File Doc Category Size Date Package
J2EEKeyManager.java API Doc Glassfish v2 API 9955 Fri May 04 22:35:36 BST 2007 com.sun.enterprise.security.ssl

J2EEKeyManager

java.lang.Object

public final class J2EEKeyManager extends Object implements X509KeyManager

This a J2EE specific Key Manager class that is used to select user certificates for SSL client authentication. It delegates most of the functionality to the provider specific KeyManager class.

author: Vivek Nagar
author: Harpreet Singh

Fields Summary
private static Logger
_logger
private X509KeyManager
mgr
private String
alias
private Map
tokenName2MgrMap
private boolean
supportTokenAlias
Constructors Summary
public J2EEKeyManager(X509KeyManager mgr, String alias)
this.mgr = mgr; this.alias = alias; if (mgr instanceof UnifiedX509KeyManager) { UnifiedX509KeyManager umgr = (UnifiedX509KeyManager)mgr; X509KeyManager[] mgrs = umgr.getX509KeyManagers(); String[] tokenNames = umgr.getTokenNames(); tokenName2MgrMap = new HashMap(); for (int i = 0; i < mgrs.length; i++) { if (tokenNames[i] != null) { tokenName2MgrMap.put(tokenNames[i], mgrs[i]); } } supportTokenAlias = (tokenName2MgrMap.size() > 0); }
Methods Summary
public java.lang.String chooseClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)
Choose the client alias that will be used to select the client certificate for SSL client auth.
param
the keytype
param
the certificate issuers.
param
the socket used for this connection. This parameter can be null, in which case the method will return the most generic alias to use.
return
the alias.
String alias = null; if(this.alias == null){ InvocationManager im = Switch.getSwitch().getInvocationManager(); if(im == null) { // standalone client alias = mgr.chooseClientAlias(keyType, issuers, socket); } else { ComponentInvocation ci = im.getCurrentInvocation(); if (ci == null) { // 4646060 throw new InvocationException(); } Object containerContext = ci.getContainerContext(); if(containerContext != null && (containerContext instanceof AppContainer)) { ClientSecurityContext ctx = ClientSecurityContext.getCurrent(); Subject s = ctx.getSubject(); if(s == null) { // pass the handler and do the login LoginContextDriver.doClientLogin(AppContainer.CERTIFICATE, AppContainer.getCallbackHandler()); s = ctx.getSubject(); } Iterator itr = s.getPrivateCredentials().iterator(); while(itr.hasNext()) { Object o = itr.next(); if(o instanceof X509CertificateCredential) { X509CertificateCredential crt = (X509CertificateCredential) o; alias = crt.getAlias(); break; } } } } }else{ alias = this.alias; } if(_logger.isLoggable(Level.FINE)){ _logger.log(Level.FINE, "Choose client Alias :" + alias); } return alias;
public java.lang.String chooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)
Choose the server alias that will be used to select the server certificate for SSL server auth.
param
the keytype
param
the certificate issuers.
param
the socket used for this connection. This parameter can be null, in which case the method will return the most generic alias to use.
return
the alias
String alias = null; if(this.alias != null){ alias = this.alias; }else{ alias = mgr.chooseServerAlias(keyType, issuers, socket); } if(_logger.isLoggable(Level.FINE)){ _logger.log(Level.FINE,"Choosing server alias :"+ alias); } return alias;
public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias)
Return the certificate chain for the specified alias.
param
the alias.
return
the chain of X509 Certificates.
if(_logger.isLoggable(Level.FINE)){ _logger.log(Level.FINE,"Getting certificate chain"); } X509KeyManager keyMgr = getManagerFromToken(alias); if (keyMgr != null) { String aliasName = alias.substring(alias.indexOf(':") + 1); return keyMgr.getCertificateChain(aliasName); } else { return mgr.getCertificateChain(alias); }
public java.lang.String[] getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)
Return all the available client aliases for the specified key type.
param
the keytype
param
the certificate issuers.
return
the array of aliases.
if(_logger.isLoggable(Level.FINE)){ _logger.log(Level.FINE,"Getting client aliases"); } return mgr.getClientAliases(keyType, issuers);
private javax.net.ssl.X509KeyManager getManagerFromToken(java.lang.String tokenAlias)
Find the corresponding X509KeyManager associated to token in alias. It returns null if there is n
param
tokenAlias of the form <tokenName>:<aliasName>
X509KeyManager keyMgr = null; int ind = -1; if (supportTokenAlias && tokenAlias != null && (ind = tokenAlias.indexOf(':")) != -1) { String tokenName = alias.substring(0, ind); keyMgr = (X509KeyManager)tokenName2MgrMap.get(tokenName); } return keyMgr;
public java.security.PrivateKey getPrivateKey(java.lang.String alias)
Return the private key for the specified alias.
param
the alias.
return
the private key.
if(_logger.isLoggable(Level.FINE)){ _logger.log(Level.FINE,"Getting private key for alias:" + alias); } X509KeyManager keyMgr = getManagerFromToken(alias); if (keyMgr != null) { String aliasName = alias.substring(alias.indexOf(':") + 1); return keyMgr.getPrivateKey(aliasName); } else { return mgr.getPrivateKey(alias); }
public java.lang.String[] getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)
Return all the available server aliases for the specified key type.
param
the keytype
param
the certificate issuers.
return
the array of aliases.
if(_logger.isLoggable(Level.FINE)){ _logger.log(Level.FINE,"Getting server aliases"); } return mgr.getServerAliases(keyType, issuers);