public virtual void TestReload()
{
KeyPair kp = KeyStoreTestUtil.GenerateKeyPair("RSA");
cert1 = KeyStoreTestUtil.GenerateCertificate("CN=Cert1", kp, 30, "SHA1withRSA");
cert2 = KeyStoreTestUtil.GenerateCertificate("CN=Cert2", kp, 30, "SHA1withRSA");
string truststoreLocation = Basedir + "/testreload.jks";
KeyStoreTestUtil.CreateTrustStore(truststoreLocation, "password", "cert1", cert1);
ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation
, "password", 10);
try
{
tm.Init();
Assert.Equal(1, tm.GetAcceptedIssuers().Length);
// Wait so that the file modification time is different
Thread.Sleep((tm.GetReloadInterval() + 1000));
// Add another cert
IDictionary <string, X509Certificate> certs = new Dictionary <string, X509Certificate
>();
certs["cert1"] = cert1;
certs["cert2"] = cert2;
KeyStoreTestUtil.CreateTrustStore(truststoreLocation, "password", certs);
// and wait to be sure reload has taken place
Assert.Equal(10, tm.GetReloadInterval());
// Wait so that the file modification time is different
Thread.Sleep((tm.GetReloadInterval() + 200));
Assert.Equal(2, tm.GetAcceptedIssuers().Length);
}
finally
{
tm.Destroy();
}
}
public virtual void TestReloadCorruptTrustStore()
{
KeyPair kp = KeyStoreTestUtil.GenerateKeyPair("RSA");
cert1 = KeyStoreTestUtil.GenerateCertificate("CN=Cert1", kp, 30, "SHA1withRSA");
cert2 = KeyStoreTestUtil.GenerateCertificate("CN=Cert2", kp, 30, "SHA1withRSA");
string truststoreLocation = Basedir + "/testcorrupt.jks";
KeyStoreTestUtil.CreateTrustStore(truststoreLocation, "password", "cert1", cert1);
ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation
, "password", 10);
try
{
tm.Init();
Assert.Equal(1, tm.GetAcceptedIssuers().Length);
X509Certificate cert = tm.GetAcceptedIssuers()[0];
OutputStream os = new FileOutputStream(truststoreLocation);
os.Write(1);
os.Close();
new FilePath(truststoreLocation).SetLastModified(Runtime.CurrentTimeMillis() - 1000
);
// Wait so that the file modification time is different
Thread.Sleep((tm.GetReloadInterval() + 200));
Assert.Equal(1, tm.GetAcceptedIssuers().Length);
Assert.Equal(cert, tm.GetAcceptedIssuers()[0]);
}
finally
{
tm.Destroy();
}
}
public virtual void TestReloadMissingTrustStore()
{
KeyPair kp = KeyStoreTestUtil.GenerateKeyPair("RSA");
cert1 = KeyStoreTestUtil.GenerateCertificate("CN=Cert1", kp, 30, "SHA1withRSA");
cert2 = KeyStoreTestUtil.GenerateCertificate("CN=Cert2", kp, 30, "SHA1withRSA");
string truststoreLocation = Basedir + "/testmissing.jks";
KeyStoreTestUtil.CreateTrustStore(truststoreLocation, "password", "cert1", cert1);
ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation
, "password", 10);
try
{
tm.Init();
Assert.Equal(1, tm.GetAcceptedIssuers().Length);
X509Certificate cert = tm.GetAcceptedIssuers()[0];
new FilePath(truststoreLocation).Delete();
// Wait so that the file modification time is different
Thread.Sleep((tm.GetReloadInterval() + 200));
Assert.Equal(1, tm.GetAcceptedIssuers().Length);
Assert.Equal(cert, tm.GetAcceptedIssuers()[0]);
}
finally
{
tm.Destroy();
}
}
/// <summary>Releases any resources being used.</summary>
public virtual void Destroy()
{
lock (this)
{
if (trustManager != null)
{
trustManager.Destroy();
trustManager = null;
keyManagers = null;
trustManagers = null;
}
}
}
/// <exception cref="System.Exception"/>
public virtual void TestLoadMissingTrustStore()
{
string truststoreLocation = Basedir + "/testmissing.jks";
ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation
, "password", 10);
try
{
tm.Init();
}
finally
{
tm.Destroy();
}
}
/// <exception cref="System.Exception"/>
public virtual void TestLoadCorruptTrustStore()
{
string truststoreLocation = Basedir + "/testcorrupt.jks";
OutputStream os = new FileOutputStream(truststoreLocation);
os.Write(1);
os.Close();
ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation
, "password", 10);
try
{
tm.Init();
}
finally
{
tm.Destroy();
}
}
/// <summary>Initializes the keystores of the factory.</summary>
/// <param name="mode">if the keystores are to be used in client or server mode.</param>
/// <exception cref="System.IO.IOException">
/// thrown if the keystores could not be initialized due
/// to an IO error.
