3131import java .io .InputStream ;
3232import java .security .cert .CertificateException ;
3333import java .util .Properties ;
34- import javax .net .ssl .SSLException ;
3534import org .apache .rocketmq .remoting .common .RemotingHelper ;
3635import org .slf4j .Logger ;
3736import org .slf4j .LoggerFactory ;
3837
3938public class SslHelper {
4039
40+ public interface DecryptionStrategy {
41+ /**
42+ * Decrypt the target encrpted private key file.
43+ *
44+ * @param privateKeyEncryptPath A pathname string
45+ * @param forClient tells whether it's a client-side key file
46+ * @return An input stream for a decrypted key file
47+ * @throws IOException if an I/O error has occurred
48+ */
49+ InputStream decryptPrivateKey (String privateKeyEncryptPath , boolean forClient ) throws IOException ;
50+ }
51+
4152 private static final Logger LOGGER = LoggerFactory .getLogger (RemotingHelper .ROCKETMQ_REMOTING );
4253
43- public static SslContext buildSslContext (boolean forClient ) throws SSLException , CertificateException {
54+ private static DecryptionStrategy decryptionStrategy = new DecryptionStrategy () {
55+ @ Override
56+ public InputStream decryptPrivateKey (final String privateKeyEncryptPath ,
57+ final boolean forClient ) throws IOException {
58+ return new FileInputStream (privateKeyEncryptPath );
59+ }
60+ };
61+
62+
63+ public static void registerDecryptionStrategy (final DecryptionStrategy decryptionStrategy ) {
64+ SslHelper .decryptionStrategy = decryptionStrategy ;
65+ }
66+
67+ public static SslContext buildSslContext (boolean forClient ) throws IOException , CertificateException {
4468
4569 File configFile = new File (NettySystemConfig .sslConfigFile );
4670 boolean testMode = !(configFile .exists () && configFile .isFile () && configFile .canRead ());
@@ -92,8 +116,8 @@ public static SslContext buildSslContext(boolean forClient) throws SSLException,
92116 }
93117
94118 return sslContextBuilder .keyManager (
95- properties .containsKey ("client.keyCertChainFile" ) ? new File (properties .getProperty ("client.keyCertChainFile" )) : null ,
96- properties .containsKey ("client.keyFile" ) ? new File (properties .getProperty ("client.keyFile" )) : null ,
119+ properties .containsKey ("client.keyCertChainFile" ) ? new FileInputStream (properties .getProperty ("client.keyCertChainFile" )) : null ,
120+ properties .containsKey ("client.keyFile" ) ? decryptionStrategy . decryptPrivateKey (properties .getProperty ("client.keyFile" ), true ) : null ,
97121 properties .containsKey ("client.password" ) ? properties .getProperty ("client.password" ) : null )
98122 .build ();
99123 }
@@ -108,8 +132,8 @@ public static SslContext buildSslContext(boolean forClient) throws SSLException,
108132 .build ();
109133 } else {
110134 return SslContextBuilder .forServer (
111- properties .containsKey ("server.keyCertChainFile" ) ? new File (properties .getProperty ("server.keyCertChainFile" )) : null ,
112- properties .containsKey ("server.keyFile" ) ? new File (properties .getProperty ("server.keyFile" )) : null ,
135+ properties .containsKey ("server.keyCertChainFile" ) ? new FileInputStream (properties .getProperty ("server.keyCertChainFile" )) : null ,
136+ properties .containsKey ("server.keyFile" ) ? decryptionStrategy . decryptPrivateKey (properties .getProperty ("server.keyFile" ), false ) : null ,
113137 properties .containsKey ("server.password" ) ? properties .getProperty ("server.password" ) : null )
114138 .sslProvider (provider )
115139 .trustManager (new File (properties .getProperty ("server.trustManager" )))
0 commit comments