Mark some methods as protected to make it easier to write own SslContext implementations (#10953)
Motivation: We should expose some methods as protected to make it easier to write custom SslContext implementations. This will be reused by the code for https://github.com/netty/netty-incubator-codec-quic/issues/97 Modifications: - Add protected to some static methods which are useful for sub-classes - Remove some unused methods - Move *Wrapper classes to util package and make these public Result: Easier to write custom SslContext implementations
This commit is contained in:
parent
8cae1ed959
commit
ae3eebf11b
@ -286,7 +286,8 @@ public final class JdkSslClientContext extends JdkSslContext {
|
||||
trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory, keyStore);
|
||||
}
|
||||
if (keyCertChain != null) {
|
||||
keyManagerFactory = buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory, keyStore);
|
||||
keyManagerFactory = buildKeyManagerFactory(keyCertChain, null,
|
||||
key, keyPassword, keyManagerFactory, keyStore);
|
||||
}
|
||||
SSLContext ctx = sslContextProvider == null ? SSLContext.getInstance(PROTOCOL)
|
||||
: SSLContext.getInstance(PROTOCOL, sslContextProvider);
|
||||
|
@ -263,7 +263,8 @@ public final class JdkSslServerContext extends JdkSslContext {
|
||||
trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory, keyStore);
|
||||
}
|
||||
if (key != null) {
|
||||
keyManagerFactory = buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory, null);
|
||||
keyManagerFactory = buildKeyManagerFactory(keyCertChain, null,
|
||||
key, keyPassword, keyManagerFactory, null);
|
||||
}
|
||||
|
||||
// Initialize the SSLContext to work with our key managers.
|
||||
|
@ -49,8 +49,7 @@ import javax.security.auth.x500.X500Principal;
|
||||
* {@link ReferenceCountedOpenSslEngine} is called which uses this class's JNI resources the JVM may crash.
|
||||
*/
|
||||
public final class ReferenceCountedOpenSslClientContext extends ReferenceCountedOpenSslContext {
|
||||
private static final InternalLogger logger =
|
||||
InternalLoggerFactory.getInstance(ReferenceCountedOpenSslClientContext.class);
|
||||
|
||||
private static final Set<String> SUPPORTED_KEY_TYPES = Collections.unmodifiableSet(new LinkedHashSet<String>(
|
||||
Arrays.asList(OpenSslKeyMaterialManager.KEY_TYPE_RSA,
|
||||
OpenSslKeyMaterialManager.KEY_TYPE_DH_RSA,
|
||||
|
@ -1061,6 +1061,7 @@ public abstract class SslContext {
|
||||
* {@code key}
|
||||
* @throws InvalidAlgorithmParameterException if decryption algorithm parameters are somehow faulty
|
||||
*/
|
||||
@Deprecated
|
||||
protected static PKCS8EncodedKeySpec generateKeySpec(char[] password, byte[] key)
|
||||
throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException,
|
||||
InvalidKeyException, InvalidAlgorithmParameterException {
|
||||
@ -1090,7 +1091,7 @@ public abstract class SslContext {
|
||||
* @param keyStoreType The KeyStore Type you want to use
|
||||
* @return generated {@link KeyStore}.
|
||||
*/
|
||||
static KeyStore buildKeyStore(X509Certificate[] certChain, PrivateKey key,
|
||||
protected static KeyStore buildKeyStore(X509Certificate[] certChain, PrivateKey key,
|
||||
char[] keyPasswordChars, String keyStoreType)
|
||||
throws KeyStoreException, NoSuchAlgorithmException,
|
||||
CertificateException, IOException {
|
||||
@ -1103,7 +1104,7 @@ public abstract class SslContext {
|
||||
return ks;
|
||||
}
|
||||
|
||||
static PrivateKey toPrivateKey(File keyFile, String keyPassword) throws NoSuchAlgorithmException,
|
||||
protected static PrivateKey toPrivateKey(File keyFile, String keyPassword) throws NoSuchAlgorithmException,
|
||||
NoSuchPaddingException, InvalidKeySpecException,
|
||||
InvalidAlgorithmParameterException,
|
||||
KeyException, IOException {
|
||||
@ -1113,7 +1114,8 @@ public abstract class SslContext {
|
||||
return getPrivateKeyFromByteBuffer(PemReader.readPrivateKey(keyFile), keyPassword);
|
||||
}
|
||||
|
||||
static PrivateKey toPrivateKey(InputStream keyInputStream, String keyPassword) throws NoSuchAlgorithmException,
|
||||
protected static PrivateKey toPrivateKey(InputStream keyInputStream, String keyPassword)
|
||||
throws NoSuchAlgorithmException,
|
||||
NoSuchPaddingException, InvalidKeySpecException,
|
||||
InvalidAlgorithmParameterException,
|
||||
KeyException, IOException {
|
||||