/// </exception>
/// <exception cref="GeneralSecurityException">
/// thrown if the keystores could not be
/// initialized due to a security error.
/// </exception>
public virtual void Init(SSLFactory.Mode mode)
{
bool requireClientCert = conf.GetBoolean(SSLFactory.SslRequireClientCertKey, SSLFactory
.DefaultSslRequireClientCert);
// certificate store
string keystoreType = conf.Get(ResolvePropertyName(mode, SslKeystoreTypeTplKey),
DefaultKeystoreType);
KeyStore keystore = KeyStore.GetInstance(keystoreType);
string keystoreKeyPassword = null;
if (requireClientCert || mode == SSLFactory.Mode.Server)
{
string locationProperty = ResolvePropertyName(mode, SslKeystoreLocationTplKey);
string keystoreLocation = conf.Get(locationProperty, string.Empty);
if (keystoreLocation.IsEmpty())
{
throw new GeneralSecurityException("The property '" + locationProperty + "' has not been set in the ssl configuration file."
);
}
string passwordProperty = ResolvePropertyName(mode, SslKeystorePasswordTplKey);
string keystorePassword = GetPassword(conf, passwordProperty, string.Empty);
if (keystorePassword.IsEmpty())
{
throw new GeneralSecurityException("The property '" + passwordProperty + "' has not been set in the ssl configuration file."
);
}
string keyPasswordProperty = ResolvePropertyName(mode, SslKeystoreKeypasswordTplKey
);
// Key password defaults to the same value as store password for
// compatibility with legacy configurations that did not use a separate
// configuration property for key password.
keystoreKeyPassword = GetPassword(conf, keyPasswordProperty, keystorePassword);
Log.Debug(mode.ToString() + " KeyStore: " + keystoreLocation);
InputStream @is = new FileInputStream(keystoreLocation);
try
{
keystore.Load(@is, keystorePassword.ToCharArray());
}
finally
{
@is.Close();
}
Log.Debug(mode.ToString() + " Loaded KeyStore: " + keystoreLocation);
}
else
{
keystore.Load(null, null);
}
KeyManagerFactory keyMgrFactory = KeyManagerFactory.GetInstance(SSLFactory.Sslcertificate
);
keyMgrFactory.Init(keystore, (keystoreKeyPassword != null) ? keystoreKeyPassword.
ToCharArray() : null);
keyManagers = keyMgrFactory.GetKeyManagers();
//trust store
string truststoreType = conf.Get(ResolvePropertyName(mode, SslTruststoreTypeTplKey
), DefaultKeystoreType);
string locationProperty_1 = ResolvePropertyName(mode, SslTruststoreLocationTplKey
);
string truststoreLocation = conf.Get(locationProperty_1, string.Empty);
if (!truststoreLocation.IsEmpty())
{
string passwordProperty = ResolvePropertyName(mode, SslTruststorePasswordTplKey);
string truststorePassword = GetPassword(conf, passwordProperty, string.Empty);
if (truststorePassword.IsEmpty())
{
throw new GeneralSecurityException("The property '" + passwordProperty + "' has not been set in the ssl configuration file."
);
}
long truststoreReloadInterval = conf.GetLong(ResolvePropertyName(mode, SslTruststoreReloadIntervalTplKey
), DefaultSslTruststoreReloadInterval);
Log.Debug(mode.ToString() + " TrustStore: " + truststoreLocation);
trustManager = new ReloadingX509TrustManager(truststoreType, truststoreLocation,
truststorePassword, truststoreReloadInterval);
trustManager.Init();
Log.Debug(mode.ToString() + " Loaded TrustStore: " + truststoreLocation);
trustManagers = new TrustManager[] { trustManager };
}
else
{
Log.Debug("The property '" + locationProperty_1 + "' has not been set, " + "no TrustStore will be loaded"
);
trustManagers = null;
}
}