You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jclouds.apache.org by na...@apache.org on 2015/04/06 23:00:29 UTC
[3/3] jclouds-labs git commit: [JCLOUDS-838] Introducing
InMemoryKeyManager for PEM-encoded certificate and private key
[JCLOUDS-838] Introducing InMemoryKeyManager for PEM-encoded certificate and private key
Conflicts:
azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/KeyStoreSupplier.java
Project: http://git-wip-us.apache.org/repos/asf/jclouds-labs/repo
Commit: http://git-wip-us.apache.org/repos/asf/jclouds-labs/commit/b9036f5a
Tree: http://git-wip-us.apache.org/repos/asf/jclouds-labs/tree/b9036f5a
Diff: http://git-wip-us.apache.org/repos/asf/jclouds-labs/diff/b9036f5a
Branch: refs/heads/master
Commit: b9036f5afcdfde0011291fef3e046f977925b518
Parents: ab6993f
Author: Francesco Chicchiriccò <il...@apache.org>
Authored: Fri Mar 13 12:00:15 2015 +0100
Committer: Ignasi Barrera <na...@apache.org>
Committed: Mon Apr 6 22:54:43 2015 +0200
----------------------------------------------------------------------
.../config/AzureComputeHttpApiModule.java | 9 +-
.../suppliers/DelegatingSSLContextSupplier.java | 91 ++++++++++++
.../suppliers/FileBasedKeyManagersSupplier.java | 64 +++++++++
.../suppliers/InMemoryKeyManagersSupplier.java | 136 ++++++++++++++++++
.../suppliers/KeyStoreSupplier.java | 137 -------------------
.../suppliers/SSLContextWithKeysSupplier.java | 86 ------------
6 files changed, 293 insertions(+), 230 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/jclouds-labs/blob/b9036f5a/azurecompute/src/main/java/org/jclouds/azurecompute/config/AzureComputeHttpApiModule.java
----------------------------------------------------------------------
diff --git a/azurecompute/src/main/java/org/jclouds/azurecompute/config/AzureComputeHttpApiModule.java b/azurecompute/src/main/java/org/jclouds/azurecompute/config/AzureComputeHttpApiModule.java
index 4c5961c..779de7f 100644
--- a/azurecompute/src/main/java/org/jclouds/azurecompute/config/AzureComputeHttpApiModule.java
+++ b/azurecompute/src/main/java/org/jclouds/azurecompute/config/AzureComputeHttpApiModule.java
@@ -16,13 +16,11 @@
*/
package org.jclouds.azurecompute.config;
-import java.security.KeyStore;
import javax.net.ssl.SSLContext;
import org.jclouds.azurecompute.AzureComputeApi;
import org.jclouds.azurecompute.handlers.AzureComputeErrorHandler;
-import org.jclouds.azurecompute.suppliers.KeyStoreSupplier;
-import org.jclouds.azurecompute.suppliers.SSLContextWithKeysSupplier;
+import org.jclouds.azurecompute.suppliers.DelegatingSSLContextSupplier;
import org.jclouds.http.HttpErrorHandler;
import org.jclouds.http.annotation.ClientError;
import org.jclouds.http.annotation.Redirection;
@@ -60,10 +58,7 @@ public class AzureComputeHttpApiModule extends HttpApiModule<AzureComputeApi> {
install(new AzureComputeParserModule());
super.configure();
bind(new TypeLiteral<Supplier<SSLContext>>() {
- }).to(new TypeLiteral<SSLContextWithKeysSupplier>() {
- });
- bind(new TypeLiteral<Supplier<KeyStore>>() {
- }).to(new TypeLiteral<KeyStoreSupplier>() {
+ }).to(new TypeLiteral<DelegatingSSLContextSupplier>() {
});
}
}
http://git-wip-us.apache.org/repos/asf/jclouds-labs/blob/b9036f5a/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/DelegatingSSLContextSupplier.java
----------------------------------------------------------------------
diff --git a/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/DelegatingSSLContextSupplier.java b/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/DelegatingSSLContextSupplier.java
new file mode 100644
index 0000000..3570b0a
--- /dev/null
+++ b/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/DelegatingSSLContextSupplier.java
@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jclouds.azurecompute.suppliers;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.base.Throwables.propagate;
+
+import com.google.common.base.Supplier;
+import java.io.File;
+import java.security.SecureRandom;
+import javax.inject.Inject;
+import javax.inject.Singleton;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import org.jclouds.crypto.Crypto;
+import org.jclouds.domain.Credentials;
+import org.jclouds.http.HttpUtils;
+import org.jclouds.http.config.SSLModule.TrustAllCerts;
+import org.jclouds.location.Provider;
+
+/**
+ * This supplier handles two different types of authentication: PKCS12 and PEM.
