Skip to content

Commit

Permalink
Extracting SSLContext creation from config to new method.
Browse files Browse the repository at this point in the history
  • Loading branch information
arankin-irl committed Dec 12, 2018
1 parent 400839a commit 31d8dd5
Showing 1 changed file with 52 additions and 48 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -225,64 +225,68 @@ public SSLContext createSSLContext(ZKConfig config) throws SSLContextException {
"' provided in the property '" + sslClientContextProperty + "'", e);
}
} else {
KeyManager[] keyManagers = null;
TrustManager[] trustManagers = null;
return createSSLContextFromConfig(config);
}
}

String keyStoreLocationProp = config.getProperty(sslKeystoreLocationProperty, "");
String keyStorePasswordProp = config.getProperty(sslKeystorePasswdProperty, "");
String keyStoreTypeProp = config.getProperty(sslKeystoreTypeProperty);
private SSLContext createSSLContextFromConfig(ZKConfig config) throws SSLContextException {
KeyManager[] keyManagers = null;
TrustManager[] trustManagers = null;

// There are legal states in some use cases for null KeyManager or TrustManager.
// But if a user wanna specify one, location is required. Password defaults to empty string if it is not
// specified by the user.
String keyStoreLocationProp = config.getProperty(sslKeystoreLocationProperty, "");
String keyStorePasswordProp = config.getProperty(sslKeystorePasswdProperty, "");
String keyStoreTypeProp = config.getProperty(sslKeystoreTypeProperty);

if (keyStoreLocationProp.isEmpty()) {
LOG.warn(getSslKeystoreLocationProperty() + " not specified");
} else {
try {
keyManagers = new KeyManager[]{
createKeyManager(keyStoreLocationProp, keyStorePasswordProp, keyStoreTypeProp)};
} catch (KeyManagerException keyManagerException) {
throw new SSLContextException("Failed to create KeyManager", keyManagerException);
} catch (IllegalArgumentException e) {
throw new SSLContextException("Bad value for " + sslKeystoreTypeProperty + ": " + keyStoreTypeProp, e);
}
}
// There are legal states in some use cases for null KeyManager or TrustManager.
// But if a user wanna specify one, location is required. Password defaults to empty string if it is not
// specified by the user.

String trustStoreLocationProp = config.getProperty(sslTruststoreLocationProperty, "");
String trustStorePasswordProp = config.getProperty(sslTruststorePasswdProperty, "");
String trustStoreTypeProp = config.getProperty(sslTruststoreTypeProperty);
if (keyStoreLocationProp.isEmpty()) {
LOG.warn(getSslKeystoreLocationProperty() + " not specified");
} else {
try {
keyManagers = new KeyManager[]{
createKeyManager(keyStoreLocationProp, keyStorePasswordProp, keyStoreTypeProp)};
} catch (KeyManagerException keyManagerException) {
throw new SSLContextException("Failed to create KeyManager", keyManagerException);
} catch (IllegalArgumentException e) {
throw new SSLContextException("Bad value for " + sslKeystoreTypeProperty + ": " + keyStoreTypeProp, e);
}
}

boolean sslCrlEnabled = config.getBoolean(this.sslCrlEnabledProperty);
boolean sslOcspEnabled = config.getBoolean(this.sslOcspEnabledProperty);
boolean sslServerHostnameVerificationEnabled =
config.getBoolean(this.getSslHostnameVerificationEnabledProperty(), true);
boolean sslClientHostnameVerificationEnabled =
sslServerHostnameVerificationEnabled && shouldVerifyClientHostname();
String trustStoreLocationProp = config.getProperty(sslTruststoreLocationProperty, "");
String trustStorePasswordProp = config.getProperty(sslTruststorePasswdProperty, "");
String trustStoreTypeProp = config.getProperty(sslTruststoreTypeProperty);

if (trustStoreLocationProp.isEmpty()) {
LOG.warn(getSslTruststoreLocationProperty() + " not specified");
} else {
try {
trustManagers = new TrustManager[]{
createTrustManager(trustStoreLocationProp, trustStorePasswordProp, trustStoreTypeProp, sslCrlEnabled, sslOcspEnabled,
sslServerHostnameVerificationEnabled, sslClientHostnameVerificationEnabled)};
} catch (TrustManagerException trustManagerException) {
throw new SSLContextException("Failed to create TrustManager", trustManagerException);
} catch (IllegalArgumentException e) {
throw new SSLContextException("Bad value for " + sslTruststoreTypeProperty + ": " + trustStoreTypeProp, e);
}
}
boolean sslCrlEnabled = config.getBoolean(this.sslCrlEnabledProperty);
boolean sslOcspEnabled = config.getBoolean(this.sslOcspEnabledProperty);
boolean sslServerHostnameVerificationEnabled =
config.getBoolean(this.getSslHostnameVerificationEnabledProperty(), true);
boolean sslClientHostnameVerificationEnabled =
sslServerHostnameVerificationEnabled && shouldVerifyClientHostname();

String protocol = System.getProperty(sslProtocolProperty, DEFAULT_PROTOCOL);
if (trustStoreLocationProp.isEmpty()) {
LOG.warn(getSslTruststoreLocationProperty() + " not specified");
} else {
try {
SSLContext sslContext = SSLContext.getInstance(protocol);
sslContext.init(keyManagers, trustManagers, null);
return sslContext;
} catch (NoSuchAlgorithmException | KeyManagementException sslContextInitException) {
throw new SSLContextException(sslContextInitException);
trustManagers = new TrustManager[]{
createTrustManager(trustStoreLocationProp, trustStorePasswordProp, trustStoreTypeProp, sslCrlEnabled, sslOcspEnabled,
sslServerHostnameVerificationEnabled, sslClientHostnameVerificationEnabled)};
} catch (TrustManagerException trustManagerException) {
throw new SSLContextException("Failed to create TrustManager", trustManagerException);
} catch (IllegalArgumentException e) {
throw new SSLContextException("Bad value for " + sslTruststoreTypeProperty + ": " + trustStoreTypeProp, e);
}
}

String protocol = System.getProperty(sslProtocolProperty, DEFAULT_PROTOCOL);
try {
SSLContext sslContext = SSLContext.getInstance(protocol);
sslContext.init(keyManagers, trustManagers, null);
return sslContext;
} catch (NoSuchAlgorithmException | KeyManagementException sslContextInitException) {
throw new SSLContextException(sslContextInitException);
}
}

/**
Expand Down

0 comments on commit 31d8dd5

Please sign in to comment.