474025 - SslContextFactory does not work with JCEKS Keystore

author: Greg Wilkins 2015-08-05 02:03:18 +0000
committer: Greg Wilkins 2015-08-05 02:03:38 +0000
commit: a0a2c64f6aa61d7cbd70c9ea465f89546c20bbe4 (patch)
tree: ceaeec95541cd5a8b268cf80224b96327f2453f4 /jetty-util
parent: f95b41fa7c2b54a6654012e596bfc9ff27dd7ca6 (diff)
download: org.eclipse.jetty.project-a0a2c64f6aa61d7cbd70c9ea465f89546c20bbe4.tar.gz
org.eclipse.jetty.project-a0a2c64f6aa61d7cbd70c9ea465f89546c20bbe4.tar.xz
org.eclipse.jetty.project-a0a2c64f6aa61d7cbd70c9ea465f89546c20bbe4.zip
1 files changed, 12 insertions, 6 deletions
diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
index be0c48433d..d0e75f7d0f 100644
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@@ -38,6 +38,7 @@ import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Comparator;
+import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.LinkedHashSet;
@@ -344,16 +345,21 @@ public class SslContextFactory extends AbstractLifeCycle
 
                 if (_validateCerts && keyStore != null)
                 {
-                    if (_certAlias == null)
+                    if (_certAlias==null)
                     {
-                        List<String> aliases = Collections.list(keyStore.aliases());
-                        _certAlias = aliases.size() == 1 ? aliases.get(0) : null;
+                        for (Enumeration<String> e=keyStore.aliases(); _certAlias==null && e.hasMoreElements(); )
+                        {
+                            String alias=e.nextElement();
+                            Certificate c =keyStore.getCertificate(alias);
+                            if (c!=null && "X.509".equals(c.getType()))
+                                _certAlias=alias;
+                        }
                     }
 
                     Certificate cert = _certAlias == null?null:keyStore.getCertificate(_certAlias);
-                    if (cert == null)
+                    if (cert==null || !"X.509".equals(cert.getType()))
                     {
-                        throw new Exception("No certificate found in the keystore" + (_certAlias==null ? "":" for alias " + _certAlias));
+                        throw new Exception("No X.509 certificate in the keystore" + (_certAlias==null ? "":" for alias " + _certAlias));
                     }
 
                     CertificateValidator validator = new CertificateValidator(trustStore, crls);
@@ -371,7 +377,7 @@ public class SslContextFactory extends AbstractLifeCycle
                     for (String alias : Collections.list(keyStore.aliases()))
                     {
                         Certificate certificate = keyStore.getCertificate(alias);
-                        if ("X.509".equals(certificate.getType()))
+                        if (certificate!=null && "X.509".equals(certificate.getType()))
                         {
                             X509Certificate x509 = (X509Certificate)certificate;
author	Greg Wilkins	2015-08-05 02:03:18 +0000
committer	Greg Wilkins	2015-08-05 02:03:38 +0000
commit	a0a2c64f6aa61d7cbd70c9ea465f89546c20bbe4 (patch)
tree	ceaeec95541cd5a8b268cf80224b96327f2453f4 /jetty-util
parent	f95b41fa7c2b54a6654012e596bfc9ff27dd7ca6 (diff)
download	org.eclipse.jetty.project-a0a2c64f6aa61d7cbd70c9ea465f89546c20bbe4.tar.gz org.eclipse.jetty.project-a0a2c64f6aa61d7cbd70c9ea465f89546c20bbe4.tar.xz org.eclipse.jetty.project-a0a2c64f6aa61d7cbd70c9ea465f89546c20bbe4.zip