Clean-up d9cccccbb3
- Revert irrelevant formatting changes - Rename resource files - Add .pem - Remove 'netty' from names
This commit is contained in:
Trustin Lee
parent
a5ccec5ef3
commit
8263a62014
@ -13,8 +13,22 @@
|
|||||||
* License for the specific language governing permissions and limitations
|
* License for the specific language governing permissions and limitations
|
||||||
* under the License.
|
* under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
package io.netty.handler.ssl;
|
package io.netty.handler.ssl;
|
||||||
|
|
||||||
|
import io.netty.buffer.ByteBuf;
|
||||||
|
import io.netty.buffer.ByteBufInputStream;
|
||||||
|
|
||||||
|
import javax.crypto.Cipher;
|
||||||
|
import javax.crypto.EncryptedPrivateKeyInfo;
|
||||||
|
import javax.crypto.NoSuchPaddingException;
|
||||||
|
import javax.crypto.SecretKey;
|
||||||
|
import javax.crypto.SecretKeyFactory;
|
||||||
|
import javax.crypto.spec.PBEKeySpec;
|
||||||
|
import javax.net.ssl.KeyManagerFactory;
|
||||||
|
import javax.net.ssl.SSLContext;
|
||||||
|
import javax.net.ssl.SSLException;
|
||||||
|
import javax.net.ssl.SSLSessionContext;
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
@ -32,20 +46,6 @@ import java.util.ArrayList;
|
|||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import javax.crypto.Cipher;
|
|
||||||
import javax.crypto.EncryptedPrivateKeyInfo;
|
|
||||||
import javax.crypto.NoSuchPaddingException;
|
|
||||||
import javax.crypto.SecretKey;
|
|
||||||
import javax.crypto.SecretKeyFactory;
|
|
||||||
import javax.crypto.spec.PBEKeySpec;
|
|
||||||
import javax.net.ssl.KeyManagerFactory;
|
|
||||||
import javax.net.ssl.SSLContext;
|
|
||||||
import javax.net.ssl.SSLException;
|
|
||||||
import javax.net.ssl.SSLSessionContext;
|
|
||||||
|
|
||||||
import io.netty.buffer.ByteBuf;
|
|
||||||
import io.netty.buffer.ByteBufInputStream;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A server-side {@link SslContext} which uses JDK's SSL/TLS implementation.
|
* A server-side {@link SslContext} which uses JDK's SSL/TLS implementation.
|
||||||
*/
|
*/
|
||||||
@ -69,7 +69,8 @@ public final class JdkSslServerContext extends JdkSslContext {
|
|||||||
*
|
*
|
||||||
* @param certChainFile an X.509 certificate chain file in PEM format
|
* @param certChainFile an X.509 certificate chain file in PEM format
|
||||||
* @param keyFile a PKCS#8 private key file in PEM format
|
* @param keyFile a PKCS#8 private key file in PEM format
|
||||||
* @param keyPassword the password of the {@code keyFile}. {@code null} if it's not password-protected.
|
* @param keyPassword the password of the {@code keyFile}.
|
||||||
|
* {@code null} if it's not password-protected.
|
||||||
*/
|
*/
|
||||||
public JdkSslServerContext(File certChainFile, File keyFile, String keyPassword) throws SSLException {
|
public JdkSslServerContext(File certChainFile, File keyFile, String keyPassword) throws SSLException {
|
||||||
this(certChainFile, keyFile, keyPassword, null, null, 0, 0);
|
this(certChainFile, keyFile, keyPassword, null, null, 0, 0);
|
||||||
@ -80,15 +81,16 @@ public final class JdkSslServerContext extends JdkSslContext {
|
|||||||
*
|
*
|
||||||
* @param certChainFile an X.509 certificate chain file in PEM format
|
* @param certChainFile an X.509 certificate chain file in PEM format
|
||||||
* @param keyFile a PKCS#8 private key file in PEM format
|
* @param keyFile a PKCS#8 private key file in PEM format
|
||||||
* @param keyPassword the password of the {@code keyFile}. {@code null} if it's not password-protected.
|
* @param keyPassword the password of the {@code keyFile}.
|
||||||
* @param ciphers the cipher suites to enable, in the order of preference. {@code null} to use the default cipher
|
* {@code null} if it's not password-protected.
|
||||||
* suites.
|
* @param ciphers the cipher suites to enable, in the order of preference.
|
||||||
* @param nextProtocols the application layer protocols to accept, in the order of preference. {@code null} to
|
* {@code null} to use the default cipher suites.
|
||||||
* disable TLS NPN/ALPN extension.
|
* @param nextProtocols the application layer protocols to accept, in the order of preference.
|
||||||
* @param sessionCacheSize the size of the cache used for storing SSL session objects. {@code 0} to use the default
|
* {@code null} to disable TLS NPN/ALPN extension.
|
||||||
* value.
|
* @param sessionCacheSize the size of the cache used for storing SSL session objects.
