Fix #506 (#971)

Author: rozhko

src/main/java/spark/Service.java

@@ -180,7 +180,58 @@ public synchronized Service secure(String keystoreFile,
                                        String keystorePassword,
                                        String truststoreFile,
                                        String truststorePassword) {
-        return secure(keystoreFile, keystorePassword, truststoreFile, truststorePassword, false);
+        return secure(keystoreFile, keystorePassword, null, truststoreFile, truststorePassword, false);
+    }
+
+    /**
+     * Set the connection to be secure, using the specified keystore and
+     * truststore. This has to be called before any route mapping is done. You
+     * have to supply a keystore file, truststore file is optional (keystore
+     * will be reused). By default, client certificates are not checked.
+     * This method is only relevant when using embedded Jetty servers. It should
+     * not be used if you are using Servlets, where you will need to secure the
+     * connection in the servlet container
+     *
+     * @param keystoreFile       The keystore file location as string
+     * @param keystorePassword   the password for the keystore
+     * @param certAlias          the default certificate Alias
+     * @param truststoreFile     the truststore file location as string, leave null to reuse
+     *                           keystore
+     * @param truststorePassword the trust store password
+     * @return the object with connection set to be secure
+     */
+    public synchronized Service secure(String keystoreFile,
+                                       String keystorePassword,
+                                       String certAlias,
+                                       String truststoreFile,
+                                       String truststorePassword) {
+        return secure(keystoreFile, keystorePassword, certAlias, truststoreFile, truststorePassword, false);
+    }
+
+    /**
+     * Set the connection to be secure, using the specified keystore and
+     * truststore. This has to be called before any route mapping is done. You
+     * have to supply a keystore file, truststore file is optional (keystore
+     * will be reused).
+     * This method is only relevant when using embedded Jetty servers. It should
+     * not be used if you are using Servlets, where you will need to secure the
+     * connection in the servlet container
+     *
+     * @param keystoreFile       The keystore file location as string
+     * @param keystorePassword   the password for the keystore
+     * @param truststoreFile     the truststore file location as string, leave null to reuse
+     *                           keystore
+     * @param needsClientCert    Whether to require client certificate to be supplied in
+     *                           request
+     * @param truststorePassword the trust store password
+     * @return the object with connection set to be secure
+     */
+    public synchronized Service secure(String keystoreFile,
+                                       String keystorePassword,
+                                       String truststoreFile,
+                                       String truststorePassword,
+                                       boolean needsClientCert) {
+        return secure(keystoreFile, keystorePassword, null, truststoreFile, truststorePassword, needsClientCert);
     }
 
     /**
@@ -194,6 +245,7 @@ public synchronized Service secure(String keystoreFile,
      *
      * @param keystoreFile       The keystore file location as string
      * @param keystorePassword   the password for the keystore
+     * @param certAlias          the default certificate Alias
      * @param truststoreFile     the truststore file location as string, leave null to reuse
      *                           keystore
      * @param needsClientCert    Whether to require client certificate to be supplied in
@@ -203,6 +255,7 @@ public synchronized Service secure(String keystoreFile,
      */
     public synchronized Service secure(String keystoreFile,
                                        String keystorePassword,
+                                       String certAlias,
                                        String truststoreFile,
                                        String truststorePassword,
                                        boolean needsClientCert) {
@@ -215,7 +268,7 @@ public synchronized Service secure(String keystoreFile,
                     "Must provide a keystore file to run secured");
         }
 
-        sslStores = SslStores.create(keystoreFile, keystorePassword, truststoreFile, truststorePassword, needsClientCert);
+        sslStores = SslStores.create(keystoreFile, keystorePassword, certAlias, truststoreFile, truststorePassword, needsClientCert);
         return this;
     }
 

src/main/java/spark/Spark.java

@@ -1030,6 +1030,30 @@ public static void secure(String keystoreFile,
         getInstance().secure(keystoreFile, keystorePassword, truststoreFile, truststorePassword);
     }
 
+    /**
+     * Set the connection to be secure, using the specified keystore and
+     * truststore. This has to be called before any route mapping is done. You
+     * have to supply a keystore file, truststore file is optional (keystore
+     * will be reused).
+     * This method is only relevant when using embedded Jetty servers. It should
+     * not be used if you are using Servlets, where you will need to secure the
+     * connection in the servlet container
+     *
+     * @param keystoreFile       The keystore file location as string
+     * @param keystorePassword   the password for the keystore
+     * @param certAlias          the default certificate Alias
+     * @param truststoreFile     the truststore file location as string, leave null to reuse
+     *                           keystore
+     * @param truststorePassword the trust store password
+     */
+    public static void secure(String keystoreFile,
+                              String keystorePassword,
+                              String certAlias,
+                              String truststoreFile,
+                              String truststorePassword) {
+        getInstance().secure(keystoreFile, keystorePassword, certAlias, truststoreFile, truststorePassword);
+    }
+
     /**
      * Overrides default exception handler during initialization phase
      *
@@ -1064,6 +1088,33 @@ public static void secure(String keystoreFile,
         getInstance().secure(keystoreFile, keystorePassword, truststoreFile, truststorePassword, needsClientCert);
     }
 
