Commit a602718a authored by Guus der Kinderen's avatar Guus der Kinderen Committed by akrherz

OF-1501: Prefer NewSunX509 KeyManager implementation.

parent 2c3920de
......@@ -43,7 +43,20 @@ public class IdentityStore extends CertificateStore
try
{
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm() );
KeyManagerFactory keyManagerFactory;
try
{
// OF-1501: If multiple certificates are available, the 'NewSunX509' implementation in the SunJSSE
// provider makes the effort to pick a certificate with the appropriate key usage and prefers valid
// to expired certificates.
keyManagerFactory = KeyManagerFactory.getInstance( "NewSunX509" );
}
catch ( NoSuchAlgorithmException e )
{
Log.info( "Unable to load the 'NewSunX509' KeyManager implementation. Will fall back to the default." );
keyManagerFactory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm() );
}
keyManagerFactory.init( this.getStore(), configuration.getPassword() );
}
catch ( NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException ex )
......
......@@ -53,7 +53,19 @@ public class EncryptionArtifactFactory
{
if ( keyManagerFactory == null )
{
try
{
// OF-1501: If multiple certificates are available, the 'NewSunX509' implementation in the SunJSSE
// provider makes the effort to pick a certificate with the appropriate key usage and prefers valid
// to expired certificates.
keyManagerFactory = KeyManagerFactory.getInstance( "NewSunX509" );
}
catch ( NoSuchAlgorithmException e )
{
Log.info( "Unable to load the 'NewSunX509' KeyManager implementation. Will fall back to the default." );
keyManagerFactory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm() );
}
keyManagerFactory.init( configuration.getIdentityStore().getStore(), configuration.getIdentityStoreConfiguration().getPassword() );
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment