Comments (2)
Hi @HoffiMuc
Thank you for your kind words!
Currently the SSLFactory returns the following values:
import nl.altindag.ssl.SSLFactory;
import nl.altindag.ssl.model.KeyStoreHolder;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Optional;
public class App {
public static void main(String[] args) {
SSLFactory sslFactory = ...; // initialised sslfactory
SSLContext sslContext = sslFactory.getSslContext();
HostnameVerifier hostnameVerifier = sslFactory.getHostnameVerifier();
Optional<X509ExtendedKeyManager> keyManager = sslFactory.getKeyManager();
Optional<X509ExtendedTrustManager> trustManager = sslFactory.getTrustManager();
Optional<KeyManagerFactory> keyManagerFactory = sslFactory.getKeyManagerFactory();
Optional<TrustManagerFactory> trustManagerFactory = sslFactory.getTrustManagerFactory();
List<X509Certificate> trustedCertificates = sslFactory.getTrustedCertificates();
SSLSocketFactory sslSocketFactory = sslFactory.getSslSocketFactory();
SSLServerSocketFactory sslServerSocketFactory = sslFactory.getSslServerSocketFactory();
SSLEngine sslEngine = sslFactory.getSslEngine(host, port);
SSLParameters sslParameters = sslFactory.getSslParameters();
List<String> ciphers = sslFactory.getCiphers();
List<String> protocols = sslFactory.getProtocols();
}
}
So the only option would be:
Optional<X509ExtendedKeyManager> keyManager = sslFactory.getKeyManager();
Optional<X509ExtendedTrustManager> trustManager = sslFactory.getTrustManager();
I get your feature request and I actually need to say that this was available before but I removed from version 7.0.0 onwards. In the early stage of development of this library it made sense to hold on these individual building blocks such as the keystore, truststore, keymanager and trustmanager within the sslfactory. Those objects could be fetched later on.
However the library evolved and got new capabilities such as building the sslfactory from a list of certifficates or a private key object. The most challenging decision was adding a hot swappable keymanager and trustmanager to the sslfactory which made the option of storing the initial keystores, truststore, keymanager and trustmanager useless... So I ended up removing those options.
You can still get the keymanager and trustmanager from the sslfactory, but not the individual ones if you are using multiple because the sslfactory will return the composed one.
So a workaround would be maybe using the following utils within the library:
These utils are used within the sslfactory and it will return the objects you want to create such as the keystore, truststore, keymanager and trustmanager. The downside would be that you need to store it in your custom data class. But the positive side is you can use the utility classes which give more advanced control in how you want to create and manage the objects and it also takes away the verbosity and validations.
So basically what you can do it:
KeyStore identityOne = KeyStoreUtils.loadKeyStore(identityStorePathOne, identityStorePassword, identityStoreType);
KeyStore identityTwo = KeyStoreUtils.loadKeyStore(identityStorePathTwo, identityStorePassword, identityStoreType);
KeyStore trustStoreOne = KeyStoreUtils.loadKeyStore(trustStorePathTwo, trustStorePassword, trustStoreType);
KeyStore trustStoreTwo = KeyStoreUtils.loadKeyStore(trustStorePathTwo, trustStorePassword, trustStoreType);
SSLMaterial sslMaterial = new SSLMaterial(
Arrays.asList(identityOne, identityTwo),
Arrays.asList(trustStoreOne, trustStoreTwo)
);
Would that workaround work for you?
from sslcontext-kickstart.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
from sslcontext-kickstart.
Related Issues (20)
- InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty on Windows HOT 5
- android platform I don't want to use user imported self-signed CA? HOT 3
- New System Keystores in Windows HOT 4
- Potential Regression in 8.1.3 (#4c16ca8) HOT 8
- withSystemTrustMaterial cannot create TrustStore because certificate is absent HOT 7
- MacCertificateUtils: Invoke "security" without the need of a shell HOT 6
- Hot reload for certificate in Quarkus HOT 7
- Dependency on bcpkix-jdk15on introduces vulnerability CVE-2023-33201 HOT 2
- Disable "Acceptable client certificate CA names" on MTLS client connect.
- Hostname verifier doesn't work with JDK Http Client HOT 4
- No available authentication scheme HOT 8
- Add Support For `withoutProtocols` + `withoutCiphers` HOT 3
- Question about Classic Configuration Migration HOT 18
- When using pem utils v8.2.0 dependency in android, Duplicate class error in org.bouncycastle HOT 3
- Loading the keystore takes a very long time in some rare cases HOT 9
- JDK9+ jdeps error HOT 6
- Implementing Dynamic SSL Pinning Using Base64 Encoded Server Certificate? HOT 6
- PKIX path building failed (client-side) when using certificates from Let's Encyrpt HOT 9
- aarch64 macOS runner support HOT 6
- FTPs - None of the TrustManagers trust this certificate chain HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sslcontext-kickstart.