diff options
| author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-01-03 16:41:18 +0100 |
|---|---|---|
| committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-01-03 16:41:18 +0100 |
| commit | f8a9a9ebfb2c327fba84983672653176f1c99b70 (patch) | |
| tree | 23e150cd7923cffa79a8dbe20087d4704bf78a94 /jdisc_http_service | |
| parent | ded1d3f4e61278c47209efd9b1b1bdb984439651 (diff) | |
Workaround for Jetty truststore without password
Jetty no longer allows truststore without password. If not password is
specified, the truststore password defaults to the keystore password.
The Jetty change broke JDisc applications using keystore with password
in combination with truststore without password.
Diffstat (limited to 'jdisc_http_service')
2 files changed, 35 insertions, 1 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java index 981d4219158..1f2fb40f42f 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java @@ -94,7 +94,7 @@ public class ConnectorFactory { private SslConnectionFactory newSslConnectionFactory() { Ssl sslConfig = connectorConfig.ssl(); - SslContextFactory factory = new SslContextFactory(); + SslContextFactory factory = new JDiscSslContextFactory(); sslKeyStoreConfigurator.configure(new DefaultSslKeyStoreContext(factory)); sslTrustStoreConfigurator.configure(new DefaultSslTrustStoreContext(factory)); diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JDiscSslContextFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JDiscSslContextFactory.java new file mode 100644 index 00000000000..78c13ed56b0 --- /dev/null +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JDiscSslContextFactory.java @@ -0,0 +1,34 @@ +// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.jdisc.http.server.jetty; + +import org.eclipse.jetty.util.resource.Resource; +import org.eclipse.jetty.util.security.CertificateUtils; +import org.eclipse.jetty.util.ssl.SslContextFactory; + +import java.security.KeyStore; +import java.util.Objects; + +/** + * @author bjorncs + */ +class JDiscSslContextFactory extends SslContextFactory { + + private String trustStorePassword; + + @Override + public void setTrustStorePassword(String password) { + super.setTrustStorePassword(password); + this.trustStorePassword = password; + } + + + // Overriden to stop Jetty from using the keystore password if no truststore password is specified. + @Override + protected KeyStore loadTrustStore(Resource resource) throws Exception { + return CertificateUtils.getKeyStore( + resource != null ? resource : getKeyStoreResource(), + Objects.toString(getTrustStoreType(), getKeyStoreType()), + Objects.toString(getTrustStoreProvider(), getKeyStoreProvider()), + trustStorePassword); + } +} |