hc-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ol...@apache.org
Subject svn commit: r1660628 - in /httpcomponents/httpcore/branches/4.4.x: RELEASE_NOTES.txt httpcore/src/main/java/org/apache/http/ssl/PrivateKeyStrategy.java httpcore/src/main/java/org/apache/http/ssl/SSLContextBuilder.java
Date Wed, 18 Feb 2015 13:24:37 GMT
Author: olegk
Date: Wed Feb 18 13:24:36 2015
New Revision: 1660628

URL: http://svn.apache.org/r1660628
Log:
HTTPCORE-396: PrivateKeyStrategy does not work with NIO SSL

Modified:
    httpcomponents/httpcore/branches/4.4.x/RELEASE_NOTES.txt
    httpcomponents/httpcore/branches/4.4.x/httpcore/src/main/java/org/apache/http/ssl/PrivateKeyStrategy.java
    httpcomponents/httpcore/branches/4.4.x/httpcore/src/main/java/org/apache/http/ssl/SSLContextBuilder.java

Modified: httpcomponents/httpcore/branches/4.4.x/RELEASE_NOTES.txt
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/branches/4.4.x/RELEASE_NOTES.txt?rev=1660628&r1=1660627&r2=1660628&view=diff
==============================================================================
--- httpcomponents/httpcore/branches/4.4.x/RELEASE_NOTES.txt (original)
+++ httpcomponents/httpcore/branches/4.4.x/RELEASE_NOTES.txt Wed Feb 18 13:24:36 2015
@@ -1,6 +1,9 @@
 Changes since 4.4
 -----------------
 
+* [HTTPCORE-396]: PrivateKeyStrategy does not work with NIO SSL.
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
 * Non-blocking connection should not trigger end-of-stream callback as long as there is still
   data in the session input buffer. This can cause a series of short pipelined requests to
   fail prematurely in case of an unexpected connection termination by the opposite endpoint.


Modified: httpcomponents/httpcore/branches/4.4.x/httpcore/src/main/java/org/apache/http/ssl/PrivateKeyStrategy.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/branches/4.4.x/httpcore/src/main/java/org/apache/http/ssl/PrivateKeyStrategy.java?rev=1660628&r1=1660627&r2=1660628&view=diff
==============================================================================
--- httpcomponents/httpcore/branches/4.4.x/httpcore/src/main/java/org/apache/http/ssl/PrivateKeyStrategy.java
(original)
+++ httpcomponents/httpcore/branches/4.4.x/httpcore/src/main/java/org/apache/http/ssl/PrivateKeyStrategy.java
Wed Feb 18 13:24:36 2015
@@ -38,6 +38,10 @@ public interface PrivateKeyStrategy {
 
     /**
      * Determines what key material to use for SSL authentication.
+     *
+     * @param aliases available private key material
+     * @param socket socket used for the connection. Please note this parameter can be {@code
null}
+     * if key material is applicable to any socket.
      */
     String chooseAlias(Map<String, PrivateKeyDetails> aliases, Socket socket);
 

Modified: httpcomponents/httpcore/branches/4.4.x/httpcore/src/main/java/org/apache/http/ssl/SSLContextBuilder.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/branches/4.4.x/httpcore/src/main/java/org/apache/http/ssl/SSLContextBuilder.java?rev=1660628&r1=1660627&r2=1660628&view=diff
==============================================================================
--- httpcomponents/httpcore/branches/4.4.x/httpcore/src/main/java/org/apache/http/ssl/SSLContextBuilder.java
(original)
+++ httpcomponents/httpcore/branches/4.4.x/httpcore/src/main/java/org/apache/http/ssl/SSLContextBuilder.java
Wed Feb 18 13:24:36 2015
@@ -52,9 +52,10 @@ import java.util.Set;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509KeyManager;
+import javax.net.ssl.X509ExtendedKeyManager;
 import javax.net.ssl.X509TrustManager;
 
 import org.apache.http.annotation.NotThreadSafe;
@@ -191,9 +192,8 @@ public class SSLContextBuilder {
             if (aliasStrategy != null) {
                 for (int i = 0; i < kms.length; i++) {
                     final KeyManager km = kms[i];
-                    if (km instanceof X509KeyManager) {
-                        kms[i] = new KeyManagerDelegate(
-                                (X509KeyManager) km, aliasStrategy);
+                    if (km instanceof X509ExtendedKeyManager) {
+                        kms[i] = new KeyManagerDelegate((X509ExtendedKeyManager) km, aliasStrategy);
                     }
                 }
             }
@@ -306,12 +306,12 @@ public class SSLContextBuilder {
 