+ * <br/>
+ * Out of the {@link Credentials} instance:
+ * <ol>
+ * <li><tt>PKCS12</tt>: where {@link Credentials#identity} is keystore path and {@link Credentials#credential} is
+ * keystore password</li>
+ * <li><tt>PEM</tt>: where {@link Credentials#identity} is PEM-encoded certificate content and
+ * {@link Credentials#credential} is PEM-encoded private key</li>
+ * </ol>
+ */
+@Singleton
+public class DelegatingSSLContextSupplier implements Supplier<SSLContext> {
+
+ private final Crypto crypto;
+
+ private final TrustManager[] trustManager;
+
+ private final Supplier<Credentials> creds;
+
+ @Inject
+ DelegatingSSLContextSupplier(
+ Crypto crypto, @Provider Supplier<Credentials> creds, HttpUtils utils, TrustAllCerts trustAllCerts) {
+
+ this.crypto = crypto;
+ this.trustManager = utils.trustAllCerts() ? new TrustManager[]{trustAllCerts} : null;
+ this.creds = creds;
+ }
+
+ @Override
+ public SSLContext get() {
+ final Credentials currentCreds = checkNotNull(creds.get(), "credential supplier returned null");
+ final String identity = checkNotNull(currentCreds.identity, "credential supplier returned null identity");
+ final String credential = checkNotNull(currentCreds.credential, "credential supplier returned null credential");
+
+ final File pkcs12File = new File(identity);
+
+ final KeyManager[] keyManagers = pkcs12File.isFile()
+ ? // identity is path to PKCS12 file, credential holds keystore password
+ new FileBasedKeyManagersSupplier(pkcs12File, credential.toCharArray()).get()
+ : // identity is PEM-encoded certificate content, credentials PEM-encoded private key
+ new InMemoryKeyManagersSupplier(crypto, identity).get();
+
+ if (keyManagers == null) {
+ throw new IllegalStateException("Could not setup any viable authentication method");
+ }
+
+ try {
+ final SSLContext sslContext = SSLContext.getInstance("TLS");
+ sslContext.init(keyManagers, trustManager, new SecureRandom());
+ return sslContext;
+ } catch (Exception e) {
+ throw propagate(e);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/jclouds-labs/blob/b9036f5a/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/FileBasedKeyManagersSupplier.java
----------------------------------------------------------------------
diff --git a/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/FileBasedKeyManagersSupplier.java b/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/FileBasedKeyManagersSupplier.java
new file mode 100644
index 0000000..e388184
--- /dev/null
+++ b/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/FileBasedKeyManagersSupplier.java
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jclouds.azurecompute.suppliers;
+
+import com.google.common.base.Supplier;
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import org.jclouds.util.Closeables2;
+
+import static com.google.common.base.Throwables.propagate;
+
+class FileBasedKeyManagersSupplier implements Supplier<KeyManager[]> {
+
+ private final File pkcs12File;
+
+ private final char[] credential;
+
+ public FileBasedKeyManagersSupplier(final File pkcs12File, final char[] credential) {
+ this.pkcs12File = pkcs12File;
+ this.credential = credential;
+ }
+