@ -1157,7 +1159,7 @@ public abstract class SslContext {
|
||||
protected static TrustManagerFactory buildTrustManagerFactory(
|
||||
File certChainFile, TrustManagerFactory trustManagerFactory)
|
||||
throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
|
||||
return buildTrustManagerFactory(certChainFile, trustManagerFactory, KeyStore.getDefaultType());
|
||||
return buildTrustManagerFactory(certChainFile, trustManagerFactory, null);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1167,7 +1169,7 @@ public abstract class SslContext {
|
||||
* @param keyType The KeyStore Type you want to use
|
||||
* @return A {@link TrustManagerFactory} which contains the certificates in {@code certChainFile}
|
||||
*/
|
||||
static TrustManagerFactory buildTrustManagerFactory(
|
||||
protected static TrustManagerFactory buildTrustManagerFactory(
|
||||
File certChainFile, TrustManagerFactory trustManagerFactory, String keyType)
|
||||
throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
|
||||
X509Certificate[] x509Certs = toX509Certificates(certChainFile);
|
||||
@ -1175,14 +1177,14 @@ public abstract class SslContext {
|
||||
return buildTrustManagerFactory(x509Certs, trustManagerFactory, keyType);
|
||||
}
|
||||
|
||||
static X509Certificate[] toX509Certificates(File file) throws CertificateException {
|
||||
protected static X509Certificate[] toX509Certificates(File file) throws CertificateException {
|
||||
if (file == null) {
|
||||
return null;
|
||||
}
|
||||
return getCertificatesFromBuffers(PemReader.readCertificates(file));
|
||||
}
|
||||
|
||||
static X509Certificate[] toX509Certificates(InputStream in) throws CertificateException {
|
||||
protected static X509Certificate[] toX509Certificates(InputStream in) throws CertificateException {
|
||||
if (in == null) {
|
||||
return null;
|
||||
}
|
||||
@ -1215,7 +1217,7 @@ public abstract class SslContext {
|
||||
return x509Certs;
|
||||
}
|
||||
|
||||
static TrustManagerFactory buildTrustManagerFactory(
|
||||
protected static TrustManagerFactory buildTrustManagerFactory(
|
||||
X509Certificate[] certCollection, TrustManagerFactory trustManagerFactory, String keyStoreType)
|
||||
throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
|
||||
if (keyStoreType == null) {
|
||||
@ -1256,41 +1258,29 @@ public abstract class SslContext {
|
||||
}
|
||||
}
|
||||
|
||||
static KeyManagerFactory buildKeyManagerFactory(X509Certificate[] certChain, PrivateKey key, String keyPassword,
|
||||
KeyManagerFactory kmf, String keyStoreType)
|
||||
throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException,
|
||||
CertificateException, IOException {
|
||||
return buildKeyManagerFactory(certChain, KeyManagerFactory.getDefaultAlgorithm(), key,
|
||||
keyPassword, kmf, keyStoreType);
|
||||
}
|
||||
|
||||
static KeyManagerFactory buildKeyManagerFactory(X509Certificate[] certChainFile,
|
||||
protected static KeyManagerFactory buildKeyManagerFactory(X509Certificate[] certChainFile,
|
||||
String keyAlgorithm, PrivateKey key,
|
||||
String keyPassword, KeyManagerFactory kmf,
|
||||
String keyStore)
|
||||
throws KeyStoreException, NoSuchAlgorithmException, IOException,
|
||||
CertificateException, UnrecoverableKeyException {
|
||||
if (keyAlgorithm == null) {
|
||||
keyAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
|
||||
}
|
||||
char[] keyPasswordChars = keyStorePassword(keyPassword);
|
||||
KeyStore ks = buildKeyStore(certChainFile, key, keyPasswordChars, keyStore);
|
||||
return buildKeyManagerFactory(ks, keyAlgorithm, keyPasswordChars, kmf);
|
||||
}
|
||||
|
||||
static KeyManagerFactory buildKeyManagerFactory(X509Certificate[] certChainFile,
|
||||
String keyAlgorithm, PrivateKey key,
|
||||
String keyPassword, KeyManagerFactory kmf)
|
||||
throws KeyStoreException, NoSuchAlgorithmException, IOException,
|
||||
CertificateException, UnrecoverableKeyException {
|
||||
char[] keyPasswordChars = keyStorePassword(keyPassword);
|
||||
KeyStore ks = buildKeyStore(certChainFile, key, keyPasswordChars, KeyStore.getDefaultType());
|
||||
return buildKeyManagerFactory(ks, keyAlgorithm, keyPasswordChars, kmf);
|
||||
}
|
||||
|
||||
static KeyManagerFactory buildKeyManagerFactory(KeyStore ks,
|
||||
String keyAlgorithm,
|
||||
char[] keyPasswordChars, KeyManagerFactory kmf)
|
||||
throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
