You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by gg...@apache.org on 2020/09/06 21:48:03 UTC
[commons-vfs] branch master updated: VFS-786 - Allow users to set
custom keystore types like JCEKS, PKCS12 (#121)
This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-vfs.git
The following commit(s) were added to refs/heads/master by this push:
new 546f35c VFS-786 - Allow users to set custom keystore types like JCEKS, PKCS12 (#121)
546f35c is described below
commit 546f35c916d0ee33c115ff370d518b50481de727
Author: satish-csi <67...@users.noreply.github.com>
AuthorDate: Mon Sep 7 03:17:55 2020 +0530
VFS-786 - Allow users to set custom keystore types like JCEKS, PKCS12 (#121)
* VFS-786 - Allow users to set custom keystore types like JCEKS, PKCS12
* VFS-787 - Allow users to set proxy schemes like http/https - update review comments
* VFS-786 - add testcase for keystore type
* Update filesystems.xml
Fix alignment.
Co-authored-by: Gary Gregory <ga...@users.noreply.github.com>
---
.../vfs2/provider/http4/Http4FileProvider.java | 1 +
.../http4/Http4FileSystemConfigBuilder.java | 26 +++++++++++++++
.../vfs2/provider/http5/Http5FileProvider.java | 1 +
.../http5/Http5FileSystemConfigBuilder.java | 25 ++++++++++++++
.../http5s/test/Http5sGetContentInfoTest.java | 37 +++++++++++++++++++++
.../org.apache.httpserver/star_apache_cert.ts | Bin 0 -> 1723 bytes
src/site/xdoc/filesystems.xml | 7 ++--
7 files changed, 95 insertions(+), 2 deletions(-)
diff --git a/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/http4/Http4FileProvider.java b/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/http4/Http4FileProvider.java
index 1a4eaf3..31a8cde 100644
--- a/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/http4/Http4FileProvider.java
+++ b/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/http4/Http4FileProvider.java
@@ -205,6 +205,7 @@ public class Http4FileProvider extends AbstractOriginatingFileProvider {
final FileSystemOptions fileSystemOptions) throws FileSystemException {
try {
final SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
+ sslContextBuilder.setKeyStoreType(builder.getKeyStoreType(fileSystemOptions));
File keystoreFileObject = null;
final String keystoreFile = builder.getKeyStoreFile(fileSystemOptions);
diff --git a/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/http4/Http4FileSystemConfigBuilder.java b/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/http4/Http4FileSystemConfigBuilder.java
index 717753c..ecac9ba 100644
--- a/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/http4/Http4FileSystemConfigBuilder.java
+++ b/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/http4/Http4FileSystemConfigBuilder.java
@@ -16,6 +16,7 @@
*/
package org.apache.commons.vfs2.provider.http4;
+import java.security.KeyStore;
import org.apache.commons.vfs2.FileSystem;
import org.apache.commons.vfs2.FileSystemConfigBuilder;
import org.apache.commons.vfs2.FileSystemOptions;
@@ -89,6 +90,11 @@ public class Http4FileSystemConfigBuilder extends FileSystemConfigBuilder {
private static final String KEYSTORE_PASS = "http.keystorePass";
/**
+ * Defines the keystore type for the underlying HttpClient.
+ */
+ private static final String KEYSTORE_TYPE = "http.keyStoreType";
+
+ /**
* Defines whether the host name should be verified or not in SSL connections.
* <p>
* This parameter expects a value of type {@link Boolean}.
@@ -526,6 +532,26 @@ public class Http4FileSystemConfigBuilder extends FileSystemConfigBuilder {
}
/**
+ * Set keystore type for SSL connections.
+ * @param opts the file system options to modify
+ * @param keyStoreType keystore type for SSL connections
+ * @since 2.7.0
+ */
+ public void setKeyStoreType(final FileSystemOptions opts, final String keyStoreType) {
+ setParam(opts, KEYSTORE_TYPE, keyStoreType);
+ }
+
+ /**
+ * Get keystore type for SSL connections.