     }
 
-    static class KeyManagerDelegate implements X509KeyManager {
+    static class KeyManagerDelegate extends X509ExtendedKeyManager {
 
-        private final X509KeyManager keyManager;
+        private final X509ExtendedKeyManager keyManager;
         private final PrivateKeyStrategy aliasStrategy;
 
-        KeyManagerDelegate(final X509KeyManager keyManager, final PrivateKeyStrategy aliasStrategy)
{
+        KeyManagerDelegate(final X509ExtendedKeyManager keyManager, final PrivateKeyStrategy
aliasStrategy) {
             super();
             this.keyManager = keyManager;
             this.aliasStrategy = aliasStrategy;
@@ -323,9 +323,8 @@ public class SSLContextBuilder {
             return this.keyManager.getClientAliases(keyType, issuers);
         }
 
-        @Override
-        public String chooseClientAlias(
-                final String[] keyTypes, final Principal[] issuers, final Socket socket)
{
+        public Map<String, PrivateKeyDetails> getClientAliasMap(
+                final String[] keyTypes, final Principal[] issuers) {
             final Map<String, PrivateKeyDetails> validAliases = new HashMap<String,
PrivateKeyDetails>();
             for (final String keyType: keyTypes) {
                 final String[] aliases = this.keyManager.getClientAliases(keyType, issuers);
@@ -336,6 +335,26 @@ public class SSLContextBuilder {
                     }
                 }
             }
+            return validAliases;
+        }
+
+        public Map<String, PrivateKeyDetails> getServerAliasMap(
+                final String keyType, final Principal[] issuers) {
+            final Map<String, PrivateKeyDetails> validAliases = new HashMap<String,
PrivateKeyDetails>();
+            final String[] aliases = this.keyManager.getServerAliases(keyType, issuers);
+            if (aliases != null) {
+                for (final String alias: aliases) {
+                    validAliases.put(alias,
+                            new PrivateKeyDetails(keyType, this.keyManager.getCertificateChain(alias)));
+                }
+            }
+            return validAliases;
+        }
+
+        @Override
+        public String chooseClientAlias(
+                final String[] keyTypes, final Principal[] issuers, final Socket socket)
{
+            final Map<String, PrivateKeyDetails> validAliases = getClientAliasMap(keyTypes,
issuers);
             return this.aliasStrategy.chooseAlias(validAliases, socket);
         }
 
@@ -348,14 +367,7 @@ public class SSLContextBuilder {
         @Override
         public String chooseServerAlias(
                 final String keyType, final Principal[] issuers, final Socket socket) {
-            final Map<String, PrivateKeyDetails> validAliases = new HashMap<String,
PrivateKeyDetails>();
-            final String[] aliases = this.keyManager.getServerAliases(keyType, issuers);
-            if (aliases != null) {
-                for (final String alias: aliases) {
-                    validAliases.put(alias,
-                            new PrivateKeyDetails(keyType, this.keyManager.getCertificateChain(alias)));
-                }
-            }
+            final Map<String, PrivateKeyDetails> validAliases = getServerAliasMap(keyType,
issuers);
             return this.aliasStrategy.chooseAlias(validAliases, socket);
         }
 
@@ -369,6 +381,20 @@ public class SSLContextBuilder {
             return this.keyManager.getPrivateKey(alias);
         }
 
+        @Override
+        public String chooseEngineClientAlias(
+                final String[] keyTypes, final Principal[] issuers, final SSLEngine sslEngine)
{
+            final Map<String, PrivateKeyDetails> validAliases = getClientAliasMap(keyTypes,
issuers);
+            return this.aliasStrategy.chooseAlias(validAliases, null);
+        }
+
+        @Override
+        public String chooseEngineServerAlias(
+                final String keyType, final Principal[] issuers, final SSLEngine sslEngine)
{
+            final Map<String, PrivateKeyDetails> validAliases = getServerAliasMap(keyType,
issuers);
+            return this.aliasStrategy.chooseAlias(validAliases, null);
+        }
+
     }
 
 }



Mime
View raw message