Return-Path: X-Original-To: apmail-hc-commits-archive@www.apache.org Delivered-To: apmail-hc-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3E69E11BBA for ; Wed, 25 Jun 2014 11:16:07 +0000 (UTC) Received: (qmail 29155 invoked by uid 500); 25 Jun 2014 11:16:07 -0000 Delivered-To: apmail-hc-commits-archive@hc.apache.org Received: (qmail 29119 invoked by uid 500); 25 Jun 2014 11:16:07 -0000 Mailing-List: contact commits-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list commits@hc.apache.org Received: (qmail 29109 invoked by uid 99); 25 Jun 2014 11:16:07 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Jun 2014 11:16:07 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Jun 2014 11:16:06 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 9BC5023889D5 for ; Wed, 25 Jun 2014 11:15:41 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1605337 - in /httpcomponents/httpcore/trunk: httpcore-ab/src/main/java/org/apache/http/benchmark/ httpcore-nio/src/main/java/org/apache/http/impl/nio/ httpcore/src/main/java/org/apache/http/ssl/ Date: Wed, 25 Jun 2014 11:15:41 -0000 To: commits@hc.apache.org From: olegk@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20140625111541.9BC5023889D5@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: olegk Date: Wed Jun 25 11:15:41 2014 New Revision: 1605337 URL: http://svn.apache.org/r1605337 Log: Leverage SSL utility classes Modified: httpcomponents/httpcore/trunk/httpcore-ab/src/main/java/org/apache/http/benchmark/HttpBenchmark.java httpcomponents/httpcore/trunk/httpcore-nio/src/main/java/org/apache/http/impl/nio/SSLNHttpClientConnectionFactory.java httpcomponents/httpcore/trunk/httpcore-nio/src/main/java/org/apache/http/impl/nio/SSLNHttpServerConnectionFactory.java httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/ssl/SSLContextBuilder.java Modified: httpcomponents/httpcore/trunk/httpcore-ab/src/main/java/org/apache/http/benchmark/HttpBenchmark.java URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore-ab/src/main/java/org/apache/http/benchmark/HttpBenchmark.java?rev=1605337&r1=1605336&r2=1605337&view=diff ============================================================================== --- httpcomponents/httpcore/trunk/httpcore-ab/src/main/java/org/apache/http/benchmark/HttpBenchmark.java (original) +++ httpcomponents/httpcore/trunk/httpcore-ab/src/main/java/org/apache/http/benchmark/HttpBenchmark.java Wed Jun 25 11:15:41 2014 @@ -26,22 +26,17 @@ */ package org.apache.http.benchmark; -import java.io.FileInputStream; -import java.io.IOException; +import java.io.File; import java.net.URL; -import java.security.KeyStore; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; import java.util.concurrent.LinkedBlockingQueue; import java.util.concurrent.ThreadFactory; import java.util.concurrent.ThreadPoolExecutor; import java.util.concurrent.TimeUnit; import javax.net.SocketFactory; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; -import javax.net.ssl.X509TrustManager; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; @@ -58,6 +53,8 @@ import org.apache.http.entity.StringEnti import org.apache.http.message.BasicHttpEntityEnclosingRequest; import org.apache.http.message.BasicHttpRequest; import org.apache.http.protocol.HTTP; +import org.apache.http.ssl.SSLContextBuilder; +import org.apache.http.ssl.TrustStrategy; /** * Main program of the HTTP benchmark. @@ -186,61 +183,30 @@ public class HttpBenchmark { SocketFactory socketFactory = null; if ("https".equals(host.getSchemeName())) { - TrustManager[] trustManagers = null; + final SSLContextBuilder sslContextBuilder = new SSLContextBuilder(); + sslContextBuilder.useProtocol("SSL"); if (config.isDisableSSLVerification()) { - // Create a trust manager that does not validate certificate chains - trustManagers = new TrustManager[] { - new X509TrustManager() { - - @Override - public java.security.cert.X509Certificate[] getAcceptedIssuers() { - return null; - } - - @Override - public void checkClientTrusted( - final java.security.cert.X509Certificate[] certs, final String authType) { - } - - @Override - public void checkServerTrusted( - final java.security.cert.X509Certificate[] certs, final String authType) { - } + sslContextBuilder.loadTrustMaterial(null, new TrustStrategy() { + + @Override + public