This is an automated email from the ASF dual-hosted git repository.
liubao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-java-chassis.git
The following commit(s) were added to refs/heads/master by this push:
new 7ce04f5 [SCB-1856]support reading certificates in jar (#2126)
7ce04f5 is described below
commit 7ce04f5d2f0bc4450a597a3cca3670724191f8f2
Author: bao liu <[email protected]>
AuthorDate: Sat Dec 12 15:33:24 2020 +0800
[SCB-1856]support reading certificates in jar (#2126)
---
.../org/apache/servicecomb/demo/DemoSSLCustom.java | 28 +++++++++----
.../servicecomb/foundation/ssl/KeyStoreUtil.java | 48 +++++++++++++++-------
.../servicecomb/foundation/ssl/SSLManager.java | 38 ++++++++---------
.../servicecomb/foundation/ssl/SSLManagerTest.java | 10 +++++
.../test/resources/server.ssl.resource.properties | 35 ++++++++++++++++
.../foundation/vertx/VertxTLSBuilder.java | 23 ++++++++---
6 files changed, 134 insertions(+), 48 deletions(-)
diff --git
a/demo/demo-schema/src/main/java/org/apache/servicecomb/demo/DemoSSLCustom.java
b/demo/demo-schema/src/main/java/org/apache/servicecomb/demo/DemoSSLCustom.java
index 7666e24..42601cc 100644
---
a/demo/demo-schema/src/main/java/org/apache/servicecomb/demo/DemoSSLCustom.java
+++
b/demo/demo-schema/src/main/java/org/apache/servicecomb/demo/DemoSSLCustom.java
@@ -20,6 +20,7 @@ package org.apache.servicecomb.demo;
import java.io.File;
import java.net.URL;
+import org.apache.commons.lang3.StringUtils;
import org.apache.servicecomb.foundation.ssl.SSLCustom;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -36,8 +37,21 @@ public class DemoSSLCustom extends SSLCustom {
public String getFullPath(String filename) {
LOGGER.info("current working dir :" + System.getProperty("user.dir"));
- // local
- File localFile = new File(System.getProperty("user.dir") +
"/src/main/resources/certificates/" + filename);
+ if (StringUtils.isEmpty(filename)) {
+ return null;
+ }
+
+ // local for different IDEs
+ File localFile = new File(
+ System.getProperty("user.dir") +
"/demo/demo-springmvc/springmvc-server/src/main/resources/certificates/"
+ + filename);
+ if (localFile.isFile()) {
+ return localFile.getAbsolutePath();
+ }
+
+ localFile = new File(
+ System.getProperty("user.dir") + "/src/main/resources/certificates/"
+ + filename);
if (localFile.isFile()) {
return localFile.getAbsolutePath();
}
@@ -53,12 +67,8 @@ public class DemoSSLCustom extends SSLCustom {
return localFile.getAbsolutePath();
}
- // debug
- URL url =
Thread.currentThread().getContextClassLoader().getResource("certificates/" +
filename);
- if (url == null) {
- return filename;
- }
-
- return url.getPath();
+ // in jar, maybe
+ LOGGER.info("not found file {} in file system, maybe in jar.", filename);
+ return "certificates/" + filename;
}
}
diff --git
a/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/KeyStoreUtil.java
b/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/KeyStoreUtil.java
index 63aa00e..525cf91 100644
---
a/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/KeyStoreUtil.java
+++
b/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/KeyStoreUtil.java
@@ -17,10 +17,12 @@
package org.apache.servicecomb.foundation.ssl;
+import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
+import java.net.URL;
import java.security.KeyStore;
import java.security.cert.CRL;
import java.security.cert.CRLException;
@@ -38,25 +40,43 @@ public final class KeyStoreUtil {
}
- public static KeyStore createKeyStore(String storename, String storetype,
- char[] storevalue) {
- InputStream is = null;
+ public static KeyStore createKeyStore(String storeName, String storeType,
+ char[] storeValue) {
+ if (storeName == null) {
+ return null;
+ }
+
+ File storeFile = new File(storeName);
+
try {
- KeyStore keystore = KeyStore.getInstance(storetype);
- is = new FileInputStream(storename);
- keystore.load(is, storevalue);
+ if (storeFile.isFile()) {
+ return createKeyStore(new FileInputStream(storeFile), storeType,
storeValue);
+ }
+
+ ClassLoader classLoader =
+ Thread.currentThread().getContextClassLoader() == null ?
KeyStoreUtil.class.getClassLoader()
+ : Thread.currentThread().getContextClassLoader();
+ URL resource = classLoader.getResource(storeName);
+ if (resource != null) {
+ return createKeyStore(resource.openStream(), storeType, storeValue);
+ }
+ } catch (IOException e) {
+ throw new IllegalArgumentException("Bad key store or value."
