diff --git a/instant-ssl-reloading-with-spring-tomcat/src/main/java/nl/altindag/server/config/SSLConnectorCustomizer.java b/instant-ssl-reloading-with-spring-tomcat/src/main/java/nl/altindag/server/config/SSLConnectorCustomizer.java index b5afde7..68f140f 100644 --- a/instant-ssl-reloading-with-spring-tomcat/src/main/java/nl/altindag/server/config/SSLConnectorCustomizer.java +++ b/instant-ssl-reloading-with-spring-tomcat/src/main/java/nl/altindag/server/config/SSLConnectorCustomizer.java @@ -18,6 +18,7 @@ import nl.altindag.ssl.SSLFactory; import org.apache.catalina.connector.Connector; import org.apache.coyote.http11.AbstractHttp11Protocol; +import org.apache.tomcat.util.net.SSLContext; import org.apache.tomcat.util.net.SSLHostConfig; import org.apache.tomcat.util.net.SSLHostConfigCertificate; import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type; @@ -47,7 +48,12 @@ public void customize(Connector connector) { SSLHostConfig sslHostConfig = new SSLHostConfig(); SSLHostConfigCertificate certificate = new SSLHostConfigCertificate(sslHostConfig, Type.UNDEFINED); - certificate.setSslContext(new TomcatSSLContext(sslFactory)); + SSLContext sslContext = new TomcatSSLContext( + sslFactory.getSslContext(), + sslFactory.getKeyManager().orElseThrow(), + sslFactory.getTrustManager().orElseThrow() + ); + certificate.setSslContext(sslContext); sslHostConfig.addCertificate(certificate); protocol.addSslHostConfig(sslHostConfig); } diff --git a/instant-ssl-reloading-with-spring-tomcat/src/main/java/nl/altindag/server/config/TomcatSSLContext.java b/instant-ssl-reloading-with-spring-tomcat/src/main/java/nl/altindag/server/config/TomcatSSLContext.java index f655e85..0aa5d27 100644 --- a/instant-ssl-reloading-with-spring-tomcat/src/main/java/nl/altindag/server/config/TomcatSSLContext.java +++ b/instant-ssl-reloading-with-spring-tomcat/src/main/java/nl/altindag/server/config/TomcatSSLContext.java @@ -15,24 +15,27 @@ */ package nl.altindag.server.config; -import nl.altindag.ssl.SSLFactory; -import org.apache.tomcat.util.net.SSLContext; - import javax.net.ssl.KeyManager; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.SSLSessionContext; import javax.net.ssl.TrustManager; +import javax.net.ssl.X509KeyManager; +import javax.net.ssl.X509TrustManager; import java.security.SecureRandom; import java.security.cert.X509Certificate; -public final class TomcatSSLContext implements SSLContext { +public final class TomcatSSLContext implements org.apache.tomcat.util.net.SSLContext { - private final SSLFactory sslFactory; + private final javax.net.ssl.SSLContext sslContext; + private final X509KeyManager keyManager; + private final X509TrustManager trustManager; - public TomcatSSLContext(SSLFactory sslFactory) { - this.sslFactory = sslFactory; + public TomcatSSLContext(javax.net.ssl.SSLContext sslContext, X509KeyManager keyManager, X509TrustManager trustManager) { + this.sslContext = sslContext; + this.keyManager = keyManager; + this.trustManager = trustManager; } @Override @@ -47,34 +50,32 @@ public void destroy() { @Override public SSLSessionContext getServerSessionContext() { - return sslFactory.getSslContext().getServerSessionContext(); + return sslContext.getServerSessionContext(); } @Override public SSLEngine createSSLEngine() { - return sslFactory.getSSLEngine(); + return sslContext.createSSLEngine(); } @Override public SSLServerSocketFactory getServerSocketFactory() { - return sslFactory.getSslServerSocketFactory(); + return sslContext.getServerSocketFactory(); } @Override public SSLParameters getSupportedSSLParameters() { - return sslFactory.getSslParameters(); + return sslContext.getSupportedSSLParameters(); } @Override public X509Certificate[] getCertificateChain(String alias) { - return sslFactory.getKeyManager() - .map(keyManager -> keyManager.getCertificateChain(alias)) - .orElseThrow(); + return keyManager.getCertificateChain(alias); } @Override public X509Certificate[] getAcceptedIssuers() { - return sslFactory.getTrustedCertificates().toArray(new X509Certificate[0]); + return trustManager.getAcceptedIssuers(); } }