Hi, when using "PKIX" as KeyManagerFactoryAlgorithm, the alias is manipulated from what's in the keystore (for example, "jetty") to an internal format such as "N.0.jetty", where N is an increasing number (in sun.security.ssl.X509KeyManagerImpl.makeAlias()).
The problem is that (especially in case of SNI) the KeyManager could be wrapped by a user-written KeyManager that may delegate to the JDK one. When the user-written KeyManager delegates to the JDK instance by calling keyManager.getServerAliases(keyType, issuers), an array of aliases is returned, but the aliases are of the internal format described above. This makes the user-written code fail any logic that is based on the aliases, as comparing these internal formats with the ones present in the KeyStore will fail. Can you please clarify if this is expected behavior and whether user-written code should "unwrap" this internal alias format (is it defined somewhere?), or if this internal format is wrongly leaked to user-written code? Thanks! -- Simone Bordet --- Finally, no matter how good the architecture and design are, to deliver bug-free software with optimal performance and reliability, the implementation technique must be flawless. Victoria Livschitz