+ @Override
+ public KeyManager[] get() {
+ KeyManager[] keyManagers = null;
+
+ FileInputStream stream = null;
+ try {
+ stream = new FileInputStream(pkcs12File);
+
+ final KeyStore keyStore = KeyStore.getInstance("PKCS12");
+ keyStore.load(stream, credential);
+
+ final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
+ keyManagerFactory.init(keyStore, credential);
+
+ keyManagers = keyManagerFactory.getKeyManagers();
+ } catch (Exception e) {
+ propagate(e);
+ } finally {
+ Closeables2.closeQuietly(stream);
+ }
+
+ return keyManagers;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/jclouds-labs/blob/b9036f5a/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/InMemoryKeyManagersSupplier.java
----------------------------------------------------------------------
diff --git a/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/InMemoryKeyManagersSupplier.java b/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/InMemoryKeyManagersSupplier.java
new file mode 100644
index 0000000..d96fcd8
--- /dev/null
+++ b/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/InMemoryKeyManagersSupplier.java
@@ -0,0 +1,136 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jclouds.azurecompute.suppliers;
+
+import com.google.common.base.Charsets;
+import com.google.common.base.Supplier;
+import com.google.common.io.ByteSource;
+import java.io.ByteArrayInputStream;
+import java.net.Socket;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.security.spec.KeySpec;
+import java.util.Collection;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.X509ExtendedKeyManager;
+import org.jclouds.crypto.Crypto;
+import org.jclouds.crypto.Pems;
+
+import static com.google.common.base.Throwables.propagate;
+
+class InMemoryKeyManagersSupplier implements Supplier<KeyManager[]> {
+
+ private final Crypto crypto;
+
+ private final String identity;
+
+ public InMemoryKeyManagersSupplier(final Crypto crypto, final String identity) {
+ this.crypto = crypto;
+ this.identity = identity;
+ }
+
+ @Override
+ public KeyManager[] get() {
+ KeyManager[] keyManagers = null;
+
+ try {
+ // split in private key and certs
+ final int privateKeyBeginIdx = identity.indexOf("-----BEGIN PRIVATE KEY");
+ final int privateKeyEndIdx = identity.indexOf("-----END PRIVATE KEY");
+ final String pemPrivateKey = identity.substring(privateKeyBeginIdx, privateKeyEndIdx + 26);
+
+ final StringBuilder pemCerts = new StringBuilder();
+ int certsBeginIdx = 0;
+ do {
+ certsBeginIdx = identity.indexOf("-----BEGIN CERTIFICATE", certsBeginIdx);
+ if (certsBeginIdx >= 0) {
+ final int certsEndIdx = identity.indexOf("-----END CERTIFICATE", certsBeginIdx) + 26;
+ pemCerts.append(identity.substring(certsBeginIdx, certsEndIdx));
+ certsBeginIdx = certsEndIdx;
+ }
+ } while (certsBeginIdx != -1);
+
+ // parse private key
+ final KeySpec keySpec = Pems.privateKeySpec(ByteSource.wrap(pemPrivateKey.getBytes(Charsets.UTF_8)));
+ final PrivateKey privateKey = crypto.rsaKeyFactory().generatePrivate(keySpec);
+
+ // parse cert(s)
+ @SuppressWarnings("unchecked")
+ final Collection<Certificate> certs = (Collection<Certificate>) CertificateFactory.getInstance("X.509").