|
||||
// Set up key manager factory to use our key store
|
||||
if (kmf == null) {
|
||||
if (keyAlgorithm == null) {
|
||||
keyAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
|
||||
}
|
||||
kmf = KeyManagerFactory.getInstance(keyAlgorithm);
|
||||
}
|
||||
kmf.init(ks, keyPasswordChars);
|
||||
|
@ -16,6 +16,8 @@
|
||||
|
||||
package io.netty.handler.ssl;
|
||||
|
||||
import io.netty.handler.ssl.util.KeyManagerFactoryWrapper;
|
||||
import io.netty.handler.ssl.util.TrustManagerFactoryWrapper;
|
||||
import io.netty.util.internal.UnstableApi;
|
||||
|
||||
import javax.net.ssl.KeyManager;
|
||||
|
@ -14,19 +14,18 @@
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package io.netty.handler.ssl;
|
||||
package io.netty.handler.ssl.util;
|
||||
|
||||
import io.netty.handler.ssl.util.SimpleKeyManagerFactory;
|
||||
import io.netty.util.internal.ObjectUtil;
|
||||
|
||||
import java.security.KeyStore;
|
||||
import javax.net.ssl.KeyManager;
|
||||
import javax.net.ssl.ManagerFactoryParameters;
|
||||
|
||||
final class KeyManagerFactoryWrapper extends SimpleKeyManagerFactory {
|
||||
public final class KeyManagerFactoryWrapper extends SimpleKeyManagerFactory {
|
||||
private final KeyManager km;
|
||||
|
||||
KeyManagerFactoryWrapper(KeyManager km) {
|
||||
public KeyManagerFactoryWrapper(KeyManager km) {
|
||||
this.km = ObjectUtil.checkNotNull(km, "km");
|
||||
}
|
||||
|
@ -14,19 +14,18 @@
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package io.netty.handler.ssl;
|
||||
package io.netty.handler.ssl.util;
|
||||
|
||||
import io.netty.handler.ssl.util.SimpleTrustManagerFactory;
|
||||
import io.netty.util.internal.ObjectUtil;
|
||||
|
||||
import java.security.KeyStore;
|
||||
import javax.net.ssl.ManagerFactoryParameters;
|
||||
import javax.net.ssl.TrustManager;
|
||||
|
||||
final class TrustManagerFactoryWrapper extends SimpleTrustManagerFactory {
|
||||
public final class TrustManagerFactoryWrapper extends SimpleTrustManagerFactory {
|
||||
private final TrustManager tm;
|
||||
|
||||
TrustManagerFactoryWrapper(TrustManager tm) {
|
||||
public TrustManagerFactoryWrapper(TrustManager tm) {
|
||||
this.tm = ObjectUtil.checkNotNull(tm, "tm");
|
||||
}
|
||||
|
@ -2947,7 +2947,8 @@ public abstract class SSLEngineTest {
|
||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||
KeyManagerFactory kmf = useKeyManagerFactory ?
|
||||
SslContext.buildKeyManagerFactory(
|
||||
new java.security.cert.X509Certificate[] { ssc.cert()}, ssc.key(), null, null, null) : null;
|
||||
new java.security.cert.X509Certificate[] { ssc.cert()}, null,
|
||||
ssc.key(), null, null, null) : null;
|
||||
|
||||
SslContextBuilder clientContextBuilder = SslContextBuilder.forClient();
|
||||
if (mutualAuth) {
|
||||
@ -3509,7 +3510,7 @@ public abstract class SSLEngineTest {
|
||||
throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException,
|
||||
CertificateException, IOException {
|
||||
return SslContext.buildKeyManagerFactory(
|
||||
new java.security.cert.X509Certificate[] { ssc.cert() }, ssc.key(), null, null, null);
|
||||
new java.security.cert.X509Certificate[] { ssc.cert() }, null, ssc.key(), null, null, null);
|
||||
}
|
||||
|
||||
private final class TestTrustManagerFactory extends X509ExtendedTrustManager {
|
||||
|
@ -260,7 +260,7 @@ final class SniClientJava8TestUtil {
|
||||
IOException, CertificateException {
|
||||
return new SniX509KeyManagerFactory(
|
||||
new SNIHostName(hostname), SslContext.buildKeyManagerFactory(
|
||||
new X509Certificate[] { cert.cert() }, cert.key(), null, null, null));
|
||||
new X509Certificate[] { cert.cert() }, null, cert.key(), null, null, null));
|
||||
}
|
||||
|
||||
private static final class SniX509KeyManagerFactory extends KeyManagerFactory {
|
||||
|
@ -113,7 +113,8 @@ public class SniClientTest {
|
||||
KeyManagerFactory kmf = PlatformDependent.javaVersion() >= 8 ?
|
||||
SniClientJava8TestUtil.newSniX509KeyManagerFactory(cert, sniHostName) :
|
||||
SslContext.buildKeyManagerFactory(
|
||||
new X509Certificate[] { cert.cert() }, cert.key(), null, null, null);
|
||||
new X509Certificate[] { cert.cert() }, null,
|
||||
cert.key(), null, null, null);
|
||||
|
||||
sslServerContext = SslContextBuilder.forServer(kmf)
|
||||
.sslProvider(sslServerProvider)
|
||||
|
Loading…
Reference in New Issue
Block a user