+ * @param opts the file system options to modify
+ * @return keystore type for SSL connections
+ * @since 2.7.0
+ */
+ public String getKeyStoreType(final FileSystemOptions opts) {
+ return getString(opts, KEYSTORE_TYPE, KeyStore.getDefaultType());
+ }
+
+ /**
* Sets if the hostname should be verified in SSL context.
*
* @param opts The FileSystemOptions.
diff --git a/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/http5/Http5FileProvider.java b/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/http5/Http5FileProvider.java
index 5c38d1b..e147022 100644
--- a/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/http5/Http5FileProvider.java
+++ b/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/http5/Http5FileProvider.java
@@ -205,6 +205,7 @@ public class Http5FileProvider extends AbstractOriginatingFileProvider {
final FileSystemOptions fileSystemOptions) throws FileSystemException {
try {
final SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
+ sslContextBuilder.setKeyStoreType(builder.getKeyStoreType(fileSystemOptions));
File keystoreFileObject = null;
final String keystoreFile = builder.getKeyStoreFile(fileSystemOptions);
diff --git a/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/http5/Http5FileSystemConfigBuilder.java b/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/http5/Http5FileSystemConfigBuilder.java
index 406d0fd..b3f07af 100644
--- a/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/http5/Http5FileSystemConfigBuilder.java
+++ b/commons-vfs2/src/main/java/org/apache/commons/vfs2/provider/http5/Http5FileSystemConfigBuilder.java
@@ -16,6 +16,7 @@
*/
package org.apache.commons.vfs2.provider.http5;
+import java.security.KeyStore;
import org.apache.commons.vfs2.FileSystem;
import org.apache.commons.vfs2.FileSystemConfigBuilder;
import org.apache.commons.vfs2.FileSystemOptions;
@@ -89,6 +90,11 @@ public class Http5FileSystemConfigBuilder extends FileSystemConfigBuilder {
private static final String KEYSTORE_PASS = "http.keystorePass";
/**
+ * Defines the keystore type for the underlying HttpClient.
+ */
+ private static final String KEYSTORE_TYPE = "http.keyStoreType";
+
+ /**
* Defines whether the host name should be verified or not in SSL connections.
* <p>
* This parameter expects a value of type {@link Boolean}.
@@ -543,6 +549,25 @@ public class Http5FileSystemConfigBuilder extends FileSystemConfigBuilder {
}
/**
+ * Set keystore type for SSL connections.
+ * @param opts the file system options to modify
+ * @param keyStoreType keystore type for SSL connections
+ * @since 2.7.0
+ */
+ public void setKeyStoreType(final FileSystemOptions opts, final String keyStoreType) {
+ setParam(opts, KEYSTORE_TYPE, keyStoreType);
+ }
+
+ /**
+ * Get keystore type for SSL connections.
+ * @param opts the file system options to modify
+ * @return keystore type for SSL connections
+ * @since 2.7.0
+ */
+ public String getKeyStoreType(final FileSystemOptions opts) {
+ return getString(opts, KEYSTORE_TYPE, KeyStore.getDefaultType());
+ }
+ /**
* Sets if the hostname should be verified in SSL context.
*
* @param opts The FileSystemOptions.
diff --git a/commons-vfs2/src/test/java/org/apache/commons/vfs2/provider/http5s/test/Http5sGetContentInfoTest.java b/commons-vfs2/src/test/java/org/apache/commons/vfs2/provider/http5s/test/Http5sGetContentInfoTest.java
index 3b7e465..68de945 100644
--- a/commons-vfs2/src/test/java/org/apache/commons/vfs2/provider/http5s/test/Http5sGetContentInfoTest.java
+++ b/commons-vfs2/src/test/java/org/apache/commons/vfs2/provider/http5s/test/Http5sGetContentInfoTest.java
@@ -16,9 +16,15 @@
*/
package org.apache.commons.vfs2.provider.http5s.test;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;
+import java.nio.charset.StandardCharsets;
+import java.util.stream.Collectors;
import org.apache.commons.vfs2.FileContent;
import org.apache.commons.vfs2.FileObject;
import org.apache.commons.vfs2.FileSystemException;
@@ -36,6 +42,8 @@ import junit.framework.TestCase;
*/
public class Http5sGetContentInfoTest extends TestCase {
+ private static final String SERVER_JCEKS_RES = "org.apache.httpserver/star_apache_cert.ts";
+
/**
* Tests VFS-427 NPE on Http5FileObject.getContent().getContentInfo().
