Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

340878 Integrations should be able to load their own keystores 

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2910 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Michael Gorovoy 2011-03-24 17:22:40 +00:00
parent 31d8a6feca
commit be843880b7
4 changed files with 99 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
VERSION.txt
View File

@ -7,6 +7,7 @@ jetty-7.3.2-SNAPSHOT
+ 339187 In the OSGi manifest of the jetty-all-server aggregate, mark javax.annotation as optional
+ 339543 Add configuration options for Certificate Revocation checking
+ 340265 Improve handling of io shutdown in SSL
+ 340878 Integrations should be able to load their own keystores
+ Ensure generated fragment names are unique
+ JETTY-1245 Pooled Buffers implementation
+ 340838 Update ConnectHandler to perform half closes properly

19
jetty-client/src/test/java/org/eclipse/jetty/client/SslValidationTestBase.java
View File

@ -1,6 +1,10 @@
package org.eclipse.jetty.client;
import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.security.KeyStore;
import java.security.cert.CRL;
import java.util.Collection;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.server.Handler;
@ -11,6 +15,7 @@ import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
import org.eclipse.jetty.util.security.CertificateUtils;
public abstract class SslValidationTestBase extends ContentExchangeTest
{
@ -30,7 +35,19 @@ public abstract class SslValidationTestBase extends ContentExchangeTest
{
setProtocol("https");
SslContextFactory srvFactory = new SslContextFactory();
SslContextFactory srvFactory = new SslContextFactory() {
@Override
protected KeyStore getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) throws Exception
{
return CertificateUtils.getKeyStore(storeStream, storePath, storeType, storeProvider, storePassword);
}
@Override
protected Collection<? extends CRL> loadCRL(String crlPath) throws Exception
{
return CertificateUtils.loadCRL(crlPath);
}
};
srvFactory.setValidateCerts(true);
srvFactory.setCrlPath(_crlpath);
srvFactory.setNeedClientAuth(true);

44
jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java
View File

@ -32,7 +32,6 @@ import java.security.cert.X509CertSelector;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@ -774,11 +773,11 @@ public class SslContextFactory extends AbstractLifeCycle
// parameters are set up correctly
checkConfig();
KeyStore keyStore = CertificateUtils.getKeyStore(_keyStoreInputStream, _keyStorePath, _keyStoreType,
KeyStore keyStore = getKeyStore(_keyStoreInputStream, _keyStorePath, _keyStoreType,
_keyStoreProvider, _keyStorePassword==null? null: _keyStorePassword.toString());
KeyStore trustStore = CertificateUtils.getKeyStore(_trustStoreInputStream, _trustStorePath, _trustStoreType,
KeyStore trustStore = getKeyStore(_trustStoreInputStream, _trustStorePath, _trustStoreType,
_trustStoreProvider, _trustStorePassword==null? null: _trustStorePassword.toString());
Collection<? extends CRL> crls = CertificateUtils.loadCRL(_crlPath);
Collection<? extends CRL> crls = loadCRL(_crlPath);
if (_validateCerts && keyStore != null)
{
@ -810,6 +809,43 @@ public class SslContextFactory extends AbstractLifeCycle
_context.init(keyManagers,trustManagers,secureRandom);
}
/* ------------------------------------------------------------ */
/**
* Loads keystore using an input stream or a file path in the same
* order of precedence.
*
* Required for integrations to be able to override the mechanism
* used to load a keystore in order to provide their own implementation.
*
* @param storeStream keystore input stream
* @param storePath path of keystore file
* @param storeType keystore type
* @param storeProvider keystore provider
* @param storePassword keystore password
* @return created keystore
* @throws Exception
*/
protected KeyStore getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) throws Exception
{
return CertificateUtils.getKeyStore(storeStream, storePath, storeType, storeProvider, storePassword);
}
/* ------------------------------------------------------------ */
/**
* Loads certificate revocation list (CRL) from a file.
*
* Required for integrations to be able to override the mechanism used to
* load CRL in order to provide their own implementation.
*
* @param crlPath path of certificate revocation list file
* @return
* @throws Exception
*/
protected Collection<? extends CRL> loadCRL(String crlPath) throws Exception
{
return CertificateUtils.loadCRL(crlPath);
}
/* ------------------------------------------------------------ */
protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception
{

42
jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java
View File

@ -13,6 +13,7 @@
package org.eclipse.jetty.security.authentication;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.Principal;
import java.security.cert.CRL;
@ -96,10 +97,10 @@ public class ClientCertAuthenticator extends LoginAuthenticator
if (_validateCerts)
{
KeyStore trustStore = CertificateUtils.getKeyStore(null,
KeyStore trustStore = getKeyStore(null,
_trustStorePath, _trustStoreType, _trustStoreProvider,
_trustStorePassword == null ? null :_trustStorePassword.toString());
Collection<? extends CRL> crls = CertificateUtils.loadCRL(_crlPath);
Collection<? extends CRL> crls = loadCRL(_crlPath);
CertificateValidator validator = new CertificateValidator(trustStore, crls);
validator.validate(certs);
}
@ -138,6 +139,43 @@ public class ClientCertAuthenticator extends LoginAuthenticator
}
}
/* ------------------------------------------------------------ */
/**
* Loads keystore using an input stream or a file path in the same
* order of precedence.
*
* Required for integrations to be able to override the mechanism
* used to load a keystore in order to provide their own implementation.
*
* @param storeStream keystore input stream
* @param storePath path of keystore file
* @param storeType keystore type
* @param storeProvider keystore provider
* @param storePassword keystore password
* @return created keystore
* @throws Exception
*/
protected KeyStore getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) throws Exception
{
return CertificateUtils.getKeyStore(storeStream, storePath, storeType, storeProvider, storePassword);
}
/* ------------------------------------------------------------ */
/**
* Loads certificate revocation list (CRL) from a file.
*
* Required for integrations to be able to override the mechanism used to
* load CRL in order to provide their own implementation.
*
* @param crlPath path of certificate revocation list file
* @return
* @throws Exception
*/
protected Collection<? extends CRL> loadCRL(String crlPath) throws Exception
{
return CertificateUtils.loadCRL(crlPath);
}
public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException
{
return true;