Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

473321 - Overriding SSL context KeyStoreType requires explicit override of TrustStoreType

This commit is contained in:
Greg Wilkins 2015-07-23 11:21:22 +10:00
parent 085ec933c5
commit 7686a19db9
2 changed files with 19 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
View File

@ -338,7 +338,7 @@ public class SslContextFactory extends AbstractLifeCycle
if (keyStore==null) if (keyStore==null)
keyStore=loadKeyStore(_keyStoreResource); keyStore=loadKeyStore(_keyStoreResource);
if (trustStore==null) if (trustStore==null)
trustStore=loadTrustStore(_trustStoreResource==null?_keyStoreResource:_trustStoreResource); trustStore=loadTrustStore(_trustStoreResource);
Collection<? extends CRL> crls = loadCRL(_crlPath); Collection<? extends CRL> crls = loadCRL(_crlPath);
@ -1062,7 +1062,21 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
protected KeyStore loadTrustStore(Resource resource) throws Exception protected KeyStore loadTrustStore(Resource resource) throws Exception
{ {
return CertificateUtils.getKeyStore(resource, _trustStoreType, _trustStoreProvider,_trustStorePassword==null? null:_trustStorePassword.toString()); String type=_trustStoreType;
String provider= _trustStoreProvider;
String passwd=_trustStorePassword==null? null:_trustStorePassword.toString();
if (resource==null || resource.equals(_keyStoreResource))
{
resource=_keyStoreResource;
if (type==null)
type=_keyStoreType;
if (provider==null)
provider= _keyStoreProvider;
if (passwd==null)
passwd=_keyStorePassword==null? null:_keyStorePassword.toString();
}
return CertificateUtils.getKeyStore(resource,type,provider,passwd);
} }
/** /**

18
jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
View File

@ -18,9 +18,8 @@
package org.eclipse.jetty.util.ssl; package org.eclipse.jetty.util.ssl;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan; import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.equalTo;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertThat; import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
@ -28,7 +27,6 @@ import static org.junit.Assert.assertTrue;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.security.KeyStore; import java.security.KeyStore;
import java.util.Arrays;
import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngine;
@ -56,7 +54,6 @@ public class SslContextFactoryTest
@Test @Test
public void testNoTsFileKs() throws Exception public void testNoTsFileKs() throws Exception
{ {
String keystorePath = System.getProperty("basedir",".") + "/src/test/resources/keystore";
cf.setKeyStorePassword("storepwd"); cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd"); cf.setKeyManagerPassword("keypwd");
@ -199,20 +196,19 @@ public class SslContextFactoryTest
String[] enabledCipherSuites = sslEngine.getEnabledCipherSuites(); String[] enabledCipherSuites = sslEngine.getEnabledCipherSuites();
assertThat("At least 1 cipherSuite is enabled", enabledCipherSuites.length, greaterThan(0)); assertThat("At least 1 cipherSuite is enabled", enabledCipherSuites.length, greaterThan(0));
for (String enabledCipherSuite : enabledCipherSuites) for (String enabledCipherSuite : enabledCipherSuites)
assertThat("CipherSuite does not contain RC4", enabledCipherSuite.contains("RC4"), is(false)); assertThat("CipherSuite does not contain RC4", enabledCipherSuite.contains("RC4"), equalTo(false));
} }
@Test @Test
public void testSetIncludeCipherSuitesRegex() throws Exception public void testSetIncludeCipherSuitesRegex() throws Exception
{ {
Log.getLogger(SslContextFactory.class).setDebugEnabled(true);
cf.setIncludeCipherSuites(".*ECDHE.*",".*WIBBLE.*"); cf.setIncludeCipherSuites(".*ECDHE.*",".*WIBBLE.*");
cf.start(); cf.start();
SSLEngine sslEngine = cf.newSSLEngine(); SSLEngine sslEngine = cf.newSSLEngine();
String[] enabledCipherSuites = sslEngine.getEnabledCipherSuites(); String[] enabledCipherSuites = sslEngine.getEnabledCipherSuites();
assertThat("At least 1 cipherSuite is enabled", enabledCipherSuites.length, greaterThan(1)); assertThat("At least 1 cipherSuite is enabled", enabledCipherSuites.length, greaterThan(1));
for (String enabledCipherSuite : enabledCipherSuites) for (String enabledCipherSuite : enabledCipherSuites)
assertThat("CipherSuite contains ECDHE", enabledCipherSuite.contains("ECDHE"), is(true)); assertThat("CipherSuite contains ECDHE", enabledCipherSuite.contains("ECDHE"), equalTo(true));
} }
@Test @Test
@ -223,12 +219,4 @@ public class SslContextFactoryTest
assertNotNull(cf.getExcludeCipherSuites()); assertNotNull(cf.getExcludeCipherSuites());
assertNotNull(cf.getIncludeCipherSuites()); assertNotNull(cf.getIncludeCipherSuites());
} }
private void assertSelectedMatchesIncluded(String[] includeStrings, String[] selectedStrings)
{
assertThat(includeStrings.length + " strings are selected", selectedStrings.length, is(includeStrings.length));
assertThat("order from includeStrings is preserved", selectedStrings[0], equalTo(includeStrings[0]));
assertThat("order from includeStrings is preserved", selectedStrings[1], equalTo(includeStrings[1]));
assertThat("order from includeStrings is preserved", selectedStrings[2], equalTo(includeStrings[2]));
}
} }