示例#1
0
        public virtual void TestReload()
        {
            KeyPair kp = KeyStoreTestUtil.GenerateKeyPair("RSA");

            cert1 = KeyStoreTestUtil.GenerateCertificate("CN=Cert1", kp, 30, "SHA1withRSA");
            cert2 = KeyStoreTestUtil.GenerateCertificate("CN=Cert2", kp, 30, "SHA1withRSA");
            string truststoreLocation = Basedir + "/testreload.jks";

            KeyStoreTestUtil.CreateTrustStore(truststoreLocation, "password", "cert1", cert1);
            ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation
                                                                         , "password", 10);

            try
            {
                tm.Init();
                Assert.Equal(1, tm.GetAcceptedIssuers().Length);
                // Wait so that the file modification time is different
                Thread.Sleep((tm.GetReloadInterval() + 1000));
                // Add another cert
                IDictionary <string, X509Certificate> certs = new Dictionary <string, X509Certificate
                                                                              >();
                certs["cert1"] = cert1;
                certs["cert2"] = cert2;
                KeyStoreTestUtil.CreateTrustStore(truststoreLocation, "password", certs);
                // and wait to be sure reload has taken place
                Assert.Equal(10, tm.GetReloadInterval());
                // Wait so that the file modification time is different
                Thread.Sleep((tm.GetReloadInterval() + 200));
                Assert.Equal(2, tm.GetAcceptedIssuers().Length);
            }
            finally
            {
                tm.Destroy();
            }
        }
示例#2
0
        public virtual void TestReloadCorruptTrustStore()
        {
            KeyPair kp = KeyStoreTestUtil.GenerateKeyPair("RSA");

            cert1 = KeyStoreTestUtil.GenerateCertificate("CN=Cert1", kp, 30, "SHA1withRSA");
            cert2 = KeyStoreTestUtil.GenerateCertificate("CN=Cert2", kp, 30, "SHA1withRSA");
            string truststoreLocation = Basedir + "/testcorrupt.jks";

            KeyStoreTestUtil.CreateTrustStore(truststoreLocation, "password", "cert1", cert1);
            ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation
                                                                         , "password", 10);

            try
            {
                tm.Init();
                Assert.Equal(1, tm.GetAcceptedIssuers().Length);
                X509Certificate cert = tm.GetAcceptedIssuers()[0];
                OutputStream    os   = new FileOutputStream(truststoreLocation);
                os.Write(1);
                os.Close();
                new FilePath(truststoreLocation).SetLastModified(Runtime.CurrentTimeMillis() - 1000
                                                                 );
                // Wait so that the file modification time is different
                Thread.Sleep((tm.GetReloadInterval() + 200));
                Assert.Equal(1, tm.GetAcceptedIssuers().Length);
                Assert.Equal(cert, tm.GetAcceptedIssuers()[0]);
            }
            finally
            {
                tm.Destroy();
            }
        }
示例#3
0
        public virtual void TestReloadMissingTrustStore()
        {
            KeyPair kp = KeyStoreTestUtil.GenerateKeyPair("RSA");

            cert1 = KeyStoreTestUtil.GenerateCertificate("CN=Cert1", kp, 30, "SHA1withRSA");
            cert2 = KeyStoreTestUtil.GenerateCertificate("CN=Cert2", kp, 30, "SHA1withRSA");
            string truststoreLocation = Basedir + "/testmissing.jks";

            KeyStoreTestUtil.CreateTrustStore(truststoreLocation, "password", "cert1", cert1);
            ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation
                                                                         , "password", 10);

            try
            {
                tm.Init();
                Assert.Equal(1, tm.GetAcceptedIssuers().Length);
                X509Certificate cert = tm.GetAcceptedIssuers()[0];
                new FilePath(truststoreLocation).Delete();
                // Wait so that the file modification time is different
                Thread.Sleep((tm.GetReloadInterval() + 200));
                Assert.Equal(1, tm.GetAcceptedIssuers().Length);
                Assert.Equal(cert, tm.GetAcceptedIssuers()[0]);
            }
            finally
            {
                tm.Destroy();
            }
        }
示例#4
0
 /// <summary>Releases any resources being used.</summary>
 public virtual void Destroy()
 {
     lock (this)
     {
         if (trustManager != null)
         {
             trustManager.Destroy();
             trustManager  = null;
             keyManagers   = null;
             trustManagers = null;
         }
     }
 }
示例#5
0
        /// <exception cref="System.Exception"/>
        public virtual void TestLoadMissingTrustStore()
        {
            string truststoreLocation    = Basedir + "/testmissing.jks";
            ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation
                                                                         , "password", 10);

            try
            {
                tm.Init();
            }
            finally
            {
                tm.Destroy();
            }
        }
示例#6
0
        /// <exception cref="System.Exception"/>
        public virtual void TestLoadCorruptTrustStore()
        {
            string       truststoreLocation = Basedir + "/testcorrupt.jks";
            OutputStream os = new FileOutputStream(truststoreLocation);

