Good catch, Simone. It is not expected to parser the alias in application code. Would you like file a bug?
Thanks, Xuelei > On Jun 1, 2020, at 2:13 AM, Simone Bordet <simone.bor...@gmail.com> wrote: > > Hi, > > when using "PKIX" as KeyManagerFactoryAlgorithm, the alias is > manipulated from what's in the keystore (for example, "jetty") to an > internal format such as "N.0.jetty", where N is an increasing number > (in sun.security.ssl.X509KeyManagerImpl.makeAlias()). > > The problem is that (especially in case of SNI) the KeyManager could > be wrapped by a user-written KeyManager that may delegate to the JDK > one. > > When the user-written KeyManager delegates to the JDK instance by > calling keyManager.getServerAliases(keyType, issuers), an array of > aliases is returned, but the aliases are of the internal format > described above. > > This makes the user-written code fail any logic that is based on the > aliases, as comparing these internal formats with the ones present in > the KeyStore will fail. > > Can you please clarify if this is expected behavior and whether > user-written code should "unwrap" this internal alias format (is it > defined somewhere?), or if this internal format is wrongly leaked to > user-written code? > > Thanks! > > -- > Simone Bordet > --- > Finally, no matter how good the architecture and design are, > to deliver bug-free software with optimal performance and reliability, > the implementation technique must be flawless. Victoria Livschitz
