Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

430951 Support SNI with ExtendedSslContextFactory 

made ExtendedSslContextFactory work with non SNI keystore
This commit is contained in:
Greg Wilkins 2015-05-08 12:06:20 +10:00
parent 6428718962
commit 3e0b95be4f
4 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
examples/embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java
View File

@ -42,6 +42,7 @@ import org.eclipse.jetty.server.handler.DefaultHandler;
import org.eclipse.jetty.server.handler.HandlerCollection; import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.server.handler.RequestLogHandler; import org.eclipse.jetty.server.handler.RequestLogHandler;
import org.eclipse.jetty.server.handler.StatisticsHandler; import org.eclipse.jetty.server.handler.StatisticsHandler;
import org.eclipse.jetty.util.ssl.ExtendedSslContextFactory;
import org.eclipse.jetty.util.ssl.SslContextFactory; import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool; import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.util.thread.ScheduledExecutorScheduler; import org.eclipse.jetty.util.thread.ScheduledExecutorScheduler;
@ -128,7 +129,7 @@ public class LikeJettyXml
// === jetty-https.xml === // === jetty-https.xml ===
// SSL Context Factory // SSL Context Factory
SslContextFactory sslContextFactory = new SslContextFactory(); SslContextFactory sslContextFactory = new ExtendedSslContextFactory();
sslContextFactory.setKeyStorePath(jetty_home + "/../../../jetty-server/src/test/config/etc/keystore"); sslContextFactory.setKeyStorePath(jetty_home + "/../../../jetty-server/src/test/config/etc/keystore");
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"); sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g"); sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");

10
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/ExtendedSslContextFactory.java
View File

@ -132,7 +132,7 @@ public class ExtendedSslContextFactory extends SslContextFactory
String cn = rdn.getValue().toString(); String cn = rdn.getValue().toString();
if (LOG.isDebugEnabled()) if (LOG.isDebugEnabled())
LOG.debug("Certificate cn alias={} cn={} in {}",alias,cn,_factory); LOG.debug("Certificate cn alias={} cn={} in {}",alias,cn,_factory);
if (cn!=null) if (cn!=null && cn.contains(".") && !cn.contains(" "))
_aliases.put(cn,alias); _aliases.put(cn,alias);
} }
} }
@ -197,6 +197,14 @@ public class ExtendedSslContextFactory extends SslContextFactory
public boolean matches(SNIServerName serverName) public boolean matches(SNIServerName serverName)
{ {
LOG.debug("matches={} for {}",serverName,this); LOG.debug("matches={} for {}",serverName,this);
if (_aliases.size()==0 && _wild.size()==0)
{
if (LOG.isDebugEnabled())
LOG.debug("No SNI ready certificates for {} in {}",serverName,ExtendedSslContextFactory.this);
return true;
}
if (serverName instanceof SNIHostName) if (serverName instanceof SNIHostName)
{ {
_name=(SNIHostName)serverName; _name=(SNIHostName)serverName;

14
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SniX509ExtendedKeyManager.java
View File

@ -96,7 +96,7 @@ public class SniX509ExtendedKeyManager extends X509ExtendedKeyManager
} }
if (LOG.isDebugEnabled()) if (LOG.isDebugEnabled())
LOG.debug("choose {} from {}",alias,Arrays.asList(aliases)); LOG.debug("matched {}/{} from {}",alias,host,Arrays.asList(aliases));
// Check if the SNI selected alias is allowable // Check if the SNI selected alias is allowable
if (alias!=null) if (alias!=null)
@ -120,14 +120,22 @@ public class SniX509ExtendedKeyManager extends X509ExtendedKeyManager
SSLSocket sslSocket = (SSLSocket)socket; SSLSocket sslSocket = (SSLSocket)socket;
String alias = chooseServerAlias(keyType,issuers,sslSocket.getSSLParameters().getSNIMatchers(),sslSocket.getHandshakeSession()); String alias = chooseServerAlias(keyType,issuers,sslSocket.getSSLParameters().getSNIMatchers(),sslSocket.getHandshakeSession());
return alias==NO_MATCHERS?_delegate.chooseServerAlias(keyType,issuers,socket):alias; if (alias==NO_MATCHERS)
alias=_delegate.chooseServerAlias(keyType,issuers,socket);
if (LOG.isDebugEnabled())
LOG.debug("chose {}/{} on {}",alias,keyType,socket);
return alias;
} }
@Override @Override
public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine)
{ {
String alias = chooseServerAlias(keyType,issuers,engine.getSSLParameters().getSNIMatchers(),engine.getHandshakeSession()); String alias = chooseServerAlias(keyType,issuers,engine.getSSLParameters().getSNIMatchers(),engine.getHandshakeSession());
return alias==NO_MATCHERS?_delegate.chooseEngineServerAlias(keyType,issuers,engine):alias; if (alias==NO_MATCHERS)
alias=_delegate.chooseEngineServerAlias(keyType,issuers,engine);
if (LOG.isDebugEnabled())
LOG.debug("chose {}/{} on {}",alias,keyType,engine);
return alias;
} }
@Override @Override

2
tests/test-webapps/test-servlet-spec/test-spec-webapp/src/main/java/com/acme/test/TestListener.java
View File

@ -111,8 +111,6 @@ public class TestListener implements HttpSessionListener, HttpSessionAttributeL
public void contextInitialized(ServletContextEvent sce) public void contextInitialized(ServletContextEvent sce)
{ {
System.err.println("Calling TestListener.contextInitialized");
sce.getServletContext().setAttribute("com.acme.AnnotationTest.sclInjectTest", Boolean.valueOf(maxAmount != null)); sce.getServletContext().setAttribute("com.acme.AnnotationTest.sclInjectTest", Boolean.valueOf(maxAmount != null));
//Can't add a ServletContextListener from a ServletContextListener even if it is declared in web.xml //Can't add a ServletContextListener from a ServletContextListener even if it is declared in web.xml