+ + e.getMessage());
+ }
+
+ return null;
+ }
+
+ public static KeyStore createKeyStore(InputStream store, String storeType,
+ char[] storeValue) {
+ try (InputStream is = store) {
+ KeyStore keystore = KeyStore.getInstance(storeType);
+ keystore.load(is, storeValue);
return keystore;
} catch (Exception e) {
throw new IllegalArgumentException("Bad key store or value."
+ e.getMessage());
- } finally {
- if (is != null) {
- try {
- is.close();
- } catch (IOException e) {
- ignore();
- }
- }
}
}
diff --git
a/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLManager.java
b/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLManager.java
index 0b28c5b..916d4b0 100644
---
a/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLManager.java
+++
b/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLManager.java
@@ -47,29 +47,29 @@ public final class SSLManager {
public static SSLContext createSSLContext(SSLOption option, SSLCustom
custom) {
try {
String keyStoreName = custom.getFullPath(option.getKeyStore());
- KeyManager[] keymanager;
- if (keyStoreName != null && new File(keyStoreName).exists()) {
- char[] keyStoreValue =
- custom.decode(option.getKeyStoreValue().toCharArray());
- KeyStore keyStore =
- KeyStoreUtil.createKeyStore(keyStoreName,
- option.getKeyStoreType(),
- keyStoreValue);
- keymanager =
+ char[] keyStoreValue = option.getKeyStoreValue() == null ? new char[0] :
+ custom.decode(option.getKeyStoreValue().toCharArray());
+ KeyStore keyStore =
+ KeyStoreUtil.createKeyStore(keyStoreName,
+ option.getKeyStoreType(),
+ keyStoreValue);
+
+ KeyManager[] keyManager = null;
+ if (keyStore != null) {
+ keyManager =
KeyStoreUtil.createKeyManagers(keyStore, keyStoreValue);
- } else {
- keymanager = null;
}
String trustStoreName = custom.getFullPath(option.getTrustStore());
+ char[] trustStoreValue = option.getTrustStoreValue() == null ? new
char[0] :
+ custom.decode(option.getTrustStoreValue().toCharArray());
+ KeyStore trustStore =
+ KeyStoreUtil.createKeyStore(trustStoreName,
+ option.getTrustStoreType(),
+ trustStoreValue);
+
TrustManager[] trustManager;
- if (trustStoreName != null && new File(trustStoreName).exists()) {
- char[] trustStoreValue =
- custom.decode(option.getTrustStoreValue().toCharArray());
- KeyStore trustStore =
- KeyStoreUtil.createKeyStore(trustStoreName,
- option.getTrustStoreType(),
- trustStoreValue);
+ if (trustStore != null) {
trustManager =
KeyStoreUtil.createTrustManagers(trustStore);
} else {
@@ -85,7 +85,7 @@ public final class SSLManager {
// ?: ssl context version
SSLContext context = SSLContext.getInstance("TLS");
- context.init(keymanager, wrapped, new SecureRandom());
+ context.init(keyManager, wrapped, new SecureRandom());
return context;
} catch (NoSuchAlgorithmException e) {
throw new IllegalArgumentException("NoSuchAlgorithmException."
diff --git
a/foundations/foundation-ssl/src/test/java/org/apache/servicecomb/foundation/ssl/SSLManagerTest.java
b/foundations/foundation-ssl/src/test/java/org/apache/servicecomb/foundation/ssl/SSLManagerTest.java
index 3121367..ac609e1 100644
---
a/foundations/foundation-ssl/src/test/java/org/apache/servicecomb/foundation/ssl/SSLManagerTest.java
+++
b/foundations/foundation-ssl/src/test/java/org/apache/servicecomb/foundation/ssl/SSLManagerTest.java
@@ -227,6 +227,16 @@ public class SSLManagerTest {
}
@Test
+ public void testCreateSSLContextResource() {
+ SSLOption option = SSLOption.build(DIR +
"/server.ssl.resource.properties");
+
+ SSLCustom custom = SSLCustom.defaultSSLCustom();
+
+ SSLContext context = SSLManager.createSSLContext(option, custom);
+ Assert.assertNotNull(context);
+ }
+
+ @Test
public void testCreateSSLContextException() {
SSLOption option = SSLOption.build(DIR + "/server.ssl.properties");
diff --git
a/foundations/foundation-ssl/src/test/resources/server.ssl.resource.properties
b/foundations/foundation-ssl/src/test/resources/server.ssl.resource.properties
new file mode 100644
