|
|
|
@ -24,11 +24,9 @@ import java.security.KeyStoreException;
|
|
|
|
import java.security.NoSuchAlgorithmException;
|
|
|
|
import java.security.NoSuchAlgorithmException;
|
|
|
|
import java.security.Principal;
|
|
|
|
import java.security.Principal;
|
|
|
|
import java.security.PrivateKey;
|
|
|
|
import java.security.PrivateKey;
|
|
|
|
import java.security.Provider;
|
|
|
|
|
|
|
|
import java.security.UnrecoverableKeyException;
|
|
|
|
import java.security.UnrecoverableKeyException;
|
|
|
|
import java.security.cert.X509Certificate;
|
|
|
|
import java.security.cert.X509Certificate;
|
|
|
|
import java.util.Arrays;
|
|
|
|
import java.util.Arrays;
|
|
|
|
import java.util.stream.Collectors;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
import javax.net.ssl.KeyManager;
|
|
|
|
import javax.net.ssl.KeyManager;
|
|
|
|
import javax.net.ssl.KeyManagerFactory;
|
|
|
|
import javax.net.ssl.KeyManagerFactory;
|
|
|
|
@ -110,7 +108,7 @@ public class SslServerCustomizer implements NettyServerCustomizer {
|
|
|
|
KeyStore keyStore = getKeyStore(ssl, sslStoreProvider);
|
|
|
|
KeyStore keyStore = getKeyStore(ssl, sslStoreProvider);
|
|
|
|
KeyManagerFactory keyManagerFactory = (ssl.getKeyAlias() == null)
|
|
|
|
KeyManagerFactory keyManagerFactory = (ssl.getKeyAlias() == null)
|
|
|
|
? KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
|
|
|
|
? KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
|
|
|
|
: ConfigurableAliasKeyManagerFactory.instance(ssl.getKeyAlias(),
|
|
|
|
: new ConfigurableAliasKeyManagerFactory(ssl.getKeyAlias(),
|
|
|
|
KeyManagerFactory.getDefaultAlgorithm());
|
|
|
|
KeyManagerFactory.getDefaultAlgorithm());
|
|
|
|
char[] keyPassword = (ssl.getKeyPassword() != null) ? ssl.getKeyPassword().toCharArray() : null;
|
|
|
|
char[] keyPassword = (ssl.getKeyPassword() != null) ? ssl.getKeyPassword().toCharArray() : null;
|
|
|
|
if (keyPassword == null && ssl.getKeyStorePassword() != null) {
|
|
|
|
if (keyPassword == null && ssl.getKeyStorePassword() != null) {
|
|
|
|
@ -188,36 +186,31 @@ public class SslServerCustomizer implements NettyServerCustomizer {
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
private static final class ConfigurableAliasKeyManagerFactory extends KeyManagerFactory {
|
|
|
|
private static final class ConfigurableAliasKeyManagerFactory extends KeyManagerFactory {
|
|
|
|
|
|
|
|
|
|
|
|
private static ConfigurableAliasKeyManagerFactory instance(String alias, String algorithm)
|
|
|
|
private ConfigurableAliasKeyManagerFactory(String alias, String algorithm) throws NoSuchAlgorithmException {
|
|
|
|
throws NoSuchAlgorithmException {
|
|
|
|
this(KeyManagerFactory.getInstance(algorithm), alias, algorithm);
|
|
|
|
KeyManagerFactory originalFactory = KeyManagerFactory.getInstance(algorithm);
|
|
|
|
|
|
|
|
ConfigurableAliasKeyManagerFactorySpi spi = new ConfigurableAliasKeyManagerFactorySpi(originalFactory,
|
|
|
|
|
|
|
|
alias);
|
|
|
|
|
|
|
|
return new ConfigurableAliasKeyManagerFactory(spi, originalFactory.getProvider(), algorithm);
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private ConfigurableAliasKeyManagerFactory(ConfigurableAliasKeyManagerFactorySpi spi, Provider provider,
|
|
|
|
public ConfigurableAliasKeyManagerFactory(KeyManagerFactory delegate, String alias, String algorithm) {
|
|
|
|
String algorithm) {
|
|
|
|
super(new ConfigurableAliasKeyManagerFactorySpi(delegate, alias), delegate.getProvider(), algorithm);
|
|
|
|
super(spi, provider, algorithm);
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private static final class ConfigurableAliasKeyManagerFactorySpi extends KeyManagerFactorySpi {
|
|
|
|
private static final class ConfigurableAliasKeyManagerFactorySpi extends KeyManagerFactorySpi {
|
|
|
|
|
|
|
|
|
|
|
|
private KeyManagerFactory originalFactory;
|
|
|
|
private final KeyManagerFactory delegate;
|
|
|
|
|
|
|
|
|
|
|
|
private String alias;
|
|
|
|
private final String alias;
|
|
|
|
|
|
|
|
|
|
|
|
private ConfigurableAliasKeyManagerFactorySpi(KeyManagerFactory originalFactory, String alias) {
|
|
|
|
private ConfigurableAliasKeyManagerFactorySpi(KeyManagerFactory delegate, String alias) {
|
|
|
|
this.originalFactory = originalFactory;
|
|
|
|
this.delegate = delegate;
|
|
|
|
this.alias = alias;
|
|
|
|
this.alias = alias;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
protected void engineInit(KeyStore keyStore, char[] chars)
|
|
|
|
protected void engineInit(KeyStore keyStore, char[] chars)
|
|
|
|
throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
|
|
|
|
throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
|
|
|
|
this.originalFactory.init(keyStore, chars);
|
|
|
|
this.delegate.init(keyStore, chars);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
