Package com.unboundid.util.ssl
Class WrapperKeyManager
- java.lang.Object
-
- javax.net.ssl.X509ExtendedKeyManager
-
- com.unboundid.util.ssl.WrapperKeyManager
-
- All Implemented Interfaces:
javax.net.ssl.KeyManager
,javax.net.ssl.X509KeyManager
- Direct Known Subclasses:
KeyStoreKeyManager
,PKCS11KeyManager
@NotExtensible @ThreadSafety(level=INTERFACE_THREADSAFE) public abstract class WrapperKeyManager extends javax.net.ssl.X509ExtendedKeyManager
This class provides an SSL key manager that may be used to wrap a provided set of key managers. It provides the ability to select the desired certificate based on a given nickname.
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
WrapperKeyManager(javax.net.ssl.KeyManager[] keyManagers, java.lang.String certificateAlias)
Creates a new instance of this wrapper key manager with the provided information.protected
WrapperKeyManager(javax.net.ssl.X509KeyManager[] keyManagers, java.lang.String certificateAlias)
Creates a new instance of this wrapper key manager with the provided information.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.String
chooseClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)
Retrieves the nickname of the certificate that a client should use to authenticate to a server.java.lang.String
chooseEngineClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
Retrieves the nickname of the certificate that a client should use to authenticate to a server.java.lang.String
chooseEngineServerAlias(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
Retrieves the nickname of the certificate that a server should use to authenticate to a client.java.lang.String
chooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)
Retrieves the nickname of the certificate that a server should use to authenticate to a client.java.lang.String
getCertificateAlias()
Retrieves the nickname of the certificate that should be selected.java.security.cert.X509Certificate[]
getCertificateChain(java.lang.String alias)
Retrieves the certificate chain for the certificate with the given nickname.java.lang.String[]
getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)
Retrieves the nicknames of the client certificates of the specified type contained in the key store.java.security.PrivateKey
getPrivateKey(java.lang.String alias)
Retrieves the private key for the specified certificate.java.lang.String[]
getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)
Retrieves the nicknames of the server certificates of the specified type contained in the key store.
-
-
-
Constructor Detail
-
WrapperKeyManager
protected WrapperKeyManager(@NotNull javax.net.ssl.KeyManager[] keyManagers, @Nullable java.lang.String certificateAlias)
Creates a new instance of this wrapper key manager with the provided information.- Parameters:
keyManagers
- The set of key managers to be wrapped. It must not benull
or empty, and it must contain only X509KeyManager instances.certificateAlias
- The nickname of the certificate that should be selected. It may benull
if any acceptable certificate found may be used.
-
WrapperKeyManager
protected WrapperKeyManager(@NotNull javax.net.ssl.X509KeyManager[] keyManagers, @Nullable java.lang.String certificateAlias)
Creates a new instance of this wrapper key manager with the provided information.- Parameters:
keyManagers
- The set of key managers to be wrapped. It must not benull
or empty.certificateAlias
- The nickname of the certificate that should be selected. It may benull
if any acceptable certificate found may be used.
-
-
Method Detail
-
getCertificateAlias
@Nullable public java.lang.String getCertificateAlias()
Retrieves the nickname of the certificate that should be selected.- Returns:
- The nickname of the certificate that should be selected, or
null
if any acceptable certificate found in the key store may be used.
-
getClientAliases
@Nullable public final java.lang.String[] getClientAliases(@NotNull java.lang.String keyType, @Nullable java.security.Principal[] issuers)
Retrieves the nicknames of the client certificates of the specified type contained in the key store.- Parameters:
keyType
- The key algorithm name for which to retrieve the available certificate nicknames.issuers
- The list of acceptable issuer certificate subjects. It may benull
if any issuer may be used.- Returns:
- The nicknames of the client certificates, or
null
if none were found in the key store.
-
chooseClientAlias
@Nullable public final java.lang.String chooseClientAlias(@NotNull java.lang.String[] keyType, @Nullable java.security.Principal[] issuers, @Nullable java.net.Socket socket)
Retrieves the nickname of the certificate that a client should use to authenticate to a server.- Parameters:
keyType
- The list of key algorithm names that may be used.issuers
- The list of acceptable issuer certificate subjects. It may benull
if any issuer may be used.socket
- The socket to be used. It may benull
if the certificate may be for any socket.- Returns:
- The nickname of the certificate to use, or
null
if no appropriate certificate is found.
-
chooseEngineClientAlias
@Nullable public final java.lang.String chooseEngineClientAlias(@NotNull java.lang.String[] keyType, @Nullable java.security.Principal[] issuers, @Nullable javax.net.ssl.SSLEngine engine)
Retrieves the nickname of the certificate that a client should use to authenticate to a server.- Overrides:
chooseEngineClientAlias
in classjavax.net.ssl.X509ExtendedKeyManager
- Parameters:
keyType
- The list of key algorithm names that may be used.issuers
- The list of acceptable issuer certificate subjects. It may benull
if any issuer may be used.engine
- The SSL engine to be used. It may benull
if the certificate may be for any engine.- Returns:
- The nickname of the certificate to use, or
null
if no appropriate certificate is found.
-
getServerAliases
@Nullable public final java.lang.String[] getServerAliases(@NotNull java.lang.String keyType, @Nullable java.security.Principal[] issuers)
Retrieves the nicknames of the server certificates of the specified type contained in the key store.- Parameters:
keyType
- The key algorithm name for which to retrieve the available certificate nicknames.issuers
- The list of acceptable issuer certificate subjects. It may benull
if any issuer may be used.- Returns:
- The nicknames of the server certificates, or
null
if none were found in the key store.
-
chooseServerAlias
@Nullable public final java.lang.String chooseServerAlias(@NotNull java.lang.String keyType, @Nullable java.security.Principal[] issuers, @Nullable java.net.Socket socket)
Retrieves the nickname of the certificate that a server should use to authenticate to a client.- Parameters:
keyType
- The key algorithm name that may be used.issuers
- The list of acceptable issuer certificate subjects. It may benull
if any issuer may be used.socket
- The socket to be used. It may benull
if the certificate may be for any socket.- Returns:
- The nickname of the certificate to use, or
null
if no appropriate certificate is found.
-
chooseEngineServerAlias
@Nullable public final java.lang.String chooseEngineServerAlias(@NotNull java.lang.String keyType, @Nullable java.security.Principal[] issuers, @Nullable javax.net.ssl.SSLEngine engine)
Retrieves the nickname of the certificate that a server should use to authenticate to a client.- Overrides:
chooseEngineServerAlias
in classjavax.net.ssl.X509ExtendedKeyManager
- Parameters:
keyType
- The key algorithm name that may be used.issuers
- The list of acceptable issuer certificate subjects. It may benull
if any issuer may be used.engine
- The SSL engine to be used. It may benull
if the certificate may be for any engine.- Returns:
- The nickname of the certificate to use, or
null
if no appropriate certificate is found.
-
getCertificateChain
@Nullable public final java.security.cert.X509Certificate[] getCertificateChain(@NotNull java.lang.String alias)
Retrieves the certificate chain for the certificate with the given nickname.- Parameters:
alias
- The nickname of the certificate for which to retrieve the certificate chain.- Returns:
- The certificate chain for the certificate with the given nickname,
or
null
if the requested certificate cannot be found.
-
getPrivateKey
@Nullable public final java.security.PrivateKey getPrivateKey(@NotNull java.lang.String alias)
Retrieves the private key for the specified certificate.- Parameters:
alias
- The nickname of the certificate for which to retrieve the private key.- Returns:
- The private key for the requested certificate, or
null
if the requested certificate cannot be found.
-
-