Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51860

Fix issues when using NIO, SSL and a custom SSLImplementation.
Based on a suggestion by Roman Tsirulnikov.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1173659 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java b/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java
index a06a42a..bebacba 100644 (file)
--- a/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java
@@ -22,6 +22,8 @@ import java.security.Principal;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.X509ExtendedKeyManager;
 import javax.net.ssl.X509KeyManager;
 
 /**
@@ -31,7 +33,7 @@ import javax.net.ssl.X509KeyManager;
  *
  * @author Jan Luehe
  */
-public final class JSSEKeyManager implements X509KeyManager {
+public final class JSSEKeyManager extends X509ExtendedKeyManager {
 
     private X509KeyManager delegate;
     private String serverKeyAlias;
@@ -44,6 +46,7 @@ public final class JSSEKeyManager implements X509KeyManager {
      * supporting certificate chain
      */
     public JSSEKeyManager(X509KeyManager mgr, String serverKeyAlias) {
+        super();
         this.delegate = mgr;
         this.serverKeyAlias = serverKeyAlias;
     }
@@ -74,12 +77,9 @@ public final class JSSEKeyManager implements X509KeyManager {
      * Returns this key manager's server key alias that was provided in the
      * constructor.
      *
-     * @param keyType The key algorithm type name (ignored)
-     * @param issuers The list of acceptable CA issuer subject names, or null
-     * if it does not matter which issuers are used (ignored)
-     * @param socket The socket to be used for this connection. This parameter
-     * can be null, in which case this method will return the most generic
-     * alias to use (ignored)
+     * @param keyType Ignored
+     * @param issuers Ignored
+     * @param socket Ignored
      *
      * @return Alias name for the desired key
      */
@@ -148,4 +148,40 @@ public final class JSSEKeyManager implements X509KeyManager {
     public PrivateKey getPrivateKey(String alias) {
         return delegate.getPrivateKey(alias);
     }
+
+    /**
+     * Choose an alias to authenticate the client side of a secure socket,
+     * given the public key type and the list of certificate issuer authorities
+     * recognized by the peer (if any).
+     *
+     * @param keyType The key algorithm type name(s), ordered with the
+     * most-preferred key type first
+     * @param issuers The list of acceptable CA issuer subject names, or null
+     * if it does not matter which issuers are used
+     * @param engine Ignored
+     *
+     * @return The alias name for the desired key, or null if there are no
+     * matches
+     */
+    @Override
+    public String chooseEngineClientAlias(String[] keyType, Principal[] issuers,
+            SSLEngine engine) {
+        return delegate.chooseClientAlias(keyType, issuers, null);
+    }
+
+    /**
+     * Returns this key manager's server key alias that was provided in the
+     * constructor.
+     *
+     * @param keyType Ignored
+     * @param issuers Ignored
+     * @param engine Ignored
+     *
+     * @return Alias name for the desired key
+     */
+    @Override
+    public String chooseEngineServerAlias(String keyType, Principal[] issuers,
+            SSLEngine engine) {
+        return serverKeyAlias;
+    }
 }