|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectjavax.net.ssl.X509ExtendedKeyManager
org.opends.server.util.SelectableCertificateKeyManager
@PublicAPI(stability=UNCOMMITTED, mayInstantiate=true, mayExtend=false, mayInvoke=true) public final class SelectableCertificateKeyManager
This class implements an X.509 key manager that will be used to wrap an existing key manager and makes it possible to configure which certificate(s) should be used for client and/or server operations. The certificate selection will be based on the alias (also called the nickname) of the certificate.
Constructor Summary | |
---|---|
SelectableCertificateKeyManager(javax.net.ssl.X509KeyManager keyManager,
java.lang.String alias)
Creates a new instance of this key manager that will wrap the provided key manager and use the certificate with the specified alias. |
Method Summary | |
---|---|
java.lang.String |
chooseClientAlias(java.lang.String[] keyType,
java.security.Principal[] issuers,
java.net.Socket socket)
Chooses the alias of the client certificate that should be used based on the provided critieria. |
java.lang.String |
chooseEngineClientAlias(java.lang.String[] keyType,
java.security.Principal[] issuers,
javax.net.ssl.SSLEngine engine)
Chooses the alias of the client certificate that should be used based on the provided critieria. |
java.lang.String |
chooseEngineServerAlias(java.lang.String keyType,
java.security.Principal[] issuers,
javax.net.ssl.SSLEngine engine)
Chooses the alias of the server certificate that should be used based on the provided critieria. |
java.lang.String |
chooseServerAlias(java.lang.String keyType,
java.security.Principal[] issuers,
java.net.Socket socket)
Chooses the alias of the server certificate that should be used based on the provided critieria. |
java.security.cert.X509Certificate[] |
getCertificateChain(java.lang.String alias)
Retrieves the certificate chain for the provided alias. |
java.lang.String[] |
getClientAliases(java.lang.String keyType,
java.security.Principal[] issuers)
Retrieves the set of certificate aliases that may be used for client authentication with the given public key type and set of issuers. |
java.security.PrivateKey |
getPrivateKey(java.lang.String alias)
Retrieves the private key for the provided alias. |
java.lang.String[] |
getServerAliases(java.lang.String keyType,
java.security.Principal[] issuers)
Retrieves the set of certificate aliases that may be used for server authentication with the given public key type and set of issuers. |
static javax.net.ssl.X509ExtendedKeyManager[] |
wrap(javax.net.ssl.KeyManager[] keyManagers,
java.lang.String alias)
Wraps the provided set of key managers in selectable certificate key managers using the provided alias. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public SelectableCertificateKeyManager(javax.net.ssl.X509KeyManager keyManager, java.lang.String alias)
keyManager
- The key manager to be wrapped by this key manager.alias
- The nickname of the certificate that should be
selected for operations involving this key manager.Method Detail |
---|
public java.lang.String chooseClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)
null
if no client certificate
with that alias is configured in the underlying key manager.
keyType
- The set of key algorithm names, ordered with the most
preferred key type first.issuers
- The list of acceptable issuer subject names, or
null
if any issuer may be used.socket
- The socket to be used for this connection.
null
if no
such client certificate is available with that alias.public java.lang.String chooseEngineClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
null
if no client certificate
with that alias is configured in the underlying key manager.
chooseEngineClientAlias
in class javax.net.ssl.X509ExtendedKeyManager
keyType
- The set of key algorithm names, ordered with the most
preferred key type first.issuers
- The list of acceptable issuer subject names, or
null
if any issuer may be used.engine
- The SSL engine to be used for this connection.
null
if no
such client certificate is available with that alias.public java.lang.String chooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)
null
if no server certificate
with that alias is configured in the underlying key manager.
keyType
- The public key type for the certificate.issuers
- The list of acceptable issuer subject names, or
null
if any issuer may be used.socket
- The socket to be used for this connection.
null
if no
such server certificate is available with that alias.public java.lang.String chooseEngineServerAlias(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
null
if no server certificate
with that alias is configured in the underlying key manager.
chooseEngineServerAlias
in class javax.net.ssl.X509ExtendedKeyManager
keyType
- The public key type for the certificate.issuers
- The list of acceptable issuer subject names, or
null
if any issuer may be used.engine
- The SSL engine to be used for this connection.
null
if no
such server certificate is available with that alias.public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias)
alias
- The alias for the certificate chain to retrieve.
null
if
no certificate is associated with the provided alias.public java.lang.String[] getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)
keyType
- The public key type for the aliases to retrieve.issuers
- The list of acceptable issuer subject names, or
null
if any issuer may be used.
null
if there were none.public java.security.PrivateKey getPrivateKey(java.lang.String alias)
alias
- The alias for the private key to return.
null
if no
private key is available for the provided alias.public java.lang.String[] getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)
keyType
- The public key type for the aliases to retrieve.issuers
- The list of acceptable issuer subject names, or
null
if any issuer may be used.
null
if there were none.public static javax.net.ssl.X509ExtendedKeyManager[] wrap(javax.net.ssl.KeyManager[] keyManagers, java.lang.String alias)
keyManagers
- The set of key managers to be wrapped.alias
- The alias to use for selecting the desired
certificate.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |