Apache
/
httpcomponents-client
mirror of https://github.com/apache/httpcomponents-client.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

HTTPCLIENT-1349: SSLSocketFactory incorrectly identifies key passed with keystore as the keystore password 

Contributed by David Graff <djgraff209 at gmail.com>

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1478903 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Oleg Kalnichevski 2013-05-03 18:34:49 +00:00
parent 53e3c07805
commit e71b14d28c
5 changed files with 38 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
RELEASE_NOTES.txt
View File

@ -1,6 +1,10 @@
Changes since release 4.3 BETA1 Changes since release 4.3 BETA1
------------------- -------------------
* [HTTPCLIENT-1349] SSLSocketFactory incorrectly identifies key passed with keystore as
the keystore password.
Contributed by David Graff <djgraff209 at gmail.com>
* [HTTPCLIENT-1346] Ensure propagation of SSL handshake exceptions. * [HTTPCLIENT-1346] Ensure propagation of SSL handshake exceptions.
Contributed by Pasi Eronen <pe at iki.fi> Contributed by Pasi Eronen <pe at iki.fi>

4
httpclient/src/main/java/org/apache/http/conn/ssl/SSLContextBuilder.java
View File

@ -113,11 +113,11 @@ public class SSLContextBuilder {
public SSLContextBuilder loadKeyMaterial( public SSLContextBuilder loadKeyMaterial(
final KeyStore keystore, final KeyStore keystore,
final char[] keystorePassword) final char[] keyPassword)
throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException { throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
final KeyManagerFactory kmfactory = KeyManagerFactory.getInstance( final KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm()); KeyManagerFactory.getDefaultAlgorithm());
kmfactory.init(keystore, keystorePassword); kmfactory.init(keystore, keyPassword);
this.keymanagers = kmfactory.getKeyManagers(); this.keymanagers = kmfactory.getKeyManagers();
return this; return this;
} }

12
httpclient/src/main/java/org/apache/http/conn/ssl/SSLSocketFactory.java
View File

@ -158,14 +158,14 @@ public class SSLSocketFactory implements LayeredConnectionSocketFactory, SchemeL
public SSLSocketFactory( public SSLSocketFactory(
final String algorithm, final String algorithm,
final KeyStore keystore, final KeyStore keystore,
final String keystorePassword, final String keyPassword,
final KeyStore truststore, final KeyStore truststore,
final SecureRandom random, final SecureRandom random,
final HostNameResolver nameResolver) final HostNameResolver nameResolver)
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
this(SSLContexts.custom() this(SSLContexts.custom()
.useProtocol(algorithm) .useProtocol(algorithm)
.loadKeyMaterial(keystore, keystorePassword != null ? keystorePassword.toCharArray() : null) .loadKeyMaterial(keystore, keyPassword != null ? keyPassword.toCharArray() : null)
.loadTrustMaterial(truststore) .loadTrustMaterial(truststore)
.build(), .build(),
nameResolver); nameResolver);
@ -181,7 +181,7 @@ public class SSLSocketFactory implements LayeredConnectionSocketFactory, SchemeL
public SSLSocketFactory( public SSLSocketFactory(
final String algorithm, final String algorithm,
final KeyStore keystore, final KeyStore keystore,
final String keystorePassword, final String keyPassword,
final KeyStore truststore, final KeyStore truststore,
final SecureRandom random, final SecureRandom random,
final TrustStrategy trustStrategy, final TrustStrategy trustStrategy,
@ -189,7 +189,7 @@ public class SSLSocketFactory implements LayeredConnectionSocketFactory, SchemeL
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
this(SSLContexts.custom() this(SSLContexts.custom()
.useProtocol(algorithm) .useProtocol(algorithm)
.loadKeyMaterial(keystore, keystorePassword != null ? keystorePassword.toCharArray() : null) .loadKeyMaterial(keystore, keyPassword != null ? keyPassword.toCharArray() : null)
.loadTrustMaterial(truststore, trustStrategy) .loadTrustMaterial(truststore, trustStrategy)
.build(), .build(),
hostnameVerifier); hostnameVerifier);
@ -205,14 +205,14 @@ public class SSLSocketFactory implements LayeredConnectionSocketFactory, SchemeL
public SSLSocketFactory( public SSLSocketFactory(
final String algorithm, final String algorithm,
final KeyStore keystore, final KeyStore keystore,
final String keystorePassword, final String keyPassword,
final KeyStore truststore, final KeyStore truststore,
final SecureRandom random, final SecureRandom random,
final X509HostnameVerifier hostnameVerifier) final X509HostnameVerifier hostnameVerifier)
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
this(SSLContexts.custom() this(SSLContexts.custom()
.useProtocol(algorithm) .useProtocol(algorithm)
.loadKeyMaterial(keystore, keystorePassword != null ? keystorePassword.toCharArray() : null) .loadKeyMaterial(keystore, keyPassword != null ? keyPassword.toCharArray() : null)
.loadTrustMaterial(truststore) .loadTrustMaterial(truststore)
.build(), .build(),
hostnameVerifier); hostnameVerifier);

26
httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLSocketFactory.java
View File

@ -32,6 +32,7 @@ import java.net.InetSocketAddress;
import java.net.URL; import java.net.URL;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
@ -195,4 +196,29 @@ public class TestSSLSocketFactory extends LocalServerTestBase {
socketFactory.connectSocket(0, socket, host, remoteAddress, null, context); socketFactory.connectSocket(0, socket, host, remoteAddress, null, context);
} }
@Test
public void testKeyWithAlternatePassword() throws Exception {
String keystorePassword = "nopassword";
String keyPassword = "password";
ClassLoader cl = getClass().getClassLoader();
URL url = cl.getResource("test-keypasswd.keystore");
KeyStore keystore = KeyStore.getInstance("jks");
keystore.load(url.openStream(), keystorePassword.toCharArray());
new SSLSocketFactory(keystore, keyPassword, keystore);
}
@Test(expected=UnrecoverableKeyException.class)
public void testKeyWithAlternatePasswordInvalid() throws Exception {
String keystorePassword = "nopassword";
String keyPassword = "!password";
ClassLoader cl = getClass().getClassLoader();
URL url = cl.getResource("test-keypasswd.keystore");
KeyStore keystore = KeyStore.getInstance("jks");
keystore.load(url.openStream(), keystorePassword.toCharArray());
new SSLSocketFactory(keystore, keyPassword, keystore);
}
} }

BIN
httpclient/src/test/resources/test-keypasswd.keystore Normal file
View File

Binary file not shown.