Bug 329746 client option to set just truststore and use strict ssl context
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2655 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
parent
b2ca97f056
commit
bcde60bd2f
|
@ -4,6 +4,7 @@ jetty-7.3.0-SNAPSHOT
|
||||||
+ 320457 add SPNEGO support
|
+ 320457 add SPNEGO support
|
||||||
+ 324505 Implement API login
|
+ 324505 Implement API login
|
||||||
+ 328872 Multi Jetty xml files not loading if directory is referenced in jetty.conf
|
+ 328872 Multi Jetty xml files not loading if directory is referenced in jetty.conf
|
||||||
|
+ 329746 client option to set just truststore and use strict ssl context
|
||||||
+ 332179 Fixed formatting of negative dates
|
+ 332179 Fixed formatting of negative dates
|
||||||
+ 332432 Scanner.java now always scanning the canonical form of File
|
+ 332432 Scanner.java now always scanning the canonical form of File
|
||||||
+ 332517 Improved DefaultServlet debug
|
+ 332517 Improved DefaultServlet debug
|
||||||
|
|
|
@ -534,7 +534,8 @@ public class HttpClient extends HttpBuffers implements Attributes
|
||||||
{
|
{
|
||||||
if (_sslContext == null)
|
if (_sslContext == null)
|
||||||
{
|
{
|
||||||
if (_keyStoreInputStream == null && _keyStoreLocation == null)
|
if (_keyStoreInputStream == null && _keyStoreLocation == null &&
|
||||||
|
_trustStoreInputStream == null && _trustStoreLocation == null )
|
||||||
{
|
{
|
||||||
_sslContext = getLooseSSLContext();
|
_sslContext = getLooseSSLContext();
|
||||||
}
|
}
|
||||||
|
@ -549,6 +550,11 @@ public class HttpClient extends HttpBuffers implements Attributes
|
||||||
protected SSLContext getStrictSSLContext() throws IOException
|
protected SSLContext getStrictSSLContext() throws IOException
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* if the keystore exists but the trust store doesn't use the keystore as the trust store
|
||||||
|
*/
|
||||||
|
if (_keyStoreInputStream != null || _keyStoreLocation != null)
|
||||||
{
|
{
|
||||||
if (_trustStoreInputStream == null && _trustStoreLocation == null)
|
if (_trustStoreInputStream == null && _trustStoreLocation == null)
|
||||||
{
|
{
|
||||||
|
@ -556,6 +562,8 @@ public class HttpClient extends HttpBuffers implements Attributes
|
||||||
_trustStoreInputStream = _keyStoreInputStream;
|
_trustStoreInputStream = _keyStoreInputStream;
|
||||||
_trustStoreType = _keyStoreType;
|
_trustStoreType = _keyStoreType;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
InputStream keyStoreInputStream = null;
|
InputStream keyStoreInputStream = null;
|
||||||
InputStream trustStoreInputStream = null;
|
InputStream trustStoreInputStream = null;
|
||||||
|
@ -567,25 +575,51 @@ public class HttpClient extends HttpBuffers implements Attributes
|
||||||
byte[] buffer = new byte[1024];
|
byte[] buffer = new byte[1024];
|
||||||
int read;
|
int read;
|
||||||
while ((read = _keyStoreInputStream.read(buffer)) >= 0)
|
while ((read = _keyStoreInputStream.read(buffer)) >= 0)
|
||||||
|
{
|
||||||
baos.write(buffer, 0, read);
|
baos.write(buffer, 0, read);
|
||||||
|
}
|
||||||
|
|
||||||
_keyStoreInputStream.close();
|
_keyStoreInputStream.close();
|
||||||
|
|
||||||
keyStoreInputStream = new ByteArrayInputStream(baos.toByteArray());
|
keyStoreInputStream = new ByteArrayInputStream(baos.toByteArray());
|
||||||
trustStoreInputStream = new ByteArrayInputStream(baos.toByteArray());
|
trustStoreInputStream = new ByteArrayInputStream(baos.toByteArray());
|
||||||
}
|
}
|
||||||
|
|
||||||
if (keyStoreInputStream == null)
|
/*
|
||||||
|
* set the keystore input stream if it isn't set
|
