search

wildfly-security / wildfly-openssl

Generic OpenSSL bindings for Java
Apache License 2.0
81 stars 71 forks source link

add ECC support #43

Open wuhongzhi opened 6 years ago

wuhongzhi commented 6 years ago

https://github.com/wuhongzhi/wildfly-openssl/blob/master/java/src/main/java/org/wildfly/openssl/OpenSSLContextSPI.java

/**
 * Setup the SSL_CTX
 *
 * @param kms Must contain a KeyManager of the type
 *            {@code OpenSSLKeyManager}
 * @param tms
 */
private synchronized void init(KeyManager[] kms, TrustManager[] tms) throws KeyManagementException {
    if (initialized) {
        LOG.warning(Messages.MESSAGES.ignoringSecondInit());
        return;
    }
    SSL_INSTANCE = SSL.getInstance();
    try {
        // Load Server key and certificate
        X509KeyManager keyManager = chooseKeyManager(kms);
        if (keyManager != null) {
            for (String algorithm : ALGORITHMS) {
                final String[] aliases = keyManager.getServerAliases(algorithm, null);
                if (aliases != null && aliases.length != 0) {
                    for(String alias: aliases) {
                        X509Certificate[] certificates = keyManager.getCertificateChain(alias);
                        if (certificates == null || certificates.length == 0) continue;
                        byte[][] certs = new byte[certificates.length][];
                        int idx = 0;
                        for (X509Certificate c: certificates) {
                            certs[idx++] = c.getEncoded();
                        }
                        PrivateKey key = keyManager.getPrivateKey(alias);
                        if(key == null || key.getEncoded() == null) {
                            continue;
                        }
                        if (LOG.isLoggable(Level.FINE)) {
                            LOG.fine("Using alias " + alias + " for " + algorithm);
                        }
                        StringBuilder sb = new StringBuilder(String.format(BEGIN_CERT, algorithm));
                        sb.append(Base64.getMimeEncoder(64, new byte[]{'\n'}).encodeToString(key.getEncoded()));
                        sb.append(String.format(END_CERT, algorithm));
                        switch (algorithm) {
                        case "RSA":
                            idx = SSL.SSL_AIDX_RSA;
                            break;
                        case "DSA":
                            idx = SSL.SSL_AIDX_DSA;
                            break;
                        case "EC":
                            idx = SSL.SSL_AIDX_ECC;
                            break;
                        }
                        SSL_INSTANCE.setCertificate(ctx, certs[0], 
                                Arrays.copyOfRange(certs, 1, certs.length), 
                                sb.toString().getBytes(StandardCharsets.US_ASCII), idx);
                        break;
                    }
                }
            }
        }

https://github.com/wuhongzhi/wildfly-openssl/blob/master/java/src/main/java/org/wildfly/openssl/SSL.java

static final int SSL_AIDX_ECC = 3;
sophokles73 commented 2 years ago

Hi @wuhongzhi I would also like to see support for ECC. Could you turn this issue into a PR so that it can be merged?

wuhongzhi commented 2 years ago

I saw you had merged the c parts code, but java code yet, as my fork on 1.0.x, see my major modify on https://github.com/wuhongzhi/wildfly-openssl/blob/master/java/src/main/java/org/wildfly/openssl/OpenSSLContextSPI.java, as comment above.