diff options
author | Michael Gorovoy | 2011-05-13 02:58:30 +0000 |
---|---|---|
committer | Michael Gorovoy | 2011-05-13 02:58:30 +0000 |
commit | 559b7c4358dd68a91d6d6ed4e35d9c3f7590c08b (patch) | |
tree | 5d00a1801ed5768e5098ec203135316fdd7125bd | |
parent | 314a59192dd6b3b0f6c4b491a18aab9971a83c21 (diff) | |
download | org.eclipse.jetty.project-559b7c4358dd68a91d6d6ed4e35d9c3f7590c08b.tar.gz org.eclipse.jetty.project-559b7c4358dd68a91d6d6ed4e35d9c3f7590c08b.tar.xz org.eclipse.jetty.project-559b7c4358dd68a91d6d6ed4e35d9c3f7590c08b.zip |
345679 Allow setting an initialized KeyStore as keystore/truststore of SslContextFactory
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@3132 7e9141cc-0065-0410-87d8-b60c137991c4
-rw-r--r-- | VERSION.txt | 1 | ||||
-rw-r--r-- | jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java | 137 |
2 files changed, 128 insertions, 10 deletions
diff --git a/VERSION.txt b/VERSION.txt index 4a56a2c123..a7648569e6 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -20,6 +20,7 @@ jetty-7.4.1.v20110512 + 345047 Readded deprecated ScanningAppDeployer#setMonitoredDir + 345290 Weak references from SessionIdManager. HashSessionManager cleanup. + 345543 Always close endpoint on SSLException + + 345679 Allow setting an initialized KeyStore as keystore/truststore of SslContextFactory + JETTY-954 WebAppContext eats any start exceptions instead of stopping the server load + JETTY-1314 Handle bad URI encodings + JETTY-1324 Tested not using CESU-8 instead of UTF-8 diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java b/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java index 18c299fd61..c9036ba445 100644 --- a/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java +++ b/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java @@ -19,7 +19,9 @@ package org.eclipse.jetty.http.ssl; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; +import java.io.IOException; import java.io.InputStream; +import java.security.InvalidParameterException; import java.security.KeyStore; import java.security.SecureRandom; import java.security.Security; @@ -49,6 +51,7 @@ import javax.net.ssl.X509TrustManager; import org.eclipse.jetty.http.security.Password; import org.eclipse.jetty.util.IO; import org.eclipse.jetty.util.component.AbstractLifeCycle; +import org.eclipse.jetty.util.resource.Resource; import org.eclipse.jetty.util.security.CertificateUtils; import org.eclipse.jetty.util.security.CertificateValidator; @@ -144,6 +147,10 @@ public class SslContextFactory extends AbstractLifeCycle private boolean _enableOCSP = false; /** Location of OCSP Responder */ private String _ocspResponderURL; + /** SSL keystore */ + private KeyStore _keyStore; + /** SSL truststore */ + private KeyStore _trustStore; /** SSL context */ private SSLContext _context; @@ -319,7 +326,10 @@ public class SslContextFactory extends AbstractLifeCycle /* ------------------------------------------------------------ */ /** Get the _keyStoreInputStream. * @return the _keyStoreInputStream + * + * @deprecated */ + @Deprecated public InputStream getKeyStoreInputStream() { checkConfig(); @@ -329,8 +339,11 @@ public class SslContextFactory extends AbstractLifeCycle /* ------------------------------------------------------------ */ /** Set the keyStoreInputStream. - * @param keyStoreInputStream the InputStream to the KeyStore + * @param keyStoreInputStream the InputStream to the KeyStore + * + * @deprecated */ + @Deprecated public void setKeyStoreInputStream(InputStream keyStoreInputStream) { checkStarted(); @@ -425,7 +438,10 @@ public class SslContextFactory extends AbstractLifeCycle /* ------------------------------------------------------------ */ /** Get the _trustStoreInputStream. * @return the _trustStoreInputStream + * + * @deprecated */ + @Deprecated public InputStream getTrustStoreInputStream() { checkConfig(); @@ -436,7 +452,10 @@ public class SslContextFactory extends AbstractLifeCycle /* ------------------------------------------------------------ */ /** Set the _trustStoreInputStream. * @param trustStoreInputStream the InputStream to the TrustStore + * + * @deprecated */ + @Deprecated public void setTrustStoreInputStream(InputStream trustStoreInputStream) { checkStarted(); @@ -773,10 +792,9 @@ public class SslContextFactory extends AbstractLifeCycle // parameters are set up correctly checkConfig(); - KeyStore keyStore = getKeyStore(_keyStoreInputStream, _keyStorePath, _keyStoreType, - _keyStoreProvider, _keyStorePassword==null? null: _keyStorePassword.toString()); - KeyStore trustStore = getKeyStore(_trustStoreInputStream, _trustStorePath, _trustStoreType, - _trustStoreProvider, _trustStorePassword==null? null: _trustStorePassword.toString()); + KeyStore keyStore = loadKeyStore(); + KeyStore trustStore = loadTrustStore(); + Collection<? extends CRL> crls = loadCRL(_crlPath); if (_validateCerts && keyStore != null) @@ -804,11 +822,39 @@ public class SslContextFactory extends