Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add keyAlias functionality to keyStore #1241

Merged
merged 14 commits into from
Sep 11, 2024
Merged

Add keyAlias functionality to keyStore #1241

merged 14 commits into from
Sep 11, 2024

Conversation

t-burch
Copy link
Collaborator

@t-burch t-burch commented Aug 23, 2024

No description provided.

@t-burch
- Remove restriction on key alias in StaticSSLContext to allow key …
a7fbcbe 
…alias selection.

- Add method to configure key alias in `SSLContextBuilder`.
- Implement unit tests for valid, incorrect, and invalid key aliases using newly created keystore and truststore files.
@t-burch t-burch requested a review from predic8 August 23, 2024 14:56
@membrane-ci-server
Copy link

This pull request needs "/ok-to-test" from an authorized committer.

@t-burch t-burch marked this pull request as draft August 23, 2024 15:03
t-burch and others added 3 commits August 26, 2024 12:48
@t-burch
Implement key alias fetching in StaticSSLContext. Introduce methods…
96a1009 
… to retrieve the common name from X509 certificates and update tests to validate key alias selection. Ensure fallback logic for missing or incorrect key aliases is handled gracefully with appropriate warnings.
@t-burch
Merge branch 'master' into #1238-keyalias-support-for-ssl-context
3907b42
@predic8
Review
4bb7973
@t-burch t-burch linked an issue Aug 27, 2024 that may be closed by this pull request
keyAlias is not yet supported #1238
Closed
t-burch and others added 4 commits August 27, 2024 17:30
@t-burch
Merge branch 'master' into #1238-keyalias-support-for-ssl-context
a25e454
@t-burch
Added utility methods in KeyStoreUtil.
5b61774 
Enhance StaticSSLContext to retrieve certificate aliases, ensuring fallback to the first alias when none specified.
Add comprehensive tests for KeyStoreUtil methods.
@t-burch
Add methods for generating an SHA-256 certificate digest and loading …
fa61519 
…a KeyStore based on provided parameters. Update tests to validate these functionalities, ensuring correct behavior for alias handling. Refactor existing methods for consistency and clarity.
@t-burch
Merge remote-tracking branch 'origin/#1238-keyalias-support-for-ssl-c…
d793f0b 
…ontext' into #1238-keyalias-support-for-ssl-context
@t-burch t-burch marked this pull request as ready for review August 28, 2024 07:28
@t-burch t-burch requested a review from rrayst August 28, 2024 07:28
@t-burch
Copy link
Collaborator Author

t-burch commented Aug 28, 2024

/ok-to-test

t-burch and others added 2 commits August 29, 2024 11:12
@t-burch
- Introduce filterKeyStoreByAlias method in KeyStoreUtil to creat…
4f3c1ce 
…e a new KeyStore containing only the specified key and its certificate chain.

- Update `StaticSSLContext` to use the filtered KeyStore for initializing the KeyManagerFactory.
- Add unit tests for key alias filtering in `KeyStoreUtilTest` and SSL context behavior in `SSLContextTest`.
- Include a new truststore for validating second key alias scenarios.
@t-burch
Merge branch 'master' into #1238-keyalias-support-for-ssl-context
9dbb50b
@predic8
Copy link
Member

predic8 commented Aug 30, 2024

Looks good to me

rrayst
rrayst requested changes Aug 30, 2024
View reviewed changes
Copy link
Contributor

@rrayst rrayst left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

test fails: the exact Exception thrown depends on the JVM version used. please use the assertThrows2 method instead, as shown in the SSLContextTest class.

t-burch and others added 3 commits September 9, 2024 13:20
@t-burch
Merge branch 'master' into #1238-keyalias-support-for-ssl-context
fd4d70e
@t-burch
Add key alias support for SSL context configuration
29750e1 
Implement functionality to specify a key alias for the SSL context, enhancing flexibility in managing multiple keys. Update relevant documentation to reflect these changes and ensure consistent usage across the application.
@t-burch
Merge remote-tracking branch 'origin/#1238-keyalias-support-for-ssl-c…
d5c5890 
…ontext' into #1238-keyalias-support-for-ssl-context
@t-burch t-burch requested a review from rrayst September 9, 2024 11:36
@rrayst rrayst merged commit efc98fb into master Sep 11, 2024
3 of 4 checks passed
@rrayst rrayst deleted the #1238-keyalias-support-for-ssl-context branch September 11, 2024 07:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rrayst rrayst rrayst approved these changes

@predic8 predic8 Awaiting requested review from predic8

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

keyAlias is not yet supported
4 participants
@t-burch @predic8 @rrayst @christiangoerdes