From 36b54b6dec7f2bffae66e2920460da1ae8f7948b Mon Sep 17 00:00:00 2001 From: Ronald Brill Date: Sat, 9 Dec 2023 11:36:28 +0100 Subject: [PATCH] WebClientOptions.setSSLClientCertificateKeyStore(InputStream, String, String) WebClientOptions.setSSLClientCertificateKeyStore(URL, String, String) --- src/changes/changes.xml | 12 +- .../java/org/htmlunit/WebClientOptions.java | 109 +++++++++++++----- 2 files changed, 92 insertions(+), 29 deletions(-) diff --git a/src/changes/changes.xml b/src/changes/changes.xml index fa0f017f3b7..78b43798c2d 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -7,7 +7,17 @@ - + + + Because the naming of the method and parametes is misleading, the method + WebClientOptions.setSSLClientCertificate(InputStream, String, String) is deprecated. Please use + WebClientOptions.setSSLClientCertificateKeyStore(InputStream, String, String) instead. + + + Because the naming of the method and parametes is misleading, the method + WebClientOptions.setSSLClientCertificate(URL, String, String) is deprecated. Please use + WebClientOptions.setSSLClientCertificateKeyStore(URL, String, String) instead. + diff --git a/src/main/java/org/htmlunit/WebClientOptions.java b/src/main/java/org/htmlunit/WebClientOptions.java index 0fef8ab3781..2ce6593b041 100644 --- a/src/main/java/org/htmlunit/WebClientOptions.java +++ b/src/main/java/org/htmlunit/WebClientOptions.java @@ -154,28 +154,65 @@ public boolean isRedirectEnabled() { } /** - * Sets the SSL client certificate to use. The needed parameters are used to - * construct a {@link java.security.KeyStore}. + * Sets the SSL client certificate {@link KeyStore} to use. *

* If the web server requires Renegotiation, you have to set system property * "sun.security.ssl.allowUnsafeRenegotiation" to true, as hinted in * * TLS Renegotiation Issue. *

- * In some cases the impl seems to pick old certificats from the KeyStore. To avoid - * that, wrap your keystore inside your own KeyStore impl and filter out outdated - * certificates. Provide the Keystore to the options instead of the input stream. + * In some cases the impl seems to pick old certificates from the {@link KeyStore}. To avoid + * that, wrap your {@link KeyStore} inside your own {@link KeyStore} impl and filter out outdated + * certificates. * - * @param certificateInputStream the input stream which represents the certificate + * @param keyStore {@link KeyStore} to use + * @param keyStorePassword the keystore password + */ + public void setSSLClientCertificateKeyStore(final KeyStore keyStore, final char[] keyStorePassword) { + sslClientCertificateStore_ = keyStore; + sslClientCertificatePassword_ = keyStorePassword == null ? null : keyStorePassword; + } + + /** + * Sets the SSL client certificate to use. + * The needed parameters are used to construct a {@link java.security.KeyStore}. + *

+ * If the web server requires Renegotiation, you have to set system property + * "sun.security.ssl.allowUnsafeRenegotiation" to true, as hinted in + * + * TLS Renegotiation Issue. + * + * @param certificateUrl the URL which locates the certificate * @param certificatePassword the certificate password * @param certificateType the type of certificate, usually {@code jks} or {@code pkcs12} + * + * @deprecated as of version 3.10.0; use {@link #setSSLClientCertificateKeyStore(URL, String, String)} instead */ - public void setSSLClientCertificate(final InputStream certificateInputStream, final String certificatePassword, + @Deprecated + public void setSSLClientCertificate(final URL certificateUrl, final String certificatePassword, final String certificateType) { - try { - setSSLClientCertificateKeyStore( - getKeyStore(certificateInputStream, certificatePassword, certificateType), - certificatePassword.toCharArray()); + setSSLClientCertificateKeyStore(certificateUrl, certificatePassword, certificateType); + } + + /** + * Sets the SSL client certificate to use. + * The needed parameters are used to construct a {@link java.security.KeyStore}. + *

