public virtual void TestReload() { KeyPair kp = KeyStoreTestUtil.GenerateKeyPair("RSA"); cert1 = KeyStoreTestUtil.GenerateCertificate("CN=Cert1", kp, 30, "SHA1withRSA"); cert2 = KeyStoreTestUtil.GenerateCertificate("CN=Cert2", kp, 30, "SHA1withRSA"); string truststoreLocation = Basedir + "/testreload.jks"; KeyStoreTestUtil.CreateTrustStore(truststoreLocation, "password", "cert1", cert1); ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation , "password", 10); try { tm.Init(); Assert.Equal(1, tm.GetAcceptedIssuers().Length); // Wait so that the file modification time is different Thread.Sleep((tm.GetReloadInterval() + 1000)); // Add another cert IDictionary <string, X509Certificate> certs = new Dictionary <string, X509Certificate >(); certs["cert1"] = cert1; certs["cert2"] = cert2; KeyStoreTestUtil.CreateTrustStore(truststoreLocation, "password", certs); // and wait to be sure reload has taken place Assert.Equal(10, tm.GetReloadInterval()); // Wait so that the file modification time is different Thread.Sleep((tm.GetReloadInterval() + 200)); Assert.Equal(2, tm.GetAcceptedIssuers().Length); } finally { tm.Destroy(); } }
public virtual void TestReloadCorruptTrustStore() { KeyPair kp = KeyStoreTestUtil.GenerateKeyPair("RSA"); cert1 = KeyStoreTestUtil.GenerateCertificate("CN=Cert1", kp, 30, "SHA1withRSA"); cert2 = KeyStoreTestUtil.GenerateCertificate("CN=Cert2", kp, 30, "SHA1withRSA"); string truststoreLocation = Basedir + "/testcorrupt.jks"; KeyStoreTestUtil.CreateTrustStore(truststoreLocation, "password", "cert1", cert1); ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation , "password", 10); try { tm.Init(); Assert.Equal(1, tm.GetAcceptedIssuers().Length); X509Certificate cert = tm.GetAcceptedIssuers()[0]; OutputStream os = new FileOutputStream(truststoreLocation); os.Write(1); os.Close(); new FilePath(truststoreLocation).SetLastModified(Runtime.CurrentTimeMillis() - 1000 ); // Wait so that the file modification time is different Thread.Sleep((tm.GetReloadInterval() + 200)); Assert.Equal(1, tm.GetAcceptedIssuers().Length); Assert.Equal(cert, tm.GetAcceptedIssuers()[0]); } finally { tm.Destroy(); } }
public virtual void TestReloadMissingTrustStore() { KeyPair kp = KeyStoreTestUtil.GenerateKeyPair("RSA"); cert1 = KeyStoreTestUtil.GenerateCertificate("CN=Cert1", kp, 30, "SHA1withRSA"); cert2 = KeyStoreTestUtil.GenerateCertificate("CN=Cert2", kp, 30, "SHA1withRSA"); string truststoreLocation = Basedir + "/testmissing.jks"; KeyStoreTestUtil.CreateTrustStore(truststoreLocation, "password", "cert1", cert1); ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation , "password", 10); try { tm.Init(); Assert.Equal(1, tm.GetAcceptedIssuers().Length); X509Certificate cert = tm.GetAcceptedIssuers()[0]; new FilePath(truststoreLocation).Delete(); // Wait so that the file modification time is different Thread.Sleep((tm.GetReloadInterval() + 200)); Assert.Equal(1, tm.GetAcceptedIssuers().Length); Assert.Equal(cert, tm.GetAcceptedIssuers()[0]); } finally { tm.Destroy(); } }
/// <summary>Releases any resources being used.</summary> public virtual void Destroy() { lock (this) { if (trustManager != null) { trustManager.Destroy(); trustManager = null; keyManagers = null; trustManagers = null; } } }
/// <exception cref="System.Exception"/> public virtual void TestLoadMissingTrustStore() { string truststoreLocation = Basedir + "/testmissing.jks"; ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation , "password", 10); try { tm.Init(); } finally { tm.Destroy(); } }
/// <exception cref="System.Exception"/> public virtual void TestLoadCorruptTrustStore() { string truststoreLocation = Basedir + "/testcorrupt.jks"; OutputStream os = new FileOutputStream(truststoreLocation); os.Write(1); os.Close(); ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation , "password", 10); try { tm.Init(); } finally { tm.Destroy(); } }
