Fixing merge of SslContextFactory and SniX509ExtendedKeyManager
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
This commit is contained in:
Joakim Erdfelt
parent
f7083f329e
commit
fcc3790237
|
|
@ -50,15 +50,6 @@ public class SniX509ExtendedKeyManager extends X509ExtendedKeyManager
|
|||
private final X509ExtendedKeyManager _delegate;
|
||||
private final SslContextFactory.Server _sslContextFactory;
|
||||
|
||||
/**
|
||||
* @deprecated not supported, you must have a {@link SslContextFactory.Server} for this to work.
|
||||
*/
|
||||
@Deprecated
|
||||
public SniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager)
|
||||
{
|
||||
this(keyManager, null);
|
||||
}
|
||||
|
||||
public SniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager, SslContextFactory.Server sslContextFactory)
|
||||
{
|
||||
_delegate = keyManager;
|
||||
|
|
|
|||
|
|
@ -141,9 +141,9 @@ public abstract class SslContextFactory extends AbstractLifeCycle implements Dum
|
|||
private final Set<String> _includeProtocols = new LinkedHashSet<>();
|
||||
private final Set<String> _excludeCipherSuites = new LinkedHashSet<>();
|
||||
private final List<String> _includeCipherSuites = new ArrayList<>();
|
||||
private final Map<String, X509> _aliasX509 = new HashMap<>();
|
||||
private final Map<String, X509> _certHosts = new HashMap<>();
|
||||
private final Map<String, X509> _certWilds = new HashMap<>();
|
||||
protected final Map<String, X509> _aliasX509 = new HashMap<>();
|
||||
protected final Map<String, X509> _certHosts = new HashMap<>();
|
||||
protected final Map<String, X509> _certWilds = new HashMap<>();
|
||||
private String[] _selectedProtocols;
|
||||
private boolean _useCipherSuitesOrder = true;
|
||||
private Comparator<String> _cipherComparator;
|
||||
|
|
@ -1141,15 +1141,7 @@ public abstract class SslContextFactory extends AbstractLifeCycle implements Dum
|
|||
}
|
||||
}
|
||||
|
||||
// Is SNI needed to select a certificate?
|
||||
if (!_certWilds.isEmpty() || _certHosts.size() > 1 || (_certHosts.size() == 1 && _aliasX509.size() > 1))
|
||||
{
|
||||
for (int idx = 0; idx < managers.length; idx++)
|
||||
{
|
||||
if (managers[idx] instanceof X509ExtendedKeyManager)
|
||||
managers[idx] = newSniX509ExtendedKeyManager((X509ExtendedKeyManager)managers[idx]);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1159,15 +1151,6 @@ public abstract class SslContextFactory extends AbstractLifeCycle implements Dum
|
|||
return managers;
|
||||
}
|
||||
|
||||
/**
|
||||
* @deprecated use {@link SslContextFactory.Server#newSniX509ExtendedKeyManager(X509ExtendedKeyManager)} instead
|
||||
*/
|
||||
@Deprecated
|
||||
protected X509ExtendedKeyManager newSniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager)
|
||||
{
|
||||
throw new UnsupportedOperationException("X509ExtendedKeyManager only supported on Server");
|
||||
}
|
||||
|
||||
protected TrustManager[] getTrustManagers(KeyStore trustStore, Collection<? extends CRL> crls) throws Exception
|
||||
{
|
||||
TrustManager[] managers = null;
|
||||
|
|
@ -2162,7 +2145,22 @@ public abstract class SslContextFactory extends AbstractLifeCycle implements Dum
|
|||
KeyManager[] managers = super.getKeyManagers(keyStore);
|
||||
if (isSniRequired())
|
||||
{
|
||||
if (managers == null || Arrays.stream(managers).noneMatch(SniX509ExtendedKeyManager.class::isInstance))
|
||||
boolean hasSniKeyManager = false;
|
||||
|
||||
// Is SNI needed to select a certificate?
