changelog.xml

remm Tue, 02 Aug 2016 16:14:24 -0700

Author: remm
Date: Tue Aug  2 23:13:59 2016
New Revision: 1755009

URL: http://svn.apache.org/viewvc?rev=1755009&view=rev
Log:
59910: Don't hardcode a key alias, JSSE can avoid using it.


Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
    tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
    tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java?rev=1755009&r1=1755008&r2=1755009&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java 
Tue Aug  2 23:13:59 2016
@@ -52,7 +52,7 @@ public class SSLHostConfigCertificate im
     private String certificateKeyPassword = null;
 
     // JSSE
-    private String certificateKeyAlias = "tomcat";
+    private String certificateKeyAlias;
     private String certificateKeystorePassword = "changeit";
     private String certificateKeystoreFile = 
System.getProperty("user.home")+"/.keystore";
     private String certificateKeystoreProvider = DEFAULT_KEYSTORE_PROVIDER;

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java?rev=1755009&r1=1755008&r2=1755009&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java Tue Aug  2 
23:13:59 2016
@@ -206,6 +206,9 @@ public class JSSEUtil extends SSLUtilBas
                 chain.addAll(certificateChainFile.getCertificates());
             }
 
+            if (keyAlias == null) {
+                keyAlias = "tomcat";
+            }
             ks.setKeyEntry(keyAlias, privateKeyFile.getPrivateKey(), 
keyPass.toCharArray(), chain.toArray(new Certificate[chain.size()]));
         }
 

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1755009&r1=1755008&r2=1755009&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java 
Tue Aug  2 23:13:59 2016
@@ -267,6 +267,9 @@ public class OpenSSLContext implements o
             } else {
                 X509KeyManager keyManager = chooseKeyManager(kms);
                 String alias = certificate.getCertificateKeyAlias();
+                if (alias == null) {
+                    alias = "tomcat";
+                }
                 X509Certificate[] chain = 
keyManager.getCertificateChain(alias);
                 PrivateKey key = keyManager.getPrivateKey(alias);
                 StringBuilder sb = new StringBuilder(BEGIN_KEY);
@@ -330,12 +333,17 @@ public class OpenSSLContext implements o
         }
     }
 
-    private static JSSEKeyManager chooseKeyManager(KeyManager[] managers) 
throws Exception {
+    private static X509KeyManager chooseKeyManager(KeyManager[] managers) 
throws Exception {
         for (KeyManager manager : managers) {
             if (manager instanceof JSSEKeyManager) {
                 return (JSSEKeyManager) manager;
             }
         }
+        for (KeyManager manager : managers) {
+            if (manager instanceof X509KeyManager) {
+                return (X509KeyManager) manager;
+            }
+        }
         throw new 
IllegalStateException(sm.getString("openssl.keyManagerMissing"));
     }
 

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1755009&r1=1755008&r2=1755009&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Aug  2 23:13:59 2016
@@ -107,6 +107,11 @@
         keystores that broke the automatic conversion of OpenSSL style PEM
         key and certificate files for use with JSSE TLS connectors. (markt)
       </fix>
+      <fix>
+        <bug>59867</bug>: Don't hardcode key alias value to "tomcat" for JSSE.
+        When using a keystore, OpenSSL will still need default to though.
+        (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1755009 - in /tomcat/trunk: java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java java/org/apache/tomcat/util/net/jsse/JSSEUtil.java java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java webapps/docs/changelog.xml

Reply via email to