diff --git a/src/main/java/io/vertx/core/net/impl/KeyStoreHelper.java b/src/main/java/io/vertx/core/net/impl/KeyStoreHelper.java index b24e9302d69..3499a7c357b 100644 --- a/src/main/java/io/vertx/core/net/impl/KeyStoreHelper.java +++ b/src/main/java/io/vertx/core/net/impl/KeyStoreHelper.java @@ -19,11 +19,7 @@ import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; -import javax.net.ssl.X509KeyManager; +import javax.net.ssl.*; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; @@ -35,22 +31,12 @@ import java.security.cert.X509Certificate; import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Base64; -import java.util.Collection; -import java.util.Collections; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Objects; +import java.util.*; import java.util.function.BiFunction; import java.util.function.Supplier; -import java.util.stream.Collectors; import java.util.regex.Matcher; import java.util.regex.Pattern; +import java.util.stream.Collectors; import java.util.stream.Stream; /** @@ -222,6 +208,9 @@ public static KeyStore loadKeyStore(String type, String provider, String passwor ks.load(in, password != null ? password.toCharArray() : null); } if (alias != null) { + if (!ks.containsAlias(alias)) { + throw new IllegalArgumentException("alias does not exist in the keystore: " + alias); + } List ksAliases = Collections.list(ks.aliases()); for (String ksAlias : ksAliases) { if (!alias.equals(ksAlias)) { diff --git a/src/test/java/io/vertx/core/net/NetTest.java b/src/test/java/io/vertx/core/net/NetTest.java index 97948291ed5..26daa6abf4d 100755 --- a/src/test/java/io/vertx/core/net/NetTest.java +++ b/src/test/java/io/vertx/core/net/NetTest.java @@ -16,9 +16,9 @@ import io.netty.channel.ChannelHandlerContext; import io.netty.channel.ChannelPipeline; import io.netty.channel.ConnectTimeoutException; -import io.netty.handler.codec.http.*; import io.netty.handler.codec.http.HttpMethod; import io.netty.handler.codec.http.HttpVersion; +import io.netty.handler.codec.http.*; import io.netty.util.internal.PlatformDependent; import io.vertx.core.*; import io.vertx.core.buffer.Buffer; @@ -26,21 +26,23 @@ import io.vertx.core.eventbus.MessageConsumer; import io.vertx.core.http.*; import io.vertx.core.impl.ConcurrentHashSet; -import io.vertx.core.net.impl.HAProxyMessageCompletionHandler; -import io.vertx.core.net.impl.NetSocketInternal; import io.vertx.core.impl.VertxInternal; -import io.vertx.core.json.JsonArray; -import io.vertx.core.json.JsonObject; import io.vertx.core.impl.logging.Logger; import io.vertx.core.impl.logging.LoggerFactory; +import io.vertx.core.json.JsonArray; +import io.vertx.core.json.JsonObject; +import io.vertx.core.net.impl.HAProxyMessageCompletionHandler; import io.vertx.core.net.impl.NetServerImpl; +import io.vertx.core.net.impl.NetSocketInternal; import io.vertx.core.net.impl.VertxHandler; import io.vertx.core.streams.ReadStream; -import io.vertx.test.core.*; +import io.vertx.test.core.CheckingSender; +import io.vertx.test.core.TestUtils; +import io.vertx.test.core.VertxTestBase; +import io.vertx.test.netty.TestLoggerFactory; import io.vertx.test.proxy.*; import io.vertx.test.tls.Cert; import io.vertx.test.tls.Trust; -import io.vertx.test.netty.TestLoggerFactory; import org.junit.Assume; import org.junit.Rule; import org.junit.Test; @@ -50,8 +52,10 @@ import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; -import javax.security.cert.X509Certificate; -import java.io.*; +import java.io.BufferedWriter; +import java.io.File; +import java.io.FileOutputStream; +import java.io.OutputStreamWriter; import java.net.InetSocketAddress; import java.nio.charset.StandardCharsets; import java.security.cert.Certificate; @@ -64,6 +68,7 @@ import java.util.function.Consumer; import static io.vertx.test.core.TestUtils.*; +import static org.hamcrest.CoreMatchers.*; /** * @author Tim Fox @@ -1484,6 +1489,21 @@ public void testServerCertificateMultiple() throws Exception { assertEquals("precious", cnOf(test.clientPeerCert())); } + @Test + public void testServerCertificateMultipleWrongAlias() throws Exception { + TLSTest test = new TLSTest() + .serverCert(Cert.MULTIPLE_JKS_WRONG_ALIAS) + .clientTrustAll(true); + test.setupServer(true); + server.listen(test.bindAddress, onFailure(t -> { + assertThat(t, is(instanceOf(VertxException.class))); + assertThat(t.getCause(), is(instanceOf(IllegalArgumentException.class))); + assertThat(t.getCause().getMessage(), containsString("alias does not exist in the keystore")); + testComplete(); + })); + await(); + } + void testTLS(Cert clientCert, Trust clientTrust, Cert serverCert, Trust serverTrust, boolean requireClientAuth, boolean clientTrustAll, @@ -1614,7 +1634,7 @@ public Certificate clientPeerCert() { return clientPeerCert; } - void run(boolean shouldPass) { + void setupServer(boolean shouldPass) { server.close(); NetServerOptions options = new NetServerOptions(); if (!startTLS) { @@ -1693,7 +1713,12 @@ void run(boolean shouldPass) { } }); }; - server.connectHandler(serverHandler).listen(bindAddress, onSuccess(ar -> { + server.connectHandler(serverHandler); + } + + void run(boolean shouldPass) { + setupServer(shouldPass); + server.listen(bindAddress, onSuccess(ar -> { client.close(); NetClientOptions clientOptions = new NetClientOptions(); if (!startTLS) { diff --git a/src/test/java/io/vertx/test/tls/Cert.java b/src/test/java/io/vertx/test/tls/Cert.java index 06d3f9fafe2..fc1832213fa 100644 --- a/src/test/java/io/vertx/test/tls/Cert.java +++ b/src/test/java/io/vertx/test/tls/Cert.java @@ -49,5 +49,6 @@ public interface Cert extends Supplier { .addKeyPath("tls/host4-key.pem").addCertPath("tls/host4-cert.pem") .addKeyPath("tls/host5-key.pem").addCertPath("tls/host5-cert.pem"); Cert MULTIPLE_JKS = () -> new JksOptions().setPath("tls/multiple.jks").setPassword("wibble").setAlias("precious"); + Cert MULTIPLE_JKS_WRONG_ALIAS = () -> new JksOptions().setPath("tls/multiple.jks").setPassword("wibble").setAlias("preciouss"); }