From 2a3d8a0801310267cac05b67ad9f8946ced418e6 Mon Sep 17 00:00:00 2001
From: fhanik <fhanik@13f79535-47bb-0310-9956-ffa450edef68>
Date: Tue, 25 Nov 2008 20:14:30 +0000
Subject: [PATCH] Add an extended key manager to handle a forced server alias
 on the tomcat NIO connector

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@720587 13f79535-47bb-0310-9956-ffa450edef68
---
 java/org/apache/tomcat/util/net/NioEndpoint.java   | 27 ++++-----
 .../tomcat/util/net/jsse/NioX509KeyManager.java    | 69 ++++++++++++++++++++++
 2 files changed, 81 insertions(+), 15 deletions(-)
 create mode 100644 java/org/apache/tomcat/util/net/jsse/NioX509KeyManager.java

diff --git a/java/org/apache/tomcat/util/net/NioEndpoint.java b/java/org/apache/tomcat/util/net/NioEndpoint.java
index 31eb7e02a..ff125185b 100644
--- a/java/org/apache/tomcat/util/net/NioEndpoint.java
+++ b/java/org/apache/tomcat/util/net/NioEndpoint.java
@@ -55,9 +55,8 @@ import javax.net.ssl.X509KeyManager;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.IntrospectionUtils;
-import org.apache.tomcat.util.net.JIoEndpoint.Worker;
 import org.apache.tomcat.util.net.SecureNioChannel.ApplicationBufferHandler;
-import org.apache.tomcat.util.net.jsse.JSSEKeyManager;
+import org.apache.tomcat.util.net.jsse.NioX509KeyManager;
 import org.apache.tomcat.util.res.StringManager;
 
 /**
@@ -785,8 +784,7 @@ public class NioEndpoint {
             ks.load(new FileInputStream(getKeystoreFile()), passphrase);
             KeyStore ts = null;
             if (getTruststoreFile()==null) {
-//                ts = KeyStore.getInstance(getKeystoreType());
-//                ts.load(new FileInputStream(getKeystoreFile()), passphrase);
+                //no op, same as for BIO connector
             }else {
                 ts = KeyStore.getInstance(ttype);
                 ts.load(new FileInputStream(getTruststoreFile()), tpassphrase);
@@ -809,17 +807,16 @@ public class NioEndpoint {
     }
     
     public KeyManager[] wrap(KeyManager[] managers) {
-        return managers;
-//        if (managers==null) return null;
-//        KeyManager[] result = new KeyManager[managers.length];
-//        for (int i=0; i<result.length; i++) {
-//            if (managers[i] instanceof X509KeyManager && getKeyAlias()!=null) {
-//                result[i] = new JSSEKeyManager((X509KeyManager)managers[i],getKeyAlias());
-//            } else {
-//                result[i] = managers[i];
-//            }
-//        }
-//        return result;
+        if (managers==null) return null;
+        KeyManager[] result = new KeyManager[managers.length];
+        for (int i=0; i<result.length; i++) {
+            if (managers[i] instanceof X509KeyManager && getKeyAlias()!=null) {
+                result[i] = new NioX509KeyManager((X509KeyManager)managers[i],getKeyAlias());
+            } else {
+                result[i] = managers[i];
+            }
+        }
+        return result;
     }
 
 
diff --git a/java/org/apache/tomcat/util/net/jsse/NioX509KeyManager.java b/java/org/apache/tomcat/util/net/jsse/NioX509KeyManager.java
new file mode 100644
index 000000000..0297b10f5
--- /dev/null
+++ b/java/org/apache/tomcat/util/net/jsse/NioX509KeyManager.java
@@ -0,0 +1,69 @@
+package org.apache.tomcat.util.net.jsse;
+
+import java.net.Socket;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.X509ExtendedKeyManager;
+import javax.net.ssl.X509KeyManager;
+
+public class NioX509KeyManager extends X509ExtendedKeyManager {
+
+    private X509KeyManager delegate;
+    private String serverKeyAlias;
+
+    /**
+     * Constructor.
+     *
+     * @param mgr The X509KeyManager used as a delegate
+     * @param serverKeyAlias The alias name of the server's keypair and
+     * supporting certificate chain
+     */
+    public NioX509KeyManager(X509KeyManager mgr, String serverKeyAlias) {
+        this.delegate = mgr;
+        this.serverKeyAlias = serverKeyAlias;
+    }
+
+    public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
+        return delegate.chooseClientAlias(keyType, issuers, socket);
+    }
+
+    public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
+        if (serverKeyAlias!=null) {
+            return serverKeyAlias;
+        } else {
+            return delegate.chooseServerAlias(keyType, issuers, socket);
+        }
+    }
+
+    public X509Certificate[] getCertificateChain(String alias) {
+        return delegate.getCertificateChain(alias);
+    }
+
+    public String[] getClientAliases(String keyType, Principal[] issuers) {
+        return delegate.getClientAliases(keyType, issuers);
+    }
+
+    public PrivateKey getPrivateKey(String alias) {
+        return delegate.getPrivateKey(alias);
+    }
+
+    public String[] getServerAliases(String keyType, Principal[] issuers) {
+        return delegate.getServerAliases(keyType, issuers);
+    }
+
+    @Override
+    public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) {
+        if (serverKeyAlias!=null) {
+            return serverKeyAlias;
+        } else {
+            return super.chooseEngineServerAlias(keyType, issuers, engine);
+        }
+    }
+
+    
+    
+    
+}
-- 
2.11.0