From 999c30a8647676d1f4ec8b68432086d8a4b89240 Mon Sep 17 00:00:00 2001 From: Philip Helger Date: Tue, 23 Jan 2024 12:00:00 +0100 Subject: [PATCH] Implemented changes according to #106 --- .../cert/AbstractCertificateFactory.java | 45 ++++++++++++------- 1 file changed, 28 insertions(+), 17 deletions(-) diff --git a/as2-lib/src/main/java/com/helger/as2lib/cert/AbstractCertificateFactory.java b/as2-lib/src/main/java/com/helger/as2lib/cert/AbstractCertificateFactory.java index 8618c12b..2073f608 100644 --- a/as2-lib/src/main/java/com/helger/as2lib/cert/AbstractCertificateFactory.java +++ b/as2-lib/src/main/java/com/helger/as2lib/cert/AbstractCertificateFactory.java @@ -168,8 +168,9 @@ public void setPassword (@Nullable final String sPassword) @Nonempty private static String _debug (@Nullable final X509Certificate aCert) { - return aCert == null ? "null" - : aCert.getSubjectX500Principal ().getName () + "/" + aCert.getSerialNumber ().toString (); + return aCert == null ? "null" : aCert.getSubjectX500Principal ().getName () + + "/" + + aCert.getSerialNumber ().toString (); } @Nonnull @@ -191,8 +192,8 @@ protected KeyStore createNewKeyStore (@Nonnull final EKeyStoreType eKeyStoreType } @Override - public void initDynamicComponent (@Nonnull final IAS2Session aSession, - @Nullable final IStringMap aOptions) throws AS2Exception + public void initDynamicComponent (@Nonnull final IAS2Session aSession, @Nullable final IStringMap aOptions) + throws AS2Exception { debugLog ( () -> "initDynamicComponent (" + aSession + ", " + aOptions + ")"); @@ -430,37 +431,47 @@ public PrivateKey getPrivateKey (@Nullable final X509Certificate aCert) throws A { debugLog ( () -> "getPrivateKey (" + _debug (aCert) + ")"); + if (aCert == null) + throw new AS2CertificateNotFoundException (aCert); + + final ICommonsList aAllAliases = _getAllAliases (); String sRealAlias = null; m_aRWLock.readLock ().lock (); try { - // This method heuristically scans the keys tore and delivery the first - // result. - final String sAlias = m_aKeyStore.getCertificateAlias (aCert); - if (sAlias == null) + // Scan all aliases, in case the same alias is used for Key AND + // Certificate + PrivateKey aKey = null; + for (final String sCurAlias : aAllAliases) { - debugLog ( () -> "getCertificates -> null"); - throw new AS2CertificateNotFoundException (aCert); + // Does the certificate resolved from the current alias match the + // requested one? + if (m_aKeyStore.getCertificate (sCurAlias).equals (aCert)) + { + sRealAlias = getUnifiedAlias (sCurAlias); + + // Check if a key entry is present as well + aKey = (PrivateKey) m_aKeyStore.getKey (sRealAlias, getPassword ()); + if (aKey != null) + break; + } } - sRealAlias = getUnifiedAlias (sAlias); - - // Find the key - is null if the alias represents a Public Certificate - final PrivateKey aKey = (PrivateKey) m_aKeyStore.getKey (sRealAlias, getPassword ()); if (aKey == null) { debugLog ( () -> "getPrivateKey -> null"); - throw new AS2KeyNotFoundException (aCert, sRealAlias, _getAllAliases (), null); + throw new AS2KeyNotFoundException (aCert, sRealAlias, aAllAliases, null); } - debugLog ( () -> "getPrivateKey -> " + aKey); + final PrivateKey aFinalKey = aKey; + debugLog ( () -> "getPrivateKey -> " + aFinalKey); return aKey; } catch (final GeneralSecurityException ex) { debugLog ( () -> "getPrivateKey -> " + _debug (ex)); - throw new AS2KeyNotFoundException (aCert, sRealAlias, _getAllAliases (), ex); + throw new AS2KeyNotFoundException (aCert, sRealAlias, aAllAliases, ex); } finally {