AbstractLifeCycle KeyManager[] keyManagers = getKeyManagers(keyStore); TrustManager[] trustManagers = getTrustManagers(trustStore,crls); - SecureRandom secureRandom = _secureRandomAlgorithm == null?null:SecureRandom.getInstance(_secureRandomAlgorithm); - _context = _sslProvider == null?SSLContext.getInstance(_sslProtocol):SSLContext.getInstance(_sslProtocol,_sslProvider); + SecureRandom secureRandom = (_secureRandomAlgorithm == null)?null:SecureRandom.getInstance(_secureRandomAlgorithm); + _context = (_sslProvider == null)?SSLContext.getInstance(_sslProtocol):SSLContext.getInstance(_sslProtocol,_sslProvider); _context.init(keyManagers,trustManagers,secureRandom); } - + + /* ------------------------------------------------------------ */ + /** + * Override this method to provide alternate way to load a keystore. + * + * @return the key store instance + * @throws Exception + */ + protected KeyStore loadKeyStore() throws Exception + { + return _keyStore != null ? _keyStore : getKeyStore(_keyStoreInputStream, + _keyStorePath, _keyStoreType, _keyStoreProvider, + _keyStorePassword==null? null: _keyStorePassword.toString()); + } + + /* ------------------------------------------------------------ */ + /** + * Override this method to provide alternate way to load a truststore. + * + * @return the key store instance + * @throws Exception + */ + protected KeyStore loadTrustStore() throws Exception + { + return _trustStore != null ? _trustStore : getKeyStore(_trustStoreInputStream, + _trustStorePath, _trustStoreType, _trustStoreProvider, + _trustStorePassword==null? null: _trustStorePassword.toString()); + } + /* ------------------------------------------------------------ */ /** * Loads keystore using an input stream or a file path in the same @@ -824,7 +870,10 @@ public class SslContextFactory extends AbstractLifeCycle * @param storePassword keystore password * @return created keystore * @throws Exception + * + * @deprecated */ + @Deprecated protected KeyStore getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) throws Exception { return CertificateUtils.getKeyStore(storeStream, storePath, storeType, storeProvider, storePassword); @@ -939,7 +988,7 @@ public class SslContextFactory extends AbstractLifeCycle public boolean checkConfig() { boolean check = true; - if (_keyStoreInputStream == null && _keyStorePath == null) + if (_keyStore == null && _keyStoreInputStream == null && _keyStorePath == null) { // configuration doesn't have a valid keystore check = false; @@ -948,8 +997,9 @@ public class SslContextFactory extends AbstractLifeCycle { // if the keystore has been configured but there is no // truststore configured, use the keystore as the truststore - if (_trustStoreInputStream == null && _trustStorePath == null) + if (_trustStore == null && _trustStoreInputStream == null && _trustStorePath == null) { + _trustStore = _keyStore; _trustStorePath = _keyStorePath; _trustStoreInputStream = _keyStoreInputStream; _trustStoreType = _keyStoreType; @@ -1057,6 +1107,8 @@ public class SslContextFactory extends AbstractLifeCycle */ public void setEnableCRLDP(boolean enableCRLDP) { + checkStarted(); + _enableCRLDP = enableCRLDP; } @@ -1075,6 +1127,8 @@ public class SslContextFactory extends AbstractLifeCycle */ public void setEnableOCSP(boolean enableOCSP) { + checkStarted(); + _enableOCSP = enableOCSP; } @@ -1093,6 +1147,69 @@ public class SslContextFactory extends AbstractLifeCycle */ public void setOcspResponderURL(String ocspResponderURL) { + checkStarted(); + _ocspResponderURL = ocspResponderURL; } + + /* ------------------------------------------------------------ */ + /** Set the key store. + * @param keyStore the key store to set + */ + public void setKeyStore(KeyStore keyStore) + { + checkStarted(); + + _keyStore = keyStore; + } + + /* ------------------------------------------------------------ */ + /** Set the trust store. + * @param trustStore the trust store to set + */ + public void setTrustStore(KeyStore trustStore) + { + checkStarted(); + + _trustStore = trustStore; + } + + /* ------------------------------------------------------------ */ + /** Set the key store resource. + * @param keyStore the key store resource to set + */ + public void setKeyStoreResource(Resource resource) + { + checkStarted(); + + try + { + _keyStoreInputStream = resource.getInputStream(); + } + catch (IOException e) + { + throw new InvalidParameterException("Unable to get resource "+ + "input stream for resource "+resource.toString()); + } + } + + /* ------------------------------------------------------------ */ + /** Set the trust store resource. + * @param trustStore the trust store resource to set + */ + public void setTrustStore(Resource resource) + { + checkStarted(); + + try + { + _trustStoreInputStream = resource.getInputStream(); + } + catch (IOException e) + { + throw new InvalidParameterException("Unable to get resource "+ + "input stream for resource "+resource.toString()); + } + } + } |