+ * If the web server requires Renegotiation, you have to set system property + * "sun.security.ssl.allowUnsafeRenegotiation" to true, as hinted in + * + * TLS Renegotiation Issue. + * + * @param keyStoreUrl the URL which locates the certificate {@link KeyStore} + * @param keyStorePassword the certificate {@link KeyStore} password + * @param keyStoreType the type of certificate {@link KeyStore}, usually {@code jks} or {@code pkcs12} + * + */ + public void setSSLClientCertificateKeyStore(final URL keyStoreUrl, final String keyStorePassword, + final String keyStoreType) { + try (InputStream is = keyStoreUrl.openStream()) { + sslClientCertificateStore_ = getKeyStore(is, keyStorePassword, keyStoreType); + sslClientCertificatePassword_ = keyStorePassword == null ? null : keyStorePassword.toCharArray(); } catch (final Exception e) { throw new RuntimeException(e); @@ -183,7 +220,8 @@ public void setSSLClientCertificate(final InputStream certificateInputStream, fi } /** - * Sets the SSL client certificate keystore to use. + * Sets the SSL client certificate to use. The needed parameters are used to + * construct a {@link java.security.KeyStore}. *

* If the web server requires Renegotiation, you have to set system property * "sun.security.ssl.allowUnsafeRenegotiation" to true, as hinted in @@ -192,34 +230,49 @@ public void setSSLClientCertificate(final InputStream certificateInputStream, fi *

* In some cases the impl seems to pick old certificats from the KeyStore. To avoid * that, wrap your keystore inside your own KeyStore impl and filter out outdated - * certificates. + * certificates. Provide the Keystore to the options instead of the input stream. * - * @param keyStore {@link KeyStore} to use - * @param keyStorePassword the keystore password + * @param certificateInputStream the input stream which represents the certificate + * @param certificatePassword the certificate password + * @param certificateType the type of certificate, usually {@code jks} or {@code pkcs12} + * + * @deprecated as of version 3.10.0; + * use {@link #setSSLClientCertificateKeyStore(InputStream, String, String)} instead */ - public void setSSLClientCertificateKeyStore(final KeyStore keyStore, final char[] keyStorePassword) { - sslClientCertificateStore_ = keyStore; - sslClientCertificatePassword_ = keyStorePassword == null ? null : keyStorePassword; + @Deprecated + public void setSSLClientCertificate(final InputStream certificateInputStream, final String certificatePassword, + final String certificateType) { + try { + setSSLClientCertificateKeyStore(certificateInputStream, certificatePassword, certificateType); + } + catch (final Exception e) { + throw new RuntimeException(e); + } } /** - * Sets the SSL client certificate to use. - * The needed parameters are used to construct a {@link java.security.KeyStore}. + * Sets the SSL client certificate {@link KeyStore} to use. The parameters are used to + * construct the {@link KeyStore}. *

* If the web server requires Renegotiation, you have to set system property * "sun.security.ssl.allowUnsafeRenegotiation" to true, as hinted in * * TLS Renegotiation Issue. + *

+ * In some cases the impl seems to pick old certificates from the {@link KeyStore}. To avoid + * that, wrap your {@link KeyStore} inside your own {@link KeyStore} impl and filter out outdated + * certificates. Provide the {@link KeyStore} to the options instead of the input stream. * - * @param certificateUrl the URL which locates the certificate - * @param certificatePassword the certificate password - * @param certificateType the type of certificate, usually {@code jks} or {@code pkcs12} + * @param keyStoreInputStream the input stream which represents the {@link KeyStore} holding the certificates + * @param keyStorePassword the {@link KeyStore} password + * @param keyStoreType the type of {@link KeyStore}, usually {@code jks} or {@code pkcs12} */ - public void setSSLClientCertificate(final URL certificateUrl, final String certificatePassword, - final String certificateType) { - try (InputStream is = certificateUrl.openStream()) { - sslClientCertificateStore_ = getKeyStore(is, certificatePassword, certificateType); - sslClientCertificatePassword_ = certificatePassword == null ? null : certificatePassword.toCharArray(); + public void setSSLClientCertificateKeyStore(final InputStream keyStoreInputStream, + final String keyStorePassword, final String keyStoreType) { + try { + setSSLClientCertificateKeyStore( + getKeyStore(keyStoreInputStream, keyStorePassword, keyStoreType), + keyStorePassword.toCharArray()); } catch (final Exception e) { throw new RuntimeException(e);