|
||||||
* @param sessionTimeout the timeout for the cached SSL session objects, in seconds. {@code 0} to use the default
|
* {@code 0} to use the default value.
|
||||||
* value.
|
* @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
|
||||||
|
* {@code 0} to use the default value.
|
||||||
*/
|
*/
|
||||||
public JdkSslServerContext(
|
public JdkSslServerContext(
|
||||||
File certChainFile, File keyFile, String keyPassword,
|
File certChainFile, File keyFile, String keyPassword,
|
||||||
@ -206,17 +208,20 @@ public final class JdkSslServerContext extends JdkSslContext {
|
|||||||
*
|
*
|
||||||
* @param password characters, if {@code null} or empty an unencrypted key is assumed
|
* @param password characters, if {@code null} or empty an unencrypted key is assumed
|
||||||
* @param key bytes of the DER encoded private key
|
* @param key bytes of the DER encoded private key
|
||||||
|
*
|
||||||
* @return a key specification
|
* @return a key specification
|
||||||
|
*
|
||||||
* @throws IOException if parsing {@code key} fails
|
* @throws IOException if parsing {@code key} fails
|
||||||
* @throws NoSuchAlgorithmException if the algorithm used to encrypt {@code key} is unkown
|
* @throws NoSuchAlgorithmException if the algorithm used to encrypt {@code key} is unkown
|
||||||
* @throws NoSuchPaddingException if the padding scheme specified in the decryption algorithm is unkown
|
* @throws NoSuchPaddingException if the padding scheme specified in the decryption algorithm is unkown
|
||||||
* @throws InvalidKeySpecException if the decryption key based on {@code password} cannot be generated
|
* @throws InvalidKeySpecException if the decryption key based on {@code password} cannot be generated
|
||||||
* @throws InvalidKeyException if the decryption key based on {@code password} cannot be used to decrypt {@code key}
|
* @throws InvalidKeyException if the decryption key based on {@code password} cannot be used to decrypt
|
||||||
|
* {@code key}
|
||||||
* @throws InvalidAlgorithmParameterException if decryption algorithm parameters are somehow faulty
|
* @throws InvalidAlgorithmParameterException if decryption algorithm parameters are somehow faulty
|
||||||
*/
|
*/
|
||||||
private static PKCS8EncodedKeySpec generateKeySpec(char[] password, byte[] key) throws IOException,
|
private static PKCS8EncodedKeySpec generateKeySpec(char[] password, byte[] key)
|
||||||
NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidKeyException,
|
throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException,
|
||||||
InvalidAlgorithmParameterException {
|
InvalidKeyException, InvalidAlgorithmParameterException {
|
||||||
|
|
||||||
if (password == null || password.length == 0) {
|
if (password == null || password.length == 0) {
|
||||||
return new PKCS8EncodedKeySpec(key);
|
return new PKCS8EncodedKeySpec(key);
|
||||||
|
|||||||
@ -16,32 +16,27 @@
|
|||||||
|
|
||||||
package io.netty.handler.ssl;
|
package io.netty.handler.ssl;
|
||||||
|
|
||||||
import java.io.File;
|
|
||||||
|
|
||||||
import javax.net.ssl.SSLException;
|
|
||||||
|
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
/**
|
import javax.net.ssl.SSLException;
|
||||||
* Tests for JDK SSL Server Context.
|
import java.io.File;
|
||||||
*/
|
|
||||||
public class JdkSslServerContextTest {
|
public class JdkSslServerContextTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testJdkSslServerWithEncryptedPrivateKey() throws SSLException {
|
public void testJdkSslServerWithEncryptedPrivateKey() throws SSLException {
|
||||||
File keyFile = new File(getClass().getResource("netty_test").getFile());
|
File keyFile = new File(getClass().getResource("test_encrypted.pem").getFile());
|
||||||
File crtFile = new File(getClass().getResource("netty_test.crt").getFile());
|
File crtFile = new File(getClass().getResource("test.crt").getFile());
|
||||||
|
|
||||||
new JdkSslServerContext(crtFile, keyFile, "12345");
|
new JdkSslServerContext(crtFile, keyFile, "12345");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testJdkSslServerWithUnencryptedPrivateKey() throws SSLException {
|
public void testJdkSslServerWithUnencryptedPrivateKey() throws SSLException {
|
||||||
File keyFile = new File(getClass().getResource("netty_test_unencrypted").getFile());
|
File keyFile = new File(getClass().getResource("test_unencrypted.pem").getFile());
|
||||||
File crtFile = new File(getClass().getResource("netty_test.crt").getFile());
|
File crtFile = new File(getClass().getResource("test.crt").getFile());
|
||||||
|
|
||||||
new JdkSslServerContext(crtFile, keyFile, "");
|
new JdkSslServerContext(crtFile, keyFile, "");
|
||||||
new JdkSslServerContext(crtFile, keyFile, null);
|
new JdkSslServerContext(crtFile, keyFile, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user