# HG changeset patch

# User "Endi S. Dewata" <edewata@redhat.com>

# Date 1509154719 -7200

#      Sat Oct 28 03:38:39 2017 +0200

# Node ID 19a0e2146a929173757e6ccbb61a035ec9426f43

# Parent  b1a3c3cc6b3584948d251d3bfcfe6630d8970db5

Added certificate nickname into ObjectNotFoundException message.

The code that generates ObjectNotFoundException has been modified

to include the certificate nickname to help troubleshooting.

https://bugzilla.mozilla.org/show_bug.cgi?id=1408057

diff --git a/org/mozilla/jss/PK11Finder.c b/org/mozilla/jss/PK11Finder.c

--- a/org/mozilla/jss/PK11Finder.c

+++ b/org/mozilla/jss/PK11Finder.c

@@ -54,7 +54,9 @@

     cert = JSS_PK11_findCertAndSlotFromNickname(nick, NULL, &slot);

     if(cert == NULL) {

-        JSS_nativeThrow(env, OBJECT_NOT_FOUND_EXCEPTION);

+        char *message = PR_smprintf("Certificate not found: %s", nick);

+        JSS_throwMsg(env, OBJECT_NOT_FOUND_EXCEPTION, message);

+        PR_smprintf_free(message);

         goto finish;

     }

@@ -1577,7 +1579,9 @@

     cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), nickname);

     if (cert == NULL) {

-        JSS_throw(env, OBJECT_NOT_FOUND_EXCEPTION);

+        char *message = PR_smprintf("Certificate not found: %s", nickname);

+        JSS_throwMsg(env, OBJECT_NOT_FOUND_EXCEPTION, message);

+        PR_smprintf_free(message);

         goto finish;

     } else {

     /* 0 for certificateUsage in call to CERT_VerifyCertificateNow will

@@ -1640,7 +1644,9 @@

     cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), nickname);

     if (cert == NULL) {

-        JSS_throw(env, OBJECT_NOT_FOUND_EXCEPTION);

+        char *message = PR_smprintf("Certificate not found: %s", nickname);

+        JSS_throwMsg(env, OBJECT_NOT_FOUND_EXCEPTION, message);

+        PR_smprintf_free(message);

         goto finish;

     } else {

     /* 0 for certificateUsage in call to CERT_VerifyCertificateNow to

@@ -1801,7 +1807,9 @@

     cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), nickname);

     if (cert == NULL) {

-        JSS_throw(env, OBJECT_NOT_FOUND_EXCEPTION);

+        char *message = PR_smprintf("Certificate not found: %s", nickname);

+        JSS_throwMsg(env, OBJECT_NOT_FOUND_EXCEPTION, message);

+        PR_smprintf_free(message);

         goto finish;

     } else {

         rv = CERT_VerifyCertNow(CERT_GetDefaultCertDB(), cert,

# HG changeset patch

# User "Endi S. Dewata" <edewata@redhat.com>

# Date 1509154819 -7200

#      Sat Oct 28 03:40:19 2017 +0200

# Node ID 837c79476110ecd4bf6b507faad50edb9eed7e7e

# Parent  19a0e2146a929173757e6ccbb61a035ec9426f43

Reformatted SocketBase.java.

The SocketBase.java has been auto-formatted using Eclipse to

simplify further changes on the file.

https://bugzilla.mozilla.org/show_bug.cgi?id=1408057

diff --git a/org/mozilla/jss/ssl/SocketBase.java b/org/mozilla/jss/ssl/SocketBase.java

--- a/org/mozilla/jss/ssl/SocketBase.java

+++ b/org/mozilla/jss/ssl/SocketBase.java

@@ -27,6 +27,7 @@

     int getTimeout() {

         return timeout;

     }

+

     void setTimeout(int timeout) {

         this.timeout = timeout;

     }

@@ -36,18 +37,17 @@

     }

     native byte[] socketCreate(Object socketObject,

-        SSLCertificateApprovalCallback certApprovalCallback,

-        SSLClientCertificateSelectionCallback clientCertSelectionCallback,

-        java.net.Socket javaSock, String host,int family)

+            SSLCertificateApprovalCallback certApprovalCallback,

+            SSLClientCertificateSelectionCallback clientCertSelectionCallback,

+            java.net.Socket javaSock, String host, int family)

             throws SocketException;

     byte[] socketCreate(Object socketObject,

-        SSLCertificateApprovalCallback certApprovalCallback,

-        SSLClientCertificateSelectionCallback clientCertSelectionCallback, int family)

-            throws SocketException

-    {

+            SSLCertificateApprovalCallback certApprovalCallback,

+            SSLClientCertificateSelectionCallback clientCertSelectionCallback, int family)

+            throws SocketException {

         return socketCreate(socketObject, certApprovalCallback,

-            clientCertSelectionCallback, null, null, family);

+                clientCertSelectionCallback, null, null, family);

     }

     native void socketBind(byte[] addrBA, int port) throws SocketException;

@@ -57,7 +57,7 @@

      * safer than copying the values of the C constants, which are subject

      * to change, into Java code.

