Add getSSLParameters to JSSEngine

This returns a new instance of JSSParameters which can be used to clone the configuration of this SSLEngine into another. This is helpful for implementing SSLServerSocket, which must accept(), creating a new SSLSocket with the same initial configuration. Signed-off-by: Alexander Scheel <[email protected]>
dogtagpki · May 4, 2020 · 4f63549 · 4f63549
1 parent c0d054b
commit 4f63549
Showing 1 changed file with 37 additions and 0 deletions.
diff --git a/org/mozilla/jss/ssl/javax/JSSEngine.java b/org/mozilla/jss/ssl/javax/JSSEngine.java
@@ -50,6 +50,11 @@ public abstract class JSSEngine extends javax.net.ssl.SSLEngine {
      */
     protected String hostname;
 
+    /**
+     * Certificate alias used by the JSSEngine instance.
+     */
+    protected String certAlias;
+
     /**
      * Certificate used by this JSSEngine instance.
      *
@@ -230,6 +235,35 @@ public SSLFDProxy getSSLFDProxy() {
         return ssl_fd;
     }
 
+    /**
+     * Get the configuration from the current JSSEngine object as a
+     * JSSParameters object.
+     *
+     * This populates the following values, when set:
+     *  - cipher suites
+     *  - protocols
+     *  - need/want client auth
+     *  - certificate alias
+     *  - peer's hostname
+     *  - ALPN protocols
+     */
+    public JSSParameters getSSLParameters() {
+        JSSParameters ret = new JSSParameters();
+
+        ret.setCipherSuites(getEnabledCipherSuites());
+        ret.setProtocols(getEnabledProtocols());
+        if (getNeedClientAuth()) {
+            ret.setNeedClientAuth(true);
+        } else if (getWantClientAuth()) {
+            ret.setWantClientAuth(true);
+        }
+
+        ret.setAlias(certAlias);
+        ret.setHostname(hostname);
+
+        return ret;
+    }
+
     /**
      * Set the configuration from the given SSLParameters object onto this
      * JSSEngine.
@@ -333,11 +367,14 @@ public void setCertFromAlias(String alias) throws IllegalArgumentException {
         if (alias == null) {
             // Per calling, semantics, get rid of any existing cert/key we
             // might have.
+            certAlias = null;
             cert = null;
             key = null;
             return;
         }
 
+        certAlias = alias;
+
         if (key_managers == null || key_managers.length == 0) {
             String msg = "Missing or null KeyManagers; refusing to search ";
             msg += "for cert";