HTTPCLIENT-1349: SSLSocketFactory incorrectly identifies key passed with keystore as the keystore password

Contributed by David Graff <djgraff209 at gmail.com>

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1478903 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Oleg Kalnichevski 2013-05-03 18:34:49 +00:00
parent 53e3c07805
commit e71b14d28c
5 changed files with 38 additions and 8 deletions

View File

@ -1,6 +1,10 @@
Changes since release 4.3 BETA1
-------------------
* [HTTPCLIENT-1349] SSLSocketFactory incorrectly identifies key passed with keystore as
the keystore password.
Contributed by David Graff <djgraff209 at gmail.com>
* [HTTPCLIENT-1346] Ensure propagation of SSL handshake exceptions.
Contributed by Pasi Eronen <pe at iki.fi>

View File

@ -113,11 +113,11 @@ public class SSLContextBuilder {
public SSLContextBuilder loadKeyMaterial(
final KeyStore keystore,
final char[] keystorePassword)
final char[] keyPassword)
throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
final KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
kmfactory.init(keystore, keystorePassword);
kmfactory.init(keystore, keyPassword);
this.keymanagers = kmfactory.getKeyManagers();
return this;
}

View File

@ -158,14 +158,14 @@ public class SSLSocketFactory implements LayeredConnectionSocketFactory, SchemeL
public SSLSocketFactory(
final String algorithm,
final KeyStore keystore,
final String keystorePassword,
final String keyPassword,
final KeyStore truststore,
final SecureRandom random,
final HostNameResolver nameResolver)
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
this(SSLContexts.custom()
.useProtocol(algorithm)
.loadKeyMaterial(keystore, keystorePassword != null ? keystorePassword.toCharArray() : null)
.loadKeyMaterial(keystore, keyPassword != null ? keyPassword.toCharArray() : null)
.loadTrustMaterial(truststore)
.build(),
nameResolver);
@ -181,7 +181,7 @@ public class SSLSocketFactory implements LayeredConnectionSocketFactory, SchemeL
public SSLSocketFactory(
final String algorithm,
final KeyStore keystore,
final String keystorePassword,
final String keyPassword,
final KeyStore truststore,
final SecureRandom random,
final TrustStrategy trustStrategy,
@ -189,7 +189,7 @@ public class SSLSocketFactory implements LayeredConnectionSocketFactory, SchemeL
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
this(SSLContexts.custom()
.useProtocol(algorithm)
.loadKeyMaterial(keystore, keystorePassword != null ? keystorePassword.toCharArray() : null)
.loadKeyMaterial(keystore, keyPassword != null ? keyPassword.toCharArray() : null)
.loadTrustMaterial(truststore, trustStrategy)
.build(),
hostnameVerifier);
@ -205,14 +205,14 @@ public class SSLSocketFactory implements LayeredConnectionSocketFactory, SchemeL
public SSLSocketFactory(
final String algorithm,
final KeyStore keystore,
final String keystorePassword,
final String keyPassword,
final KeyStore truststore,
final SecureRandom random,
final X509HostnameVerifier hostnameVerifier)
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
this(SSLContexts.custom()
.useProtocol(algorithm)
.loadKeyMaterial(keystore, keystorePassword != null ? keystorePassword.toCharArray() : null)
.loadKeyMaterial(keystore, keyPassword != null ? keyPassword.toCharArray() : null)
.loadTrustMaterial(truststore)
.build(),
hostnameVerifier);

View File

@ -32,6 +32,7 @@ import java.net.InetSocketAddress;
import java.net.URL;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
@ -195,4 +196,29 @@ public class TestSSLSocketFactory extends LocalServerTestBase {
socketFactory.connectSocket(0, socket, host, remoteAddress, null, context);
}
@Test
public void testKeyWithAlternatePassword() throws Exception {
String keystorePassword = "nopassword";
String keyPassword = "password";
ClassLoader cl = getClass().getClassLoader();
URL url = cl.getResource("test-keypasswd.keystore");
KeyStore keystore = KeyStore.getInstance("jks");
keystore.load(url.openStream(), keystorePassword.toCharArray());
new SSLSocketFactory(keystore, keyPassword, keystore);
}
@Test(expected=UnrecoverableKeyException.class)
public void testKeyWithAlternatePasswordInvalid() throws Exception {
String keystorePassword = "nopassword";
String keyPassword = "!password";
ClassLoader cl = getClass().getClassLoader();
URL url = cl.getResource("test-keypasswd.keystore");
KeyStore keystore = KeyStore.getInstance("jks");
keystore.load(url.openStream(), keystorePassword.toCharArray());
new SSLSocketFactory(keystore, keyPassword, keystore);
}
}

Binary file not shown.