      * Note to developer these constants are not all related! i.e. you cannot

-     * pass in PR_SHUTDOWN_RCV to setSSLOption etc! Check their usage 

+     * pass in PR_SHUTDOWN_RCV to setSSLOption etc! Check their usage

      * in NSS and NSPR before using.

      */

     static final int SSL_ENABLE_SSL2 = 0;

@@ -73,7 +73,7 @@

     static final int SSL_POLICY_DOMESTIC = 10;

     static final int SSL_POLICY_EXPORT = 11;

     static final int SSL_POLICY_FRANCE = 12;

-    static final int SSL_ROLLBACK_DETECTION = 13; 

+    static final int SSL_ROLLBACK_DETECTION = 13;

     static final int SSL_NO_STEP_DOWN = 14;

     static final int SSL_ENABLE_FDX = 15;

     static final int SSL_V2_COMPATIBLE_HELLO = 16;

@@ -98,7 +98,7 @@

     static final int SSL_Variant_Stream = 33;

     static final int SSL_Variant_Datagram = 34;

-    static final int SSL_AF_INET  = 50;

+    static final int SSL_AF_INET = 50;

     static final int SSL_AF_INET6 = 51;

     void close() throws IOException {

@@ -106,7 +106,7 @@

     }

     // SSLServerSocket and SSLSocket close methods

-    // have their own synchronization control that 

+    // have their own synchronization control that

     // protects SocketBase.socketClose.

     native void socketClose() throws IOException;

@@ -118,14 +118,13 @@

     }

     public void requestClientAuthNoExpiryCheck(boolean b)

-        throws SocketException

-    {

+            throws SocketException {

         requestingClientAuth = b;

         requestClientAuthNoExpiryCheckNative(b);

     }

     private native void requestClientAuthNoExpiryCheckNative(boolean b)

-        throws SocketException;

+            throws SocketException;

     void enableSSL2(boolean enable) throws SocketException {

         setSSLOption(SSL_ENABLE_SSL2, enable);

@@ -144,8 +143,7 @@

     }

     void enableRenegotiation(int mode)

-            throws SocketException

-    {

+            throws SocketException {

         setSSLOptionMode(SocketBase.SSL_ENABLE_RENEGOTIATION, mode);

     }

@@ -168,23 +166,21 @@

     void enableV2CompatibleHello(boolean enable) throws SocketException {

         setSSLOption(SSL_V2_COMPATIBLE_HELLO, enable);

     }

-    

+

     void setSSLOption(int option, boolean on)

-        throws SocketException

-    {

+            throws SocketException {

         setSSLOption(option, on ? 1 : 0);

     }

-    /** 

-     * Sets SSL options for this socket that have simple 

+    /**

+     * Sets SSL options for this socket that have simple

      * enable/disable values.

      */

     native void setSSLOption(int option, int on)

-        throws SocketException;

+            throws SocketException;

     void setSSLVersionRange(org.mozilla.jss.ssl.SSLSocket.SSLVersionRange range)

-        throws SocketException

-    {

+            throws SocketException {

         setSSLVersionRange(range.getMinEnum(), range.getMaxEnum());

     }

@@ -192,93 +188,101 @@

      * Sets SSL Version Range for this socket to support TLS v1.1 and v1.2

      */

     native void setSSLVersionRange(int min, int max)

-        throws SocketException;

+            throws SocketException;

-    /** 

+    /**

      * Sets the SSL option setting mode value use for options

      * that have more values than just enable/disable.

