Support separate keystore file and key passwords.

Author: Jarrod Ribble

src/main/java/com/netiq/websockify/PortUnificationHandler.java

@@ -48,21 +48,23 @@ public class PortUnificationHandler extends FrameDecoder {
 	private final IProxyTargetResolver resolver;
     private final SSLSetting sslSetting;
     private final String keystore;
-    private final String keystorePassword;    
+    private final String keystorePassword;  
+    private final String keystoreKeyPassword;    
     private final String webDirectory;
     private Timer msgTimer = null;
 
-    private PortUnificationHandler(ClientSocketChannelFactory cf, IProxyTargetResolver resolver, SSLSetting sslSetting, String keystore, String keystorePassword, String webDirectory, final ChannelHandlerContext ctx) {
-    	this ( cf, resolver, sslSetting, keystore, keystorePassword, webDirectory);
+    private PortUnificationHandler(ClientSocketChannelFactory cf, IProxyTargetResolver resolver, SSLSetting sslSetting, String keystore, String keystorePassword, String keystoreKeyPassword, String webDirectory, final ChannelHandlerContext ctx) {
+    	this ( cf, resolver, sslSetting, keystore, keystorePassword, keystoreKeyPassword, webDirectory);
     	startDirectConnectionTimer(ctx);
     }
 
-    public PortUnificationHandler(ClientSocketChannelFactory cf, IProxyTargetResolver resolver, SSLSetting sslSetting, String keystore, String keystorePassword, String webDirectory) {
+    public PortUnificationHandler(ClientSocketChannelFactory cf, IProxyTargetResolver resolver, SSLSetting sslSetting, String keystore, String keystorePassword, String keystoreKeyPassword, String webDirectory) {
     	this.cf = cf;
     	this.resolver = resolver;
         this.sslSetting = sslSetting;
         this.keystore = keystore;
         this.keystorePassword = keystorePassword;
+        this.keystoreKeyPassword = keystoreKeyPassword;
         this.webDirectory = webDirectory;
     }
 
@@ -148,11 +150,11 @@ private void enableSsl(ChannelHandlerContext ctx) {
 
 		Logger.getLogger(PortUnificationHandler.class.getName()).fine("SSL request from " + ctx.getChannel().getRemoteAddress() + ".");
 
-        SSLEngine engine = WebsockifySslContext.getInstance(keystore, keystorePassword).getServerContext().createSSLEngine();
+        SSLEngine engine = WebsockifySslContext.getInstance(keystore, keystorePassword, keystoreKeyPassword).getServerContext().createSSLEngine();
         engine.setUseClientMode(false);
 
         p.addLast("ssl", new SslHandler(engine));
-        p.addLast("unificationA", new PortUnificationHandler(cf, resolver, SSLSetting.OFF, keystore, keystorePassword, webDirectory, ctx));
+        p.addLast("unificationA", new PortUnificationHandler(cf, resolver, SSLSetting.OFF, keystore, keystorePassword, keystoreKeyPassword, webDirectory, ctx));
         p.remove(this);
     }
 

src/main/java/com/netiq/websockify/Websockify.java

@@ -29,6 +29,9 @@ public class Websockify {
 	@Option(name="--keystore-password",usage="password to the java keystore file. Required for SSL.")
 	private String keystorePassword = null;
 
+	@Option(name="--keystore-key-password",usage="password to the private key in the java keystore file. If not specified the keystore-password value will be used.")
+	private String keystoreKeyPassword = null;
+	
 	@Argument(index=0,metaVar="source_port",usage="(required) local port the websockify server will listen on",required=true)
 	private int sourcePort;
 
@@ -92,6 +95,10 @@ public void doMain(String[] args) throws Exception {
         		printUsage(System.err);
                 System.exit(1);
             }
+            
+            if (keystoreKeyPassword == null || keystoreKeyPassword.isEmpty()) {
+            	keystoreKeyPassword = keystorePassword;
+            }
         }
 
         System.out.println(
@@ -100,7 +107,7 @@ public void doMain(String[] args) throws Exception {
         if(sslSetting != SSLSetting.OFF) System.out.println("SSL is " + (sslSetting == SSLSetting.REQUIRED ? "required." : "enabled."));
 
         WebsockifyServer wss = new WebsockifyServer ( );
-        wss.connect ( sourcePort, targetHost, targetPort, sslSetting, keystore, keystorePassword, webDirectory );
+        wss.connect ( sourcePort, targetHost, targetPort, sslSetting, keystore, keystorePassword, keystoreKeyPassword, webDirectory );
 
     }
 

src/main/java/com/netiq/websockify/WebsockifyProxyHandler.java

@@ -19,7 +19,6 @@
 import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.net.URL;
 import java.net.URLDecoder;
 import java.text.SimpleDateFormat;
 import java.util.Calendar;

src/main/java/com/netiq/websockify/WebsockifyProxyPipelineFactory.java

@@ -15,22 +15,24 @@ public class WebsockifyProxyPipelineFactory implements ChannelPipelineFactory {
     private final SSLSetting sslSetting;
     private final String keystore;
     private final String keystorePassword;
+    private final String keystoreKeyPassword;
     private final String webDirectory;
 
-    public WebsockifyProxyPipelineFactory(ClientSocketChannelFactory cf, IProxyTargetResolver resolver, SSLSetting sslSetting, String keystore, String keystorePassword, String webDirectory) {
+    public WebsockifyProxyPipelineFactory(ClientSocketChannelFactory cf, IProxyTargetResolver resolver, SSLSetting sslSetting, String keystore, String keystorePassword, String keystoreKeyPassword, String webDirectory) {
         this.cf = cf;
         this.resolver = resolver;
         this.sslSetting = sslSetting;
         this.keystore = keystore;
         this.keystorePassword = keystorePassword;
+        this.keystoreKeyPassword = keystoreKeyPassword;
         this.webDirectory = webDirectory;
     }
 
     @Override
     public ChannelPipeline getPipeline() throws Exception {
         ChannelPipeline p = pipeline(); // Note the static import.
 