+ generateCertificates(new ByteArrayInputStream(pemCerts.toString().getBytes(Charsets.UTF_8)));
+
+ if (certs.isEmpty()) {
+ throw new IllegalStateException("Could not find any valid certificate");
+ }
+
+ final X509Certificate certificate = (X509Certificate) certs.iterator().next();
+
+ keyManagers = new KeyManager[]{new InMemoryKeyManager(certificate, privateKey)};
+ } catch (Exception e) {
+ propagate(e);
+ }
+
+ return keyManagers;
+ }
+
+ private static class InMemoryKeyManager extends X509ExtendedKeyManager {
+
+ private static final String DEFAULT_ALIAS = "azure";
+
+ private final X509Certificate certificate;
+
+ private final PrivateKey privateKey;
+
+ public InMemoryKeyManager(final X509Certificate certificate, final PrivateKey privateKey) {
+ this.certificate = certificate;
+ this.privateKey = privateKey;
+ }
+
+ @Override
+ public String chooseClientAlias(final String[] keyType, final Principal[] issuers, final Socket socket) {
+ return DEFAULT_ALIAS;
+ }
+
+ @Override
+ public String chooseServerAlias(final String keyType, final Principal[] issuers, final Socket socket) {
+ return DEFAULT_ALIAS;
+ }
+
+ @Override
+ public X509Certificate[] getCertificateChain(final String alias) {
+ return new X509Certificate[]{certificate};
+ }
+
+ @Override
+ public String[] getClientAliases(final String keyType, final Principal[] issuers) {
+ return new String[]{DEFAULT_ALIAS};
+ }
+
+ @Override
+ public PrivateKey getPrivateKey(final String alias) {
+ return privateKey;
+ }
+
+ @Override
+ public String[] getServerAliases(final String keyType, final Principal[] issuers) {
+ return new String[]{DEFAULT_ALIAS};
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/jclouds-labs/blob/b9036f5a/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/KeyStoreSupplier.java
----------------------------------------------------------------------
diff --git a/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/KeyStoreSupplier.java b/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/KeyStoreSupplier.java
deleted file mode 100644
index 99efc0b..0000000
--- a/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/KeyStoreSupplier.java
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jclouds.azurecompute.suppliers;
-
-import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.base.Throwables.propagate;
-
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.KeySpec;
-import java.util.Collection;
-
-import javax.inject.Inject;
-import javax.inject.Singleton;
-
-import org.jclouds.crypto.Crypto;
-import org.jclouds.crypto.Pems;
-import org.jclouds.domain.Credentials;
-import org.jclouds.location.Provider;
-
-import com.google.common.base.Charsets;
-import com.google.common.base.Supplier;
-import com.google.common.io.ByteSource;
-
-/**
- * TODO this code needs to be completely refactored. It needs to stop using KeyStore of at all possible and definitely
- * the local filesystem. Please look at oauth for examples on how to do this via PEMs.
- */
-@Deprecated
-@Singleton
-public class KeyStoreSupplier implements Supplier<KeyStore> {
-
- private final Crypto crypto;
-
- private final Supplier<Credentials> creds;
-
- @Inject
- KeyStoreSupplier(Crypto crypto, @Provider Supplier<Credentials> creds) {
- this.crypto = crypto;
- this.creds = creds;
- }
-
- @Override
- public KeyStore get() {
- final Credentials currentCreds = checkNotNull(creds.get(), "credential supplier returned null");
- final String cert = checkNotNull(currentCreds.identity,
- "credential supplier returned null identity (should be cert)");
- final String keyStorePassword = checkNotNull(currentCreds.credential,
- "credential supplier returned null credential (should be keyStorePassword)");
- try {
- final KeyStore keyStore = KeyStore.getInstance("PKCS12");
-
- final File certFile = new File(checkNotNull(cert));
- if (certFile.isFile()) { // cert is path to pkcs12 file
- final FileInputStream stream = new FileInputStream(certFile);
- try {
- keyStore.load(stream, keyStorePassword.toCharArray());
- } finally {
- stream.close();
- }
- } else {
- keyStore.load(null);
-
- // split in private key and certs
- final int privateKeyBeginIdx = cert.indexOf("-----BEGIN PRIVATE KEY");
- final int privateKeyEndIdx = cert.indexOf("-----END PRIVATE KEY");
- // cert is PEM encoded, containing private key and certs