      */

     native void setSSLOptionMode(int option, int option2)

-        throws SocketException; 

+            throws SocketException;

-    

     /* return 0 for option disabled 1 for option enabled. */

     native int getSSLOption(int option)

-        throws SocketException;

-    

+            throws SocketException;

+

     public String getSSLOptions() {

         StringBuffer buf = new StringBuffer();

         try {

             buf.append("SSL Options configured for this SSLSocket:");

-            buf.append("\nSSL_ENABLE_SSL2" + 

-                ((getSSLOption(SocketBase.SSL_ENABLE_SSL2) != 0)

-                ? "=on" :  "=off"));

-            buf.append("\nSSL_ENABLE_SSL3"  + 

-                ((getSSLOption(SocketBase.SSL_ENABLE_SSL3) != 0) 

-                ? "=on" :  "=off"));

-            buf.append("\nSSL_ENABLE_TLS"  + 

-                ((getSSLOption(SocketBase.SSL_ENABLE_TLS) != 0) 

-                ? "=on" :  "=off"));

-            buf.append("\nSSL_REQUIRE_CERTIFICATE"); 

+            buf.append("\nSSL_ENABLE_SSL2" +

+                    ((getSSLOption(SocketBase.SSL_ENABLE_SSL2) != 0)

+                            ? "=on"

+                            : "=off"));

+            buf.append("\nSSL_ENABLE_SSL3" +

+                    ((getSSLOption(SocketBase.SSL_ENABLE_SSL3) != 0)

+                            ? "=on"

+                            : "=off"));

+            buf.append("\nSSL_ENABLE_TLS" +

+                    ((getSSLOption(SocketBase.SSL_ENABLE_TLS) != 0)

+                            ? "=on"

+                            : "=off"));

+            buf.append("\nSSL_REQUIRE_CERTIFICATE");

             switch (getSSLOption(SocketBase.SSL_REQUIRE_CERTIFICATE)) {

-                case 0:

-                    buf.append("=Never");

-                    break;

-                case 1:

-                    buf.append("=Always");

-                    break;

-                case 2:

-                    buf.append("=First Handshake");

-                    break;

-                case 3:

-                    buf.append("=No Error");

-                    break;

-                default:

-                    buf.append("=Report JSS Bug this option has a status.");

-                    break;

+            case 0:

+                buf.append("=Never");

+                break;

+            case 1:

+                buf.append("=Always");

+                break;

+            case 2:

+                buf.append("=First Handshake");

+                break;

+            case 3:

+                buf.append("=No Error");

+                break;

+            default:

+                buf.append("=Report JSS Bug this option has a status.");

+                break;

             } //end switch

-            buf.append("\nSSL_REQUEST_CERTIFICATE"  + 

-                ((getSSLOption(SocketBase.SSL_REQUEST_CERTIFICATE) != 0) 

-                ? "=on" :  "=off"));

-            buf.append("\nSSL_NO_CACHE"  + 

-                ((getSSLOption(SocketBase.SSL_NO_CACHE) != 0)

-                ? "=on" :  "=off"));

-            buf.append("\nSSL_ROLLBACK_DETECTION"  + 

-                ((getSSLOption(SocketBase.SSL_ROLLBACK_DETECTION) != 0)

-                ? "=on" :  "=off"));

-            buf.append("\nSSL_NO_STEP_DOWN"  + 

-                ((getSSLOption(SocketBase.SSL_NO_STEP_DOWN) != 0)

-                ? "=on" :  "=off"));

-            buf.append("\nSSL_ENABLE_FDX"  + 

-                ((getSSLOption(SocketBase.SSL_ENABLE_FDX) != 0)

-                ? "=on" :  "=off"));

-            buf.append("\nSSL_V2_COMPATIBLE_HELLO"  + 

-                ((getSSLOption(SocketBase.SSL_V2_COMPATIBLE_HELLO) != 0) 

-                ? "=on" :  "=off"));

-            buf.append("\nSSL_ENABLE_SESSION_TICKETS"  +

-                ((getSSLOption(SocketBase.SSL_ENABLE_SESSION_TICKETS)

-                != 0) ? "=on" :  "=off"));

+            buf.append("\nSSL_REQUEST_CERTIFICATE" +

+                    ((getSSLOption(SocketBase.SSL_REQUEST_CERTIFICATE) != 0)

+                            ? "=on"

+                            : "=off"));

+            buf.append("\nSSL_NO_CACHE" +

+                    ((getSSLOption(SocketBase.SSL_NO_CACHE) != 0)

+                            ? "=on"

+                            : "=off"));

+            buf.append("\nSSL_ROLLBACK_DETECTION" +

+                    ((getSSLOption(SocketBase.SSL_ROLLBACK_DETECTION) != 0)

+                            ? "=on"

+                            : "=off"));

