Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

#3161 - adding trust managers for server connection too #1295

Merged
merged 1 commit into from

2 participants

@viktorklang
Owner

Forward-port of the trust-manager for server fix.

@viktorklang
Owner

Just awaiting kitteh-validation

@akka-ci
Owner

Started jenkins job akka-pr-validator at https://jenkins.akka.io/job/akka-pr-validator/788/

@akka-ci
Owner

jenkins job akka-pr-validator: Success - https://jenkins.akka.io/job/akka-pr-validator/788/

@viktorklang viktorklang merged commit 718e2d1 into master
@viktorklang viktorklang deleted the wip-3161-use-truststore-on-server-too-2.2-√ branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
View
20 akka-remote/src/main/scala/akka/remote/transport/netty/NettySSLSupport.scala
@@ -14,6 +14,7 @@ import java.io.{ IOException, FileNotFoundException, FileInputStream }
import java.security._
import javax.net.ssl.{ KeyManagerFactory, TrustManager, TrustManagerFactory, SSLContext }
import org.jboss.netty.handler.ssl.SslHandler
+import scala.util.Try
/**
* INTERNAL API
@@ -92,7 +93,7 @@ private[akka] object NettySSLSupport {
trustManagerFactory.init({
val trustStore = KeyStore.getInstance(KeyStore.getDefaultType)
val fin = new FileInputStream(trustStorePath)
- try trustStore.load(fin, trustStorePassword.toCharArray) finally fin.close()
+ try trustStore.load(fin, trustStorePassword.toCharArray) finally Try(fin.close())
trustStore
})
trustManagerFactory.getTrustManagers
@@ -140,10 +141,23 @@ private[akka] object NettySSLSupport {
factory.init({
val keyStore = KeyStore.getInstance(KeyStore.getDefaultType)
val fin = new FileInputStream(keyStorePath)
- try keyStore.load(fin, keyStorePassword.toCharArray) finally fin.close()
+ try keyStore.load(fin, keyStorePassword.toCharArray) finally Try(fin.close())
keyStore
}, keyStorePassword.toCharArray)
- Option(SSLContext.getInstance(protocol)) map { ctx ctx.init(factory.getKeyManagers, null, rng); ctx }
+
+ val trustManagers: Option[Array[TrustManager]] = settings.SSLTrustStore map {
+ path
+ val pwd = settings.SSLTrustStorePassword.map(_.toCharArray).orNull
+ val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm)
+ trustManagerFactory.init({
+ val trustStore = KeyStore.getInstance(KeyStore.getDefaultType)
+ val fin = new FileInputStream(path)
+ try trustStore.load(fin, pwd) finally Try(fin.close())
+ trustStore
+ })
+ trustManagerFactory.getTrustManagers
+ }
+ Option(SSLContext.getInstance(protocol)) map { ctx ctx.init(factory.getKeyManagers, trustManagers.orNull, rng); ctx }
} catch {
case e: FileNotFoundException throw new RemoteTransportException("Server SSL connection could not be established because key store could not be loaded", e)
case e: IOException throw new RemoteTransportException("Server SSL connection could not be established because: " + e.getMessage, e)
Something went wrong with that request. Please try again.