Author: markt
Date: Wed Jul 5 13:51:27 2017
New Revision: 1800874
URL: http://svn.apache.org/viewvc?rev=1800874&view=rev
Log:
Follow-up to r1800867
Avoid NPE when no alias is specified.
Now an in memory key store with a single key is used, there is no need for the
JSSEKeyManager - so remove it.
Removed:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEKeyManager.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java?rev=1800874&r1=1800873&r2=1800874&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java Wed Jul 5
13:51:27 2017
@@ -52,7 +52,6 @@ import javax.net.ssl.ManagerFactoryParam
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509KeyManager;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -171,7 +170,6 @@ public class JSSEUtil extends SSLUtilBas
@Override
public KeyManager[] getKeyManagers() throws Exception {
- String keystoreType = certificate.getCertificateKeystoreType();
String keyAlias = certificate.getCertificateKeyAlias();
String algorithm = sslHostConfig.getKeyManagerAlgorithm();
String keyPass = certificate.getCertificateKeyPassword();
@@ -181,8 +179,6 @@ public class JSSEUtil extends SSLUtilBas
keyPass = certificate.getCertificateKeystorePassword();
}
- KeyManager[] kms = null;
-
KeyStore ks = certificate.getCertificateKeystore();
/*
@@ -219,6 +215,8 @@ public class JSSEUtil extends SSLUtilBas
} else {
if (keyAlias != null && !ks.isKeyEntry(keyAlias)) {
throw new IOException(sm.getString("jsse.alias_no_key_entry",
keyAlias));
+ } else if (keyAlias == null) {
+ keyAlias = "tomcat";
}
inMemoryKeyStore.setKeyEntry(keyAlias, ks.getKey(keyAlias,
keyPassArray), keyPassArray,
@@ -229,23 +227,7 @@ public class JSSEUtil extends SSLUtilBas
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
kmf.init(inMemoryKeyStore, keyPassArray);
- kms = kmf.getKeyManagers();
- if (kms == null) {
- return kms;
- }
-
- if (keyAlias != null) {
- String alias = keyAlias;
- // JKS keystores always convert the alias name to lower case
- if ("JKS".equals(keystoreType)) {
- alias = alias.toLowerCase(Locale.ENGLISH);
- }
- for(int i = 0; i < kms.length; i++) {
- kms[i] = new JSSEKeyManager((X509KeyManager)kms[i], alias);
- }
- }
-
- return kms;
+ return kmf.getKeyManagers();
}
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1800874&r1=1800873&r2=1800874&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
Wed Jul 5 13:51:27 2017
@@ -50,7 +50,6 @@ import org.apache.tomcat.util.net.Consta
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type;
-import org.apache.tomcat.util.net.jsse.JSSEKeyManager;
import
org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser;
import org.apache.tomcat.util.res.StringManager;
@@ -365,11 +364,6 @@ public class OpenSSLContext implements o
private static X509KeyManager chooseKeyManager(KeyManager[] managers)
throws Exception {
for (KeyManager manager : managers) {
- if (manager instanceof JSSEKeyManager) {
- return (JSSEKeyManager) manager;
- }
- }
- for (KeyManager manager : managers) {
if (manager instanceof X509KeyManager) {
return (X509KeyManager) manager;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
