hc-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ol...@apache.org
Subject [1/2] httpcomponents-core git commit: [HTTPCORE-466] Round out the SslContextBuilder by adding missing APIs.
Date Fri, 16 Jun 2017 08:53:43 GMT
Repository: httpcomponents-core
Updated Branches:
  refs/heads/master 09d65b9b3 -> 1c2698454


[HTTPCORE-466] Round out the SslContextBuilder by adding missing APIs.

Port from branch 4.4.x.


Project: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/commit/46297edb
Tree: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/tree/46297edb
Diff: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/diff/46297edb

Branch: refs/heads/master
Commit: 46297edb2397a72f47a766f67981583ab52ffebc
Parents: 09d65b9
Author: Gary Gregory <ggregory@apache.org>
Authored: Wed May 17 22:50:29 2017 -0700
Committer: Oleg Kalnichevski <olegk@apache.org>
Committed: Fri Jun 16 09:53:24 2017 +0200

----------------------------------------------------------------------
 RELEASE_NOTES.txt                               |   3 +
 .../apache/hc/core5/ssl/SSLContextBuilder.java  |  88 +++++++++++--
 .../hc/core5/ssl/TestSSLContextBuilder.java     | 125 +++++++++++++++----
 3 files changed, 178 insertions(+), 38 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/httpcomponents-core/blob/46297edb/RELEASE_NOTES.txt
----------------------------------------------------------------------
diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt
index 06cab72..bf4b252 100644
--- a/RELEASE_NOTES.txt
+++ b/RELEASE_NOTES.txt
@@ -10,6 +10,9 @@ Changelog
 * HTTPCORE-471: Add APIs URIBuilder.localhost() and setHost(InetAddress)
   Contributed by Gary Gregory <ggregory at apache.org>
 
+* HTTPCORE-466: Round out the SslContextBuilder by adding missing APIs.
+  Contributed by Gary Gregory <ggregory at apache.org>
+
 
 Release 5.0-ALPHA3
 -------------------

http://git-wip-us.apache.org/repos/asf/httpcomponents-core/blob/46297edb/httpcore5/src/main/java/org/apache/hc/core5/ssl/SSLContextBuilder.java
----------------------------------------------------------------------
diff --git a/httpcore5/src/main/java/org/apache/hc/core5/ssl/SSLContextBuilder.java b/httpcore5/src/main/java/org/apache/hc/core5/ssl/SSLContextBuilder.java
index 6bfc7c6..c29a7c3 100644
--- a/httpcore5/src/main/java/org/apache/hc/core5/ssl/SSLContextBuilder.java
+++ b/httpcore5/src/main/java/org/apache/hc/core5/ssl/SSLContextBuilder.java
@@ -81,7 +81,10 @@ public class SSLContextBuilder {
 
     private String protocol;
     private final Set<KeyManager> keyManagers;
+    private String keyManagerFactoryAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
+    private String keyStoreType = KeyStore.getDefaultType();
     private final Set<TrustManager> trustManagers;
+    private String trustManagerFactoryAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
     private SecureRandom secureRandom;
     private Provider provider;
 
@@ -124,6 +127,66 @@ public class SSLContextBuilder {
         return this;
     }
 
