MCPcopy Create free account
hub / github.com/apache/tomcat / getKeyManagers

Method getKeyManagers

java/org/apache/tomcat/util/net/SSLUtilBase.java:310–440  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

308
309
310 @Override
311 public KeyManager[] getKeyManagers() throws Exception {
312 String keyAlias = certificate.getCertificateKeyAlias();
313 String algorithm = sslHostConfig.getKeyManagerAlgorithm();
314 String keyPassFile = certificate.getCertificateKeyPasswordFile();
315 String keyPass = certificate.getCertificateKeyPassword();
316 // This has to be here as it can't be moved to SSLHostConfig since the
317 // defaults vary between JSSE and OpenSSL.
318 if (keyPassFile == null) {
319 keyPassFile = certificate.getCertificateKeystorePasswordFile();
320 }
321 if (keyPass == null) {
322 keyPass = certificate.getCertificateKeystorePassword();
323 }
324
325 KeyStore ks = certificate.getCertificateKeystore();
326 KeyStore ksUsed = ks;
327
328 /*
329 * Use an in memory key store where possible. For PEM format keys and certificates, it allows them to be
330 * imported into the expected format. For Java key stores with PKCS8 encoded keys (e.g. JKS files), it enables
331 * Tomcat to handle the case where multiple keys exist in the key store, each with a different password. The
332 * KeyManagerFactory can't handle that so using an in memory key store with just the required key works around
333 * that. Other keys stores (hardware, MS, etc.) will be used as is.
334 */
335 char[] keyPassArray = null;
336 String keyPassToUse = null;
337 if (keyPassFile != null) {
338 try (BufferedReader reader = new BufferedReader(new InputStreamReader(
339 ConfigFileLoader.getSource().getResource(keyPassFile).getInputStream(), StandardCharsets.UTF_8))) {
340 keyPassToUse = reader.readLine();
341 }
342 } else {
343 keyPassToUse = keyPass;
344 }
345
346 if (keyPassToUse != null) {
347 keyPassArray = keyPassToUse.toCharArray();
348 }
349
350 KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
351 if (kmf.getProvider().getInfo().contains("FIPS")) {
352 // FIPS doesn't like ANY wrapping nor key manipulation.
353 if (keyAlias != null) {
354 log.warn(sm.getString("sslUtilBase.aliasIgnored", keyAlias));
355 }
356 kmf.init(ksUsed, keyPassArray);
357 return kmf.getKeyManagers();
358 }
359
360 if (ks == null) {
361 if (certificate.getCertificateFile() == null) {
362 throw new IOException(sm.getString("sslUtilBase.noCertFile"));
363 }
364
365 PEMFile privateKeyFile =
366 new PEMFile(certificate.getCertificateKeyFile() != null ? certificate.getCertificateKeyFile() :
367 certificate.getCertificateFile(), keyPass, keyPassFile, null);

Callers 1

createSSLContextMethod · 0.95

Calls 15

getSourceMethod · 0.95
getCertificatesMethod · 0.95
getPrivateKeyMethod · 0.95
toCharArrayMethod · 0.80
getProviderMethod · 0.80

Tested by

no test coverage detected