Allow configuration of x509 key manager instance to SslContextBuilder

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-07-03 14:19:03 +0200
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-07-03 15:15:56 +0200
commit: dd576765adf982371f489da8a21d7fd28823c755 (patch)
tree: b69db295b45c6b575353abd9180c4ec8a3f5b8f5 /security-utils
parent: fac5a80821f78cee3217b71c28ea2ddd5bc38841 (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
index 0ef179f775e..4f8919cdd5e 100644
--- a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
+++ b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
@@ -33,6 +33,7 @@ public class SslContextBuilder {
     private char[] keyStorePassword;
     private TrustManagerFactory trustManagerFactory = TrustManagerUtils::createDefaultX509TrustManager;
     private KeyManagerFactory keyManagerFactory = KeyManagerUtils::createDefaultX509KeyManager;
+    private X509ExtendedKeyManager keyManager;
 
     public SslContextBuilder() {}
 
@@ -110,11 +111,23 @@ public class SslContextBuilder {
         return this;
     }
 
+    /**
+     * Note: Callee is responsible for configuring the key manager.
+     *       Any keystore configured by {@link #withKeyStore(KeyStore, char[])} or the other overloads will be ignored.
+     */
+    public SslContextBuilder withKeyManager(X509ExtendedKeyManager keyManager) {
+        this.keyManager = keyManager;
+        return this;
+    }
+
     public SSLContext build() {
         try {
             SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
             TrustManager[] trustManagers = new TrustManager[] { trustManagerFactory.createTrustManager(trustStoreSupplier.get()) };
-            KeyManager[] keyManagers = new KeyManager[] { keyManagerFactory.createKeyManager(keyStoreSupplier.get(), keyStorePassword) };
+            X509ExtendedKeyManager keyManager = this.keyManager != null
+                    ? this.keyManager
+                    : keyManagerFactory.createKeyManager(keyStoreSupplier.get(), keyStorePassword);
+            KeyManager[] keyManagers = new KeyManager[] {keyManager};
             sslContext.init(keyManagers, trustManagers, null);
             return sslContext;
         } catch (GeneralSecurityException e) {
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-07-03 14:19:03 +0200
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-07-03 15:15:56 +0200
commit	dd576765adf982371f489da8a21d7fd28823c755 (patch)
tree	b69db295b45c6b575353abd9180c4ec8a3f5b8f5 /security-utils
parent	fac5a80821f78cee3217b71c28ea2ddd5bc38841 (diff)