boolean isTrusted( + final X509Certificate[] chain, final String authType) throws CertificateException { + return true; } - }; + + }); } else if (config.getTrustStorePath() != null) { - final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); - final FileInputStream instream = new FileInputStream(config.getTrustStorePath()); - try { - trustStore.load(instream, config.getTrustStorePath() != null ? - config.getTrustStorePath().toCharArray() : null); - } finally { - try { instream.close(); } catch (final IOException ignore) {} - } - final TrustManagerFactory tmfactory = TrustManagerFactory.getInstance( - TrustManagerFactory.getDefaultAlgorithm()); - tmfactory.init(trustStore); - trustManagers = tmfactory.getTrustManagers(); + sslContextBuilder.loadTrustMaterial( + new File(config.getTrustStorePath()), + config.getTrustStorePassword() != null ? config.getTrustStorePassword().toCharArray() : null); } - KeyManager[] keyManagers = null; if (config.getIdentityStorePath() != null) { - final KeyStore identityStore = KeyStore.getInstance(KeyStore.getDefaultType()); - final FileInputStream instream = new FileInputStream(config.getIdentityStorePath()); - try { - identityStore.load(instream, config.getIdentityStorePassword() != null ? - config.getIdentityStorePassword().toCharArray() : null); - } finally { - try { instream.close(); } catch (final IOException ignore) {} - } - final KeyManagerFactory kmf = KeyManagerFactory.getInstance( - KeyManagerFactory.getDefaultAlgorithm()); - kmf.init(identityStore, config.getIdentityStorePassword() != null ? - config.getIdentityStorePassword().toCharArray() : null); - keyManagers = kmf.getKeyManagers(); + sslContextBuilder.loadKeyMaterial( + new File(config.getIdentityStorePath()), + config.getIdentityStorePassword() != null ? config.getIdentityStorePassword().toCharArray() : null); } - final SSLContext sc = SSLContext.getInstance("SSL"); - sc.init(keyManagers, trustManagers, null); - socketFactory = sc.getSocketFactory(); + final SSLContext sslContext = sslContextBuilder.build(); + socketFactory = sslContext.getSocketFactory(); } final BenchmarkWorker[] workers = new BenchmarkWorker[config.getThreads()]; Modified: httpcomponents/httpcore/trunk/httpcore-nio/src/main/java/org/apache/http/impl/nio/SSLNHttpClientConnectionFactory.java URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore-nio/src/main/java/org/apache/http/impl/nio/SSLNHttpClientConnectionFactory.java?rev=1605337&r1=1605336&r2=1605337&view=diff ============================================================================== --- httpcomponents/httpcore/trunk/httpcore-nio/src/main/java/org/apache/http/impl/nio/SSLNHttpClientConnectionFactory.java (original) +++ httpcomponents/httpcore/trunk/httpcore-nio/src/main/java/org/apache/http/impl/nio/SSLNHttpClientConnectionFactory.java Wed Jun 25 11:15:41 2014 @@ -48,6 +48,7 @@ import org.apache.http.nio.util.ByteBuff import org.apache.http.nio.util.HeapByteBufferAllocator; import org.apache.http.params.HttpParamConfig; import org.apache.http.params.HttpParams; +import org.apache.http.ssl.SSLContexts; import org.apache.http.util.Args; /** @@ -89,7 +90,7 @@ public class SSLNHttpClientConnectionFac Args.notNull(responseFactory, "HTTP response factory"); Args.notNull(allocator, "Byte buffer allocator"); Args.notNull(params, "HTTP parameters"); - this.sslcontext = sslcontext; + this.sslcontext = sslcontext != null ? sslcontext : SSLContexts.createSystemDefault(); this.sslHandler = sslHandler; this.allocator = allocator; this.incomingContentStrategy = null; @@ -135,7 +136,7 @@ public class SSLNHttpClientConnectionFac final ByteBufferAllocator allocator, final ConnectionConfig cconfig) { super(); - this.sslcontext = sslcontext; + this.sslcontext = sslcontext != null ? sslcontext : SSLContexts.createSystemDefault(); this.sslHandler = sslHandler; this.incomingContentStrategy = incomingContentStrategy; this.outgoingContentStrategy = outgoingContentStrategy; @@ -216,8 +217,7 @@ public class SSLNHttpClientConnectionFac final SSLContext sslcontext, final SSLSetupHandler sslHandler) { final SSLIOSession ssliosession = new SSLIOSession(iosession, SSLMode.CLIENT, - (sslcontext != null ? sslcontext : SSLContextUtils.getDefault()), - sslHandler); + sslcontext, sslHandler); return ssliosession; } Modified: