JDK-8278560 : X509KeyManagerImpl::getAliases might return a good key with others
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 18
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2021-12-10
  • Updated: 2022-01-03
  • Resolved: 2021-12-17
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 19
19 b03Fixed
Related Reports
Relates :  
JDK-8262186 - Call X509KeyManager.chooseClientAlias once for all key types
Description
After JDK-8262186, the method is called only once with multiple keyTypes. This means that if an entry is a perfect match (CheckResult.OK) but the keyType for it is not the 1st one, it will be returned along with other possibly non-perfect ones. Thus we cannot only look at the 1st result to determine if there's perfect match inside. See https://github.com/openjdk/jdk/blob/3d657eb0a626e33995af5d5ddf12b26d06317962/src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java#L385.

That said, this is not a fatal error. After all the results are collected they are sorted by matching status and keyIndex, and the perfect match will be picked up anyway.
Comments
Changeset: 6412d57a Author: Weijun Wang <weijun@openjdk.org> Date: 2021-12-17 12:14:17 +0000 URL: https://git.openjdk.java.net/jdk/commit/6412d57a0a92ba08cc3db085b371ae1f7ba35ad5
17-12-2021