474025 - SslContextFactory does not work with JCEKS Keystore

This commit is contained in:
Greg Wilkins 2015-08-05 12:03:18 +10:00
parent f95b41fa7c
commit a0a2c64f6a
1 changed files with 12 additions and 6 deletions

View File

@ -38,6 +38,7 @@ import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.Comparator; import java.util.Comparator;
import java.util.Enumeration;
import java.util.HashMap; import java.util.HashMap;
import java.util.Iterator; import java.util.Iterator;
import java.util.LinkedHashSet; import java.util.LinkedHashSet;
@ -344,16 +345,21 @@ public class SslContextFactory extends AbstractLifeCycle
if (_validateCerts && keyStore != null) if (_validateCerts && keyStore != null)
{ {
if (_certAlias == null) if (_certAlias==null)
{ {
List<String> aliases = Collections.list(keyStore.aliases()); for (Enumeration<String> e=keyStore.aliases(); _certAlias==null && e.hasMoreElements(); )
_certAlias = aliases.size() == 1 ? aliases.get(0) : null; {
String alias=e.nextElement();
Certificate c =keyStore.getCertificate(alias);
if (c!=null && "X.509".equals(c.getType()))
_certAlias=alias;
}
} }
Certificate cert = _certAlias == null?null:keyStore.getCertificate(_certAlias); Certificate cert = _certAlias == null?null:keyStore.getCertificate(_certAlias);
if (cert == null) if (cert==null || !"X.509".equals(cert.getType()))
{ {
throw new Exception("No certificate found in the keystore" + (_certAlias==null ? "":" for alias " + _certAlias)); throw new Exception("No X.509 certificate in the keystore" + (_certAlias==null ? "":" for alias " + _certAlias));
} }
CertificateValidator validator = new CertificateValidator(trustStore, crls); CertificateValidator validator = new CertificateValidator(trustStore, crls);
@ -371,7 +377,7 @@ public class SslContextFactory extends AbstractLifeCycle
for (String alias : Collections.list(keyStore.aliases())) for (String alias : Collections.list(keyStore.aliases()))
{ {
Certificate certificate = keyStore.getCertificate(alias); Certificate certificate = keyStore.getCertificate(alias);
if ("X.509".equals(certificate.getType())) if (certificate!=null && "X.509".equals(certificate.getType()))
{ {
X509Certificate x509 = (X509Certificate)certificate; X509Certificate x509 = (X509Certificate)certificate;