- if (privateKeyBeginIdx != -1 && privateKeyEndIdx != -1) {
- final String pemPrivateKey = cert.substring(privateKeyBeginIdx, privateKeyEndIdx + 26);
-
- final StringBuilder pemCerts = new StringBuilder();
- int certsBeginIdx = 0;
-
- do {
- certsBeginIdx = cert.indexOf("-----BEGIN CERTIFICATE", certsBeginIdx);
-
- if (certsBeginIdx >= 0) {
- final int certsEndIdx = cert.indexOf("-----END CERTIFICATE", certsBeginIdx) + 26;
- pemCerts.append(cert.substring(certsBeginIdx, certsEndIdx));
- certsBeginIdx = certsEndIdx;
- }
- } while (certsBeginIdx != -1);
-
- // parse private key
- final KeySpec keySpec = Pems.privateKeySpec(ByteSource.wrap(pemPrivateKey.getBytes(Charsets.UTF_8)));
- final PrivateKey privateKey = crypto.rsaKeyFactory().generatePrivate(keySpec);
-
- // populate keystore with private key and certs
- final CertificateFactory cf = CertificateFactory.getInstance("X.509");
- @SuppressWarnings("unchecked")
- final Collection<Certificate> certs = (Collection<Certificate>) cf.generateCertificates(
- new ByteArrayInputStream(pemCerts.toString().getBytes(Charsets.UTF_8)));
- keyStore.setKeyEntry("dummy", privateKey, keyStorePassword.toCharArray(),
- certs.toArray(new java.security.cert.Certificate[0]));
- }
- }
- return keyStore;
- } catch (NoSuchAlgorithmException e) {
- throw propagate(e);
- } catch (KeyStoreException e) {
- throw propagate(e);
- } catch (CertificateException e) {
- throw propagate(e);
- } catch (FileNotFoundException e) {
- throw propagate(e);
- } catch (IOException e) {
- throw propagate(e);
- } catch (InvalidKeySpecException e) {
- throw propagate(e);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/jclouds-labs/blob/b9036f5a/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/SSLContextWithKeysSupplier.java
----------------------------------------------------------------------
diff --git a/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/SSLContextWithKeysSupplier.java b/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/SSLContextWithKeysSupplier.java
deleted file mode 100644
index 1987792..0000000
--- a/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/SSLContextWithKeysSupplier.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.jclouds.azurecompute.suppliers;
-
-import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.base.Throwables.propagate;
-
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.UnrecoverableKeyException;
-
-import javax.inject.Inject;
-import javax.inject.Singleton;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-
-import org.jclouds.domain.Credentials;
-import org.jclouds.http.HttpUtils;
-import org.jclouds.http.config.SSLModule.TrustAllCerts;
-import org.jclouds.location.Provider;
-
-import com.google.common.base.Supplier;
-
-/**
- * TODO this code needs to be completely refactored. It needs to stop using KeyStore of at all possible and definitely
- * the local filesystem. Please look at oauth for examples on how to do this via PEMs.
- */
-@Deprecated
-@Singleton
-public class SSLContextWithKeysSupplier implements Supplier<SSLContext> {
-
- private final Supplier<KeyStore> keyStore;
-
- private final TrustManager[] trustManager;
-
- private final Supplier<Credentials> creds;
-
- @Inject
- SSLContextWithKeysSupplier(Supplier<KeyStore> keyStore, @Provider Supplier<Credentials> creds, HttpUtils utils,
- TrustAllCerts trustAllCerts) {
- this.keyStore = keyStore;
- this.trustManager = utils.trustAllCerts() ? new TrustManager[]{trustAllCerts} : null;
- this.creds = creds;
- }
-
- @Override
- public SSLContext get() {
- final Credentials currentCreds = checkNotNull(creds.get(), "credential supplier returned null");
- final String keyStorePassword = checkNotNull(currentCreds.credential,
- "credential supplier returned null credential (should be keyStorePassword)");
- KeyManagerFactory kmf;
- try {
- kmf = KeyManagerFactory.getInstance("SunX509");
- kmf.init(keyStore.get(), keyStorePassword.toCharArray());
- final SSLContext sc = SSLContext.getInstance("TLS");
- sc.init(kmf.getKeyManagers(), trustManager, new SecureRandom());
- return sc;
- } catch (NoSuchAlgorithmException e) {
- throw propagate(e);
- } catch (UnrecoverableKeyException e) {
- throw propagate(e);
- } catch (KeyStoreException e) {
- throw propagate(e);
- } catch (KeyManagementException e) {
- throw propagate(e);
- }
- }
-}