+    /**
+     * Sets the key store type.
+     *
+     * @param keyStoreType
+     *            the SSLkey store type. See
+     *            the KeyStore section in the <a href=
+     *            "https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore">Java
+     *            Cryptography Architecture Standard Algorithm Name
+     *            Documentation</a> for more information.
+     * @return this builder
+     * @see <a href=
+     *      "https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore">Java
+     *      Cryptography Architecture Standard Algorithm Name Documentation</a>
+     * @since 4.4.7
+     */
+    public SSLContextBuilder setKeyStoreType(final String keyStoreType) {
+        this.keyStoreType = keyStoreType;
+        return this;
+    }
+
+    /**
+     * Sets the key manager factory algorithm name.
+     *
+     * @param keyManagerFactoryAlgorithm
+     *            the key manager factory algorithm name of the requested protocol. See
+     *            the KeyManagerFactory section in the <a href=
+     *            "https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyManagerFactory">Java
+     *            Cryptography Architecture Standard Algorithm Name
+     *            Documentation</a> for more information.
+     * @return this builder
+     * @see <a href=
+     *      "https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyManagerFactory">Java
+     *      Cryptography Architecture Standard Algorithm Name Documentation</a>
+     * @since 4.4.7
+     */
+    public SSLContextBuilder setKeyManagerFactoryAlgorithm(final String keyManagerFactoryAlgorithm)
{
+        this.keyManagerFactoryAlgorithm = keyManagerFactoryAlgorithm;
+        return this;
+    }
+
+    /**
+     * Sets the trust manager factory algorithm name.
+     *
+     * @param trustManagerFactoryAlgorithm
+     *            the trust manager algorithm name of the requested protocol. See
+     *            the TrustManagerFactory section in the <a href=
+     *            "https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#TrustManagerFactory">Java
+     *            Cryptography Architecture Standard Algorithm Name
+     *            Documentation</a> for more information.
+     * @return this builder
+     * @see <a href=
+     *      "https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#TrustManagerFactory">Java
+     *      Cryptography Architecture Standard Algorithm Name Documentation</a>
+     * @since 4.4.7
+     */
+    public SSLContextBuilder setTrustManagerFactoryAlgorithm(final String trustManagerFactoryAlgorithm)
{
+        this.trustManagerFactoryAlgorithm = trustManagerFactoryAlgorithm;
+        return this;
+    }
+
     public SSLContextBuilder setSecureRandom(final SecureRandom secureRandom) {
         this.secureRandom = secureRandom;
         return this;
@@ -133,7 +196,8 @@ public class SSLContextBuilder {
             final KeyStore truststore,
             final TrustStrategy trustStrategy) throws NoSuchAlgorithmException, KeyStoreException
{
         final TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(
-                TrustManagerFactory.getDefaultAlgorithm());
+                trustManagerFactoryAlgorithm == null ? TrustManagerFactory.getDefaultAlgorithm()
+                        : trustManagerFactoryAlgorithm);
         tmfactory.init(truststore);
         final TrustManager[] tms = tmfactory.getTrustManagers();
         if (tms != null) {
@@ -163,7 +227,7 @@ public class SSLContextBuilder {
             final char[] storePassword,
             final TrustStrategy trustStrategy) throws NoSuchAlgorithmException, KeyStoreException,
CertificateException, IOException {
         Args.notNull(file, "Truststore file");
-        final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        final KeyStore trustStore = KeyStore.getInstance(keyStoreType);
         try (final FileInputStream instream = new FileInputStream(file)) {
             trustStore.load(instream, storePassword);
         }
@@ -186,7 +250,7 @@ public class SSLContextBuilder {
             final char[] storePassword,
             final TrustStrategy trustStrategy) throws NoSuchAlgorithmException, KeyStoreException,
CertificateException, IOException {
         Args.notNull(url, "Truststore URL");
-        final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        final KeyStore trustStore = KeyStore.getInstance(keyStoreType);
         try (final InputStream instream = url.openStream()) {
             trustStore.load(instream, storePassword);
         }
@@ -204,10 +268,11 @@ public class SSLContextBuilder {
             final char[] keyPassword,
             final PrivateKeyStrategy aliasStrategy)
             throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException
{
-        final KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
-                KeyManagerFactory.getDefaultAlgorithm());
+        final KeyManagerFactory kmfactory = KeyManagerFactory
+                .getInstance(keyManagerFactoryAlgorithm == null ? KeyManagerFactory.getDefaultAlgorithm()
+                        : keyManagerFactoryAlgorithm);
         kmfactory.init(keystore, keyPassword);
-        final KeyManager[] kms =  kmfactory.getKeyManagers();
+        final KeyManager[] kms = kmfactory.getKeyManagers();
         if (kms != null) {
             if (aliasStrategy != null) {
                 for (int i = 0; i < kms.length; i++) {
@@ -236,7 +301,7 @@ public class SSLContextBuilder {
             final char[] keyPassword,
             final PrivateKeyStrategy aliasStrategy) throws NoSuchAlgorithmException, KeyStoreException,
UnrecoverableKeyException, CertificateException, IOException {
         Args.notNull(file, "Keystore file");
-        final KeyStore identityStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        final KeyStore identityStore = KeyStore.getInstance(keyStoreType);
         try (final FileInputStream instream = new FileInputStream(file)) {
             identityStore.load(instream, storePassword);
         }
@@ -256,7 +321,7 @@ public class SSLContextBuilder {
             final char[] keyPassword,
             final PrivateKeyStrategy aliasStrategy) throws NoSuchAlgorithmException, KeyStoreException,
UnrecoverableKeyException, CertificateException, IOException {
         Args.notNull(url, "Keystore URL");
-        final KeyStore identityStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        final KeyStore identityStore = KeyStore.getInstance(keyStoreType);
         try (final InputStream instream = url.openStream()) {
             identityStore.load(instream, storePassword);
         }
@@ -420,8 +485,9 @@ public class SSLContextBuilder {
 