            os.Write(1);
            os.Close();
            ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation
                                                                         , "password", 10);

            try
            {
                tm.Init();
            }
            finally
            {
                tm.Destroy();
            }
        }
示例#7
0
        /// <summary>Initializes the keystores of the factory.</summary>
        /// <param name="mode">if the keystores are to be used in client or server mode.</param>
        /// <exception cref="System.IO.IOException">
        /// thrown if the keystores could not be initialized due
        /// to an IO error.
        /// </exception>
        /// <exception cref="GeneralSecurityException">
        /// thrown if the keystores could not be
        /// initialized due to a security error.
        /// </exception>
        public virtual void Init(SSLFactory.Mode mode)
        {
            bool requireClientCert = conf.GetBoolean(SSLFactory.SslRequireClientCertKey, SSLFactory
                                                     .DefaultSslRequireClientCert);
            // certificate store
            string keystoreType = conf.Get(ResolvePropertyName(mode, SslKeystoreTypeTplKey),
                                           DefaultKeystoreType);
            KeyStore keystore            = KeyStore.GetInstance(keystoreType);
            string   keystoreKeyPassword = null;

            if (requireClientCert || mode == SSLFactory.Mode.Server)
            {
                string locationProperty = ResolvePropertyName(mode, SslKeystoreLocationTplKey);
                string keystoreLocation = conf.Get(locationProperty, string.Empty);
                if (keystoreLocation.IsEmpty())
                {
                    throw new GeneralSecurityException("The property '" + locationProperty + "' has not been set in the ssl configuration file."
                                                       );
                }
                string passwordProperty = ResolvePropertyName(mode, SslKeystorePasswordTplKey);
                string keystorePassword = GetPassword(conf, passwordProperty, string.Empty);
                if (keystorePassword.IsEmpty())
                {
                    throw new GeneralSecurityException("The property '" + passwordProperty + "' has not been set in the ssl configuration file."
                                                       );
                }
                string keyPasswordProperty = ResolvePropertyName(mode, SslKeystoreKeypasswordTplKey
                                                                 );
                // Key password defaults to the same value as store password for
                // compatibility with legacy configurations that did not use a separate
                // configuration property for key password.
                keystoreKeyPassword = GetPassword(conf, keyPasswordProperty, keystorePassword);
                Log.Debug(mode.ToString() + " KeyStore: " + keystoreLocation);
                InputStream @is = new FileInputStream(keystoreLocation);
                try
                {
                    keystore.Load(@is, keystorePassword.ToCharArray());
                }
                finally
                {
                    @is.Close();
                }
                Log.Debug(mode.ToString() + " Loaded KeyStore: " + keystoreLocation);
            }
            else
            {
                keystore.Load(null, null);
            }
            KeyManagerFactory keyMgrFactory = KeyManagerFactory.GetInstance(SSLFactory.Sslcertificate
                                                                            );

            keyMgrFactory.Init(keystore, (keystoreKeyPassword != null) ? keystoreKeyPassword.
                               ToCharArray() : null);
            keyManagers = keyMgrFactory.GetKeyManagers();
            //trust store
            string truststoreType = conf.Get(ResolvePropertyName(mode, SslTruststoreTypeTplKey
                                                                 ), DefaultKeystoreType);
            string locationProperty_1 = ResolvePropertyName(mode, SslTruststoreLocationTplKey
                                                            );
            string truststoreLocation = conf.Get(locationProperty_1, string.Empty);

            if (!truststoreLocation.IsEmpty())
            {
                string passwordProperty   = ResolvePropertyName(mode, SslTruststorePasswordTplKey);
                string truststorePassword = GetPassword(conf, passwordProperty, string.Empty);
                if (truststorePassword.IsEmpty())
                {
                    throw new GeneralSecurityException("The property '" + passwordProperty + "' has not been set in the ssl configuration file."
                                                       );
                }
                long truststoreReloadInterval = conf.GetLong(ResolvePropertyName(mode, SslTruststoreReloadIntervalTplKey
                                                                                 ), DefaultSslTruststoreReloadInterval);
                Log.Debug(mode.ToString() + " TrustStore: " + truststoreLocation);
                trustManager = new ReloadingX509TrustManager(truststoreType, truststoreLocation,
                                                             truststorePassword, truststoreReloadInterval);
                trustManager.Init();
                Log.Debug(mode.ToString() + " Loaded TrustStore: " + truststoreLocation);
                trustManagers = new TrustManager[] { trustManager };
            }
            else
            {
                Log.Debug("The property '" + locationProperty_1 + "' has not been set, " + "no TrustStore will be loaded"
                          );
                trustManagers = null;
            }
        }