Issue #4325 - X509ExtendedKeyManager exceptions on non-Server SSL

Signed-off-by: Joakim Erdfelt <[email protected]>

jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java

@@ -1270,8 +1270,7 @@ protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception
     @Deprecated
     protected X509ExtendedKeyManager newSniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager)
     {
-        // Will throw a NPE.
-        return new SniX509ExtendedKeyManager(keyManager);
+        throw new UnsupportedOperationException("X509ExtendedKeyManager only supported on Server");
     }
 
     protected TrustManager[] getTrustManagers(KeyStore trustStore, Collection<? extends CRL> crls) throws Exception
@@ -2179,16 +2178,6 @@ protected void checkConfiguration()
             checkEndPointIdentificationAlgorithm();
             super.checkConfiguration();
         }
-
-        /**
-         * @deprecated Not supported on Client, only {@link SslContextFactory.Server}
-         */
-        @Deprecated
-        @Override
-        protected X509ExtendedKeyManager newSniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager)
-        {
-            throw new RuntimeException("X509ExtendedKeyManager not supported on Client");
-        }
     }
 
     @ManagedObject

jetty-util/src/test/java/org/eclipse/jetty/util/ssl/X509Test.java

@@ -159,26 +159,26 @@ private X509ExtendedKeyManager getX509ExtendedKeyManager(SslContextFactory sslCo
     @Test
     public void testSniX509ExtendedKeyManager_BaseClass() throws Exception
     {
-        SslContextFactory base = new SslContextFactory();
-        X509ExtendedKeyManager x509ExtendedKeyManager = getX509ExtendedKeyManager(base);
-        NullPointerException npe = assertThrows(NullPointerException.class, () -> base.newSniX509ExtendedKeyManager(x509ExtendedKeyManager));
-        assertThat("NullPointerException.message", npe.getMessage(), containsString("SslContextFactory.Server"));
+        SslContextFactory baseSsl = new SslContextFactory();
+        X509ExtendedKeyManager x509ExtendedKeyManager = getX509ExtendedKeyManager(baseSsl);
+        UnsupportedOperationException npe = assertThrows(UnsupportedOperationException.class, () -> baseSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager));
+        assertThat("UnsupportedOperationException.message", npe.getMessage(), containsString("X509ExtendedKeyManager only supported on Server"));
     }
 
     @Test
     public void testSniX509ExtendedKeyManager_ClientClass() throws Exception
     {
-        SslContextFactory base = new SslContextFactory.Client();
-        X509ExtendedKeyManager x509ExtendedKeyManager = getX509ExtendedKeyManager(base);
-        RuntimeException re = assertThrows(RuntimeException.class, () -> base.newSniX509ExtendedKeyManager(x509ExtendedKeyManager));
-        assertThat("RuntimeException.message", re.getMessage(), containsString("X509ExtendedKeyManager not supported on Client"));
+        SslContextFactory clientSsl = new SslContextFactory.Client();
+        X509ExtendedKeyManager x509ExtendedKeyManager = getX509ExtendedKeyManager(clientSsl);
+        UnsupportedOperationException re = assertThrows(UnsupportedOperationException.class, () -> clientSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager));
+        assertThat("UnsupportedOperationException.message", re.getMessage(), containsString("X509ExtendedKeyManager only supported on Server"));
     }
 
     @Test
     public void testSniX509ExtendedKeyManager_ServerClass() throws Exception
     {
-        SslContextFactory base = new SslContextFactory.Server();
-        X509ExtendedKeyManager x509ExtendedKeyManager = getX509ExtendedKeyManager(base);
-        base.newSniX509ExtendedKeyManager(x509ExtendedKeyManager);
+        SslContextFactory serverSsl = new SslContextFactory.Server();
+        X509ExtendedKeyManager x509ExtendedKeyManager = getX509ExtendedKeyManager(serverSsl);
+        serverSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager);
     }
 }