ /**
+ * Property that is being applied to the system properties
+ * com.sun.net.ssl.checkRevocation and
+ * com.sun.security.enableCRLDP
+ */
+ public static final String PNAME_REVOCATION_CHECK_ENABLED =
+ "net.java.sip.communicator.service.cert.revocation.enabled";
+
+ /**
+ * Property that is being applied to the Security property
+ * ocsp.enable
+ */
+ public static final String PNAME_OCSP_ENABLED =
+ "net.java.sip.communicator.service.cert.ocsp.enabled";
+
// ------------------------------------------------------------------------
// constants
// ------------------------------------------------------------------------