Fix issue 3860 OpenDS unable to find a certificate in JKS keystore if the a...

floblanc

10.13.2009 5deca13557d25ac83c49e35dddbbaf01d8ab686f

Fix issue 3860 OpenDS unable to find a certificate in JKS keystore if the alias contains upercase
When OpenDS is configured to use alias xxx-cert in JKS keystore, LDAPS does not work if the alias contains upercase.

Javadoc for KeyStore specifies that
"Whether aliases are case sensitive is implementation dependent. In order to avoid problems, it is recommended not to use aliases in a KeyStore that only differ in case."

This fix compares the found alias with the configured alias name using String.equalsIgnoreCase() instead of String.equals().

We should also document that the user must not define 2 certificates aliases that only differ in case. 

 opends/src/server/org/opends/server/util/SelectableCertificateKeyManager.java

@@ -22,7 +22,7 @@
 * CDDL HEADER END
 *
 *
 *      Copyright 2008 Sun Microsystems, Inc.
 *      Copyright 2008-2009 Sun Microsystems, Inc.
 */
package org.opends.server.util;

@@ -196,6 +196,9 @@
   * the provided critieria.  This will either return the preferred alias
   * configured for this key manager, or {@code null} if no server certificate
   * with that alias is configured in the underlying key manager.
   * Note that the returned alias can be transformed in lowercase, depending
   * on the KeyStore implementation. It is recommended not to use aliases in a
   * KeyStore that only differ in case.
   *
   * @param  keyType  The public key type for the certificate.
   * @param  issuers  The list of acceptable issuer subject names, or
@@ -213,9 +216,9 @@
    {
      for (String serverAlias : serverAliases)
      {
        if (serverAlias.equals(alias))
        if (serverAlias.equalsIgnoreCase(alias))
        {
          return alias;
          return serverAlias;
        }
      }
    }