maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [maven-wagon] mthmulders commented on a change in pull request #67: Feature/MNG-5583 per endpoint support for PKI authentication
Date Tue, 19 May 2020 06:04:49 GMT

mthmulders commented on a change in pull request #67:
URL: https://github.com/apache/maven-wagon/pull/67#discussion_r427049478



##########
File path: wagon-providers/wagon-http-shared/src/main/java/org/apache/maven/wagon/shared/http/AbstractHttpClientWagon.java
##########
@@ -593,13 +603,189 @@ private static CloseableHttpClient createClient()
      */
     private BasicAuthScope proxyAuth;
 
+    /**
+     * initializes a custom http client given user specified keystore/truststore
+     * information from settings.xml
+     * see httsp://issues.apache.org/jira/browser/MNG-5583
+     * @return a client
+     * @throws SSLInitializationException if there's an issue loading keystore/truststore
+     */
+    private CloseableHttpClient initilaizeLocalHttpClientWithCustomSslSocketFactory() throws
SSLInitializationException 
+    {
+        String sslProtocolsStr = System.getProperty( "https.protocols" );
+        String cipherSuitesStr = System.getProperty( "https.cipherSuites" );
+        String[] sslProtocols = sslProtocolsStr != null ? sslProtocolsStr.split( " *, *"
) : null;
+        String[] cipherSuites = cipherSuitesStr != null ? cipherSuitesStr.split( " *, *"
) : null;
+
+        SSLSocketFactory socketFactory = null;
+        TrustManager[] trustManagers = null;
+        KeyManager[] keyManagers = null;
+        try 
+        {
+            if ( authenticationInfo.getTrustStore() != null ) 
+            {
+                KeyStore keystore = KeyStore.getInstance( authenticationInfo.getTrustStoreType()
== null ? "JKS"
+                        : authenticationInfo.getTrustStoreType() );
+                FileInputStream fis = null;
+                //on windows platforms, the truststoreType of "WINDOWS" mounts
+                //to the windows certificate store, so a null input stream is just fine
+                File file = new File( ( authenticationInfo.getTrustStore() ) );
+                if ( file.exists() ) 
+                {
+                    fis = new FileInputStream( file );
+                } 
+                //also a null password is fine with windows and even with JKS files
+                char[] keyPass = authenticationInfo.getTrustStorePassword() != null
+                        ? authenticationInfo.getTrustStorePassword().toCharArray()
+                        : null;
+                keystore.load( fis, keyPass );
+                if ( keyPass != null ) 

Review comment:
       I assume you're doing this to clean up the password from memory, but it currently still
resides in the `authenticationInfo` variable. So I think it has little to no effect.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message