+            buf.append("\nSSL_NO_STEP_DOWN" +

+                    ((getSSLOption(SocketBase.SSL_NO_STEP_DOWN) != 0)

+                            ? "=on"

+                            : "=off"));

+            buf.append("\nSSL_ENABLE_FDX" +

+                    ((getSSLOption(SocketBase.SSL_ENABLE_FDX) != 0)

+                            ? "=on"

+                            : "=off"));

+            buf.append("\nSSL_V2_COMPATIBLE_HELLO" +

+                    ((getSSLOption(SocketBase.SSL_V2_COMPATIBLE_HELLO) != 0)

+                            ? "=on"

+                            : "=off"));

+            buf.append("\nSSL_ENABLE_SESSION_TICKETS" +

+                    ((getSSLOption(SocketBase.SSL_ENABLE_SESSION_TICKETS) != 0) ? "=on" : "=off"));

             buf.append("\nSSL_ENABLE_RENEGOTIATION");

             switch (getSSLOption(SocketBase.SSL_ENABLE_RENEGOTIATION)) {

-                case 0:

-                    buf.append("=SSL_RENEGOTIATE_NEVER");

-                    break;

-                case 1:

-                    buf.append("=SSL_RENEGOTIATE_UNRESTRICTED");

-                    break;

-                case 2:

-                    buf.append("=SSL_RENEGOTIATE_REQUIRES_XTN");

-                    break;

-                case 3:

-                    buf.append("=SSL_RENEGOTIATE_TRANSITIONAL");

-                    break;

-                default:

-                    buf.append("=Report JSS Bug this option has a status.");

-                    break;

+            case 0:

+                buf.append("=SSL_RENEGOTIATE_NEVER");

+                break;

+            case 1:

+                buf.append("=SSL_RENEGOTIATE_UNRESTRICTED");

+                break;

+            case 2:

+                buf.append("=SSL_RENEGOTIATE_REQUIRES_XTN");

+                break;

+            case 3:

+                buf.append("=SSL_RENEGOTIATE_TRANSITIONAL");

+                break;

+            default:

+                buf.append("=Report JSS Bug this option has a status.");

+                break;

             } //end switch

-            buf.append("\nSSL_REQUIRE_SAFE_NEGOTIATION"  +

-                ((getSSLOption(SocketBase.SSL_REQUIRE_SAFE_NEGOTIATION) != 0)

-                ? "=on" :  "=off"));

+            buf.append("\nSSL_REQUIRE_SAFE_NEGOTIATION" +

+                    ((getSSLOption(SocketBase.SSL_REQUIRE_SAFE_NEGOTIATION) != 0)

+                            ? "=on"

+                            : "=off"));

         } catch (SocketException e) {

             buf.append("\ngetSSLOptions exception " + e.getMessage());

@@ -292,19 +296,18 @@

      * of construction than getByName(), and it is final.

      *

      * @return The InetAddress corresponding to the given integer,

-     *      or <tt>null</tt> if the InetAddress could not be constructed.

+     *         or <tt>null</tt> if the InetAddress could not be constructed.

      */

-    private static InetAddress

-    convertIntToInetAddress(int intAddr) {

+    private static InetAddress convertIntToInetAddress(int intAddr) {

         InetAddress in;

         int[] addr = new int[4];

         addr[0] = ((intAddr >>> 24) & 0xff);

         addr[1] = ((intAddr >>> 16) & 0xff);

-        addr[2] = ((intAddr >>>  8) & 0xff);

-        addr[3] = ((intAddr       ) & 0xff);

+        addr[2] = ((intAddr >>> 8) & 0xff);

+        addr[3] = ((intAddr) & 0xff);

         try {

             in = InetAddress.getByName(

-                addr[0] + "." + addr[1] + "." + addr[2] + "." + addr[3] );

+                    addr[0] + "." + addr[1] + "." + addr[2] + "." + addr[3]);

         } catch (java.net.UnknownHostException e) {

             in = null;

         }

@@ -312,12 +315,13 @@

     }

     private native byte[] getLocalAddressByteArrayNative() throws SocketException;

+

     private native byte[] getPeerAddressByteArrayNative() throws SocketException;

+

     /**

      * @return the InetAddress of the peer end of the socket.

