Bug 329746 client option to set just truststore and use strict ssl context

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2655 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Jesse McConnell 2011-01-12 17:25:24 +00:00
parent b2ca97f056
commit bcde60bd2f
2 changed files with 49 additions and 13 deletions

View File

@ -4,6 +4,7 @@ jetty-7.3.0-SNAPSHOT
+ 320457 add SPNEGO support + 320457 add SPNEGO support
+ 324505 Implement API login + 324505 Implement API login
+ 328872 Multi Jetty xml files not loading if directory is referenced in jetty.conf + 328872 Multi Jetty xml files not loading if directory is referenced in jetty.conf
+ 329746 client option to set just truststore and use strict ssl context
+ 332179 Fixed formatting of negative dates + 332179 Fixed formatting of negative dates
+ 332432 Scanner.java now always scanning the canonical form of File + 332432 Scanner.java now always scanning the canonical form of File
+ 332517 Improved DefaultServlet debug + 332517 Improved DefaultServlet debug

View File

@ -534,7 +534,8 @@ public class HttpClient extends HttpBuffers implements Attributes
{ {
if (_sslContext == null) if (_sslContext == null)
{ {
if (_keyStoreInputStream == null && _keyStoreLocation == null) if (_keyStoreInputStream == null && _keyStoreLocation == null &&
_trustStoreInputStream == null && _trustStoreLocation == null )
{ {
_sslContext = getLooseSSLContext(); _sslContext = getLooseSSLContext();
} }
@ -549,6 +550,11 @@ public class HttpClient extends HttpBuffers implements Attributes
protected SSLContext getStrictSSLContext() throws IOException protected SSLContext getStrictSSLContext() throws IOException
{ {
try try
{
/*
* if the keystore exists but the trust store doesn't use the keystore as the trust store
*/
if (_keyStoreInputStream != null || _keyStoreLocation != null)
{ {
if (_trustStoreInputStream == null && _trustStoreLocation == null) if (_trustStoreInputStream == null && _trustStoreLocation == null)
{ {
@ -556,6 +562,8 @@ public class HttpClient extends HttpBuffers implements Attributes
_trustStoreInputStream = _keyStoreInputStream; _trustStoreInputStream = _keyStoreInputStream;
_trustStoreType = _keyStoreType; _trustStoreType = _keyStoreType;
} }
}
InputStream keyStoreInputStream = null; InputStream keyStoreInputStream = null;
InputStream trustStoreInputStream = null; InputStream trustStoreInputStream = null;
@ -567,25 +575,51 @@ public class HttpClient extends HttpBuffers implements Attributes
byte[] buffer = new byte[1024]; byte[] buffer = new byte[1024];
int read; int read;
while ((read = _keyStoreInputStream.read(buffer)) >= 0) while ((read = _keyStoreInputStream.read(buffer)) >= 0)
{
baos.write(buffer, 0, read); baos.write(buffer, 0, read);
}
_keyStoreInputStream.close(); _keyStoreInputStream.close();
keyStoreInputStream = new ByteArrayInputStream(baos.toByteArray()); keyStoreInputStream = new ByteArrayInputStream(baos.toByteArray());
trustStoreInputStream = new ByteArrayInputStream(baos.toByteArray()); trustStoreInputStream = new ByteArrayInputStream(baos.toByteArray());
} }
if (keyStoreInputStream == null) /*
* set the keystore input stream if it isn't set
*/
if (keyStoreInputStream == null && _keyStoreLocation != null )
{
keyStoreInputStream = _keyStoreInputStream == null ? Resource.newResource(_keyStoreLocation).getInputStream() : _keyStoreInputStream; keyStoreInputStream = _keyStoreInputStream == null ? Resource.newResource(_keyStoreLocation).getInputStream() : _keyStoreInputStream;
}
/*
* work out the key managers for the keystore, null if its not configured
*/
KeyManager[] keyManagers = null;
if (keyStoreInputStream != null)
{
KeyStore keyStore = KeyStore.getInstance(_keyStoreType); KeyStore keyStore = KeyStore.getInstance(_keyStoreType);
keyStore.load(keyStoreInputStream,_keyStorePassword == null?null:_keyStorePassword.toCharArray()); keyStore.load(keyStoreInputStream,_keyStorePassword == null?null:_keyStorePassword.toCharArray());
keyStoreInputStream.close(); keyStoreInputStream.close();
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerAlgorithm); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerAlgorithm);
keyManagerFactory.init(keyStore,_keyManagerPassword == null?null:_keyManagerPassword.toCharArray()); keyManagerFactory.init(keyStore,_keyManagerPassword == null?null:_keyManagerPassword.toCharArray());
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); keyManagers = keyManagerFactory.getKeyManagers();
}
/*
* trust store will always exist if this method has been called, either by being the only store specified or by being
* a duplicate of the keystore..
*
* this is behavior consistent with other aspects of jetty I believe so maintaining that consistency
*/
if (trustStoreInputStream == null) if (trustStoreInputStream == null)
{
trustStoreInputStream = _trustStoreInputStream == null ? Resource.newResource(_trustStoreLocation).getInputStream() : _trustStoreInputStream; trustStoreInputStream = _trustStoreInputStream == null ? Resource.newResource(_trustStoreLocation).getInputStream() : _trustStoreInputStream;
}
KeyStore trustStore = KeyStore.getInstance(_trustStoreType); KeyStore trustStore = KeyStore.getInstance(_trustStoreType);
trustStore.load(trustStoreInputStream, _trustStorePassword == null ? null : _trustStorePassword.toCharArray()); trustStore.load(trustStoreInputStream, _trustStorePassword == null ? null : _trustStorePassword.toCharArray());
trustStoreInputStream.close(); trustStoreInputStream.close();
@ -597,6 +631,7 @@ public class HttpClient extends HttpBuffers implements Attributes
SecureRandom secureRandom = _secureRandomAlgorithm == null ? null : SecureRandom.getInstance(_secureRandomAlgorithm); SecureRandom secureRandom = _secureRandomAlgorithm == null ? null : SecureRandom.getInstance(_secureRandomAlgorithm);
SSLContext context = _provider == null ? SSLContext.getInstance(_protocol) : SSLContext.getInstance(_protocol, _provider); SSLContext context = _provider == null ? SSLContext.getInstance(_protocol) : SSLContext.getInstance(_protocol, _provider);
context.init(keyManagers, trustManagers, secureRandom); context.init(keyManagers, trustManagers, secureRandom);
return context; return context;
} }
catch (Exception x) catch (Exception x)