/** * Create a SSLContext for a given trusted certificate and client key and certificate */ public static SSLContext createSSLContext(String trustedCert, String clientKey, String clientCert) { try { SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init( CertificateUtil.getKeyManagers("client", clientKey, clientCert), CertificateUtil.getTrustManagers("server", trustedCert), null); return ctx; } catch (NoSuchAlgorithmException | KeyManagementException e) { throw new RuntimeException("Failed to create SSLContext", e); } }
/** * Get a KeyManager configured with the given private key and certificate */ public static KeyManager[] getKeyManagers(String alias, String clientKey, String clientCert) { if (clientCert == null) { return null; } KeyStore keyStore = createEmptyKeyStore(); setKeyEntry(keyStore, alias, clientKey, clientCert); return getKeyManagers(keyStore); }
X509ExtendedKeyManager delegateKeyManager; delegateKeyManager = (X509ExtendedKeyManager) CertificateUtil .getKeyManagers("default", clientKey, clientCert)[0]; keytManagers = new KeyManager[]{delegateKeyManager};
private void createOrUpdateTargetSsl(KubernetesContext context) { URI uri = UriUtils.buildUri(context.host.address); if (!isSecure(uri)) { return; } String sslTrust = context.SSLTrustCertificate; if (sslTrust != null && trustManager != null) { String trustAlias = context.SSLTrustAlias; trustManager.putDelegate(trustAlias, sslTrust); } if (context.credentials == null || !AuthCredentialsType.PublicKey.name().equals(context.credentials.type)) { return; } String clientKey = EncryptionUtils.decrypt(context.credentials.privateKey); String clientCert = context.credentials.publicKey; String alias = context.host.address.toLowerCase(); if (clientKey != null && !clientKey.isEmpty()) { X509ExtendedKeyManager delegateKeyManager = (X509ExtendedKeyManager) CertificateUtil .getKeyManagers(alias, clientKey, clientCert)[0]; keyManager.putDelegate(alias, delegateKeyManager); } }
private void createOrUpdateTargetSsl(CommandInput input, DelegatingX509KeyManager keyM, ServerX509TrustManager trustM) { if (!isSecure(input.getDockerUri())) { return; } String sslTrust = (String) input.getProperties().get(SSL_TRUST_CERT_PROP_NAME); String trustAlias = (String) input.getProperties().get(SSL_TRUST_ALIAS_PROP_NAME); if (trustAlias == null) { logger.warning("No trust alias property set, not using certificate."); return; } if (sslTrust != null && trustM != null) { trustM.putDelegate(trustAlias, sslTrust); } if (input.getCredentials() == null) { return; } String clientKey = EncryptionUtils.decrypt(input.getCredentials().privateKey); String clientCert = input.getCredentials().publicKey; // TODO use an LRU cache to limit the number of stored // KeyManagers while minimizing time wasted repeatedly // recreating them if (clientKey != null && !clientKey.isEmpty()) { X509ExtendedKeyManager delegateKeyManager = (X509ExtendedKeyManager) CertificateUtil .getKeyManagers(trustAlias, clientKey, clientCert)[0]; keyM.putDelegate(trustAlias, delegateKeyManager); } }