      */

-    InetAddress getInetAddress()

-    {

+    InetAddress getInetAddress() {

         try {

             byte[] address = getPeerAddressByteArrayNative();

@@ -326,14 +330,15 @@

             try {

                 iAddr = InetAddress.getByAddress(address);

-            }   catch(UnknownHostException e) {

+            } catch (UnknownHostException e) {

             }

             return iAddr;

-        } catch(SocketException e) {

+        } catch (SocketException e) {

             return null;

         }

     }

+

     private native int getPeerAddressNative() throws SocketException;

     /**

@@ -348,20 +353,21 @@

             try {

                 lAddr = InetAddress.getByAddress(address);

-            }   catch(UnknownHostException e) {

+            } catch (UnknownHostException e) {

             }

             return lAddr;

-        } catch(SocketException e) {

+        } catch (SocketException e) {

             return null;

         }

     }

+

     private native int getLocalAddressNative() throws SocketException;

     public int getLocalPort() {

         try {

             return getLocalPortNative();

-        } catch(SocketException e) {

+        } catch (SocketException e) {

             return 0;

         }

     }

@@ -369,18 +375,16 @@

     private native int getLocalPortNative() throws SocketException;

     void requireClientAuth(boolean require, boolean onRedo)

-            throws SocketException

-    {

-        if( require && !requestingClientAuth ) {

+            throws SocketException {

+        if (require && !requestingClientAuth) {

             requestClientAuth(true);

         }

         setSSLOption(SSL_REQUIRE_CERTIFICATE, require ? (onRedo ? 1 : 2) : 0);

     }

     void requireClientAuth(int mode)

-            throws SocketException

-    {

-        if(mode > 0 && !requestingClientAuth ) {

+            throws SocketException {

+        if (mode > 0 && !requestingClientAuth) {

             requestClientAuth(true);

         }

         setSSLOptionMode(SocketBase.SSL_REQUIRE_CERTIFICATE, mode);

@@ -390,52 +394,52 @@

      * Sets the nickname of the certificate to use for client authentication.

      */

     public void setClientCertNickname(String nick) throws SocketException {

-      try {

-        setClientCert( CryptoManager.getInstance().findCertByNickname(nick) );

-      } catch(CryptoManager.NotInitializedException nie) {

-        throw new SocketException("CryptoManager not initialized");

-      } catch(ObjectNotFoundException onfe) {

-        throw new SocketException("Object not found: " + onfe);

-      } catch(TokenException te) {

-        throw new SocketException("Token Exception: " + te);

-      }

+        try {

+            setClientCert(CryptoManager.getInstance().findCertByNickname(nick));

+        } catch (CryptoManager.NotInitializedException nie) {

+            throw new SocketException("CryptoManager not initialized");

+        } catch (ObjectNotFoundException onfe) {

+            throw new SocketException("Object not found: " + onfe);

+        } catch (TokenException te) {

+            throw new SocketException("Token Exception: " + te);

+        }

     }

     native void setClientCert(org.mozilla.jss.crypto.X509Certificate cert)

-        throws SocketException;

+            throws SocketException;

     void useCache(boolean b) throws SocketException {

         setSSLOption(SSL_NO_CACHE, !b);

     }

     static Throwable processExceptions(Throwable topException,

-        Throwable bottomException)

-    {

-      try {

-        StringBuffer strBuf;

-        strBuf = new StringBuffer( topException.toString() );

+            Throwable bottomException) {

+        try {

+            StringBuffer strBuf;

+            strBuf = new StringBuffer(topException.toString());

-        if( bottomException != null ) {

-            strBuf.append(" --> ");

-            strBuf.append( bottomException.toString() );

+            if (bottomException != null) {

+                strBuf.append(" --> ");

+                strBuf.append(bottomException.toString());

+            }

+

+            Class excepClass = topException.getClass();

+            Class stringClass = java.lang.String.class;

+            Constructor cons = excepClass.getConstructor(new Class[] { stringClass });

+

+            return (Throwable) cons.newInstance(new Object[] { strBuf.toString() });

+        } catch (Exception e) {

+            Assert.notReached("Problem constructing exception container");

+            return topException;

         }

-

-        Class excepClass = topException.getClass();

-        Class stringClass = java.lang.String.class;

-        Constructor cons = excepClass.getConstructor(new Class[] {stringClass});

-

-        return (Throwable) cons.newInstance(new Object[] { strBuf.toString() });

-      } catch(Exception e ) {

-        Assert.notReached("Problem constructing exception container");

-        return topException;

-      }

     }

     static private int supportsIPV6 = -1;

+

     static boolean supportsIPV6() {

-        if(supportsIPV6 >= 0) {

-            if(supportsIPV6 > 0) {

+        if (supportsIPV6 >= 0) {

+            if (supportsIPV6 > 0) {

                 return true;

