public void addCertificate(SSLHostConfigCertificate certificate) { // Need to make sure that if there is more than one certificate, none of // them have a type of undefined. if (certificates.size() == 0) { certificates.add(certificate); return; } if (certificates.size() == 1 && certificates.iterator().next().getType() == SSLHostConfigCertificate.Type.UNDEFINED || certificate.getType() == SSLHostConfigCertificate.Type.UNDEFINED) { // Invalid config throw new IllegalArgumentException(sm.getString("sslHostConfig.certificate.notype")); } certificates.add(certificate); }
private static String findAlias(X509KeyManager keyManager, SSLHostConfigCertificate certificate) { Type type = certificate.getType(); String result = null; List<Type> candidateTypes = new ArrayList<>(); if (Type.UNDEFINED.equals(type)) { // Try all types to find an suitable alias candidateTypes.addAll(Arrays.asList(Type.values())); candidateTypes.remove(Type.UNDEFINED); } else { // Look for the specific type to find a suitable alias candidateTypes.add(type); } Iterator<Type> iter = candidateTypes.iterator(); while (result == null && iter.hasNext()) { result = keyManager.chooseServerAlias(iter.next().toString(), null, null); } return result; }
private SSLHostConfigCertificate selectCertificate( SSLHostConfig sslHostConfig, List<Cipher> clientCiphers) { Set<SSLHostConfigCertificate> certificates = sslHostConfig.getCertificates(true); if (certificates.size() == 1) { return certificates.iterator().next(); } LinkedHashSet<Cipher> serverCiphers = sslHostConfig.getCipherList(); List<Cipher> candidateCiphers = new ArrayList<>(); if (sslHostConfig.getHonorCipherOrder()) { candidateCiphers.addAll(serverCiphers); candidateCiphers.retainAll(clientCiphers); } else { candidateCiphers.addAll(clientCiphers); candidateCiphers.retainAll(serverCiphers); } for (Cipher candidate : candidateCiphers) { for (SSLHostConfigCertificate certificate : certificates) { if (certificate.getType().isCompatibleWith(candidate.getAu())) { return certificate; } } } // No matches. Just return the first certificate. The handshake will // then fail due to no matching ciphers. return certificates.iterator().next(); }
for (SSLHostConfigCertificate sslHostConfigCert : sslHostConfigCerts) { String name = connector.toString() + "-" + sslHostConfig.getHostName() + "-" + sslHostConfigCert.getType(); List<String> certList = new ArrayList<>(); SSLContext sslContext = sslHostConfigCert.getSslContext();
for (SSLHostConfigCertificate sslHostConfigCert : sslHostConfigCerts) { String name = connector.toString() + "-" + sslHostConfig.getHostName() + "-" + sslHostConfigCert.getType(); List<String> certList = new ArrayList<>(); SSLContext sslContext = sslHostConfigCert.getSslContext();