private void createOrUpdateTargetSsl(KubernetesContext context) { URI uri = UriUtils.buildUri(context.host.address); if (!isSecure(uri)) { return; } String sslTrust = context.SSLTrustCertificate; if (sslTrust != null && trustManager != null) { String trustAlias = context.SSLTrustAlias; trustManager.putDelegate(trustAlias, sslTrust); } if (context.credentials == null || !AuthCredentialsType.PublicKey.name().equals(context.credentials.type)) { return; } String clientKey = EncryptionUtils.decrypt(context.credentials.privateKey); String clientCert = context.credentials.publicKey; String alias = context.host.address.toLowerCase(); if (clientKey != null && !clientKey.isEmpty()) { X509ExtendedKeyManager delegateKeyManager = (X509ExtendedKeyManager) CertificateUtil .getKeyManagers(alias, clientKey, clientCert)[0]; keyManager.putDelegate(alias, delegateKeyManager); } }
private void loadCertificate(SslTrustCertificateState sslTrustCert) { try { self.putDelegate(sslTrustCert.getAlias(), sslTrustCert.certificate); Utils.log(getClass(), "Self Signed Trust Store", Level.FINE, "Certificate with alias %s updated", sslTrustCert.getAlias()); } catch (Throwable e) { Utils.logWarning( "Exception during certificate reload with alias: %s. Error: %s", sslTrustCert.getAlias(), Utils.toString(e)); } }
private void createOrUpdateTargetSsl(CommandInput input, DelegatingX509KeyManager keyM, ServerX509TrustManager trustM) { if (!isSecure(input.getDockerUri())) { return; } String sslTrust = (String) input.getProperties().get(SSL_TRUST_CERT_PROP_NAME); String trustAlias = (String) input.getProperties().get(SSL_TRUST_ALIAS_PROP_NAME); if (trustAlias == null) { logger.warning("No trust alias property set, not using certificate."); return; } if (sslTrust != null && trustM != null) { trustM.putDelegate(trustAlias, sslTrust); } if (input.getCredentials() == null) { return; } String clientKey = EncryptionUtils.decrypt(input.getCredentials().privateKey); String clientCert = input.getCredentials().publicKey; // TODO use an LRU cache to limit the number of stored // KeyManagers while minimizing time wasted repeatedly // recreating them if (clientKey != null && !clientKey.isEmpty()) { X509ExtendedKeyManager delegateKeyManager = (X509ExtendedKeyManager) CertificateUtil .getKeyManagers(trustAlias, clientKey, clientCert)[0]; keyM.putDelegate(trustAlias, delegateKeyManager); } }
if (sslTrust != null) { String trustAlias = context.request.customProperties.get(SSL_TRUST_ALIAS_PROP_NAME); trustManager.putDelegate(trustAlias, sslTrust);