From f902ad7ed834208027b04adbb5b3692cf76526b5 Mon Sep 17 00:00:00 2001 From: markt Date: Wed, 21 Sep 2011 14:14:22 +0000 Subject: [PATCH] Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51860 Fix issues when using NIO, SSL and a custom SSLImplementation. Based on a suggestion by Roman Tsirulnikov. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1173659 13f79535-47bb-0310-9956-ffa450edef68 --- .../tomcat/util/net/jsse/JSSEKeyManager.java | 50 +++++++++++++++++++--- 1 file changed, 43 insertions(+), 7 deletions(-) diff --git a/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java b/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java index a06a42a65..bebacba0e 100644 --- a/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java +++ b/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java @@ -22,6 +22,8 @@ import java.security.Principal; import java.security.PrivateKey; import java.security.cert.X509Certificate; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.X509ExtendedKeyManager; import javax.net.ssl.X509KeyManager; /** @@ -31,7 +33,7 @@ import javax.net.ssl.X509KeyManager; * * @author Jan Luehe */ -public final class JSSEKeyManager implements X509KeyManager { +public final class JSSEKeyManager extends X509ExtendedKeyManager { private X509KeyManager delegate; private String serverKeyAlias; @@ -44,6 +46,7 @@ public final class JSSEKeyManager implements X509KeyManager { * supporting certificate chain */ public JSSEKeyManager(X509KeyManager mgr, String serverKeyAlias) { + super(); this.delegate = mgr; this.serverKeyAlias = serverKeyAlias; } @@ -74,12 +77,9 @@ public final class JSSEKeyManager implements X509KeyManager { * Returns this key manager's server key alias that was provided in the * constructor. * - * @param keyType The key algorithm type name (ignored) - * @param issuers The list of acceptable CA issuer subject names, or null - * if it does not matter which issuers are used (ignored) - * @param socket The socket to be used for this connection. This parameter - * can be null, in which case this method will return the most generic - * alias to use (ignored) + * @param keyType Ignored + * @param issuers Ignored + * @param socket Ignored * * @return Alias name for the desired key */ @@ -148,4 +148,40 @@ public final class JSSEKeyManager implements X509KeyManager { public PrivateKey getPrivateKey(String alias) { return delegate.getPrivateKey(alias); } + + /** + * Choose an alias to authenticate the client side of a secure socket, + * given the public key type and the list of certificate issuer authorities + * recognized by the peer (if any). + * + * @param keyType The key algorithm type name(s), ordered with the + * most-preferred key type first + * @param issuers The list of acceptable CA issuer subject names, or null + * if it does not matter which issuers are used + * @param engine Ignored + * + * @return The alias name for the desired key, or null if there are no + * matches + */ + @Override + public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, + SSLEngine engine) { + return delegate.chooseClientAlias(keyType, issuers, null); + } + + /** + * Returns this key manager's server key alias that was provided in the + * constructor. + * + * @param keyType Ignored + * @param issuers Ignored + * @param engine Ignored + * + * @return Alias name for the desired key + */ + @Override + public String chooseEngineServerAlias(String keyType, Principal[] issuers, + SSLEngine engine) { + return serverKeyAlias; + } } -- 2.11.0