/// <summary>Initializes the keystores of the factory.</summary> /// <param name="mode">if the keystores are to be used in client or server mode.</param> /// <exception cref="System.IO.IOException"> /// thrown if the keystores could not be initialized due /// to an IO error. /// </exception> /// <exception cref="GeneralSecurityException"> /// thrown if the keystores could not be /// initialized due to a security error. /// </exception> public virtual void Init(SSLFactory.Mode mode) { bool requireClientCert = conf.GetBoolean(SSLFactory.SslRequireClientCertKey, SSLFactory .DefaultSslRequireClientCert); // certificate store string keystoreType = conf.Get(ResolvePropertyName(mode, SslKeystoreTypeTplKey), DefaultKeystoreType); KeyStore keystore = KeyStore.GetInstance(keystoreType); string keystoreKeyPassword = null; if (requireClientCert || mode == SSLFactory.Mode.Server) { string locationProperty = ResolvePropertyName(mode, SslKeystoreLocationTplKey); string keystoreLocation = conf.Get(locationProperty, string.Empty); if (keystoreLocation.IsEmpty()) { throw new GeneralSecurityException("The property '" + locationProperty + "' has not been set in the ssl configuration file." ); } string passwordProperty = ResolvePropertyName(mode, SslKeystorePasswordTplKey); string keystorePassword = GetPassword(conf, passwordProperty, string.Empty); if (keystorePassword.IsEmpty()) { throw new GeneralSecurityException("The property '" + passwordProperty + "' has not been set in the ssl configuration file." ); } string keyPasswordProperty = ResolvePropertyName(mode, SslKeystoreKeypasswordTplKey ); // Key password defaults to the same value as store password for // compatibility with legacy configurations that did not use a separate // configuration property for key password. keystoreKeyPassword = GetPassword(conf, keyPasswordProperty, keystorePassword); Log.Debug(mode.ToString() + " KeyStore: " + keystoreLocation); InputStream @is = new FileInputStream(keystoreLocation); try { keystore.Load(@is, keystorePassword.ToCharArray()); } finally { @is.Close(); } Log.Debug(mode.ToString() + " Loaded KeyStore: " + keystoreLocation); } else { keystore.Load(null, null); } KeyManagerFactory keyMgrFactory = KeyManagerFactory.GetInstance(SSLFactory.Sslcertificate ); keyMgrFactory.Init(keystore, (keystoreKeyPassword != null) ? keystoreKeyPassword. ToCharArray() : null); keyManagers = keyMgrFactory.GetKeyManagers(); //trust store string truststoreType = conf.Get(ResolvePropertyName(mode, SslTruststoreTypeTplKey ), DefaultKeystoreType); string locationProperty_1 = ResolvePropertyName(mode, SslTruststoreLocationTplKey ); string truststoreLocation = conf.Get(locationProperty_1, string.Empty); if (!truststoreLocation.IsEmpty()) { string passwordProperty = ResolvePropertyName(mode, SslTruststorePasswordTplKey); string truststorePassword = GetPassword(conf, passwordProperty, string.Empty); if (truststorePassword.IsEmpty()) { throw new GeneralSecurityException("The property '" + passwordProperty + "' has not been set in the ssl configuration file." ); } long truststoreReloadInterval = conf.GetLong(ResolvePropertyName(mode, SslTruststoreReloadIntervalTplKey ), DefaultSslTruststoreReloadInterval); Log.Debug(mode.ToString() + " TrustStore: " + truststoreLocation); trustManager = new ReloadingX509TrustManager(truststoreType, truststoreLocation, truststorePassword, truststoreReloadInterval); trustManager.Init(); Log.Debug(mode.ToString() + " Loaded TrustStore: " + truststoreLocation); trustManagers = new TrustManager[] { trustManager }; } else { Log.Debug("The property '" + locationProperty_1 + "' has not been set, " + "no TrustStore will be loaded" ); trustManagers = null; } }