forked from woggioni/rbcs
made TLS client certificate request from the server configurable
This commit is contained in:
@@ -208,15 +208,15 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
|
||||
.map { it as X509Certificate }
|
||||
.toArray { size -> Array<X509Certificate?>(size) { null } }
|
||||
SslContextBuilder.forServer(serverKey, *serverCert).apply {
|
||||
if (tls.isVerifyClients) {
|
||||
clientAuth(ClientAuth.OPTIONAL)
|
||||
tls.trustStore?.let { trustStore ->
|
||||
val ts = loadKeystore(trustStore.file, trustStore.password)
|
||||
trustManager(
|
||||
ClientCertificateValidator.getTrustManager(ts, trustStore.isCheckCertificateStatus)
|
||||
)
|
||||
}
|
||||
}
|
||||
val clientAuth = tls.trustStore?.let { trustStore ->
|
||||
val ts = loadKeystore(trustStore.file, trustStore.password)
|
||||
trustManager(
|
||||
ClientCertificateValidator.getTrustManager(ts, trustStore.isCheckCertificateStatus)
|
||||
)
|
||||
if(trustStore.isRequireClientCertificate) ClientAuth.REQUIRE
|
||||
else ClientAuth.OPTIONAL
|
||||
} ?: ClientAuth.NONE
|
||||
clientAuth(clientAuth)
|
||||
}.build()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -142,10 +142,9 @@ object Parser {
|
||||
}
|
||||
|
||||
"tls" -> {
|
||||
val verifyClients = child.renderAttribute("verify-clients")
|
||||
?.let(String::toBoolean) ?: false
|
||||
var keyStore: KeyStore? = null
|
||||
var trustStore: TrustStore? = null
|
||||
|
||||
for (granChild in child.asIterable()) {
|
||||
when (granChild.localName) {
|
||||
"keystore" -> {
|
||||
@@ -167,15 +166,19 @@ object Parser {
|
||||
val checkCertificateStatus = granChild.renderAttribute("check-certificate-status")
|
||||
?.let(String::toBoolean)
|
||||
?: false
|
||||
val requireClientCertificate = child.renderAttribute("require-client-certificate")
|
||||
?.let(String::toBoolean) ?: false
|
||||
|
||||
trustStore = TrustStore(
|
||||
trustStoreFile,
|
||||
trustStorePassword,
|
||||
checkCertificateStatus
|
||||
checkCertificateStatus,
|
||||
requireClientCertificate
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
tls = Tls(keyStore, trustStore, verifyClients)
|
||||
tls = Tls(keyStore, trustStore)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -154,9 +154,6 @@ object Serializer {
|
||||
|
||||
conf.tls?.let { tlsConfiguration ->
|
||||
node("tls") {
|
||||
if(tlsConfiguration.isVerifyClients) {
|
||||
attr("verify-clients", "true")
|
||||
}
|
||||
tlsConfiguration.keyStore?.let { keyStore ->
|
||||
node("keystore") {
|
||||
attr("file", keyStore.file.toString())
|
||||
@@ -177,6 +174,7 @@ object Serializer {
|
||||
attr("password", password)
|
||||
}
|
||||
attr("check-certificate-status", trustStore.isCheckCertificateStatus.toString())
|
||||
attr("require-client-certificate", trustStore.isRequireClientCertificate.toString())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -183,7 +183,6 @@
|
||||
<xs:element name="keystore" type="gbcs:keyStoreType" />
|
||||
<xs:element name="truststore" type="gbcs:trustStoreType" minOccurs="0"/>
|
||||
</xs:all>
|
||||
<xs:attribute name="verify-clients" type="xs:boolean" use="optional" default="false"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="keyStoreType">
|
||||
@@ -197,6 +196,7 @@
|
||||
<xs:attribute name="file" type="xs:string" use="required"/>
|
||||
<xs:attribute name="password" type="xs:string"/>
|
||||
<xs:attribute name="check-certificate-status" type="xs:boolean"/>
|
||||
<xs:attribute name="require-client-certificate" type="xs:boolean" use="optional" default="false"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="propertiesType">
|
||||
|
||||
Reference in New Issue
Block a user