     @Override
     public String toString() {
-        return "[provider=" + provider + ", protocol=" + protocol + ", keyManagers=" + keyManagers
-                + ", trustManagers=" + trustManagers + ", secureRandom=" + secureRandom +
"]";
+        return "[provider=" + provider + ", protocol=" + protocol + ", keyStoreType=" + keyStoreType
+                + ", keyManagerFactoryAlgorithm=" + keyManagerFactoryAlgorithm + ", keyManagers="
+ keyManagers
+                + ", trustManagerFactoryAlgorithm=" + trustManagerFactoryAlgorithm + ", trustManagers="
+ trustManagers
+                + ", secureRandom=" + secureRandom + "]";
     }
-
 }

http://git-wip-us.apache.org/repos/asf/httpcomponents-core/blob/46297edb/httpcore5/src/test/java/org/apache/hc/core5/ssl/TestSSLContextBuilder.java
----------------------------------------------------------------------
diff --git a/httpcore5/src/test/java/org/apache/hc/core5/ssl/TestSSLContextBuilder.java b/httpcore5/src/test/java/org/apache/hc/core5/ssl/TestSSLContextBuilder.java
index 38b1a74..915b018 100644
--- a/httpcore5/src/test/java/org/apache/hc/core5/ssl/TestSSLContextBuilder.java
+++ b/httpcore5/src/test/java/org/apache/hc/core5/ssl/TestSSLContextBuilder.java
@@ -36,6 +36,8 @@ import java.net.Socket;
 import java.net.SocketException;
 import java.net.URL;
 import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
 import java.security.Security;
 import java.security.UnrecoverableKeyException;
@@ -52,6 +54,7 @@ import java.util.concurrent.Future;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicReference;
 
+import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLHandshakeException;
 import javax.net.ssl.SSLParameters;
@@ -60,6 +63,7 @@ import javax.net.ssl.SSLServerSocket;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManagerFactory;
 
 import org.junit.After;
 import org.junit.Assert;
@@ -72,6 +76,8 @@ import org.junit.rules.ExpectedException;
  */
 public class TestSSLContextBuilder {
 
+    private static final String PROVIDER_SUN_JSSE = "SunJSSE";
+
     @Rule
     public ExpectedException thrown = ExpectedException.none();
 
@@ -85,22 +91,111 @@ public class TestSSLContextBuilder {
         }
     }
 
-
     @Test
-    public void testBuildDefault() throws Exception {
-        new SSLContextBuilder().build();
+    public void testBuildAllDefaults() throws Exception {
+        final SSLContext sslContext = SSLContextBuilder.create()
+                .setKeyStoreType(KeyStore.getDefaultType())
+                .setKeyManagerFactoryAlgorithm(KeyManagerFactory.getDefaultAlgorithm())
+                .setTrustManagerFactoryAlgorithm(TrustManagerFactory.getDefaultAlgorithm())
+                .setProvider(PROVIDER_SUN_JSSE)
+                .setProtocol("TLS")
+                .setSecureRandom(null)
+                .loadTrustMaterial((KeyStore) null, null)
+                .loadKeyMaterial((KeyStore) null, null, null)
+                .build();
+        Assert.assertNotNull(sslContext);
+        Assert.assertEquals("TLS", sslContext.getProtocol());
+        Assert.assertEquals(PROVIDER_SUN_JSSE,  sslContext.getProvider().getName());
     }
 
