org.apache.tomcat.util.net.jsse
Class JSSEKeyManager
java.lang.Object
org.apache.tomcat.util.net.jsse.JSSEKeyManager
- X509KeyManager
public final class JSSEKeyManager
extends java.lang.Object
implements X509KeyManager
X509KeyManager which allows selection of a specific keypair and certificate
chain (identified by their keystore alias name) to be used by the server to
authenticate itself to SSL clients.
- Jan Luehe
JSSEKeyManager(X509KeyManager mgr, String serverKeyAlias) - Constructor.
|
String | chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) - Choose an alias to authenticate the client side of a secure socket,
given the public key type and the list of certificate issuer authorities
recognized by the peer (if any).
|
String | chooseServerAlias(String keyType, Principal[] issuers, Socket socket) - Returns this key manager's server key alias that was provided in the
constructor.
|
X509Certificate[] | getCertificateChain(String alias) - Returns the certificate chain associated with the given alias.
|
String[] | getClientAliases(String keyType, Principal[] issuers) - Get the matching aliases for authenticating the client side of a secure
socket, given the public key type and the list of certificate issuer
authorities recognized by the peer (if any).
|
PrivateKey | getPrivateKey(String alias) - Returns the key associated with the given alias.
|
String[] | getServerAliases(String keyType, Principal[] issuers) - Get the matching aliases for authenticating the server side of a secure
socket, given the public key type and the list of certificate issuer
authorities recognized by the peer (if any).
|
JSSEKeyManager
public JSSEKeyManager(X509KeyManager mgr,
String serverKeyAlias)
Constructor.
mgr
- The X509KeyManager used as a delegateserverKeyAlias
- The alias name of the server's keypair and
supporting certificate chain
chooseClientAlias
public String chooseClientAlias(String[] keyType,
Principal[] issuers,
Socket socket)
Choose an alias to authenticate the client side of a secure socket,
given the public key type and the list of certificate issuer authorities
recognized by the peer (if any).
keyType
- The key algorithm type name(s), ordered with the
most-preferred key type firstissuers
- The list of acceptable CA issuer subject names, or null
if it does not matter which issuers are usedsocket
- The socket to be used for this connection. This parameter
can be null, in which case this method will return the most generic
alias to use
- The alias name for the desired key, or null if there are no
matches
chooseServerAlias
public String chooseServerAlias(String keyType,
Principal[] issuers,
Socket socket)
Returns this key manager's server key alias that was provided in the
constructor.
keyType
- The key algorithm type name (ignored)issuers
- The list of acceptable CA issuer subject names, or null
if it does not matter which issuers are used (ignored)socket
- The socket to be used for this connection. This parameter
can be null, in which case this method will return the most generic
alias to use (ignored)
- Alias name for the desired key
getCertificateChain
public X509Certificate[] getCertificateChain(String alias)
Returns the certificate chain associated with the given alias.
alias
- The alias name
- Certificate chain (ordered with the user's certificate first
and the root certificate authority last), or null if the alias can't be
found
getClientAliases
public String[] getClientAliases(String keyType,
Principal[] issuers)
Get the matching aliases for authenticating the client side of a secure
socket, given the public key type and the list of certificate issuer
authorities recognized by the peer (if any).
keyType
- The key algorithm type nameissuers
- The list of acceptable CA issuer subject names, or null
if it does not matter which issuers are used
- Array of the matching alias names, or null if there were no
matches
getPrivateKey
public PrivateKey getPrivateKey(String alias)
Returns the key associated with the given alias.
alias
- The alias name
- The requested key, or null if the alias can't be found
getServerAliases
public String[] getServerAliases(String keyType,
Principal[] issuers)
Get the matching aliases for authenticating the server side of a secure
socket, given the public key type and the list of certificate issuer
authorities recognized by the peer (if any).
keyType
- The key algorithm type nameissuers
- The list of acceptable CA issuer subject names, or null
if it does not matter which issuers are used
- Array of the matching alias names, or null if there were no
matches
Copyright B) 2000-2003 Apache Software Foundation. All Rights Reserved.