From ebfb2832b232644adc5900135d2ff38252b02b70 Mon Sep 17 00:00:00 2001
From: Norman Maurer <norman_maurer@apple.com>
Date: Wed, 16 Mar 2016 14:58:01 +0100
Subject: [PATCH] Throw exception if KeyManagerFactory is used with
 OpenSslClientContext

Motivation:

We currently not supported using KeyManagerFactory with OpenSslClientContext and so should throw an exception if the user tries to do so. This will at least not give suprising and hard to debug problems later.

Modifications:

Throw exception if a user tries to construct a OpenSslClientContext with a KeyManagerFactory

Result:

Fail fast if the user tries to use something that is not supported.
---
 .../java/io/netty/handler/ssl/OpenSslClientContext.java   | 1 +
 .../main/java/io/netty/handler/ssl/OpenSslContext.java    | 8 ++++++++
 .../java/io/netty/handler/ssl/OpenSslServerContext.java   | 7 -------
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java
index 23f47f00af..3188430ce7 100644
--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java
+++ b/handler/src/main/java/io/netty/handler/ssl/OpenSslClientContext.java
@@ -187,6 +187,7 @@ public final class OpenSslClientContext extends OpenSslContext {
                 ClientAuth.NONE);
         boolean success = false;
         try {
+            checkKeyManagerFactory(keyManagerFactory);
             if (key == null && keyCertChain != null || key != null && keyCertChain == null) {
                 throw new IllegalArgumentException(
                         "Either both keyCertChain and key needs to be null or none of them");
diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslContext.java
index 03840e3259..ee5536f390 100644
--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslContext.java
+++ b/handler/src/main/java/io/netty/handler/ssl/OpenSslContext.java
@@ -29,6 +29,7 @@ import org.apache.tomcat.jni.Pool;
 import org.apache.tomcat.jni.SSL;
 import org.apache.tomcat.jni.SSLContext;
 
+import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLHandshakeException;
@@ -584,4 +585,11 @@ public abstract class OpenSslContext extends SslContext {
             throw new SSLException(e);
         }
     }
+
+    static void checkKeyManagerFactory(KeyManagerFactory keyManagerFactory) {
+        if (keyManagerFactory != null) {
+            throw new IllegalArgumentException(
+                    "KeyManagerFactory is currently not supported with OpenSslContext");
+        }
+    }
 }
diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java
index 0e82ec2760..1ac0f46e5c 100644
--- a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java
+++ b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java
@@ -449,11 +449,4 @@ public final class OpenSslServerContext extends OpenSslContext {
     public OpenSslServerSessionContext sessionContext() {
         return sessionContext;
     }
-
-    private static void checkKeyManagerFactory(KeyManagerFactory keyManagerFactory) {
-        if (keyManagerFactory != null) {
-            throw new IllegalArgumentException(
-                    "KeyManagerFactory is currently not supported with OpenSslServerContext");
-        }
-    }
 }