@PublicAPI(stability=UNCOMMITTED, mayInstantiate=true, mayExtend=false, mayInvoke=true) public final class SelectableCertificateKeyManager extends X509ExtendedKeyManager
Modifier and Type | Method and Description |
---|---|
String |
chooseClientAlias(String[] keyType,
Principal[] issuers,
Socket socket)
Chooses the alias of the client certificate that should be used based on
the provided criteria.
|
String |
chooseEngineClientAlias(String[] keyType,
Principal[] issuers,
SSLEngine engine)
Chooses the alias of the client certificate that should be used based on
the provided criteria.
|
String |
chooseEngineServerAlias(String keyType,
Principal[] issuers,
SSLEngine engine)
Chooses the alias of the server certificate that should be used based on
the provided criteria.
|
String |
chooseServerAlias(String keyType,
Principal[] issuers,
Socket socket)
Chooses the alias of the server certificate that should be used based on
the provided criteria.
|
X509Certificate[] |
getCertificateChain(String alias)
Retrieves the certificate chain for the provided alias.
|
String[] |
getClientAliases(String keyType,
Principal[] issuers)
Retrieves the set of certificate aliases that may be used for client
authentication with the given public key type and set of issuers.
|
PrivateKey |
getPrivateKey(String alias)
Retrieves the private key for the provided alias.
|
String[] |
getServerAliases(String keyType,
Principal[] issuers)
Retrieves the set of certificate aliases that may be used for server
authentication with the given public key type and set of issuers.
|
static KeyManager[] |
wrap(KeyManager[] keyManagers,
SortedSet<String> aliases)
Wraps the provided set of key managers in selectable certificate key
managers using the provided alias.
|
static KeyManager[] |
wrap(KeyManager[] keyManagers,
SortedSet<String> aliases,
String componentName)
Wraps the provided set of key managers in selectable certificate key
managers using the provided alias.
|
public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
null
if no client certificate
with that alias is configured in the underlying key manager.keyType
- The set of key algorithm names, ordered with the most
preferred key type first.issuers
- The list of acceptable issuer subject names, or
null
if any issuer may be used.socket
- The socket to be used for this connection.null
if no
such client certificate is available with that alias.public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine)
null
if no client certificate
with that alias is configured in the underlying key manager.chooseEngineClientAlias
in class X509ExtendedKeyManager
keyType
- The set of key algorithm names, ordered with the most
preferred key type first.issuers
- The list of acceptable issuer subject names, or
null
if any issuer may be used.engine
- The SSL engine to be used for this connection.null
if no
such client certificate is available with that alias.public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
null
if no server certificate
with that alias is configured in the underlying key manager.keyType
- The public key type for the certificate.issuers
- The list of acceptable issuer subject names, or
null
if any issuer may be used.socket
- The socket to be used for this connection.null
if no
such server certificate is available with that alias.public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine)
null
if no server certificate
with that alias is configured in the underlying key manager.
Note that the returned alias can be transformed in lowercase, depending
on the KeyStore implementation. It is recommended not to use aliases in a
KeyStore that only differ in case.chooseEngineServerAlias
in class X509ExtendedKeyManager
keyType
- The public key type for the certificate.issuers
- The list of acceptable issuer subject names, or
null
if any issuer may be used.engine
- The SSL engine to be used for this connection.null
if no
such server certificate is available with that alias.public X509Certificate[] getCertificateChain(String alias)
alias
- The alias for the certificate chain to retrieve.null
if
no certificate is associated with the provided alias.public String[] getClientAliases(String keyType, Principal[] issuers)
keyType
- The public key type for the aliases to retrieve.issuers
- The list of acceptable issuer subject names, or
null
if any issuer may be used.null
if there were none.public PrivateKey getPrivateKey(String alias)
alias
- The alias for the private key to return.null
if no
private key is available for the provided alias.public String[] getServerAliases(String keyType, Principal[] issuers)
keyType
- The public key type for the aliases to retrieve.issuers
- The list of acceptable issuer subject names, or
null
if any issuer may be used.null
if there were none.public static KeyManager[] wrap(KeyManager[] keyManagers, SortedSet<String> aliases, String componentName)
keyManagers
- The set of key managers to be wrapped.aliases
- The aliases to use for selecting the desired
certificate.componentName
- Name of the component to which is associated this key managerpublic static KeyManager[] wrap(KeyManager[] keyManagers, SortedSet<String> aliases)
keyManagers
- The set of key managers to be wrapped.aliases
- The aliases to use for selecting the desired
certificate.Copyright © 2010-2017 ForgeRock AS. All Rights Reserved.