*
@@ -53,6 +61,23 @@ public class Http5sGetContentInfoTest extends TestCase {
content.getContentInfo();
}
+ /**
+ * Tests VFS-786 set keystore type.
+ *
+ * @throws FileSystemException thrown when the getContentInfo API fails.
+ * @throws MalformedURLException thrown when the System environment contains an invalid URL for an HTTPS proxy.
+ */
+ @Test
+ public void testSSLGetContentInfo() throws IOException {
+ final FileSystemManager fsManager = VFS.getManager();
+ final String uri = "http5s://www.apache.org/licenses/LICENSE-2.0.txt";
+ final FileObject fo = fsManager.resolveFile(uri, getOptionsWithSSL());
+ final FileContent content = fo.getContent();
+ try(InputStream is = content.getInputStream()){
+ String text = new BufferedReader(new InputStreamReader(is, StandardCharsets.UTF_8)).lines().collect(Collectors.joining("\n"));
+ assertNotNull(text);
+ }
+ }
FileSystemOptions getOptionsWithProxy() throws MalformedURLException {
// get proxy host and port from env var "https_proxy"
String proxyHost = null;
@@ -69,6 +94,7 @@ public class Http5sGetContentInfoTest extends TestCase {
return null;
}
+
// return options with proxy
final Http5FileSystemConfigBuilder builder = Http5FileSystemConfigBuilder.getInstance();
final FileSystemOptions opts = new FileSystemOptions();
@@ -76,4 +102,15 @@ public class Http5sGetContentInfoTest extends TestCase {
builder.setProxyPort(opts, proxyPort);
return opts;
}
+
+ private FileSystemOptions getOptionsWithSSL() throws MalformedURLException {
+ final Http5FileSystemConfigBuilder builder = Http5FileSystemConfigBuilder.getInstance();
+ final FileSystemOptions opts = new FileSystemOptions();
+ final URL serverJksResource = ClassLoader.getSystemClassLoader().getResource(SERVER_JCEKS_RES);
+ builder.setKeyStoreFile(opts, serverJksResource.getFile());
+ builder.setKeyStorePass(opts, "Hello_1234");
+ builder.setKeyStoreType(opts, "JCEKS");
+ return opts;
+ }
+
}
diff --git a/commons-vfs2/src/test/resources/org.apache.httpserver/star_apache_cert.ts b/commons-vfs2/src/test/resources/org.apache.httpserver/star_apache_cert.ts
new file mode 100644
index 0000000..c3aa43b
Binary files /dev/null and b/commons-vfs2/src/test/resources/org.apache.httpserver/star_apache_cert.ts differ
diff --git a/src/site/xdoc/filesystems.xml b/src/site/xdoc/filesystems.xml
index 980970d..8df73e1 100644
--- a/src/site/xdoc/filesystems.xml
+++ b/src/site/xdoc/filesystems.xml
@@ -530,9 +530,12 @@
<li><b>proxyScheme</b> The proxy scheme (http/https) to use.</li>
<li><b>cookies</b> An array of Cookies to add to the request.</li>
<li><b>maxConnectionsPerHost</b> The maximum number of connections allowed to
- a specific host and port. The default is 5.</li>
+ a specific host and port. The default is 5.</li>
<li><b>maxTotalConnections</b> The maximum number of connections allowed to
- all hosts. The default is 50.</li>
+ all hosts. The default is 50.</li>
+ <li><b>keystoreFile</b> The keystore file for SSL connections.</li>
+ <li><b>keystorePass</b> The keystore password.</li>
+ <li><b>keystoreType</b> The keystore type.</li>
</ul>
</p>