diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-07-03 14:19:03 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-07-03 15:15:56 +0200 |
commit | dd576765adf982371f489da8a21d7fd28823c755 (patch) | |
tree | b69db295b45c6b575353abd9180c4ec8a3f5b8f5 /security-utils | |
parent | fac5a80821f78cee3217b71c28ea2ddd5bc38841 (diff) |
Allow configuration of x509 key manager instance to SslContextBuilder
Diffstat (limited to 'security-utils')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java index 0ef179f775e..4f8919cdd5e 100644 --- a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java +++ b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java @@ -33,6 +33,7 @@ public class SslContextBuilder { private char[] keyStorePassword; private TrustManagerFactory trustManagerFactory = TrustManagerUtils::createDefaultX509TrustManager; private KeyManagerFactory keyManagerFactory = KeyManagerUtils::createDefaultX509KeyManager; + private X509ExtendedKeyManager keyManager; public SslContextBuilder() {} @@ -110,11 +111,23 @@ public class SslContextBuilder { return this; } + /** + * Note: Callee is responsible for configuring the key manager. + * Any keystore configured by {@link #withKeyStore(KeyStore, char[])} or the other overloads will be ignored. + */ + public SslContextBuilder withKeyManager(X509ExtendedKeyManager keyManager) { + this.keyManager = keyManager; + return this; + } + public SSLContext build() { try { SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); TrustManager[] trustManagers = new TrustManager[] { trustManagerFactory.createTrustManager(trustStoreSupplier.get()) }; - KeyManager[] keyManagers = new KeyManager[] { keyManagerFactory.createKeyManager(keyStoreSupplier.get(), keyStorePassword) }; + X509ExtendedKeyManager keyManager = this.keyManager != null + ? this.keyManager + : keyManagerFactory.createKeyManager(keyStoreSupplier.get(), keyStorePassword); + KeyManager[] keyManagers = new KeyManager[] {keyManager}; sslContext.init(keyManagers, trustManagers, null); return sslContext; } catch (GeneralSecurityException e) { |