             } else {

                 return false;

@@ -444,28 +448,25 @@

         Enumeration netInter;

         try {

-                 netInter = NetworkInterface.getNetworkInterfaces();

-        }  catch (SocketException e) {

+            netInter = NetworkInterface.getNetworkInterfaces();

+        } catch (SocketException e) {

-                 return false;

+            return false;

         }

-        while ( netInter.hasMoreElements() )

-        {

-            NetworkInterface ni = (NetworkInterface)netInter.nextElement();

+        while (netInter.hasMoreElements()) {

+            NetworkInterface ni = (NetworkInterface) netInter.nextElement();

             Enumeration addrs = ni.getInetAddresses();

-            while ( addrs.hasMoreElements() )

-            {

-                 Object o = addrs.nextElement();

-                 if ( o.getClass() == InetAddress.class ||

-                     o.getClass() == Inet4Address.class ||

-                     o.getClass() == Inet6Address.class )

-                 {

-                      InetAddress iaddr = (InetAddress) o;

-                      if(o.getClass() == Inet6Address.class) {

-                          supportsIPV6 = 1;

-                          return true;

-                      }

-                 }

+            while (addrs.hasMoreElements()) {

+                Object o = addrs.nextElement();

+                if (o.getClass() == InetAddress.class ||

+                        o.getClass() == Inet4Address.class ||

+                        o.getClass() == Inet6Address.class) {

+                    InetAddress iaddr = (InetAddress) o;

+                    if (o.getClass() == Inet6Address.class) {

+                        supportsIPV6 = 1;

+                        return true;

+                    }

+                }

             }

         }

         supportsIPV6 = 0;

# HG changeset patch

# User "Endi S. Dewata" <edewata@redhat.com>

# Date 1509154824 -7200

#      Sat Oct 28 03:40:24 2017 +0200

# Node ID ca2c2fcfaf207f87c3c69e493f2b30fd0a088e95

# Parent  837c79476110ecd4bf6b507faad50edb9eed7e7e

Fixed SocketBase.setClientCertNickname() exception handling.

Previously the SocketBase.setClientCertNickname() would catch

the original exception and throw a SocketException instead.

The original stack trace was lost since SocketException does not

support chaining.

The code has been modified to throw a RuntimeException instead

and chain the original exception. This way the original stack

trace can be preserved to help troubleshooting.

https://bugzilla.mozilla.org/show_bug.cgi?id=1408057

diff --git a/org/mozilla/jss/ssl/SocketBase.java b/org/mozilla/jss/ssl/SocketBase.java

--- a/org/mozilla/jss/ssl/SocketBase.java

+++ b/org/mozilla/jss/ssl/SocketBase.java

@@ -4,17 +4,21 @@

 package org.mozilla.jss.ssl;

-import java.net.*;

+import java.io.IOException;

+import java.lang.reflect.Constructor;

+import java.net.Inet4Address;

+import java.net.Inet6Address;

+import java.net.InetAddress;

+import java.net.NetworkInterface;

 import java.net.SocketException;

-import java.io.*;

-import java.io.IOException;

-import java.util.Vector;

+import java.net.UnknownHostException;

 import java.util.Enumeration;

-import java.lang.reflect.Constructor;

-import org.mozilla.jss.util.Assert;

+

 import org.mozilla.jss.CryptoManager;

 import org.mozilla.jss.crypto.ObjectNotFoundException;

 import org.mozilla.jss.crypto.TokenException;

+import org.mozilla.jss.crypto.X509Certificate;

+import org.mozilla.jss.util.Assert;

 class SocketBase {

@@ -395,13 +399,18 @@

      */

     public void setClientCertNickname(String nick) throws SocketException {

         try {

-            setClientCert(CryptoManager.getInstance().findCertByNickname(nick));

+            CryptoManager cm = CryptoManager.getInstance();

+            X509Certificate cert = cm.findCertByNickname(nick);

+            setClientCert(cert);

+

         } catch (CryptoManager.NotInitializedException nie) {

-            throw new SocketException("CryptoManager not initialized");

+            throw new RuntimeException(nie);

+

         } catch (ObjectNotFoundException onfe) {

-            throw new SocketException("Object not found: " + onfe);

+            throw new RuntimeException(onfe);

+

         } catch (TokenException te) {

-            throw new SocketException("Token Exception: " + te);

+            throw new RuntimeException(te);

         }

     }