More fixes for #327183 (Allow better configurability of HttpClient for TLS/SSL).

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2332 7e9141cc-0065-0410-87d8-b60c137991c4

jetty-client/src/main/java/org/eclipse/jetty/client/HttpClient.java

@@ -13,6 +13,8 @@
 
 package org.eclipse.jetty.client;
 
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.UnknownHostException;
@@ -100,11 +102,13 @@ public class HttpClient extends HttpBuffers implements Attributes
     private LinkedList<String> _registeredListeners;
 
     private String _keyStoreLocation;
+    private InputStream _keyStoreInputStream;
     private String _keyStoreType = "JKS";
     private String _keyStorePassword;
     private String _keyManagerAlgorithm = (Security.getProperty("ssl.KeyManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.KeyManagerFactory.algorithm"));
     private String _keyManagerPassword;
     private String _trustStoreLocation;
+    private InputStream _trustStoreInputStream;
     private String _trustStoreType = "JKS";
     private String _trustStorePassword;
     private String _trustManagerAlgorithm = (Security.getProperty("ssl.TrustManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.TrustManagerFactory.algorithm"));
@@ -528,41 +532,63 @@ public class HttpClient extends HttpBuffers implements Attributes
      */
     protected SSLContext getSSLContext() throws IOException
     {
-    	if (_sslContext == null)
-    	{
-			if (_keyStoreLocation == null)
-			{
-				_sslContext = getLooseSSLContext();
-			}
-			else
-			{
-				_sslContext = getStrictSSLContext();
-			}
-		}
-    	return _sslContext;
+        if (_sslContext == null)
+        {
+            if (_keyStoreInputStream == null && _keyStoreLocation == null)
+            {
+                _sslContext = getLooseSSLContext();
+            }
+            else
+            {
+                _sslContext = getStrictSSLContext();
+            }
+        }
+        return _sslContext;
     }
 
     protected SSLContext getStrictSSLContext() throws IOException
     {
         try
         {
-            if (_trustStoreLocation == null)
+            if (_trustStoreInputStream == null && _trustStoreLocation == null)
             {
                 _trustStoreLocation = _keyStoreLocation;
+                _trustStoreInputStream = _keyStoreInputStream;
                 _trustStoreType = _keyStoreType;
             }
 
-            InputStream keyStoreInputStream = Resource.newResource(_keyStoreLocation).getInputStream();
+            InputStream keyStoreInputStream = null;
+            InputStream trustStoreInputStream = null;
+
+            // It's the same stream and we cannot read it twice, so we read it once in memory
+            if (_keyStoreInputStream != null && _keyStoreInputStream == _trustStoreInputStream)
+            {
+                ByteArrayOutputStream baos = new ByteArrayOutputStream();
+                byte[] buffer = new byte[1024];
+                int read;
+                while ((read = _keyStoreInputStream.read(buffer)) >= 0)
+                    baos.write(buffer, 0, read);
+                _keyStoreInputStream.close();
+
+                keyStoreInputStream = new ByteArrayInputStream(baos.toByteArray());
+                trustStoreInputStream = new ByteArrayInputStream(baos.toByteArray());
+            }
+
+            if (keyStoreInputStream == null)
+                keyStoreInputStream = _keyStoreInputStream == null ? Resource.newResource(_keyStoreLocation).getInputStream() : _keyStoreInputStream;
             KeyStore keyStore = KeyStore.getInstance(_keyStoreType);
             keyStore.load(keyStoreInputStream, _keyStorePassword == null ? null : _keyStorePassword.toCharArray());
+            keyStoreInputStream.close();
 
             KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerAlgorithm);
             keyManagerFactory.init(keyStore, _keyManagerPassword == null ? null : _keyManagerPassword.toCharArray());
             KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
 
-            InputStream trustStoreInputStream = Resource.newResource(_trustStoreLocation).getInputStream();
+            if (trustStoreInputStream == null)
+                trustStoreInputStream = _trustStoreInputStream == null ? Resource.newResource(_trustStoreLocation).getInputStream() : _trustStoreInputStream;
             KeyStore trustStore = KeyStore.getInstance(_trustStoreType);
             trustStore.load(trustStoreInputStream, _trustStorePassword == null ? null : _trustStorePassword.toCharArray());
+            trustStoreInputStream.close();
 
             TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerAlgorithm);
             trustManagerFactory.init(trustStore);
@@ -761,6 +787,16 @@ public class HttpClient extends HttpBuffers implements Attributes
         this._trustStoreLocation = trustStoreLocation;
     }
 
+    public InputStream getTrustStoreInputStream()
+    {
+        return _trustStoreInputStream;
+    }
+
+    public void setTrustStoreInputStream(InputStream trustStoreInputStream)
+    {
+        this._trustStoreInputStream = trustStoreInputStream;
+    }
+
     /* ------------------------------------------------------------ */
     public String getKeyStoreLocation()
     {
@@ -773,6 +809,16 @@ public class HttpClient extends HttpBuffers implements Attributes
         this._keyStoreLocation = keyStoreLocation;
     }
 
+    public InputStream getKeyStoreInputStream()
+    {
+        return _keyStoreInputStream;
+    }
+
+    public void setKeyStoreInputStream(InputStream keyStoreInputStream)
+    {
+        this._keyStoreInputStream = keyStoreInputStream;
+    }
+
     /* ------------------------------------------------------------ */
     public void setKeyStorePassword(String keyStorePassword)
     {

jetty-client/src/test/java/org/eclipse/jetty/client/ExternalKeyStoreAsyncSslHttpExchangeTest.java

@@ -4,34 +4,38 @@
 // All rights reserved. This program and the accompanying materials
 // are made available under the terms of the Eclipse Public License v1.0
 // and Apache License v2.0 which accompanies this distribution.
-// The Eclipse Public License is available at 
+// The Eclipse Public License is available at
 // http://www.eclipse.org/legal/epl-v10.html
 // The Apache License v2.0 is available at
 // http://www.opensource.org/licenses/apache2.0.php
-// You may elect to redistribute this code under either of these licenses. 
+// You may elect to redistribute this code under either of these licenses.
 // ========================================================================
 
 package org.eclipse.jetty.client;
 
 import java.io.File;
+import java.io.FileInputStream;
 
 public class ExternalKeyStoreAsyncSslHttpExchangeTest extends SslHttpExchangeTest
 {
     @Override
     protected void setUp() throws Exception
     {
-        _scheme="https://";
+        _scheme = "https://";
         startServer();
-        _httpClient=new HttpClient();
+        _httpClient = new HttpClient();
         _httpClient.setConnectorType(HttpClient.CONNECTOR_SELECT_CHANNEL);
         _httpClient.setMaxConnectionsPerAddress(2);
 
-        String keystore = System.getProperty("user.dir") + File.separator + "src" + File.separator + "test" + File.separator + "resources" + File.separator
+        String keystore = System.getProperty("user.dir") + File.separator +
+                "src" + File.separator +
+                "test" + File.separator +
+                "resources" + File.separator
                 + "keystore";
 
-        _httpClient.setKeyStoreLocation( keystore );
-        _httpClient.setKeyStorePassword( "storepwd");
-        _httpClient.setKeyManagerPassword( "keypwd" );
+        _httpClient.setKeyStoreInputStream(new FileInputStream(keystore));
+        _httpClient.setKeyStorePassword("storepwd");
+        _httpClient.setKeyManagerPassword("keypwd");
         _httpClient.start();
     }