private void testKeyStore(KeyCertOptions options) throws Exception { KeyStoreHelper helper = KeyStoreHelper.create((VertxInternal) vertx, options); KeyStore keyStore = helper.store(); Enumeration<String> aliases = keyStore.aliases(); assertTrue(aliases.hasMoreElements()); KeyManager[] keyManagers = helper.getKeyMgr(); assertTrue(keyManagers.length > 0); }
public static KeyStoreHelper create(VertxInternal vertx, TrustOptions options) throws Exception { if (options instanceof KeyCertOptions) { return create(vertx, (KeyCertOptions) options); } else if (options instanceof PemTrustOptions) { PemTrustOptions trustOptions = (PemTrustOptions) options; Stream<Buffer> certValues = trustOptions. getCertPaths(). stream(). map(path -> vertx.resolveFile(path).getAbsolutePath()). map(vertx.fileSystem()::readFileBlocking); certValues = Stream.concat(certValues, trustOptions.getCertValues().stream()); return new KeyStoreHelper(loadCA(certValues), null); } else { return null; } }
private static KeyStore loadKeyCert(List<Buffer> keyValue, List<Buffer> certValue) throws Exception { if (keyValue.size() < certValue.size()) { throw new VertxException("Missing private key"); } else if (keyValue.size() > certValue.size()) { throw new VertxException("Missing X.509 certificate"); } final KeyStore keyStore = createEmptyKeyStore(); Iterator<Buffer> keyValueIt = keyValue.iterator(); Iterator<Buffer> certValueIt = certValue.iterator(); int index = 0; while (keyValueIt.hasNext() && certValueIt.hasNext()) { PrivateKey key = loadPrivateKey(keyValueIt.next()); Certificate[] chain = loadCerts(certValueIt.next()); keyStore.setEntry("dummy-entry-" + index++, new KeyStore.PrivateKeyEntry(key, chain), new KeyStore.PasswordProtection(DUMMY_PASSWORD.toCharArray())); } return keyStore; }
/** * Create and return the trust manager factory for these options. * <p> * The returned trust manager factory should be already initialized and ready to use. * * @param vertx the vertx instance * @return the trust manager factory */ default TrustManagerFactory getTrustManagerFactory(Vertx vertx) throws Exception { return KeyStoreHelper.create((VertxInternal) vertx, this).getTrustMgrFactory((VertxInternal) vertx); }
/** * Create and return the key manager factory for these options. * <p> * The returned key manager factory should be already initialized and ready to use. * * @param vertx the vertx instance * @return the key manager factory */ default KeyManagerFactory getKeyManagerFactory(Vertx vertx) throws Exception { return KeyStoreHelper.create((VertxInternal) vertx, this).getKeyMgrFactory(); }
private static KeyStore loadCA(Stream<Buffer> certValues) throws Exception { final KeyStore keyStore = createEmptyKeyStore(); keyStore.load(null, null); int count = 0; Iterable<Buffer> iterable = certValues::iterator; for (Buffer certValue : iterable) { for (Certificate cert : loadCerts(certValue)) { keyStore.setCertificateEntry(DUMMY_CERT_ALIAS + count++, cert); } } return keyStore; }
/** * Returns a function that maps SNI server names to a {@link TrustManagerFactory} instance. * * The returned {@code TrustManagerFactory} must already be initialized and ready to use. * * The mapper is only used when the server has SNI enabled and the client indicated a server name. * <p/> * The returned function may return {@code null} in which case {@link #getTrustManagerFactory(Vertx)} is used as fallback. * * @param vertx the vertx instance * @return the trustManager */ default Function<String, TrustManager[]> trustManagerMapper(Vertx vertx) throws Exception { KeyStoreHelper helper = KeyStoreHelper.create((VertxInternal) vertx, this); return helper != null ? helper::getTrustMgr : null; } }
private void testTrustStore(TrustOptions options) throws Exception { KeyStoreHelper helper = KeyStoreHelper.create((VertxInternal) vertx, options); TrustManager[] keyManagers = helper.getTrustMgrs((VertxInternal) vertx); assertTrue(keyManagers.length > 0); }
return null; return new KeyStoreHelper(loadJKSOrPKCS12("JKS", jks.getPassword(), value), jks.getPassword()); } else if (options instanceof PfxOptions) { PfxOptions pkcs12 = (PfxOptions) options; return null; return new KeyStoreHelper(loadJKSOrPKCS12("PKCS12", pkcs12.getPassword(), value), pkcs12.getPassword()); } else if (options instanceof PemKeyCertOptions) { PemKeyCertOptions keyCert = (PemKeyCertOptions) options; return new KeyStoreHelper(loadKeyCert(keys, certs), DUMMY_PASSWORD); } else { return null;
