fix: choose correct key by alias (#1939)

achmelo · web-flow · commit 6ea7a6215592 · 2021-11-30T17:42:09.000+01:00
* choose correct key by alias

Signed-off-by: achmelo &lt;a.chmelo@gmail.com&gt;

* add alias

Signed-off-by: achmelo &lt;a.chmelo@gmail.com&gt;

* keep default private key strategy in case of missing alias in configuration

Signed-off-by: achmelo &lt;a.chmelo@gmail.com&gt;
diff --git a/common-service-core/src/main/java/org/zowe/apiml/security/HttpsFactory.java b/common-service-core/src/main/java/org/zowe/apiml/security/HttpsFactory.java
@@ -23,6 +23,7 @@
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.ssl.PrivateKeyStrategy;
 import org.apache.http.ssl.SSLContextBuilder;
 import org.apache.http.ssl.SSLContexts;
 import org.zowe.apiml.message.log.ApimlLogger;
@@ -184,14 +185,21 @@ private void loadKeystoreMaterial(SSLContextBuilder sslContextBuilder) throws Un
         }
         log.info("Loading key store file: " + config.getKeyStore());
         File keyStoreFile = new File(config.getKeyStore());
-        sslContextBuilder.loadKeyMaterial(keyStoreFile, config.getKeyStorePassword(), config.getKeyPassword());
+        sslContextBuilder.loadKeyMaterial(
+            keyStoreFile, config.getKeyStorePassword(), config.getKeyPassword(),
+            getPrivateKeyStrategy()
+        );
+    }
+
+    private PrivateKeyStrategy getPrivateKeyStrategy() {
+        return config.getKeyAlias() != null ? (aliases, socket) -> config.getKeyAlias() : null;
     }
 
     private void loadKeyringMaterial(SSLContextBuilder sslContextBuilder) throws UnrecoverableKeyException,
         NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
         log.info("Loading trust key ring: " + config.getKeyStore());
         sslContextBuilder.loadKeyMaterial(keyRingUrl(config.getKeyStore()), config.getKeyStorePassword(),
-            config.getKeyPassword(), null);
+            config.getKeyPassword(), getPrivateKeyStrategy());
     }
 
     private synchronized SSLContext createSecureSslContext() {
diff --git a/common-service-core/src/test/java/org/zowe/apiml/security/SecurityTestUtils.java b/common-service-core/src/test/java/org/zowe/apiml/security/SecurityTestUtils.java
@@ -22,14 +22,14 @@ public class SecurityTestUtils {
 
     public static HttpsConfig.HttpsConfigBuilder correctHttpsSettings() {
         return SecurityTestUtils.correctHttpsKeyStoreSettings()
-                .trustStore(pathFromRepository("keystore/localhost/localhost.truststore.p12"))
-                .trustStorePassword(STORE_PASSWORD);
+            .trustStore(pathFromRepository("keystore/localhost/localhost.truststore.p12"))
+            .trustStorePassword(STORE_PASSWORD);
     }
 
     public static HttpsConfig.HttpsConfigBuilder correctHttpsKeyStoreSettings() {
         return HttpsConfig.builder().protocol("TLSv1.2")
-                .keyStore(SecurityTestUtils.pathFromRepository("keystore/localhost/localhost.keystore.p12"))
-                .keyStorePassword(STORE_PASSWORD).keyPassword(STORE_PASSWORD);
+            .keyStore(SecurityTestUtils.pathFromRepository("keystore/localhost/localhost.keystore.p12"))
+            .keyStorePassword(STORE_PASSWORD).keyPassword(STORE_PASSWORD);
     }
 
     public static String pathFromRepository(String path) {
