JSSEKeyManager (Apache Tomcat 7.0.28 API Documentation)

Overview

Package

Class

Tree

Deprecated

Index

Help

Apache Tomcat 7.0.28

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.tomcat.util.net.jsse
Class JSSEKeyManager

java.lang.Object
  javax.net.ssl.X509ExtendedKeyManager
      org.apache.tomcat.util.net.jsse.JSSEKeyManager

All Implemented Interfaces:: KeyManager, X509KeyManager

public final class JSSEKeyManager
extends X509ExtendedKeyManager
extends X509ExtendedKeyManager

X509KeyManager which allows selection of a specific keypair and certificate chain (identified by their keystore alias name) to be used by the server to authenticate itself to SSL clients.

Author:: Jan Luehe

Constructor Summary
`JSSEKeyManager(X509KeyManager mgr, String serverKeyAlias)` Constructor.

Method Summary
`String`	`chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)` Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
`String`	`chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine)` Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
`String`	`chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine)` Returns this key manager's server key alias that was provided in the constructor.
`String`	`chooseServerAlias(String keyType, Principal[] issuers, Socket socket)` Returns this key manager's server key alias that was provided in the constructor.
`X509Certificate[]`	`getCertificateChain(String alias)` Returns the certificate chain associated with the given alias.
`String[]`	`getClientAliases(String keyType, Principal[] issuers)` Get the matching aliases for authenticating the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
`PrivateKey`	`getPrivateKey(String alias)` Returns the key associated with the given alias.
`String[]`	`getServerAliases(String keyType, Principal[] issuers)` Get the matching aliases for authenticating the server side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

JSSEKeyManager

public JSSEKeyManager(X509KeyManager mgr,
                      String serverKeyAlias)

Constructor.

Parameters:: mgr - The X509KeyManager used as a delegate; serverKeyAlias - The alias name of the server's keypair and supporting certificate chain

Method Detail

chooseClientAlias

public String chooseClientAlias(String[] keyType,
                                Principal[] issuers,
                                Socket socket)

Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Parameters:: keyType - The key algorithm type name(s), ordered with the most-preferred key type first; issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used; socket - The socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use
Returns:: The alias name for the desired key, or null if there are no matches

chooseServerAlias

public String chooseServerAlias(String keyType,
                                Principal[] issuers,
                                Socket socket)

Returns this key manager's server key alias that was provided in the constructor.

Parameters:: keyType - Ignored; issuers - Ignored; socket - Ignored
Returns:: Alias name for the desired key

getCertificateChain

public X509Certificate[] getCertificateChain(String alias)

Returns the certificate chain associated with the given alias.

Parameters:: alias - The alias name
Returns:: Certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the alias can't be found

getClientAliases

public String[] getClientAliases(String keyType,
                                 Principal[] issuers)

Get the matching aliases for authenticating the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Parameters:: keyType - The key algorithm type name; issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
Returns:: Array of the matching alias names, or null if there were no matches

getServerAliases

public String[] getServerAliases(String keyType,
                                 Principal[] issuers)

Get the matching aliases for authenticating the server side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Parameters:: keyType - The key algorithm type name; issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
Returns:: Array of the matching alias names, or null if there were no matches

getPrivateKey

public PrivateKey getPrivateKey(String alias)

Returns the key associated with the given alias.

Parameters:: alias - The alias name
Returns:: The requested key, or null if the alias can't be found

chooseEngineClientAlias

public String chooseEngineClientAlias(String[] keyType,
                                      Principal[] issuers,
                                      SSLEngine engine)