@ -228,69 +221,65 @@ public class SslServerCustomizer implements NettyServerCustomizer {
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
protected KeyManager[] engineGetKeyManagers() {
|
|
|
|
protected KeyManager[] engineGetKeyManagers() {
|
|
|
|
return Arrays.stream(this.originalFactory.getKeyManagers()).filter(X509ExtendedKeyManager.class::isInstance)
|
|
|
|
return Arrays.stream(this.delegate.getKeyManagers()).filter(X509ExtendedKeyManager.class::isInstance)
|
|
|
|
.map(X509ExtendedKeyManager.class::cast).map(this::wrapKeyManager).collect(Collectors.toList())
|
|
|
|
.map(X509ExtendedKeyManager.class::cast).map(this::wrap).toArray(KeyManager[]::new);
|
|
|
|
.toArray(new KeyManager[0]);
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private ConfigurableAliasKeyManager wrapKeyManager(X509ExtendedKeyManager km) {
|
|
|
|
private ConfigurableAliasKeyManager wrap(X509ExtendedKeyManager keyManager) {
|
|
|
|
return new ConfigurableAliasKeyManager(km, this.alias);
|
|
|
|
return new ConfigurableAliasKeyManager(keyManager, this.alias);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private static final class ConfigurableAliasKeyManager extends X509ExtendedKeyManager {
|
|
|
|
private static final class ConfigurableAliasKeyManager extends X509ExtendedKeyManager {
|
|
|
|
|
|
|
|
|
|
|
|
private final X509ExtendedKeyManager keyManager;
|
|
|
|
private final X509ExtendedKeyManager delegate;
|
|
|
|
|
|
|
|
|
|
|
|
private final String alias;
|
|
|
|
private final String alias;
|
|
|
|
|
|
|
|
|
|
|
|
private ConfigurableAliasKeyManager(X509ExtendedKeyManager keyManager, String alias) {
|
|
|
|
private ConfigurableAliasKeyManager(X509ExtendedKeyManager keyManager, String alias) {
|
|
|
|
this.keyManager = keyManager;
|
|
|
|
this.delegate = keyManager;
|
|
|
|
this.alias = alias;
|
|
|
|
this.alias = alias;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
public String chooseEngineClientAlias(String[] strings, Principal[] principals, SSLEngine sslEngine) {
|
|
|
|
public String chooseEngineClientAlias(String[] strings, Principal[] principals, SSLEngine sslEngine) {
|
|
|
|
return this.keyManager.chooseEngineClientAlias(strings, principals, sslEngine);
|
|
|
|
return this.delegate.chooseEngineClientAlias(strings, principals, sslEngine);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
public String chooseEngineServerAlias(String s, Principal[] principals, SSLEngine sslEngine) {
|
|
|
|
public String chooseEngineServerAlias(String s, Principal[] principals, SSLEngine sslEngine) {
|
|
|
|
if (this.alias == null) {
|
|
|
|
return (this.alias != null) ? this.alias : this.delegate.chooseEngineServerAlias(s, principals, sslEngine);
|
|
|
|
return this.keyManager.chooseEngineServerAlias(s, principals, sslEngine);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
return this.alias;
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
|
|
|
|
public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
|
|
|
|
return this.keyManager.chooseClientAlias(keyType, issuers, socket);
|
|
|
|
return this.delegate.chooseClientAlias(keyType, issuers, socket);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
|
|
|
|
public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
|
|
|
|
return this.keyManager.chooseServerAlias(keyType, issuers, socket);
|
|
|
|
return this.delegate.chooseServerAlias(keyType, issuers, socket);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
public X509Certificate[] getCertificateChain(String alias) {
|
|
|
|
public X509Certificate[] getCertificateChain(String alias) {
|
|
|
|
return this.keyManager.getCertificateChain(alias);
|
|
|
|
return this.delegate.getCertificateChain(alias);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
public String[] getClientAliases(String keyType, Principal[] issuers) {
|
|
|
|
public String[] getClientAliases(String keyType, Principal[] issuers) {
|
|
|
|
return this.keyManager.getClientAliases(keyType, issuers);
|
|
|
|
return this.delegate.getClientAliases(keyType, issuers);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
public PrivateKey getPrivateKey(String alias) {
|
|
|
|
public PrivateKey getPrivateKey(String alias) {
|
|
|
|
return this.keyManager.getPrivateKey(alias);
|
|
|
|
return this.delegate.getPrivateKey(alias);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
public String[] getServerAliases(String keyType, Principal[] issuers) {
|
|
|
|
public String[] getServerAliases(String keyType, Principal[] issuers) {
|
|
|
|
return this.keyManager.getServerAliases(keyType, issuers);
|
|
|
|
return this.delegate.getServerAliases(keyType, issuers);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Phillip Webb
5 years ago