||||||
|
*/
|
||||||
|
if (keyStoreInputStream == null && _keyStoreLocation != null )
|
||||||
|
{
|
||||||
keyStoreInputStream = _keyStoreInputStream == null ? Resource.newResource(_keyStoreLocation).getInputStream() : _keyStoreInputStream;
|
keyStoreInputStream = _keyStoreInputStream == null ? Resource.newResource(_keyStoreLocation).getInputStream() : _keyStoreInputStream;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* work out the key managers for the keystore, null if its not configured
|
||||||
|
*/
|
||||||
|
KeyManager[] keyManagers = null;
|
||||||
|
|
||||||
|
if (keyStoreInputStream != null)
|
||||||
|
{
|
||||||
KeyStore keyStore = KeyStore.getInstance(_keyStoreType);
|
KeyStore keyStore = KeyStore.getInstance(_keyStoreType);
|
||||||
keyStore.load(keyStoreInputStream,_keyStorePassword == null?null:_keyStorePassword.toCharArray());
|
keyStore.load(keyStoreInputStream,_keyStorePassword == null?null:_keyStorePassword.toCharArray());
|
||||||
keyStoreInputStream.close();
|
keyStoreInputStream.close();
|
||||||
|
|
||||||
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerAlgorithm);
|
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerAlgorithm);
|
||||||
keyManagerFactory.init(keyStore,_keyManagerPassword == null?null:_keyManagerPassword.toCharArray());
|
keyManagerFactory.init(keyStore,_keyManagerPassword == null?null:_keyManagerPassword.toCharArray());
|
||||||
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
|
keyManagers = keyManagerFactory.getKeyManagers();
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* trust store will always exist if this method has been called, either by being the only store specified or by being
|
||||||
|
* a duplicate of the keystore..
|
||||||
|
*
|
||||||
|
* this is behavior consistent with other aspects of jetty I believe so maintaining that consistency
|
||||||
|
*/
|
||||||
if (trustStoreInputStream == null)
|
if (trustStoreInputStream == null)
|
||||||
|
{
|
||||||
trustStoreInputStream = _trustStoreInputStream == null ? Resource.newResource(_trustStoreLocation).getInputStream() : _trustStoreInputStream;
|
trustStoreInputStream = _trustStoreInputStream == null ? Resource.newResource(_trustStoreLocation).getInputStream() : _trustStoreInputStream;
|
||||||
|
}
|
||||||
|
|
||||||
KeyStore trustStore = KeyStore.getInstance(_trustStoreType);
|
KeyStore trustStore = KeyStore.getInstance(_trustStoreType);
|
||||||
trustStore.load(trustStoreInputStream, _trustStorePassword == null ? null : _trustStorePassword.toCharArray());
|
trustStore.load(trustStoreInputStream, _trustStorePassword == null ? null : _trustStorePassword.toCharArray());
|
||||||
trustStoreInputStream.close();
|
trustStoreInputStream.close();
|
||||||
|
@ -597,6 +631,7 @@ public class HttpClient extends HttpBuffers implements Attributes
|
||||||
SecureRandom secureRandom = _secureRandomAlgorithm == null ? null : SecureRandom.getInstance(_secureRandomAlgorithm);
|
SecureRandom secureRandom = _secureRandomAlgorithm == null ? null : SecureRandom.getInstance(_secureRandomAlgorithm);
|
||||||
SSLContext context = _provider == null ? SSLContext.getInstance(_protocol) : SSLContext.getInstance(_protocol, _provider);
|
SSLContext context = _provider == null ? SSLContext.getInstance(_protocol) : SSLContext.getInstance(_protocol, _provider);
|
||||||
context.init(keyManagers, trustManagers, secureRandom);
|
context.init(keyManagers, trustManagers, secureRandom);
|
||||||
|
|
||||||
return context;
|
return context;
|
||||||
}
|
}
|
||||||
catch (Exception x)
|
catch (Exception x)
|
||||||
|
|
Loading…
Reference in New Issue