HTTPCLIENT-1349: SSLSocketFactory incorrectly identifies key passed with keystore as the keystore password
Contributed by David Graff <djgraff209 at gmail.com> git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1478903 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
53e3c07805
commit
e71b14d28c
|
@ -1,6 +1,10 @@
|
|||
Changes since release 4.3 BETA1
|
||||
-------------------
|
||||
|
||||
* [HTTPCLIENT-1349] SSLSocketFactory incorrectly identifies key passed with keystore as
|
||||
the keystore password.
|
||||
Contributed by David Graff <djgraff209 at gmail.com>
|
||||
|
||||
* [HTTPCLIENT-1346] Ensure propagation of SSL handshake exceptions.
|
||||
Contributed by Pasi Eronen <pe at iki.fi>
|
||||
|
||||
|
|
|
@ -113,11 +113,11 @@ public class SSLContextBuilder {
|
|||
|
||||
public SSLContextBuilder loadKeyMaterial(
|
||||
final KeyStore keystore,
|
||||
final char[] keystorePassword)
|
||||
final char[] keyPassword)
|
||||
throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
|
||||
final KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
|
||||
KeyManagerFactory.getDefaultAlgorithm());
|
||||
kmfactory.init(keystore, keystorePassword);
|
||||
kmfactory.init(keystore, keyPassword);
|
||||
this.keymanagers = kmfactory.getKeyManagers();
|
||||
return this;
|
||||
}
|
||||
|
|
|
@ -158,14 +158,14 @@ public class SSLSocketFactory implements LayeredConnectionSocketFactory, SchemeL
|
|||
public SSLSocketFactory(
|
||||
final String algorithm,
|
||||
final KeyStore keystore,
|
||||
final String keystorePassword,
|
||||
final String keyPassword,
|
||||
final KeyStore truststore,
|
||||
final SecureRandom random,
|
||||
final HostNameResolver nameResolver)
|
||||
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
|
||||
this(SSLContexts.custom()
|
||||
.useProtocol(algorithm)
|
||||
.loadKeyMaterial(keystore, keystorePassword != null ? keystorePassword.toCharArray() : null)
|
||||
.loadKeyMaterial(keystore, keyPassword != null ? keyPassword.toCharArray() : null)
|
||||
.loadTrustMaterial(truststore)
|
||||
.build(),
|
||||
nameResolver);
|
||||
|
@ -181,7 +181,7 @@ public class SSLSocketFactory implements LayeredConnectionSocketFactory, SchemeL
|
|||
public SSLSocketFactory(
|
||||
final String algorithm,
|
||||
final KeyStore keystore,
|
||||
final String keystorePassword,
|
||||
final String keyPassword,
|
||||
final KeyStore truststore,
|
||||
final SecureRandom random,
|
||||
final TrustStrategy trustStrategy,
|
||||
|
@ -189,7 +189,7 @@ public class SSLSocketFactory implements LayeredConnectionSocketFactory, SchemeL
|
|||
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
|
||||
this(SSLContexts.custom()
|
||||
.useProtocol(algorithm)
|
||||
.loadKeyMaterial(keystore, keystorePassword != null ? keystorePassword.toCharArray() : null)
|
||||
.loadKeyMaterial(keystore, keyPassword != null ? keyPassword.toCharArray() : null)
|
||||
.loadTrustMaterial(truststore, trustStrategy)
|
||||
.build(),
|
||||
hostnameVerifier);
|
||||
|
@ -205,14 +205,14 @@ public class SSLSocketFactory implements LayeredConnectionSocketFactory, SchemeL
|
|||
public SSLSocketFactory(
|
||||
final String algorithm,
|
||||
final KeyStore keystore,
|
||||
final String keystorePassword,
|
||||
final String keyPassword,
|
||||
final KeyStore truststore,
|
||||
final SecureRandom random,
|
||||
final X509HostnameVerifier hostnameVerifier)
|
||||
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
|
||||
this(SSLContexts.custom()
|
||||
.useProtocol(algorithm)
|
||||
.loadKeyMaterial(keystore, keystorePassword != null ? keystorePassword.toCharArray() : null)
|
||||
.loadKeyMaterial(keystore, keyPassword != null ? keyPassword.toCharArray() : null)
|
||||
.loadTrustMaterial(truststore)
|
||||
.build(),
|
||||
hostnameVerifier);
|
||||
|
|
|
@ -32,6 +32,7 @@ import java.net.InetSocketAddress;
|
|||
import java.net.URL;
|
||||
import java.security.KeyStore;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.UnrecoverableKeyException;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.X509Certificate;
|
||||
|
||||
|
@ -195,4 +196,29 @@ public class TestSSLSocketFactory extends LocalServerTestBase {
|
|||
socketFactory.connectSocket(0, socket, host, remoteAddress, null, context);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testKeyWithAlternatePassword() throws Exception {
|
||||
String keystorePassword = "nopassword";
|
||||
String keyPassword = "password";
|
||||
|
||||
ClassLoader cl = getClass().getClassLoader();
|
||||
URL url = cl.getResource("test-keypasswd.keystore");
|
||||
KeyStore keystore = KeyStore.getInstance("jks");
|
||||
keystore.load(url.openStream(), keystorePassword.toCharArray());
|
||||
|
||||
new SSLSocketFactory(keystore, keyPassword, keystore);
|
||||
}
|
||||
|
||||
@Test(expected=UnrecoverableKeyException.class)
|
||||
public void testKeyWithAlternatePasswordInvalid() throws Exception {
|
||||
String keystorePassword = "nopassword";
|
||||
String keyPassword = "!password";
|
||||
|
||||
ClassLoader cl = getClass().getClassLoader();
|
||||
URL url = cl.getResource("test-keypasswd.keystore");
|
||||
KeyStore keystore = KeyStore.getInstance("jks");
|
||||
keystore.load(url.openStream(), keystorePassword.toCharArray());
|
||||
|
||||
new SSLSocketFactory(keystore, keyPassword, keystore);
|
||||
}
|
||||
}
|
||||
|
|
Binary file not shown.
Loading…
Reference in New Issue