hc-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ol...@apache.org
Subject svn commit: r1660629 - in /httpcomponents/httpcore/trunk/httpcore/src: main/java/org/apache/http/ssl/PrivateKeyStrategy.java main/java/org/apache/http/ssl/SSLContextBuilder.java test/java/org/apache/http/ssl/TestSSLContextBuilder.java
Date Wed, 18 Feb 2015 13:25:04 GMT
Author: olegk
Date: Wed Feb 18 13:25:03 2015
New Revision: 1660629

URL: http://svn.apache.org/r1660629
Log:
HTTPCORE-396: PrivateKeyStrategy does not work with NIO SSL

Modified:
    httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/ssl/PrivateKeyStrategy.java
    httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/ssl/SSLContextBuilder.java
    httpcomponents/httpcore/trunk/httpcore/src/test/java/org/apache/http/ssl/TestSSLContextBuilder.java

Modified: httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/ssl/PrivateKeyStrategy.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/ssl/PrivateKeyStrategy.java?rev=1660629&r1=1660628&r2=1660629&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/ssl/PrivateKeyStrategy.java
(original)
+++ httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/ssl/PrivateKeyStrategy.java
Wed Feb 18 13:25:03 2015
@@ -26,9 +26,10 @@
  */
 package org.apache.http.ssl;
 
-import java.net.Socket;
 import java.util.Map;
 
+import javax.net.ssl.SSLParameters;
+
 /**
  * A strategy allowing for a choice of an alias during SSL authentication.
  *
@@ -39,6 +40,6 @@ public interface PrivateKeyStrategy {
     /**
      * Determines what key material to use for SSL authentication.
      */
-    String chooseAlias(Map<String, PrivateKeyDetails> aliases, Socket socket);
+    String chooseAlias(Map<String, PrivateKeyDetails> aliases, SSLParameters sslParameters);
 
 }

Modified: httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/ssl/SSLContextBuilder.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/ssl/SSLContextBuilder.java?rev=1660629&r1=1660628&r2=1660629&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/ssl/SSLContextBuilder.java
(original)
+++ httpcomponents/httpcore/trunk/httpcore/src/main/java/org/apache/http/ssl/SSLContextBuilder.java
Wed Feb 18 13:25:03 2015
@@ -52,9 +52,11 @@ import java.util.Set;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLSocket;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509KeyManager;
+import javax.net.ssl.X509ExtendedKeyManager;
 import javax.net.ssl.X509TrustManager;
 
 import org.apache.http.annotation.NotThreadSafe;
@@ -69,6 +71,7 @@ import org.apache.http.util.Args;
  * <a href="http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLContext.html#init%28javax.net.ssl.KeyManager[],%20javax.net.ssl.TrustManager[],%20java.security.SecureRandom%29">
  * SSLContext.html#init
  * </a>
+ *
  * @since 4.4
  */
 @NotThreadSafe
@@ -190,9 +193,8 @@ public class SSLContextBuilder {
             if (aliasStrategy != null) {
                 for (int i = 0; i < kms.length; i++) {
                     final KeyManager km = kms[i];
-                    if (km instanceof X509KeyManager) {
-                        kms[i] = new KeyManagerDelegate(
-                                (X509KeyManager) km, aliasStrategy);
+                    if (km instanceof X509ExtendedKeyManager) {
+                        kms[i] = new KeyManagerDelegate((X509ExtendedKeyManager) km, aliasStrategy);
                     }
                 }
             }
@@ -305,12 +307,12 @@ public class SSLContextBuilder {
 
     }
 
-    static class KeyManagerDelegate implements X509KeyManager {
+    static class KeyManagerDelegate extends X509ExtendedKeyManager {
 
-        private final X509KeyManager keyManager;
+        private final X509ExtendedKeyManager keyManager;
         private final PrivateKeyStrategy aliasStrategy;
 
-        KeyManagerDelegate(final X509KeyManager keyManager, final PrivateKeyStrategy aliasStrategy)
{
+        KeyManagerDelegate(final X509ExtendedKeyManager keyManager, final PrivateKeyStrategy
aliasStrategy) {
             super();
             this.keyManager = keyManager;
             this.aliasStrategy = aliasStrategy;
@@ -322,9 +324,8 @@ public class SSLContextBuilder {
             return this.keyManager.getClientAliases(keyType, issuers);
         }
 