Certificate cert = ks.getCertificate(alias); if (ks.isCertificateEntry(alias) && ! alias.startsWith(DUMMY_CERT_ALIAS)){ final KeyStore keyStore = createEmptyKeyStore(); keyStore.setCertificateEntry("cert-1", cert); TrustManagerFactory fact = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); domains.addAll(getX509CertificateCommonNames(dn)); if (!domains.isEmpty()) { PrivateKey key = (PrivateKey) ks.getKey(alias, password != null ? password.toCharArray() : null);
public static String cnOf(X509Certificate cert) throws Exception { String dn = cert.getSubjectDN().getName(); List<String> names = KeyStoreHelper.getX509CertificateCommonNames(dn); return names.isEmpty() ? null : names.get(0); }
public TrustManager[] getTrustMgrs(VertxInternal vertx) throws Exception { return getTrustMgrFactory(vertx).getTrustManagers(); }
public KeyManager[] getKeyMgr() throws Exception { return getKeyMgrFactory().getKeyManagers(); }
/** * Returns a function that maps SNI server names to {@link X509KeyManager} instance. * * The returned {@code X509KeyManager} must satisfies these rules: * * <ul> * <li>{@link X509KeyManager#getPrivateKey(String)} returns the private key for the indicated server name, * the {@code alias} parameter will be {@code null}.</li> * <li>{@link X509KeyManager#getCertificateChain(String)} returns the certificate chain for the indicated server name, * the {@code alias} parameter will be {@code null}.</li> * </ul> * * The mapper is only used when the server has SNI enabled and the client indicated a server name. * <p> * The returned function may return null in which case the default key manager provided by {@link #getKeyManagerFactory(Vertx)} * will be used. * */ default Function<String, X509KeyManager> keyManagerMapper(Vertx vertx) throws Exception { KeyStoreHelper helper = KeyStoreHelper.create((VertxInternal) vertx, this); return helper::getKeyMgr; } }
/** * Create and return the trust manager factory for these options. * <p> * The returned trust manager factory should be already initialized and ready to use. * * @param vertx the vertx instance * @return the trust manager factory */ default TrustManagerFactory getTrustManagerFactory(Vertx vertx) throws Exception { return KeyStoreHelper.create((VertxInternal) vertx, this).getTrustMgrFactory((VertxInternal) vertx); }
/** * Create and return the key manager factory for these options. * <p> * The returned key manager factory should be already initialized and ready to use. * * @param vertx the vertx instance * @return the key manager factory */ default KeyManagerFactory getKeyManagerFactory(Vertx vertx) throws Exception { return KeyStoreHelper.create((VertxInternal) vertx, this).getKeyMgrFactory(); }
private void testTrustStore(TrustOptions options) throws Exception { KeyStoreHelper helper = KeyStoreHelper.create((VertxInternal) vertx, options); TrustManager[] keyManagers = helper.getTrustMgrs((VertxInternal) vertx); assertTrue(keyManagers.length > 0); }
return null; return new KeyStoreHelper(loadJKSOrPKCS12("JKS", jks.getPassword(), value), jks.getPassword()); } else if (options instanceof PfxOptions) { PfxOptions pkcs12 = (PfxOptions) options; return null; return new KeyStoreHelper(loadJKSOrPKCS12("PKCS12", pkcs12.getPassword(), value), pkcs12.getPassword()); } else if (options instanceof PemKeyCertOptions) { PemKeyCertOptions keyCert = (PemKeyCertOptions) options; return new KeyStoreHelper(loadKeyCert(keys, certs), DUMMY_PASSWORD); } else { return null;
Certificate cert = ks.getCertificate(alias); if (ks.isCertificateEntry(alias) && ! alias.startsWith(DUMMY_CERT_ALIAS)){ final KeyStore keyStore = createEmptyKeyStore(); keyStore.setCertificateEntry("cert-1", cert); TrustManagerFactory fact = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); domains.addAll(getX509CertificateCommonNames(dn)); if (!domains.isEmpty()) { PrivateKey key = (PrivateKey) ks.getKey(alias, password != null ? password.toCharArray() : null);