maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [maven-wagon] spyhunter99 commented on a change in pull request #67: Feature/MNG-5583 per endpoint support for PKI authentication
Date Tue, 19 May 2020 23:01:34 GMT

spyhunter99 commented on a change in pull request #67:
URL: https://github.com/apache/maven-wagon/pull/67#discussion_r427647826



##########
File path: wagon-providers/wagon-http-shared/src/main/java/org/apache/maven/wagon/shared/http/AbstractHttpClientWagon.java
##########
@@ -593,13 +603,189 @@ private static CloseableHttpClient createClient()
      */
     private BasicAuthScope proxyAuth;
 
+    /**
+     * initializes a custom http client given user specified keystore/truststore
+     * information from settings.xml
+     * see httsp://issues.apache.org/jira/browser/MNG-5583
+     * @return a client
+     * @throws SSLInitializationException if there's an issue loading keystore/truststore
+     */
+    private CloseableHttpClient initilaizeLocalHttpClientWithCustomSslSocketFactory() throws
SSLInitializationException 
+    {
+        String sslProtocolsStr = System.getProperty( "https.protocols" );
+        String cipherSuitesStr = System.getProperty( "https.cipherSuites" );
+        String[] sslProtocols = sslProtocolsStr != null ? sslProtocolsStr.split( " *, *"
) : null;
+        String[] cipherSuites = cipherSuitesStr != null ? cipherSuitesStr.split( " *, *"
) : null;
+
+        SSLSocketFactory socketFactory = null;
+        TrustManager[] trustManagers = null;
+        KeyManager[] keyManagers = null;
+        try 
+        {
+            if ( authenticationInfo.getTrustStore() != null ) 
+            {
+                KeyStore keystore = KeyStore.getInstance( authenticationInfo.getTrustStoreType()
== null ? "JKS"
+                        : authenticationInfo.getTrustStoreType() );
+                FileInputStream fis = null;
+                //on windows platforms, the truststoreType of "WINDOWS" mounts
+                //to the windows certificate store, so a null input stream is just fine
+                File file = new File( ( authenticationInfo.getTrustStore() ) );
+                if ( file.exists() ) 
+                {
+                    fis = new FileInputStream( file );
+                } 
+                //also a null password is fine with windows and even with JKS files
+                char[] keyPass = authenticationInfo.getTrustStorePassword() != null
+                        ? authenticationInfo.getTrustStorePassword().toCharArray()
+                        : null;
+                keystore.load( fis, keyPass );
+                if ( keyPass != null ) 
+                {
+                    for ( int i = 0; i < keyPass.length; i++ ) 
+                    {
+                        keyPass[i] = 0;
+                    }
+                }
+                if ( fis != null ) 
+                {
+                    fis.close();
+                }
+                String alg = KeyManagerFactory.getDefaultAlgorithm();
+                TrustManagerFactory fac = TrustManagerFactory.getInstance( alg );
+                fac.init( keystore );
+                trustManagers = fac.getTrustManagers();
+            }
+
+            if ( authenticationInfo.getKeyStore() != null ) 
+            {
+                KeyStore keystore = KeyStore.getInstance( authenticationInfo.getKeyStoreType()
== null ? "JKS"
+                        : authenticationInfo.getKeyStoreType() );
+                FileInputStream fis = null;
+                //on windows platforms, the truststoreType of "WINDOWS" mounts
+                //to the windows certificate store, so a null input stream is just fine
+                File file = new File( ( authenticationInfo.getTrustStore() ) );
+                if ( file.exists() ) 
+                {
+                    fis = new FileInputStream( file );
+                }
+                String alg = KeyManagerFactory.getDefaultAlgorithm();
+                char[] keyStorePass = authenticationInfo.getKeyStorePassword() != null
+                        ? authenticationInfo.getKeyStorePassword().toCharArray()
+                        : null;
+                char[] keyPass = authenticationInfo.getKeyPassword() != null
+                        ? authenticationInfo.getKeyPassword().toCharArray()
+                        : null;
+                KeyManagerFactory fac = KeyManagerFactory.getInstance( alg );
+                keystore.load( fis, keyStorePass );
+                fac.init( keystore, keyPass );
+                if ( keyPass != null ) 
+                {
+                    for ( int i = 0; i < keyPass.length; i++ ) 
+                    {
+                        keyPass[i] = 0;
+                    }
+                }
+                keyPass = null;
+                String alias = authenticationInfo.getKeyAlias();
+                if ( alias != null )
+                {
+                    //borrowed from tomcat's code
+                    //user has explicitly specified a key alias, great.
+                    //let's make sure it exists in the key store that it has a 
+                    //key pair
+                    if ( keystore.containsAlias( alias ) ) 
+                    {
+                        if ( !keystore.isKeyEntry( alias ) ) 
+                        {
+                            alias = null;
+                        }
+                    } 
+                    else if ( keystore.containsAlias( alias.toLowerCase() ) ) 
+                    {
+                        alias = alias.toLowerCase();
+                        if ( !keystore.isKeyEntry( alias ) ) 
+                        {
+                            alias = null;
+                        }
+                    }
+                    if ( alias == null ) 
+                    {
+                        //TODO this should be I18N
+                        throw new IOException( "key alias not found" );

Review comment:
       i can change to SSLInitializationException, would that work?            




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message