index 0000000..f1327ee
--- /dev/null
+++
b/foundations/foundation-ssl/src/test/resources/server.ssl.resource.properties
@@ -0,0 +1,35 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#########SSL options
+ssl.protocols=TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello
+ssl.ciphers=TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA
+ssl.authPeer=true
+ssl.checkCN.host=true
+ssl.checkCN.white=true
+ssl.checkCN.white.file=white.list
+ssl.allowRenegociate=false
+
+#########certificates config
+ssl.storePath=internal
+ssl.trustStore=ssl/trust.jks
+ssl.trustStoreType=JKS
+ssl.trustStoreValue=Changeme_123
+ssl.keyStore=ssl/server.p12
+ssl.keyStoreType=PKCS12
+ssl.keyStoreValue=Changeme_123
+ssl.crl=revoke.crl
diff --git
a/foundations/foundation-vertx/src/main/java/org/apache/servicecomb/foundation/vertx/VertxTLSBuilder.java
b/foundations/foundation-vertx/src/main/java/org/apache/servicecomb/foundation/vertx/VertxTLSBuilder.java
index 5f8434d..74d0498 100644
---
a/foundations/foundation-vertx/src/main/java/org/apache/servicecomb/foundation/vertx/VertxTLSBuilder.java
+++
b/foundations/foundation-vertx/src/main/java/org/apache/servicecomb/foundation/vertx/VertxTLSBuilder.java
@@ -18,9 +18,12 @@
package org.apache.servicecomb.foundation.vertx;
import java.io.File;
+import java.net.URL;
import java.util.Arrays;
import java.util.HashSet;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.servicecomb.foundation.ssl.KeyStoreUtil;
import org.apache.servicecomb.foundation.ssl.SSLCustom;
import org.apache.servicecomb.foundation.ssl.SSLManager;
import org.apache.servicecomb.foundation.ssl.SSLOption;
@@ -103,12 +106,12 @@ public final class VertxTLSBuilder {
if (isFileExists(fullKeyStore)) {
if (STORE_PKCS12.equalsIgnoreCase(sslOption.getKeyStoreType())) {
PfxOptions keyPfxOptions = new PfxOptions();
- keyPfxOptions.setPath(sslCustom.getFullPath(sslOption.getKeyStore()));
+ keyPfxOptions.setPath(fullKeyStore);
keyPfxOptions.setPassword(new
String(sslCustom.decode(sslOption.getKeyStoreValue().toCharArray())));
tcpClientOptions.setPfxKeyCertOptions(keyPfxOptions);
} else if (STORE_JKS.equalsIgnoreCase(sslOption.getKeyStoreType())) {
JksOptions keyJksOptions = new JksOptions();
- keyJksOptions.setPath(sslCustom.getFullPath(sslOption.getKeyStore()));
+ keyJksOptions.setPath(fullKeyStore);
keyJksOptions.setPassword(new
String(sslCustom.decode(sslOption.getKeyStoreValue().toCharArray())));
tcpClientOptions.setKeyStoreOptions(keyJksOptions);
} else {
@@ -121,13 +124,13 @@ public final class VertxTLSBuilder {
if (isFileExists(fullTrustStore)) {
if (STORE_PKCS12.equalsIgnoreCase(sslOption.getTrustStoreType())) {
PfxOptions trustPfxOptions = new PfxOptions();
-
trustPfxOptions.setPath(sslCustom.getFullPath(sslOption.getTrustStore()));
+ trustPfxOptions.setPath(fullTrustStore);
trustPfxOptions
.setPassword(new
String(sslCustom.decode(sslOption.getTrustStoreValue().toCharArray())));
tcpClientOptions.setPfxTrustOptions(trustPfxOptions);
} else if (STORE_JKS.equalsIgnoreCase(sslOption.getTrustStoreType())) {
JksOptions trustJksOptions = new JksOptions();
-
trustJksOptions.setPath(sslCustom.getFullPath(sslOption.getTrustStore()));
+ trustJksOptions.setPath(fullTrustStore);
trustJksOptions
.setPassword(new
String(sslCustom.decode(sslOption.getTrustStoreValue().toCharArray())));
tcpClientOptions.setTrustStoreOptions(trustJksOptions);
@@ -152,10 +155,18 @@ public final class VertxTLSBuilder {
}
private static boolean isFileExists(String name) {
- if (name == null || name.isEmpty()) {
+ if (StringUtils.isEmpty(name)) {
return false;
}
File f = new File(name);
- return f.exists();
+ if (f.isFile()) {
+ return true;
+ }
+
+ ClassLoader classLoader =
+ Thread.currentThread().getContextClassLoader() == null ?
VertxTLSBuilder.class.getClassLoader()
+ : Thread.currentThread().getContextClassLoader();
+ URL resource = classLoader.getResource(name);
+ return resource != null;
}
}
