Implemented changes according to #106

phax · Jan 23, 2024 · 999c30a · 999c30a
1 parent bd48481
commit 999c30a
Showing 1 changed file with 28 additions and 17 deletions.
diff --git a/as2-lib/src/main/java/com/helger/as2lib/cert/AbstractCertificateFactory.java b/as2-lib/src/main/java/com/helger/as2lib/cert/AbstractCertificateFactory.java
@@ -168,8 +168,9 @@ public void setPassword (@Nullable final String sPassword)
   @Nonempty
   private static String _debug (@Nullable final X509Certificate aCert)
   {
-    return aCert == null ? "null"
-                         : aCert.getSubjectX500Principal ().getName () + "/" + aCert.getSerialNumber ().toString ();
+    return aCert == null ? "null" : aCert.getSubjectX500Principal ().getName () +
+                                    "/" +
+                                    aCert.getSerialNumber ().toString ();
   }
 
   @Nonnull
@@ -191,8 +192,8 @@ protected KeyStore createNewKeyStore (@Nonnull final EKeyStoreType eKeyStoreType
   }
 
   @Override
-  public void initDynamicComponent (@Nonnull final IAS2Session aSession,
-                                    @Nullable final IStringMap aOptions) throws AS2Exception
+  public void initDynamicComponent (@Nonnull final IAS2Session aSession, @Nullable final IStringMap aOptions)
+                                                                                                              throws AS2Exception
   {
     debugLog ( () -> "initDynamicComponent (" + aSession + ", " + aOptions + ")");
 
@@ -430,37 +431,47 @@ public PrivateKey getPrivateKey (@Nullable final X509Certificate aCert) throws A
   {
     debugLog ( () -> "getPrivateKey (" + _debug (aCert) + ")");
 
+    if (aCert == null)
+      throw new AS2CertificateNotFoundException (aCert);
+
+    final ICommonsList <String> aAllAliases = _getAllAliases ();
     String sRealAlias = null;
 
     m_aRWLock.readLock ().lock ();
     try
     {
-      // This method heuristically scans the keys tore and delivery the first
-      // result.
-      final String sAlias = m_aKeyStore.getCertificateAlias (aCert);
-      if (sAlias == null)
+      // Scan all aliases, in case the same alias is used for Key AND
+      // Certificate
+      PrivateKey aKey = null;
+      for (final String sCurAlias : aAllAliases)
       {
-        debugLog ( () -> "getCertificates -> null");
-        throw new AS2CertificateNotFoundException (aCert);
+        // Does the certificate resolved from the current alias match the
+        // requested one?
+        if (m_aKeyStore.getCertificate (sCurAlias).equals (aCert))
+        {
+          sRealAlias = getUnifiedAlias (sCurAlias);
+
+          // Check if a key entry is present as well
+          aKey = (PrivateKey) m_aKeyStore.getKey (sRealAlias, getPassword ());
+          if (aKey != null)
+            break;
+        }
       }
 
-      sRealAlias = getUnifiedAlias (sAlias);
-
-      // Find the key - is null if the alias represents a Public Certificate
-      final PrivateKey aKey = (PrivateKey) m_aKeyStore.getKey (sRealAlias, getPassword ());
       if (aKey == null)
       {
         debugLog ( () -> "getPrivateKey -> null");
-        throw new AS2KeyNotFoundException (aCert, sRealAlias, _getAllAliases (), null);
+        throw new AS2KeyNotFoundException (aCert, sRealAlias, aAllAliases, null);
       }
 
-      debugLog ( () -> "getPrivateKey -> " + aKey);
+      final PrivateKey aFinalKey = aKey;
+      debugLog ( () -> "getPrivateKey -> " + aFinalKey);
       return aKey;
     }
     catch (final GeneralSecurityException ex)
     {
       debugLog ( () -> "getPrivateKey -> " + _debug (ex));
-      throw new AS2KeyNotFoundException (aCert, sRealAlias, _getAllAliases (), ex);
+      throw new AS2KeyNotFoundException (aCert, sRealAlias, aAllAliases, ex);
     }
     finally
     {