|Re: [jetty-users] TLS ALPN ACME Lets Encrypt challange|
Am 02.12.2022 um 10:10 schrieb Info:
I am curious if the code for the SSLContextFactory and Keystore is open-sourced somewhere?
It's not but I don't see a problem in sharing it. But I'm not sure if it makes much sense because the reason why I've implemented one is very specific. Essentially I've overwritte doStart and doStop to delay its actual call in the derived class unless the part of the system is up that provides the certificates. When that's the case setKeyStore is called (with my implementation of a KeyStore) and after that doStart. This is a solution I've came up in 2013 when starting to use Jetty 9.0. There might be better solutions now (but if I understood Simone correctly, it doesn't sound like there are) but I'll stick with it until the corresponding unit tests stop working ;-) But this implementation solves a very specific requirement, which is why I doubt the source is useful for this particular topic. Same for the KeyStore. Not open source but nothing special, either. You just implement the engine-methods providing aliases, certificates and keys. I've also implemented my own versions of KeyManager and TrustManager to "help" the ContextFactory to decide what certificate/key to use which is the point where an ALPN-implementation should be based in my eyes.
Maybe we can ponder a AMCE KeyManager together?
I'm currently busy with a lot of other stuff (which is why ALPN- support is only on a list at the moment), so I'm not sure if it makes sense to wait for my availability. But looking at the API the KeyManager-implementation might be simple and the magic should take place in chooseEngineServerAlias(String keyType, Principal issuers, SSLEngine engine) if engine.getApplicationProtocol() return the information that ALPN is used, return the ACME-certificate and return the "normal" one if not. Thanks and cheers, Lothar
Back to the top