Skip to content

Commit

Permalink
Fix #506 (#971)
Browse files Browse the repository at this point in the history
  • Loading branch information
@rozhko @perwendel
rozhko authored and perwendel committed Feb 19, 2018
1 parent bfda598 commit 99d7ddc
Show file tree
Hide file tree
Showing 4 changed files with 139 additions and 12 deletions.
57 changes: 55 additions & 2 deletions src/main/java/spark/Service.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,58 @@ public synchronized Service secure(String keystoreFile,
String keystorePassword,
String truststoreFile,
String truststorePassword) {
return secure(keystoreFile, keystorePassword, truststoreFile, truststorePassword, false);
return secure(keystoreFile, keystorePassword, null, truststoreFile, truststorePassword, false);
}

/**
* Set the connection to be secure, using the specified keystore and
* truststore. This has to be called before any route mapping is done. You
* have to supply a keystore file, truststore file is optional (keystore
* will be reused). By default, client certificates are not checked.
* This method is only relevant when using embedded Jetty servers. It should
* not be used if you are using Servlets, where you will need to secure the
* connection in the servlet container
*
* @param keystoreFile The keystore file location as string
* @param keystorePassword the password for the keystore
* @param certAlias the default certificate Alias
* @param truststoreFile the truststore file location as string, leave null to reuse
* keystore
* @param truststorePassword the trust store password
* @return the object with connection set to be secure
*/
public synchronized Service secure(String keystoreFile,
String keystorePassword,
String certAlias,
String truststoreFile,
String truststorePassword) {
return secure(keystoreFile, keystorePassword, certAlias, truststoreFile, truststorePassword, false);
}

/**
* Set the connection to be secure, using the specified keystore and
* truststore. This has to be called before any route mapping is done. You
* have to supply a keystore file, truststore file is optional (keystore
* will be reused).
* This method is only relevant when using embedded Jetty servers. It should
* not be used if you are using Servlets, where you will need to secure the
* connection in the servlet container
*
* @param keystoreFile The keystore file location as string
* @param keystorePassword the password for the keystore
* @param truststoreFile the truststore file location as string, leave null to reuse
* keystore
* @param needsClientCert Whether to require client certificate to be supplied in
* request
* @param truststorePassword the trust store password
* @return the object with connection set to be secure
*/
public synchronized Service secure(String keystoreFile,
String keystorePassword,
String truststoreFile,
String truststorePassword,
boolean needsClientCert) {
return secure(keystoreFile, keystorePassword, null, truststoreFile, truststorePassword, needsClientCert);
}

/**
Expand All @@ -194,6 +245,7 @@ public synchronized Service secure(String keystoreFile,
*
* @param keystoreFile The keystore file location as string
* @param keystorePassword the password for the keystore
* @param certAlias the default certificate Alias
* @param truststoreFile the truststore file location as string, leave null to reuse
* keystore
* @param needsClientCert Whether to require client certificate to be supplied in
Expand All @@ -203,6 +255,7 @@ public synchronized Service secure(String keystoreFile,
*/
public synchronized Service secure(String keystoreFile,
String keystorePassword,
String certAlias,
String truststoreFile,
String truststorePassword,
boolean needsClientCert) {
Expand All @@ -215,7 +268,7 @@ public synchronized Service secure(String keystoreFile,
"Must provide a keystore file to run secured");
}

sslStores = SslStores.create(keystoreFile, keystorePassword, truststoreFile, truststorePassword, needsClientCert);
sslStores = SslStores.create(keystoreFile, keystorePassword, certAlias, truststoreFile, truststorePassword, needsClientCert);
return this;
}

Expand Down
51 changes: 51 additions & 0 deletions src/main/java/spark/Spark.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1030,6 +1030,30 @@ public static void secure(String keystoreFile,
getInstance().secure(keystoreFile, keystorePassword, truststoreFile, truststorePassword);
}

/**
* Set the connection to be secure, using the specified keystore and
* truststore. This has to be called before any route mapping is done. You
* have to supply a keystore file, truststore file is optional (keystore
* will be reused).
* This method is only relevant when using embedded Jetty servers. It should
* not be used if you are using Servlets, where you will need to secure the
* connection in the servlet container
*
* @param keystoreFile The keystore file location as string
* @param keystorePassword the password for the keystore
* @param certAlias the default certificate Alias
* @param truststoreFile the truststore file location as string, leave null to reuse
* keystore
* @param truststorePassword the trust store password
*/
public static void secure(String keystoreFile,
String keystorePassword,
String certAlias,
String truststoreFile,
String truststorePassword) {
getInstance().secure(keystoreFile, keystorePassword, certAlias, truststoreFile, truststorePassword);
}

