Skip to content

Loading…

#3161 - adding trust managers for server connection too #1295

Merged
merged 1 commit into from

2 participants

@viktorklang
Akka Project member

Forward-port of the trust-manager for server fix.

@viktorklang
Akka Project member

Just awaiting kitteh-validation

@akka-ci
Akka Project member

Started jenkins job akka-pr-validator at https://jenkins.akka.io/job/akka-pr-validator/788/

@akka-ci
Akka Project member

jenkins job akka-pr-validator: Success - https://jenkins.akka.io/job/akka-pr-validator/788/

@viktorklang viktorklang merged commit 718e2d1 into master
@viktorklang viktorklang deleted the wip-3161-use-truststore-on-server-too-2.2-√ branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Showing with 17 additions and 3 deletions.
  1. +17 −3 akka-remote/src/main/scala/akka/remote/transport/netty/NettySSLSupport.scala
View
20 akka-remote/src/main/scala/akka/remote/transport/netty/NettySSLSupport.scala
@@ -14,6 +14,7 @@ import java.io.{ IOException, FileNotFoundException, FileInputStream }
import java.security._
import javax.net.ssl.{ KeyManagerFactory, TrustManager, TrustManagerFactory, SSLContext }
import org.jboss.netty.handler.ssl.SslHandler
+import scala.util.Try
/**
* INTERNAL API
@@ -92,7 +93,7 @@ private[akka] object NettySSLSupport {
trustManagerFactory.init({
val trustStore = KeyStore.getInstance(KeyStore.getDefaultType)
val fin = new FileInputStream(trustStorePath)
- try trustStore.load(fin, trustStorePassword.toCharArray) finally fin.close()
+ try trustStore.load(fin, trustStorePassword.toCharArray) finally Try(fin.close())
trustStore
})
trustManagerFactory.getTrustManagers
@@ -140,10 +141,23 @@ private[akka] object NettySSLSupport {
factory.init({
val keyStore = KeyStore.getInstance(KeyStore.getDefaultType)
val fin = new FileInputStream(keyStorePath)
- try keyStore.load(fin, keyStorePassword.toCharArray) finally fin.close()
+ try keyStore.load(fin, keyStorePassword.toCharArray) finally Try(fin.close())
keyStore
}, keyStorePassword.toCharArray)
- Option(SSLContext.getInstance(protocol)) map { ctx ctx.init(factory.getKeyManagers, null, rng); ctx }
+
+ val trustManagers: Option[Array[TrustManager]] = settings.SSLTrustStore map {
+ path
+ val pwd = settings.SSLTrustStorePassword.map(_.toCharArray).orNull
+ val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm)
+ trustManagerFactory.init({
+ val trustStore = KeyStore.getInstance(KeyStore.getDefaultType)
+ val fin = new FileInputStream(path)
+ try trustStore.load(fin, pwd) finally Try(fin.close())
+ trustStore
+ })
+ trustManagerFactory.getTrustManagers
+ }
+ Option(SSLContext.getInstance(protocol)) map { ctx ctx.init(factory.getKeyManagers, trustManagers.orNull, rng); ctx }
} catch {
case e: FileNotFoundException throw new RemoteTransportException("Server SSL connection could not be established because key store could not be loaded", e)
case e: IOException throw new RemoteTransportException("Server SSL connection could not be established because: " + e.getMessage, e)
Something went wrong with that request. Please try again.