+    /**
+     * Set the connection to be secure, using the specified keystore and
+     * truststore. This has to be called before any route mapping is done. You
+     * have to supply a keystore file, truststore file is optional (keystore
+     * will be reused).
+     * This method is only relevant when using embedded Jetty servers. It should
+     * not be used if you are using Servlets, where you will need to secure the
+     * connection in the servlet container
+     *
+     * @param keystoreFile       The keystore file location as string
+     * @param keystorePassword   the password for the keystore
+     * @param certAlias          the default certificate Alias
+     * @param truststoreFile     the truststore file location as string, leave null to reuse
+     *                           keystore
+     * @param needsClientCert    Whether to require client certificate to be supplied in
+     *                           request
+     * @param truststorePassword the trust store password
+     */
+    public static void secure(String keystoreFile,
+                              String keystorePassword,
+                              String certAlias,
+                              String truststoreFile,
+                              String truststorePassword,
+                              boolean needsClientCert) {
+        getInstance().secure(keystoreFile, keystorePassword, certAlias, truststoreFile, truststorePassword, needsClientCert);
+    }
+
     /**
      * Configures the embedded web server's thread pool.
      *

src/main/java/spark/embeddedserver/jetty/SocketConnectorFactory.java

@@ -75,6 +75,10 @@ public static ServerConnector createSecureSocketConnector(Server server,
             sslContextFactory.setKeyStorePassword(sslStores.keystorePassword());
         }
 
+        if (sslStores.certAlias() != null) {
+            sslContextFactory.setCertAlias(sslStores.certAlias());
+        }
+
         if (sslStores.trustStoreFile() != null) {
             sslContextFactory.setTrustStorePath(sslStores.trustStoreFile());
         }

src/main/java/spark/ssl/SslStores.java

@@ -23,6 +23,7 @@ public class SslStores {
 
     protected String keystoreFile;
     protected String keystorePassword;
+    protected String certAlias;
     protected String truststoreFile;
     protected String truststorePassword;
     protected boolean needsClientCert;
@@ -41,7 +42,16 @@ public static SslStores create(String keystoreFile,
                                 String truststoreFile,
                                 String truststorePassword) {
 
-        return new SslStores(keystoreFile, keystorePassword, truststoreFile, truststorePassword);
+        return new SslStores(keystoreFile, keystorePassword, null, truststoreFile, truststorePassword, false);
+    }
+
+    public static SslStores create(String keystoreFile,
+                                String keystorePassword,
+                                String certAlias,
+                                String truststoreFile,
+                                String truststorePassword) {
+
+        return new SslStores(keystoreFile, keystorePassword, certAlias, truststoreFile, truststorePassword, false);
     }
 
     public static SslStores create(String keystoreFile,
@@ -50,26 +60,28 @@ public static SslStores create(String keystoreFile,
                                    String truststorePassword,
                                    boolean needsClientCert) {
 
-        return new SslStores(keystoreFile, keystorePassword, truststoreFile, truststorePassword, needsClientCert);
+        return new SslStores(keystoreFile, keystorePassword, null, truststoreFile, truststorePassword, needsClientCert);
     }
 
-    private SslStores(String keystoreFile,
-                      String keystorePassword,
-                      String truststoreFile,
-                      String truststorePassword) {
-        this.keystoreFile = keystoreFile;
-        this.keystorePassword = keystorePassword;
-        this.truststoreFile = truststoreFile;
-        this.truststorePassword = truststorePassword;
+    public static SslStores create(String keystoreFile,
+                                   String keystorePassword,
+                                   String certAlias,
+                                   String truststoreFile,
+                                   String truststorePassword,
+                                   boolean needsClientCert) {
+
+        return new SslStores(keystoreFile, keystorePassword, certAlias, truststoreFile, truststorePassword, needsClientCert);
     }
 
     private SslStores(String keystoreFile,
                       String keystorePassword,
+                      String certAlias,
                       String truststoreFile,
                       String truststorePassword,
                       boolean needsClientCert) {
         this.keystoreFile = keystoreFile;
         this.keystorePassword = keystorePassword;
+        this.certAlias = certAlias;
         this.truststoreFile = truststoreFile;
         this.truststorePassword = truststorePassword;
         this.needsClientCert = needsClientCert;
@@ -89,6 +101,13 @@ public String keystorePassword() {
         return keystorePassword;
     }
 
+    /**
+     * @return certAlias
+     */
+    public String certAlias() {
+        return certAlias;
+    }
+
     /**
      * @return trustStoreFile
      */