473321 - Overriding SSL context KeyStoreType requires explicit override of TrustStoreType

2015-07-23 11:21:22 +10:00 · 2015-07-23 11:21:22 +10:00 · 7686a19db9
parent 085ec933c5
commit 7686a19db9
2 changed files with 19 additions and 17 deletions
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@ -338,7 +338,7 @@ public class SslContextFactory extends AbstractLifeCycle
                if (keyStore==null)
                    keyStore=loadKeyStore(_keyStoreResource);
                if (trustStore==null)
-                    trustStore=loadTrustStore(_trustStoreResource==null?_keyStoreResource:_trustStoreResource);
+                    trustStore=loadTrustStore(_trustStoreResource);

                Collection<? extends CRL> crls = loadCRL(_crlPath);

@ -1062,7 +1062,21 @@ public class SslContextFactory extends AbstractLifeCycle
     */
    protected KeyStore loadTrustStore(Resource resource) throws Exception
    {
-        return CertificateUtils.getKeyStore(resource, _trustStoreType,  _trustStoreProvider,_trustStorePassword==null? null:_trustStorePassword.toString());
+        String type=_trustStoreType;
+        String provider= _trustStoreProvider;
+        String passwd=_trustStorePassword==null? null:_trustStorePassword.toString();
+        if (resource==null || resource.equals(_keyStoreResource))
+        {
+            resource=_keyStoreResource;
+            if (type==null)
+                type=_keyStoreType;
+            if (provider==null)
+                provider= _keyStoreProvider;
+            if (passwd==null)
+                passwd=_keyStorePassword==null? null:_keyStorePassword.toString();
+        }
+            
+        return CertificateUtils.getKeyStore(resource,type,provider,passwd);
    }

    /**
--- a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
+++ b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
@ -18,9 +18,8 @@

 package org.eclipse.jetty.util.ssl;

-import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.greaterThan;
-import static org.hamcrest.Matchers.is;
+import static org.hamcrest.Matchers.equalTo;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertThat;
 import static org.junit.Assert.assertTrue;
@ -28,7 +27,6 @@ import static org.junit.Assert.assertTrue;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.KeyStore;
-import java.util.Arrays;

 import javax.net.ssl.SSLEngine;

@ -56,7 +54,6 @@ public class SslContextFactoryTest
    @Test
    public void testNoTsFileKs() throws Exception
    {
-        String keystorePath = System.getProperty("basedir",".") + "/src/test/resources/keystore";
        cf.setKeyStorePassword("storepwd");
        cf.setKeyManagerPassword("keypwd");

@ -199,20 +196,19 @@ public class SslContextFactoryTest
        String[] enabledCipherSuites = sslEngine.getEnabledCipherSuites();
        assertThat("At least 1 cipherSuite is enabled", enabledCipherSuites.length, greaterThan(0));
        for (String enabledCipherSuite : enabledCipherSuites)
-            assertThat("CipherSuite does not contain RC4", enabledCipherSuite.contains("RC4"), is(false));
+            assertThat("CipherSuite does not contain RC4", enabledCipherSuite.contains("RC4"), equalTo(false));
    }

    @Test
    public void testSetIncludeCipherSuitesRegex() throws Exception
    {
-        Log.getLogger(SslContextFactory.class).setDebugEnabled(true);
        cf.setIncludeCipherSuites(".*ECDHE.*",".*WIBBLE.*");
        cf.start();
        SSLEngine sslEngine = cf.newSSLEngine();
        String[] enabledCipherSuites = sslEngine.getEnabledCipherSuites();
        assertThat("At least 1 cipherSuite is enabled", enabledCipherSuites.length, greaterThan(1));
        for (String enabledCipherSuite : enabledCipherSuites)
-            assertThat("CipherSuite contains ECDHE", enabledCipherSuite.contains("ECDHE"), is(true));
+            assertThat("CipherSuite contains ECDHE", enabledCipherSuite.contains("ECDHE"), equalTo(true));
    }

    @Test
@ -223,12 +219,4 @@ public class SslContextFactoryTest
    	assertNotNull(cf.getExcludeCipherSuites());
    	assertNotNull(cf.getIncludeCipherSuites());
    }
-    
-    private void assertSelectedMatchesIncluded(String[] includeStrings, String[] selectedStrings)
-    {
-        assertThat(includeStrings.length + " strings are selected", selectedStrings.length, is(includeStrings.length));
-        assertThat("order from includeStrings is preserved", selectedStrings[0], equalTo(includeStrings[0]));
-        assertThat("order from includeStrings is preserved", selectedStrings[1], equalTo(includeStrings[1]));
-        assertThat("order from includeStrings is preserved", selectedStrings[2], equalTo(includeStrings[2]));
-    }
 }