FileDocCategorySizeDatePackage
JSSEKeyManager.javaAPI DocGlassfish v2 API7803Fri May 04 22:33:16 BST 2007org.apache.tomcat.util.net.jsse

JSSEKeyManager

public final class JSSEKeyManager extends X509ExtendedKeyManager
X509KeyManager which allows selection of a specific keypair and certificate chain (identified by their keystore alias name) to be used by the server to authenticate itself to SSL clients.
author
Jan Luehe

Fields Summary
private X509KeyManager
delegate
private String
serverKeyAlias
Constructors Summary
public JSSEKeyManager(X509KeyManager mgr, String serverKeyAlias)
Constructor.

param
mgr The X509KeyManager used as a delegate
param
serverKeyAlias The alias name of the server's keypair and supporting certificate chain

        super();
        this.delegate = mgr;
        this.serverKeyAlias = serverKeyAlias;
Methods Summary
public java.lang.StringchooseClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)
Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

param
keyType The key algorithm type name(s), ordered with the most-preferred key type first
param
issuers The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
param
socket The socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use
return
The alias name for the desired key, or null if there are no matches

        return delegate.chooseClientAlias(keyType, issuers, socket);
public java.lang.StringchooseEngineClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
Choose an alias to authenticate the client side of an SSLEngine connection given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

return
The alias name for the desired key, or null if there are no matches

        return delegate.chooseClientAlias(keyType,issuers,null);
public java.lang.StringchooseEngineServerAlias(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
Choose an alias to authenticate the server side of an SSLEngine connection given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

return
Alias name for the desired key

        return serverKeyAlias;
public java.lang.StringchooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)
Returns this key manager's server key alias that was provided in the constructor.

param
keyType The key algorithm type name (ignored)
param
issuers The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used (ignored)
param
socket The socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use (ignored)
return
Alias name for the desired key

        return serverKeyAlias;
public java.security.cert.X509Certificate[]getCertificateChain(java.lang.String alias)
Returns the certificate chain associated with the given alias.

param
alias The alias name
return
Certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the alias can't be found

        return delegate.getCertificateChain(alias);
public java.lang.String[]getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)
Get the matching aliases for authenticating the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

param
keyType The key algorithm type name
param
issuers The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
return
Array of the matching alias names, or null if there were no matches

        return delegate.getClientAliases(keyType, issuers);
public java.security.PrivateKeygetPrivateKey(java.lang.String alias)
Returns the key associated with the given alias.

param
alias The alias name
return
The requested key, or null if the alias can't be found

        return delegate.getPrivateKey(alias);
public java.lang.String[]getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)
Get the matching aliases for authenticating the server side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

param
keyType The key algorithm type name
param
issuers The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
return
Array of the matching alias names, or null if there were no matches

        return delegate.getServerAliases(keyType, issuers);