-        p.addLast("unification", new PortUnificationHandler(cf, resolver, sslSetting, keystore, keystorePassword, webDirectory));
+        p.addLast("unification", new PortUnificationHandler(cf, resolver, sslSetting, keystore, keystorePassword, keystoreKeyPassword, webDirectory));
         return p;
 
     }

src/main/java/com/netiq/websockify/WebsockifyServer.java

@@ -35,12 +35,12 @@ public void connect ( int localPort, String remoteHost, int remotePort )
 
 	public void connect ( int localPort, String remoteHost, int remotePort, String webDirectory )
 	{
-		connect ( localPort, remoteHost, remotePort, SSLSetting.OFF, null, null, webDirectory );
+		connect ( localPort, remoteHost, remotePort, SSLSetting.OFF, null, null, null, webDirectory );
 	}
 
-	public void connect ( int localPort, String remoteHost, int remotePort, SSLSetting sslSetting, String keystore, String keystorePassword, String webDirectory )
+	public void connect ( int localPort, String remoteHost, int remotePort, SSLSetting sslSetting, String keystore, String keystorePassword, String keystoreKeyPassword, String webDirectory )
 	{
-		connect ( localPort, new StaticTargetResolver ( remoteHost, remotePort ), sslSetting, keystore, keystorePassword, webDirectory );		
+		connect ( localPort, new StaticTargetResolver ( remoteHost, remotePort ), sslSetting, keystore, keystorePassword, keystoreKeyPassword, webDirectory );		
 	}
 
 	public void connect ( int localPort, IProxyTargetResolver resolver )
@@ -50,17 +50,17 @@ public void connect ( int localPort, IProxyTargetResolver resolver )
 
 	public void connect ( int localPort, IProxyTargetResolver resolver, String webDirectory )
 	{
-		connect ( localPort, resolver, SSLSetting.OFF, null, null, webDirectory );
+		connect ( localPort, resolver, SSLSetting.OFF, null, null, null, webDirectory );
 	}
 
-	public void connect ( int localPort, IProxyTargetResolver resolver, SSLSetting sslSetting, String keystore, String keystorePassword, String webDirectory )
+	public void connect ( int localPort, IProxyTargetResolver resolver, SSLSetting sslSetting, String keystore, String keystorePassword, String keystoreKeyPassword, String webDirectory )
 	{
 		if ( serverChannel != null )
 		{
 			close ( );
 		}
 
-        sb.setPipelineFactory(new WebsockifyProxyPipelineFactory(cf, resolver, sslSetting, keystore, keystorePassword, webDirectory));
+        sb.setPipelineFactory(new WebsockifyProxyPipelineFactory(cf, resolver, sslSetting, keystore, keystorePassword, keystoreKeyPassword, webDirectory));
 
         // Start up the server.
         serverChannel = sb.bind(new InetSocketAddress(localPort));

src/main/java/com/netiq/websockify/WebsockifySslContext.java

@@ -21,11 +21,11 @@ public class WebsockifySslContext {
     /**
      * Returns the singleton instance for this class
      */
-    public static WebsockifySslContext getInstance(String keystore, String keystorePassword) {
+    public static WebsockifySslContext getInstance(String keystore, String password, String keyPassword) {
     	WebsockifySslContext context = SingletonHolder.INSTANCE_MAP.get(keystore);
     	if ( context == null )
     	{
-    		context = new WebsockifySslContext ( keystore, keystorePassword );
+    		context = new WebsockifySslContext ( keystore, password, keyPassword );
     		SingletonHolder.INSTANCE_MAP.put(keystore, context);
     	}
     	return context;
@@ -40,11 +40,17 @@ public static WebsockifySslContext getInstance(String keystore, String keystoreP
     private static class SingletonHolder {
         public static final HashMap<String, WebsockifySslContext> INSTANCE_MAP = new HashMap<String, WebsockifySslContext>();
     }
+    /**
+     * Constructor for singleton
+     */
+    private WebsockifySslContext(String keystore, String password) {
+        this ( keystore, password, password );
+    }
 
     /**
      * Constructor for singleton
      */
-    private WebsockifySslContext(String keystore, String keystorePassword) {
+    private WebsockifySslContext(String keystore, String password, String keyPassword) {
         try {
             // Key store (Server side certificate)
             String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm");
@@ -55,17 +61,16 @@ private WebsockifySslContext(String keystore, String keystorePassword) {
             SSLContext serverContext = null;
             try {
                 String keyStoreFilePath = keystore;
-                String keyStoreFilePassword = keystorePassword;
 
                 KeyStore ks = KeyStore.getInstance("JKS");
                 FileInputStream fin = new FileInputStream(keyStoreFilePath);
-                ks.load(fin, keyStoreFilePassword.toCharArray());
+                ks.load(fin, password.toCharArray());
 
                 // Set up key manager factory to use our key store
                 // Assume key password is the same as the key store file
                 // password
                 KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
-                kmf.init(ks, keyStoreFilePassword.toCharArray());
+                kmf.init(ks, keyPassword.toCharArray());
 
                 // Initialise the SSLContext to work with our key managers.
                 serverContext = SSLContext.getInstance(PROTOCOL);