httpcomponents/httpcore/trunk/httpcore-nio/src/main/java/org/apache/http/impl/nio/SSLNHttpServerConnectionFactory.java URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore-nio/src/main/java/org/apache/http/impl/nio/SSLNHttpServerConnectionFactory.java?rev=1605337&r1=1605336&r2=1605337&view=diff ============================================================================== --- httpcomponents/httpcore/trunk/httpcore-nio/src/main/java/org/apache/http/impl/nio/SSLNHttpServerConnectionFactory.java (original) +++ httpcomponents/httpcore/trunk/httpcore-nio/src/main/java/org/apache/http/impl/nio/SSLNHttpServerConnectionFactory.java Wed Jun 25 11:15:41 2014 @@ -48,6 +48,7 @@ import org.apache.http.nio.util.ByteBuff import org.apache.http.nio.util.HeapByteBufferAllocator; import org.apache.http.params.HttpParamConfig; import org.apache.http.params.HttpParams; +import org.apache.http.ssl.SSLContexts; import org.apache.http.util.Args; /** @@ -87,7 +88,7 @@ public class SSLNHttpServerConnectionFac Args.notNull(requestFactory, "HTTP request factory"); Args.notNull(allocator, "Byte buffer allocator"); Args.notNull(params, "HTTP parameters"); - this.sslcontext = sslcontext; + this.sslcontext = sslcontext != null ? sslcontext : SSLContexts.createSystemDefault(); this.sslHandler = sslHandler; this.incomingContentStrategy = null; this.outgoingContentStrategy = null; @@ -133,7 +134,7 @@ public class SSLNHttpServerConnectionFac final ByteBufferAllocator allocator, final ConnectionConfig cconfig) { super(); - this.sslcontext = sslcontext; + this.sslcontext = sslcontext != null ? sslcontext : SSLContexts.createSystemDefault(); this.sslHandler = sslHandler; this.incomingContentStrategy = incomingContentStrategy; this.outgoingContentStrategy = outgoingContentStrategy; @@ -214,8 +215,7 @@ public class SSLNHttpServerConnectionFac final SSLContext sslcontext, final SSLSetupHandler sslHandler) { final SSLIOSession ssliosession = new SSLIOSession(iosession, SSLMode.SERVER, - (sslcontext != null ? sslcontext : SSLContextUtils.getDefault()), - sslHandler); + sslcontext, sslHandler); return ssliosession; } Modified: httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/ssl/SSLContextBuilder.java URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/ssl/SSLContextBuilder.java?rev=1605337&r1=1605336&r2=1605337&view=diff ============================================================================== --- httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/ssl/SSLContextBuilder.java (original) +++ httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/ssl/SSLContextBuilder.java Wed Jun 25 11:15:41 2014 @@ -27,6 +27,9 @@ package org.apache.http.ssl; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; import java.net.Socket; import java.security.KeyManagementException; import java.security.KeyStore; @@ -124,6 +127,24 @@ public class SSLContextBuilder { return loadTrustMaterial(truststore, null); } + public SSLContextBuilder loadTrustMaterial( + final File file, + final char[] password) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException { + final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); + final FileInputStream instream = new FileInputStream(file); + try { + trustStore.load(instream, password); + } finally { + instream.close(); + } + return loadTrustMaterial(trustStore, null); + } + + public SSLContextBuilder loadTrustMaterial( + final File file) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException { + return loadTrustMaterial(file, null); + } + public SSLContextBuilder loadKeyMaterial( final KeyStore keystore, final char[] keyPassword) @@ -133,6 +154,20 @@ public class SSLContextBuilder { } public SSLContextBuilder loadKeyMaterial( + final File file, + final char[] keyPassword) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, CertificateException, IOException { + final KeyStore identityStore = KeyStore.getInstance(KeyStore.getDefaultType()); + final FileInputStream instream = new FileInputStream(file); + try { + identityStore.load(instream, keyPassword); + } finally { + instream.close(); + } + loadKeyMaterial(identityStore, keyPassword, null); + return this; + } + + public SSLContextBuilder loadKeyMaterial( final KeyStore keystore, final char[] keyPassword, final PrivateKeyStrategy aliasStrategy)