Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
63 lines (60 sloc) 2.43 KB
Index: src/test/java/SunX509KeyManagerImpl.java
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- src/test/java/SunX509KeyManagerImpl.java (revision cba5d4cd10b27227083122153aa7209dd1eece2f)
+++ src/test/java/SunX509KeyManagerImpl.java (revision )
@@ -38,6 +36,7 @@
import java.net.Socket;
import java.security.*;
import java.security.cert.Certificate;
+import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.*;
@@ -224,12 +223,35 @@
for (int i = 0; i < keyTypes.length; i++) {
String[] aliases = getClientAliases(keyTypes[i], issuers);
if ((aliases != null) && (aliases.length > 0)) {
+ String alias = selectAliasBasedOnExtendedKeyUsage(aliases, "1.3.6.1.5.5.7.3.2"); //TODO replace with constant
+ if (alias != null) return alias;
+
+ //default as implemented in openjdk
return aliases[0];
}
}
return null;
}
+ private String selectAliasBasedOnExtendedKeyUsage(String[] aliases, String targetExtendedKeyUsage) {
+ for(String alias : aliases){
+ try {
+ //assume cert in index 0 is the lowest one in the chain, and check its EKU
+ X509Certificate certificate = this.credentialsMap.get(alias).certificates[0];
+ List<String> ekus = certificate.getExtendedKeyUsage();
+ for (String eku : ekus) {
+ if(eku.equals(targetExtendedKeyUsage)){
+ return alias;
+ }
+ }
+ }catch(CertificateParsingException e){
+ //TODO handle properly
+ e.printStackTrace();
+ }
+ }
+ return null;
+ }
+
/*
* Choose an alias to authenticate the client side of an
* <code>SSLEngine</code> connection given the public key type
@@ -282,6 +304,10 @@
aliases = getServerAliases(keyType, issuers);
}
if ((aliases != null) && (aliases.length > 0)) {
+ String alias = selectAliasBasedOnExtendedKeyUsage(aliases, "1.3.6.1.5.5.7.3.1"); //TODO replace with constant
+ if (alias != null) return alias;
+
+ //default as implemented in openjdk
return aliases[0];
}
return null;