/**
* Overrides default exception handler during initialization phase
*
Expand Down Expand Up @@ -1064,6 +1088,33 @@ public static void secure(String keystoreFile,
getInstance().secure(keystoreFile, keystorePassword, truststoreFile, truststorePassword, needsClientCert);
}

/**
* Set the connection to be secure, using the specified keystore and
* truststore. This has to be called before any route mapping is done. You
* have to supply a keystore file, truststore file is optional (keystore
* will be reused).
* This method is only relevant when using embedded Jetty servers. It should
* not be used if you are using Servlets, where you will need to secure the
* connection in the servlet container
*
* @param keystoreFile The keystore file location as string
* @param keystorePassword the password for the keystore
* @param certAlias the default certificate Alias
* @param truststoreFile the truststore file location as string, leave null to reuse
* keystore
* @param needsClientCert Whether to require client certificate to be supplied in
* request
* @param truststorePassword the trust store password
*/
public static void secure(String keystoreFile,
String keystorePassword,
String certAlias,
String truststoreFile,
String truststorePassword,
boolean needsClientCert) {
getInstance().secure(keystoreFile, keystorePassword, certAlias, truststoreFile, truststorePassword, needsClientCert);
}

/**
* Configures the embedded web server's thread pool.
*
Expand Down
4 changes: 4 additions & 0 deletions src/main/java/spark/embeddedserver/jetty/SocketConnectorFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,10 @@ public static ServerConnector createSecureSocketConnector(Server server,
sslContextFactory.setKeyStorePassword(sslStores.keystorePassword());
}

if (sslStores.certAlias() != null) {
sslContextFactory.setCertAlias(sslStores.certAlias());
}

if (sslStores.trustStoreFile() != null) {
sslContextFactory.setTrustStorePath(sslStores.trustStoreFile());
}
Expand Down
39 changes: 29 additions & 10 deletions src/main/java/spark/ssl/SslStores.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ public class SslStores {

protected String keystoreFile;
protected String keystorePassword;
protected String certAlias;
protected String truststoreFile;
protected String truststorePassword;
protected boolean needsClientCert;
Expand All @@ -41,7 +42,16 @@ public static SslStores create(String keystoreFile,
String truststoreFile,
String truststorePassword) {

return new SslStores(keystoreFile, keystorePassword, truststoreFile, truststorePassword);
return new SslStores(keystoreFile, keystorePassword, null, truststoreFile, truststorePassword, false);
}

public static SslStores create(String keystoreFile,
String keystorePassword,
String certAlias,
String truststoreFile,
String truststorePassword) {

return new SslStores(keystoreFile, keystorePassword, certAlias, truststoreFile, truststorePassword, false);
}

public static SslStores create(String keystoreFile,
Expand All @@ -50,26 +60,28 @@ public static SslStores create(String keystoreFile,
String truststorePassword,
boolean needsClientCert) {

return new SslStores(keystoreFile, keystorePassword, truststoreFile, truststorePassword, needsClientCert);
return new SslStores(keystoreFile, keystorePassword, null, truststoreFile, truststorePassword, needsClientCert);
}

private SslStores(String keystoreFile,
String keystorePassword,
String truststoreFile,
String truststorePassword) {
this.keystoreFile = keystoreFile;
this.keystorePassword = keystorePassword;
this.truststoreFile = truststoreFile;
this.truststorePassword = truststorePassword;
public static SslStores create(String keystoreFile,
String keystorePassword,
String certAlias,
String truststoreFile,
String truststorePassword,
boolean needsClientCert) {

return new SslStores(keystoreFile, keystorePassword, certAlias, truststoreFile, truststorePassword, needsClientCert);
}

private SslStores(String keystoreFile,
String keystorePassword,
String certAlias,
String truststoreFile,
String truststorePassword,
boolean needsClientCert) {
this.keystoreFile = keystoreFile;
this.keystorePassword = keystorePassword;
this.certAlias = certAlias;
this.truststoreFile = truststoreFile;
this.truststorePassword = truststorePassword;
this.needsClientCert = needsClientCert;
Expand All @@ -89,6 +101,13 @@ public String keystorePassword() {
return keystorePassword;
}

/**
* @return certAlias
*/
public String certAlias() {
return certAlias;
}

/**
* @return trustStoreFile
*/
Expand Down

0 comments on commit 99d7ddc

Please sign in to comment.