Giter VIP home page Giter VIP logo

Comments (2)

Hakky54 avatar Hakky54 commented on June 14, 2024

Hi @HoffiMuc

Thank you for your kind words!

Currently the SSLFactory returns the following values:

import nl.altindag.ssl.SSLFactory;
import nl.altindag.ssl.model.KeyStoreHolder;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Optional;

public class App {

    public static void main(String[] args) {
        SSLFactory sslFactory = ...; // initialised sslfactory

        SSLContext sslContext = sslFactory.getSslContext();
        HostnameVerifier hostnameVerifier = sslFactory.getHostnameVerifier();
        Optional<X509ExtendedKeyManager> keyManager = sslFactory.getKeyManager();
        Optional<X509ExtendedTrustManager> trustManager = sslFactory.getTrustManager();
        Optional<KeyManagerFactory> keyManagerFactory = sslFactory.getKeyManagerFactory();
        Optional<TrustManagerFactory> trustManagerFactory = sslFactory.getTrustManagerFactory();
        List<X509Certificate> trustedCertificates = sslFactory.getTrustedCertificates();
        SSLSocketFactory sslSocketFactory = sslFactory.getSslSocketFactory();
        SSLServerSocketFactory sslServerSocketFactory = sslFactory.getSslServerSocketFactory();
        SSLEngine sslEngine = sslFactory.getSslEngine(host, port);
        SSLParameters sslParameters = sslFactory.getSslParameters();
        List<String> ciphers = sslFactory.getCiphers();
        List<String> protocols = sslFactory.getProtocols();
    }

}

So the only option would be:

Optional<X509ExtendedKeyManager> keyManager = sslFactory.getKeyManager();
Optional<X509ExtendedTrustManager> trustManager = sslFactory.getTrustManager();

I get your feature request and I actually need to say that this was available before but I removed from version 7.0.0 onwards. In the early stage of development of this library it made sense to hold on these individual building blocks such as the keystore, truststore, keymanager and trustmanager within the sslfactory. Those objects could be fetched later on.

However the library evolved and got new capabilities such as building the sslfactory from a list of certifficates or a private key object. The most challenging decision was adding a hot swappable keymanager and trustmanager to the sslfactory which made the option of storing the initial keystores, truststore, keymanager and trustmanager useless... So I ended up removing those options.

You can still get the keymanager and trustmanager from the sslfactory, but not the individual ones if you are using multiple because the sslfactory will return the composed one.

So a workaround would be maybe using the following utils within the library:

These utils are used within the sslfactory and it will return the objects you want to create such as the keystore, truststore, keymanager and trustmanager. The downside would be that you need to store it in your custom data class. But the positive side is you can use the utility classes which give more advanced control in how you want to create and manage the objects and it also takes away the verbosity and validations.

So basically what you can do it:

KeyStore identityOne = KeyStoreUtils.loadKeyStore(identityStorePathOne, identityStorePassword, identityStoreType);
KeyStore identityTwo = KeyStoreUtils.loadKeyStore(identityStorePathTwo, identityStorePassword, identityStoreType);
KeyStore trustStoreOne = KeyStoreUtils.loadKeyStore(trustStorePathTwo, trustStorePassword, trustStoreType);
KeyStore trustStoreTwo = KeyStoreUtils.loadKeyStore(trustStorePathTwo, trustStorePassword, trustStoreType);

SSLMaterial sslMaterial = new SSLMaterial(
    Arrays.asList(identityOne, identityTwo),
    Arrays.asList(trustStoreOne, trustStoreTwo)
);

Would that workaround work for you?

from sslcontext-kickstart.

stale avatar stale commented on June 14, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

from sslcontext-kickstart.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.