You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2011/09/21 16:14:22 UTC
svn commit: r1173659 -
/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java
Author: markt
Date: Wed Sep 21 14:14:22 2011
New Revision: 1173659
URL: http://svn.apache.org/viewvc?rev=1173659&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51860
Fix issues when using NIO, SSL and a custom SSLImplementation.
Based on a suggestion by Roman Tsirulnikov.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java?rev=1173659&r1=1173658&r2=1173659&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java Wed Sep 21 14:14:22 2011
@@ -22,6 +22,8 @@ import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
/**
@@ -31,7 +33,7 @@ import javax.net.ssl.X509KeyManager;
*
* @author Jan Luehe
*/
-public final class JSSEKeyManager implements X509KeyManager {
+public final class JSSEKeyManager extends X509ExtendedKeyManager {
private X509KeyManager delegate;
private String serverKeyAlias;
@@ -44,6 +46,7 @@ public final class JSSEKeyManager implem
* supporting certificate chain
*/
public JSSEKeyManager(X509KeyManager mgr, String serverKeyAlias) {
+ super();
this.delegate = mgr;
this.serverKeyAlias = serverKeyAlias;
}
@@ -74,12 +77,9 @@ public final class JSSEKeyManager implem
* Returns this key manager's server key alias that was provided in the
* constructor.
*
- * @param keyType The key algorithm type name (ignored)
- * @param issuers The list of acceptable CA issuer subject names, or null
- * if it does not matter which issuers are used (ignored)
- * @param socket The socket to be used for this connection. This parameter
- * can be null, in which case this method will return the most generic
- * alias to use (ignored)
+ * @param keyType Ignored
+ * @param issuers Ignored
+ * @param socket Ignored
*
* @return Alias name for the desired key
*/
@@ -148,4 +148,40 @@ public final class JSSEKeyManager implem
public PrivateKey getPrivateKey(String alias) {
return delegate.getPrivateKey(alias);
}
+
+ /**
+ * Choose an alias to authenticate the client side of a secure socket,
+ * given the public key type and the list of certificate issuer authorities
+ * recognized by the peer (if any).
+ *
+ * @param keyType The key algorithm type name(s), ordered with the
+ * most-preferred key type first
+ * @param issuers The list of acceptable CA issuer subject names, or null
+ * if it does not matter which issuers are used
+ * @param engine Ignored
+ *
+ * @return The alias name for the desired key, or null if there are no
+ * matches
+ */
+ @Override
+ public String chooseEngineClientAlias(String[] keyType, Principal[] issuers,
+ SSLEngine engine) {
+ return delegate.chooseClientAlias(keyType, issuers, null);
+ }
+
+ /**
+ * Returns this key manager's server key alias that was provided in the
+ * constructor.
+ *
+ * @param keyType Ignored
+ * @param issuers Ignored
+ * @param engine Ignored
+ *
+ * @return Alias name for the desired key
+ */
+ @Override
+ public String chooseEngineServerAlias(String keyType, Principal[] issuers,
+ SSLEngine engine) {
+ return serverKeyAlias;
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org