From 54e26482643023a7fcbbba25376d691980ed6471 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Thu, 25 Jun 2020 13:41:59 -0400
Subject: [PATCH] Use factory for JSSKeyManager, JSSTrustManager
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java | 12 ++++++++++--
tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java | 11 +++++++----
2 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java
index 1f2082e..a3630e2 100644
--- a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java
+++ b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java
@@ -9,6 +9,7 @@ import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
import org.apache.tomcat.util.net.SSLContext;
@@ -36,8 +37,15 @@ public class JSSContext implements org.apache.tomcat.util.net.SSLContext {
/* These KeyManagers and TrustManagers aren't used with the SSLEngine;
* they're only used to implement certain function calls below. */
- jkm = new JSSKeyManager();
- jtm = new JSSTrustManager();
+ try {
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance("NssX509", "Mozilla-JSS");
+ jkm = (JSSKeyManager) kmf.getKeyManagers()[0];
+
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance("NssX509", "Mozilla-JSS");
+ jtm = (JSSTrustManager) tmf.getTrustManagers()[0];
+ } catch (Exception e) {
+ throw new RuntimeException(e.getMessage(), e);
+ }
}
public void init(KeyManager[] kms, TrustManager[] tms, SecureRandom sr) throws KeyManagementException {
diff --git a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java
index 8930bbd..cad3163 100644
--- a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java
+++ b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java
@@ -26,7 +26,9 @@ import java.util.Set;
import java.util.HashSet;
import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.SSLEngine;
import org.apache.juli.logging.Log;
@@ -39,9 +41,7 @@ import org.apache.tomcat.util.net.SSLUtilBase;
import org.mozilla.jss.JSSProvider;
import org.mozilla.jss.crypto.Policy;
-import org.mozilla.jss.provider.javax.crypto.JSSKeyManager;
import org.mozilla.jss.provider.javax.crypto.JSSNativeTrustManager;
-import org.mozilla.jss.provider.javax.crypto.JSSTrustManager;
import org.mozilla.jss.ssl.SSLCipher;
import org.mozilla.jss.ssl.SSLVersion;
@@ -86,15 +86,18 @@ public class JSSUtil extends SSLUtilBase {
@Override
public KeyManager[] getKeyManagers() throws Exception {
logger.debug("JSSUtil: getKeyManagers()");
- return new KeyManager[] { new JSSKeyManager() };
+ KeyManagerFactory jkm = KeyManagerFactory.getInstance("NssX509", "Mozilla-JSS");
+ return jkm.getKeyManagers();
}
@Override
public TrustManager[] getTrustManagers() throws Exception {
logger.debug("JSSUtil: getTrustManagers()");
if (!JSSProvider.ENABLE_JSSENGINE) {
- return new TrustManager[] { new JSSTrustManager() };
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance("NssX509");
+ return tmf.getTrustManagers();
}
+
return new TrustManager[] { new JSSNativeTrustManager() };
}
--
2.26.2