From d3a10338d643cf04e89e577ba496c547e0bf7516 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Wed, 28 Feb 2007 21:01:32 +0000
Subject: [PATCH] Add a new key manager which provides the ability to specify which certificate should be presented based on its alias (aka its nickname). This is used both by server-side code which needs to present a certificate to clients, as well as by client-side code which needs to present a certificate to the server.
---
opends/src/server/org/opends/server/extensions/TLSConnectionSecurityProvider.java | 16 ++++++++++++++--
1 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/opends/src/server/org/opends/server/extensions/TLSConnectionSecurityProvider.java b/opends/src/server/org/opends/server/extensions/TLSConnectionSecurityProvider.java
index 292dab1..4dc1a09 100644
--- a/opends/src/server/org/opends/server/extensions/TLSConnectionSecurityProvider.java
+++ b/opends/src/server/org/opends/server/extensions/TLSConnectionSecurityProvider.java
@@ -50,6 +50,7 @@
import org.opends.server.types.DisconnectReason;
import org.opends.server.types.InitializationException;
import org.opends.server.types.SSLClientAuthPolicy;
+import org.opends.server.util.SelectableCertificateKeyManager;
import static org.opends.server.loggers.Debug.*;
import static org.opends.server.messages.ExtensionsMessages.*;
@@ -195,8 +196,19 @@
{
// FIXME -- Is it bad to create a new SSLContext for each connection?
sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
- sslContext.init(keyManagerProvider.getKeyManagers(),
- trustManagerProvider.getTrustManagers(), null);
+
+ String alias = clientConnection.getCertificateAlias();
+ if (alias == null)
+ {
+ sslContext.init(keyManagerProvider.getKeyManagers(),
+ trustManagerProvider.getTrustManagers(), null);
+ }
+ else
+ {
+ sslContext.init(SelectableCertificateKeyManager.wrap(
+ keyManagerProvider.getKeyManagers(), alias),
+ trustManagerProvider.getTrustManagers(), null);
+ }
}
catch (Exception e)
{
--
Gitblit v1.10.0