From 54e26482643023a7fcbbba25376d691980ed6471 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Thu, 25 Jun 2020 13:41:59 -0400 Subject: [PATCH] Use factory for JSSKeyManager, JSSTrustManager Signed-off-by: Alexander Scheel --- tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java | 12 ++++++++++-- tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java | 11 +++++++---- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java index 1f2082e..a3630e2 100644 --- a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java +++ b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java @@ -9,6 +9,7 @@ import java.util.List; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; import org.apache.tomcat.util.net.SSLContext; @@ -36,8 +37,15 @@ public class JSSContext implements org.apache.tomcat.util.net.SSLContext { /* These KeyManagers and TrustManagers aren't used with the SSLEngine; * they're only used to implement certain function calls below. */ - jkm = new JSSKeyManager(); - jtm = new JSSTrustManager(); + try { + KeyManagerFactory kmf = KeyManagerFactory.getInstance("NssX509", "Mozilla-JSS"); + jkm = (JSSKeyManager) kmf.getKeyManagers()[0]; + + TrustManagerFactory tmf = TrustManagerFactory.getInstance("NssX509", "Mozilla-JSS"); + jtm = (JSSTrustManager) tmf.getTrustManagers()[0]; + } catch (Exception e) { + throw new RuntimeException(e.getMessage(), e); + } } public void init(KeyManager[] kms, TrustManager[] tms, SecureRandom sr) throws KeyManagementException { diff --git a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java index 8930bbd..cad3163 100644 --- a/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java +++ b/tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java @@ -26,7 +26,9 @@ import java.util.Set; import java.util.HashSet; import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.SSLEngine; import org.apache.juli.logging.Log; @@ -39,9 +41,7 @@ import org.apache.tomcat.util.net.SSLUtilBase; import org.mozilla.jss.JSSProvider; import org.mozilla.jss.crypto.Policy; -import org.mozilla.jss.provider.javax.crypto.JSSKeyManager; import org.mozilla.jss.provider.javax.crypto.JSSNativeTrustManager; -import org.mozilla.jss.provider.javax.crypto.JSSTrustManager; import org.mozilla.jss.ssl.SSLCipher; import org.mozilla.jss.ssl.SSLVersion; @@ -86,15 +86,18 @@ public class JSSUtil extends SSLUtilBase { @Override public KeyManager[] getKeyManagers() throws Exception { logger.debug("JSSUtil: getKeyManagers()"); - return new KeyManager[] { new JSSKeyManager() }; + KeyManagerFactory jkm = KeyManagerFactory.getInstance("NssX509", "Mozilla-JSS"); + return jkm.getKeyManagers(); } @Override public TrustManager[] getTrustManagers() throws Exception { logger.debug("JSSUtil: getTrustManagers()"); if (!JSSProvider.ENABLE_JSSENGINE) { - return new TrustManager[] { new JSSTrustManager() }; + TrustManagerFactory tmf = TrustManagerFactory.getInstance("NssX509"); + return tmf.getTrustManagers(); } + return new TrustManager[] { new JSSNativeTrustManager() }; } -- 2.26.2