-        @Override
-        public String chooseClientAlias(
-                final String[] keyTypes, final Principal[] issuers, final Socket socket)
{
+        public Map<String, PrivateKeyDetails> getClientAliasMap(
+                final String[] keyTypes, final Principal[] issuers) {
             final Map<String, PrivateKeyDetails> validAliases = new HashMap<String,
PrivateKeyDetails>();
             for (final String keyType: keyTypes) {
                 final String[] aliases = this.keyManager.getClientAliases(keyType, issuers);
@@ -335,18 +336,11 @@ public class SSLContextBuilder {
                     }
                 }
             }
-            return this.aliasStrategy.chooseAlias(validAliases, socket);
+            return validAliases;
         }
 
-        @Override
-        public String[] getServerAliases(
+        public Map<String, PrivateKeyDetails> getServerAliasMap(
                 final String keyType, final Principal[] issuers) {
-            return this.keyManager.getServerAliases(keyType, issuers);
-        }
-
-        @Override
-        public String chooseServerAlias(
-                final String keyType, final Principal[] issuers, final Socket socket) {
             final Map<String, PrivateKeyDetails> validAliases = new HashMap<String,
PrivateKeyDetails>();
             final String[] aliases = this.keyManager.getServerAliases(keyType, issuers);
             if (aliases != null) {
@@ -355,7 +349,29 @@ public class SSLContextBuilder {
                             new PrivateKeyDetails(keyType, this.keyManager.getCertificateChain(alias)));
                 }
             }
-            return this.aliasStrategy.chooseAlias(validAliases, socket);
+            return validAliases;
+        }
+
+        @Override
+        public String chooseClientAlias(
+                final String[] keyTypes, final Principal[] issuers, final Socket socket)
{
+            final Map<String, PrivateKeyDetails> validAliases = getClientAliasMap(keyTypes,
issuers);
+            return this.aliasStrategy.chooseAlias(validAliases,
+                    socket instanceof SSLSocket ? ((SSLSocket) socket).getSSLParameters()
: null);
+        }
+
+        @Override
+        public String[] getServerAliases(
+                final String keyType, final Principal[] issuers) {
+            return this.keyManager.getServerAliases(keyType, issuers);
+        }
+
+        @Override
+        public String chooseServerAlias(
+                final String keyType, final Principal[] issuers, final Socket socket) {
+            final Map<String, PrivateKeyDetails> validAliases = getServerAliasMap(keyType,
issuers);
+            return this.aliasStrategy.chooseAlias(validAliases,
+                    socket instanceof SSLSocket ? ((SSLSocket) socket).getSSLParameters()
: null);
         }
 
         @Override
@@ -368,6 +384,20 @@ public class SSLContextBuilder {
             return this.keyManager.getPrivateKey(alias);
         }
 
+        @Override
+        public String chooseEngineClientAlias(
+                final String[] keyTypes, final Principal[] issuers, final SSLEngine sslEngine)
{
+            final Map<String, PrivateKeyDetails> validAliases = getClientAliasMap(keyTypes,
issuers);
+            return this.aliasStrategy.chooseAlias(validAliases, sslEngine.getSSLParameters());
+        }
+
+        @Override
+        public String chooseEngineServerAlias(
+                final String keyType, final Principal[] issuers, final SSLEngine sslEngine)
{
+            final Map<String, PrivateKeyDetails> validAliases = getServerAliasMap(keyType,
issuers);
+            return this.aliasStrategy.chooseAlias(validAliases, sslEngine.getSSLParameters());
+        }
+
     }
 
 }

Modified: httpcomponents/httpcore/trunk/httpcore/src/test/java/org/apache/http/ssl/TestSSLContextBuilder.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore/src/test/java/org/apache/http/ssl/TestSSLContextBuilder.java?rev=1660629&r1=1660628&r2=1660629&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/httpcore/src/test/java/org/apache/http/ssl/TestSSLContextBuilder.java
(original)
+++ httpcomponents/httpcore/trunk/httpcore/src/test/java/org/apache/http/ssl/TestSSLContextBuilder.java
Wed Feb 18 13:25:03 2015
@@ -52,6 +52,7 @@ import java.util.concurrent.atomic.Atomi
 
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLHandshakeException;
+import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLServerSocket;
 import javax.net.ssl.SSLSession;
@@ -456,7 +457,7 @@ public class TestSSLContextBuilder {
 
         final PrivateKeyStrategy privateKeyStrategy = new PrivateKeyStrategy() {
             @Override
-            public String chooseAlias(final Map<String, PrivateKeyDetails> aliases,
final Socket socket) {
+            public String chooseAlias(final Map<String, PrivateKeyDetails> aliases,
final SSLParameters sslParameters) {
                 if (aliases.keySet().contains("client2")) {
                     return "client2";
                 } else {



Mime
View raw message