Set keystoreType for JdkSslClientContext Keystores (#9965)

Motivation:

In the PR #9003, the issue #8998 was supposedly solved. But actually the fix only made it so the TrustManager can use the specified keystore type instead of also supporting it in the KeyManagerFactory.

In my environment, we are using PKCS#11 Keys which are then rejected by the PKCS#12 keystore. A PKCS#12 keystore is created since the keystoreType was set to null by the code from the mentioned PR.

Modification:

Do not ignore the keystoreType parameter during the creation of the JdkSslClientContext KeyManagerFactory.

Result:

Fixes #8998.
This commit is contained in:
bergerst 2020-01-28 14:44:13 +01:00 committed by Norman Maurer
parent 2023a4f607
commit 384eaf773c

View File

@ -286,7 +286,7 @@ public final class JdkSslClientContext extends JdkSslContext {
trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory, keyStore);
}
if (keyCertChain != null) {
keyManagerFactory = buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory, null);
keyManagerFactory = buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory, keyStore);
}
SSLContext ctx = sslContextProvider == null ? SSLContext.getInstance(PROTOCOL)
: SSLContext.getInstance(PROTOCOL, sslContextProvider);