From d3a10338d643cf04e89e577ba496c547e0bf7516 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Wed, 28 Feb 2007 21:01:32 +0000
Subject: [PATCH] Add a new key manager which provides the ability to specify which certificate should be presented based on its alias (aka its nickname).  This is used both by server-side code which needs to present a certificate to clients, as well as by client-side code which needs to present a certificate to the server.

---
 opends/src/server/org/opends/server/protocols/jmx/RmiConnector.java |   22 ++++++++++++++++++++--
 1 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/opends/src/server/org/opends/server/protocols/jmx/RmiConnector.java b/opends/src/server/org/opends/server/protocols/jmx/RmiConnector.java
index cc4c9b4..2742394 100644
--- a/opends/src/server/org/opends/server/protocols/jmx/RmiConnector.java
+++ b/opends/src/server/org/opends/server/protocols/jmx/RmiConnector.java
@@ -32,6 +32,7 @@
 import java.rmi.registry.Registry;
 import java.util.HashMap;
 
+import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.SSLContext;
 
@@ -48,6 +49,8 @@
 import org.opends.server.types.DebugLogCategory;
 import org.opends.server.types.DebugLogSeverity;
 
+import org.opends.server.util.SelectableCertificateKeyManager;
+
 import static org.opends.server.loggers.Debug.*;
 
 /**
@@ -320,15 +323,30 @@
         // ---------------------
         //
         // Get a Server socket factory
+        KeyManager[] keyManagers;
         KeyManagerProvider provider = jmxConnectionHandler.keyManagerProvider;
         if (provider == null)
         {
-          provider = new NullKeyManagerProvider();
+          keyManagers = new NullKeyManagerProvider().getKeyManagers();
+        }
+        else
+        {
+          String nickname = jmxConnectionHandler.sslServerCertNickname;
+          if (nickname == null)
+          {
+            keyManagers = provider.getKeyManagers();
+          }
+          else
+          {
+            keyManagers =
+                 SelectableCertificateKeyManager.wrap(provider.getKeyManagers(),
+                                                      nickname);
+          }
         }
 
         SSLContext ctx = SSLContext.getInstance("TLSv1");
         ctx.init(
-            provider.getKeyManagers(),
+            keyManagers,
             null,
             null);
         SSLSocketFactory ssf = ctx.getSocketFactory();

--
Gitblit v1.10.0