|
||||
if (!_certWilds.isEmpty() || _certHosts.size() > 1 || (_certHosts.size() == 1 && _aliasX509.size() > 1))
|
||||
{
|
||||
for (int idx = 0; idx < managers.length; idx++)
|
||||
{
|
||||
if (managers[idx] instanceof X509ExtendedKeyManager)
|
||||
{
|
||||
managers[idx] = newSniX509ExtendedKeyManager((X509ExtendedKeyManager)managers[idx]);
|
||||
hasSniKeyManager = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (managers == null || !hasSniKeyManager)
|
||||
throw new IllegalStateException("No SNI Key managers when SNI is required");
|
||||
}
|
||||
return managers;
|
||||
|
|
@ -2205,7 +2203,6 @@ public abstract class SslContextFactory extends AbstractLifeCycle implements Dum
|
|||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected X509ExtendedKeyManager newSniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager)
|
||||
{
|
||||
return new SniX509ExtendedKeyManager(keyManager, this);
|
||||
|
|
|
|||
|
|
@ -26,10 +26,8 @@ import org.eclipse.jetty.util.resource.Resource;
|
|||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.notNullValue;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
|
||||
public class X509Test
|
||||
{
|
||||
|
|
@ -156,29 +154,31 @@ public class X509Test
|
|||
return x509ExtendedKeyManager;
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSniX509ExtendedKeyManager_BaseClass() throws Exception
|
||||
{
|
||||
SslContextFactory baseSsl = new SslContextFactory();
|
||||
X509ExtendedKeyManager x509ExtendedKeyManager = getX509ExtendedKeyManager(baseSsl);
|
||||
UnsupportedOperationException npe = assertThrows(UnsupportedOperationException.class, () -> baseSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager));
|
||||
assertThat("UnsupportedOperationException.message", npe.getMessage(), containsString("X509ExtendedKeyManager only supported on Server"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSniX509ExtendedKeyManager_ClientClass() throws Exception
|
||||
{
|
||||
SslContextFactory clientSsl = new SslContextFactory.Client();
|
||||
X509ExtendedKeyManager x509ExtendedKeyManager = getX509ExtendedKeyManager(clientSsl);
|
||||
UnsupportedOperationException re = assertThrows(UnsupportedOperationException.class, () -> clientSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager));
|
||||
assertThat("UnsupportedOperationException.message", re.getMessage(), containsString("X509ExtendedKeyManager only supported on Server"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSniX509ExtendedKeyManager_ServerClass() throws Exception
|
||||
{
|
||||
SslContextFactory serverSsl = new SslContextFactory.Server();
|
||||
X509ExtendedKeyManager x509ExtendedKeyManager = getX509ExtendedKeyManager(serverSsl);
|
||||
SslContextFactory.Server serverSsl = new SslContextFactory.Server();
|
||||
Resource keystoreResource = Resource.newSystemResource("keystore");
|
||||
Resource truststoreResource = Resource.newSystemResource("keystore");
|
||||
serverSsl.setKeyStoreResource(keystoreResource);
|
||||
serverSsl.setTrustStoreResource(truststoreResource);
|
||||
serverSsl.setKeyStorePassword("storepwd");
|
||||
serverSsl.setKeyManagerPassword("keypwd");
|
||||
serverSsl.setTrustStorePassword("storepwd");
|
||||
serverSsl.start();
|
||||
|
||||
KeyManager[] keyManagers = serverSsl.getKeyManagers(serverSsl.getKeyStore());
|
||||
X509ExtendedKeyManager x509ExtendedKeyManager = null;
|
||||
|
||||
for (KeyManager keyManager : keyManagers)
|
||||
{
|
||||
if (keyManager instanceof X509ExtendedKeyManager)
|
||||
{
|
||||
x509ExtendedKeyManager = (X509ExtendedKeyManager)keyManager;
|
||||
break;
|
||||
}
|
||||
}
|
||||
assertThat("Found X509ExtendedKeyManager", x509ExtendedKeyManager, is(notNullValue()));
|
||||
serverSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue