andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove direct usage of JKS and SunX509

Browse Source 
Motivation:

When using netty on android or with for example a IBM JVM it may not be able to build a SslContext as we hardcoded the use of JKS and SunX509 (which both may not be present).

Modifications:

- Use the default algorithm / type which can be override via a System property
- Remove System property check as its redundant with KeyManagerFactory.getDefaultAlgorithm()

Result:

More portable code. Fixes [#7546].
This commit is contained in:
Norman Maurer 2018-01-04 03:32:18 +01:00 committed by Scott Mitchell
parent 83bca87257
commit ab9f0a0fda
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
handler/src/main/java/io/netty/handler/ssl/SslContext.java
View File

@ -998,7 +998,7 @@ public abstract class SslContext {
static KeyStore buildKeyStore(X509Certificate[] certChain, PrivateKey key, char[] keyPasswordChars) static KeyStore buildKeyStore(X509Certificate[] certChain, PrivateKey key, char[] keyPasswordChars)
throws KeyStoreException, NoSuchAlgorithmException, throws KeyStoreException, NoSuchAlgorithmException,
CertificateException, IOException { CertificateException, IOException {
KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, null); ks.load(null, null);
ks.setKeyEntry("key", key, keyPasswordChars, certChain); ks.setKeyEntry("key", key, keyPasswordChars, certChain);
return ks; return ks;
@ -1040,7 +1040,7 @@ public abstract class SslContext {
return KeyFactory.getInstance("DSA").generatePrivate(encodedKeySpec); return KeyFactory.getInstance("DSA").generatePrivate(encodedKeySpec);
} catch (InvalidKeySpecException ignore2) { } catch (InvalidKeySpecException ignore2) {
try { try {
return KeyFactory.getInstance("EC").generatePrivate(encodedKeySpec); return KeyFactory.getInstance("EC").generatePrivate(encodedKeySpec);
} catch (InvalidKeySpecException e) { } catch (InvalidKeySpecException e) {
throw new InvalidKeySpecException("Neither RSA, DSA nor EC worked", e); throw new InvalidKeySpecException("Neither RSA, DSA nor EC worked", e);
} }
@ -1107,7 +1107,7 @@ public abstract class SslContext {
static TrustManagerFactory buildTrustManagerFactory( static TrustManagerFactory buildTrustManagerFactory(
X509Certificate[] certCollection, TrustManagerFactory trustManagerFactory) X509Certificate[] certCollection, TrustManagerFactory trustManagerFactory)
throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException { throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
KeyStore ks = KeyStore.getInstance("JKS"); final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, null); ks.load(null, null);
int i = 1; int i = 1;
@ -1146,11 +1146,7 @@ public abstract class SslContext {
KeyManagerFactory kmf) KeyManagerFactory kmf)
throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException,
CertificateException, IOException { CertificateException, IOException {
String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); return buildKeyManagerFactory(certChain, KeyManagerFactory.getDefaultAlgorithm(), key, keyPassword, kmf);
if (algorithm == null) {
algorithm = "SunX509";
}
return buildKeyManagerFactory(certChain, algorithm, key, keyPassword, kmf);
} }
static KeyManagerFactory buildKeyManagerFactory(X509Certificate[] certChainFile, static KeyManagerFactory buildKeyManagerFactory(X509Certificate[] certChainFile,