diff options
author | Greg Wilkins | 2015-08-05 02:03:18 +0000 |
---|---|---|
committer | Greg Wilkins | 2015-08-05 02:03:38 +0000 |
commit | a0a2c64f6aa61d7cbd70c9ea465f89546c20bbe4 (patch) | |
tree | ceaeec95541cd5a8b268cf80224b96327f2453f4 /jetty-util | |
parent | f95b41fa7c2b54a6654012e596bfc9ff27dd7ca6 (diff) | |
download | org.eclipse.jetty.project-a0a2c64f6aa61d7cbd70c9ea465f89546c20bbe4.tar.gz org.eclipse.jetty.project-a0a2c64f6aa61d7cbd70c9ea465f89546c20bbe4.tar.xz org.eclipse.jetty.project-a0a2c64f6aa61d7cbd70c9ea465f89546c20bbe4.zip |
474025 - SslContextFactory does not work with JCEKS Keystore
Diffstat (limited to 'jetty-util')
-rw-r--r-- | jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java index be0c48433d..d0e75f7d0f 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java @@ -38,6 +38,7 @@ import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.Comparator; +import java.util.Enumeration; import java.util.HashMap; import java.util.Iterator; import java.util.LinkedHashSet; @@ -344,16 +345,21 @@ public class SslContextFactory extends AbstractLifeCycle if (_validateCerts && keyStore != null) { - if (_certAlias == null) + if (_certAlias==null) { - List<String> aliases = Collections.list(keyStore.aliases()); - _certAlias = aliases.size() == 1 ? aliases.get(0) : null; + for (Enumeration<String> e=keyStore.aliases(); _certAlias==null && e.hasMoreElements(); ) + { + String alias=e.nextElement(); + Certificate c =keyStore.getCertificate(alias); + if (c!=null && "X.509".equals(c.getType())) + _certAlias=alias; + } } Certificate cert = _certAlias == null?null:keyStore.getCertificate(_certAlias); - if (cert == null) + if (cert==null || !"X.509".equals(cert.getType())) { - throw new Exception("No certificate found in the keystore" + (_certAlias==null ? "":" for alias " + _certAlias)); + throw new Exception("No X.509 certificate in the keystore" + (_certAlias==null ? "":" for alias " + _certAlias)); } CertificateValidator validator = new CertificateValidator(trustStore, crls); @@ -371,7 +377,7 @@ public class SslContextFactory extends AbstractLifeCycle for (String alias : Collections.list(keyStore.aliases())) { Certificate certificate = keyStore.getCertificate(alias); - if ("X.509".equals(certificate.getType())) + if (certificate!=null && "X.509".equals(certificate.getType())) { X509Certificate x509 = (X509Certificate)certificate; |