Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[JENKINS-23665] Parameter to select alias of SSL/TLS certificate for
Jenkins Web UI, private key password
  • Loading branch information
TorstenS73 committed Jul 3, 2014
1 parent 52e94ad commit e343402
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 5 deletions.
14 changes: 9 additions & 5 deletions src/java/winstone/HttpsConnectorFactory.java
Expand Up @@ -184,7 +184,9 @@ private static PrivateKey readPEMRSAPrivateKey(Reader reader) throws IOException
*/
SslContextFactory getSSLContext(Map args) {
try {
// Check the key manager factory
// Dump the content of the keystore if log level is FULL_DEBUG
// Note: The kmf is instantiated here only to access the keystore,
// the SslContextFactory will instantiate its own KeyManager
KeyManagerFactory kmf = KeyManagerFactory.getInstance(Option.HTTPS_KEY_MANAGER_TYPE.get(args));

kmf.init(keystore, password);
Expand All @@ -197,12 +199,14 @@ SslContextFactory getSSLContext(Map args) {
keystore.getCertificate(alias) + "");
}

SSLContext context = SSLContext.getInstance("SSL");
context.init(kmf.getKeyManagers(), null, null);

SslContextFactory ssl = new SslContextFactory();
ssl.setSslContext(context);

ssl.setSslKeyManagerFactoryAlgorithm(Option.HTTPS_KEY_MANAGER_TYPE.get(args));
ssl.setKeyStore(keystore);
ssl.setCertAlias(Option.HTTPS_CERTIFICATE_ALIAS.get(args));
ssl.setKeyStorePassword(Option.HTTPS_KEY_STORE_PASSWORD.get(args));
ssl.setKeyManagerPassword(Option.HTTPS_PRIVATE_KEY_PASSWORD.get(args));

/**
* If true, request the client certificate ala "SSLVerifyClient require" Apache directive.
* If false, which is the default, don't do so.
Expand Down
2 changes: 2 additions & 0 deletions src/java/winstone/cmdline/Option.java
Expand Up @@ -67,9 +67,11 @@ public static List<Option<?>> all(Class<?> clazz) {
public static final OInt HTTPS_KEEP_ALIVE_TIMEOUT=integer("https" + _KEEP_ALIVE_TIMEOUT, _KEEP_ALIVE_TIMEOUT.defaultValue);
public static final OFile HTTPS_KEY_STORE=file("httpsKeyStore");
public static final OString HTTPS_KEY_STORE_PASSWORD=string("httpsKeyStorePassword");
public static final OString HTTPS_PRIVATE_KEY_PASSWORD=string("httpsPrivateKeyPassword");
public static final OString HTTPS_KEY_MANAGER_TYPE=string("httpsKeyManagerType","SunX509");
public static final OBoolean HTTPS_VERIFY_CLIENT=bool("httpsVerifyClient",false);
public static final OFile HTTPS_CERTIFICATE=file("httpsCertificate");
public static final OString HTTPS_CERTIFICATE_ALIAS=string("httpsCertificateAlias");
public static final OFile HTTPS_PRIVATE_KEY=file("httpsPrivateKey");
public static final OBoolean HTTPS_SPDY=bool("spdy",false);

Expand Down

0 comments on commit e343402

Please sign in to comment.