     @Test
     public void testBuildAllNull() throws Exception {
         final SSLContext sslContext = SSLContextBuilder.create()
+                .setKeyStoreType(null)
+                .setKeyManagerFactoryAlgorithm(null)
+                .setTrustManagerFactoryAlgorithm(null)
                 .setProtocol(null)
+                .setProvider((String) null)
                 .setSecureRandom(null)
                 .loadTrustMaterial((KeyStore) null, null)
                 .loadKeyMaterial((KeyStore) null, null, null)
                 .build();
         Assert.assertNotNull(sslContext);
         Assert.assertEquals("TLS", sslContext.getProtocol());
+        Assert.assertEquals(PROVIDER_SUN_JSSE,  sslContext.getProvider().getName());
+    }
+
+    @Test
+    public void testBuildAllNull_deprecated() throws Exception {
+        final SSLContext sslContext = SSLContextBuilder.create()
+                .setProtocol(null)
+                .setSecureRandom(null)
+                .loadTrustMaterial((KeyStore) null, null)
+                .loadKeyMaterial((KeyStore) null, null, null)
+                .build();
+        Assert.assertNotNull(sslContext);
+        Assert.assertEquals("TLS", sslContext.getProtocol());
+    }
+
+    @Test
+    public void testBuildDefault() throws Exception {
+        new SSLContextBuilder().build();
+    }
+
+    @Test(expected=NoSuchAlgorithmException.class)
+    public void testBuildNoSuchKeyManagerFactoryAlgorithm() throws Exception {
+        final URL resource1 = getClass().getResource("/test-keypasswd.keystore");
+        final String storePassword = "nopassword";
+        final String keyPassword = "password";
+        SSLContextBuilder.create()
+                .setKeyManagerFactoryAlgorithm(" BAD ")
+                .loadKeyMaterial(resource1, storePassword.toCharArray(), keyPassword.toCharArray())
+                .build();
+    }
+
+    @Test(expected=KeyStoreException.class)
+    public void testBuildNoSuchKeyStoreType() throws Exception {
+        final URL resource1 = getClass().getResource("/test-keypasswd.keystore");
+        final String storePassword = "nopassword";
+        final String keyPassword = "password";
+        SSLContextBuilder.create()
+                .setKeyStoreType(" BAD ")
+                .loadKeyMaterial(resource1, storePassword.toCharArray(), keyPassword.toCharArray())
+                .build();
+    }
+
+    @Test(expected=NoSuchAlgorithmException.class)
+    public void testBuildNoSuchTrustManagerFactoryAlgorithm() throws Exception {
+        final URL resource1 = getClass().getResource("/test-keypasswd.keystore");
+        final String storePassword = "nopassword";
+        SSLContextBuilder.create()
+                .setTrustManagerFactoryAlgorithm(" BAD ")
+                .loadTrustMaterial(resource1, storePassword.toCharArray())
+                .build();
+    }
+
+    @Test
+    public void testBuildWithProvider() throws Exception {
+        final URL resource1 = getClass().getResource("/test-server.keystore");
+        final String storePassword = "nopassword";
+        final String keyPassword = "nopassword";
+        final SSLContext sslContext=SSLContextBuilder.create()
+                .setProvider(Security.getProvider(PROVIDER_SUN_JSSE))
+                .loadKeyMaterial(resource1, storePassword.toCharArray(), keyPassword.toCharArray())
+                .build();
+        Assert.assertEquals(PROVIDER_SUN_JSSE,  sslContext.getProvider().getName());
+    }
+
+    @Test
+    public void testBuildWithProviderName() throws Exception {
+        final URL resource1 = getClass().getResource("/test-server.keystore");
+        final String storePassword = "nopassword";
+        final String keyPassword = "nopassword";
+        final SSLContext sslContext=SSLContextBuilder.create()
+                .setProvider(PROVIDER_SUN_JSSE)
+                .loadKeyMaterial(resource1, storePassword.toCharArray(), keyPassword.toCharArray())
+                .build();
+        Assert.assertEquals(PROVIDER_SUN_JSSE,  sslContext.getProvider().getName());
     }
 
     @Test
@@ -611,28 +706,4 @@ public class TestSSLContextBuilder {
         }
     }
 
-    @Test
-    public void testBuildWithProvider() throws Exception {
-        final URL resource1 = getClass().getResource("/test-server.keystore");
-        final String storePassword = "nopassword";
-        final String keyPassword = "nopassword";
-        final SSLContext sslContext=SSLContextBuilder.create()
-                .setProvider(Security.getProvider("SunJSSE"))
-                .loadKeyMaterial(resource1, storePassword.toCharArray(), keyPassword.toCharArray())
-                .build();
-        Assert.assertTrue(sslContext.getProvider().getName().equals("SunJSSE"));
-    }
-
-    @Test
-    public void testBuildWithProviderName() throws Exception {
-        final URL resource1 = getClass().getResource("/test-server.keystore");
-        final String storePassword = "nopassword";
-        final String keyPassword = "nopassword";
-        final SSLContext sslContext=SSLContextBuilder.create()
-                .setProvider("SunJSSE")
-                .loadKeyMaterial(resource1, storePassword.toCharArray(), keyPassword.toCharArray())
-                .build();
-        Assert.assertTrue(sslContext.getProvider().getName().equals("SunJSSE"));
-    }
-
 }


Mime
View raw message