[GitHub] [maven-wagon] mthmulders commented on a change in pull request #67: Feature/MNG-5583 per endpoint support for PKI authentication

Mon, 18 May 2020 23:05:19 -0700 


mthmulders commented on a change in pull request #67:
URL: https://github.com/apache/maven-wagon/pull/67#discussion_r427049478



##########
File path: 
wagon-providers/wagon-http-shared/src/main/java/org/apache/maven/wagon/shared/http/AbstractHttpClientWagon.java
##########
@@ -593,13 +603,189 @@ private static CloseableHttpClient createClient()
      */
     private BasicAuthScope proxyAuth;
 
+    /**
+     * initializes a custom http client given user specified 
keystore/truststore
+     * information from settings.xml
+     * see httsp://issues.apache.org/jira/browser/MNG-5583
+     * @return a client
+     * @throws SSLInitializationException if there's an issue loading 
keystore/truststore
+     */
+    private CloseableHttpClient 
initilaizeLocalHttpClientWithCustomSslSocketFactory() throws 
SSLInitializationException 
+    {
+        String sslProtocolsStr = System.getProperty( "https.protocols" );
+        String cipherSuitesStr = System.getProperty( "https.cipherSuites" );
+        String[] sslProtocols = sslProtocolsStr != null ? 
sslProtocolsStr.split( " *, *" ) : null;
+        String[] cipherSuites = cipherSuitesStr != null ? 
cipherSuitesStr.split( " *, *" ) : null;
+
+        SSLSocketFactory socketFactory = null;
+        TrustManager[] trustManagers = null;
+        KeyManager[] keyManagers = null;
+        try 
+        {
+            if ( authenticationInfo.getTrustStore() != null ) 
+            {
+                KeyStore keystore = KeyStore.getInstance( 
authenticationInfo.getTrustStoreType() == null ? "JKS"
+                        : authenticationInfo.getTrustStoreType() );
+                FileInputStream fis = null;
+                //on windows platforms, the truststoreType of "WINDOWS" mounts
+                //to the windows certificate store, so a null input stream is 
just fine
+                File file = new File( ( authenticationInfo.getTrustStore() ) );
+                if ( file.exists() ) 
+                {
+                    fis = new FileInputStream( file );
+                } 
+                //also a null password is fine with windows and even with JKS 
files
+                char[] keyPass = authenticationInfo.getTrustStorePassword() != 
null
+                        ? 
authenticationInfo.getTrustStorePassword().toCharArray()
+                        : null;
+                keystore.load( fis, keyPass );
+                if ( keyPass != null ) 

Review comment:
       I assume you're doing this to clean up the password from memory, but it 
currently still resides in the `authenticationInfo` variable. So I think it has 
little to no effect.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to