org.opends.server.util
Class SelectableCertificateKeyManager

java.lang.Object
  extended by javax.net.ssl.X509ExtendedKeyManager
      extended by org.opends.server.util.SelectableCertificateKeyManager
All Implemented Interfaces:
javax.net.ssl.KeyManager, javax.net.ssl.X509KeyManager

@PublicAPI(stability=UNCOMMITTED,
           mayInstantiate=true,
           mayExtend=false,
           mayInvoke=true)
public final class SelectableCertificateKeyManager
extends javax.net.ssl.X509ExtendedKeyManager

This class implements an X.509 key manager that will be used to wrap an existing key manager and makes it possible to configure which certificate(s) should be used for client and/or server operations. The certificate selection will be based on the alias (also called the nickname) of the certificate.


Constructor Summary
SelectableCertificateKeyManager(javax.net.ssl.X509KeyManager keyManager, java.lang.String alias)
          Creates a new instance of this key manager that will wrap the provided key manager and use the certificate with the specified alias.
 
Method Summary
 java.lang.String chooseClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)
          Chooses the alias of the client certificate that should be used based on the provided critieria.
 java.lang.String chooseEngineClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
          Chooses the alias of the client certificate that should be used based on the provided critieria.
 java.lang.String chooseEngineServerAlias(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
          Chooses the alias of the server certificate that should be used based on the provided critieria.
 java.lang.String chooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)
          Chooses the alias of the server certificate that should be used based on the provided critieria.
 java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias)
          Retrieves the certificate chain for the provided alias.
 java.lang.String[] getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)
          Retrieves the set of certificate aliases that may be used for client authentication with the given public key type and set of issuers.
 java.security.PrivateKey getPrivateKey(java.lang.String alias)
          Retrieves the private key for the provided alias.
 java.lang.String[] getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)
          Retrieves the set of certificate aliases that may be used for server authentication with the given public key type and set of issuers.
static javax.net.ssl.X509ExtendedKeyManager[] wrap(javax.net.ssl.KeyManager[] keyManagers, java.lang.String alias)
          Wraps the provided set of key managers in selectable certificate key managers using the provided alias.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SelectableCertificateKeyManager

public SelectableCertificateKeyManager(javax.net.ssl.X509KeyManager keyManager,
                                       java.lang.String alias)
Creates a new instance of this key manager that will wrap the provided key manager and use the certificate with the specified alias.

Parameters:
keyManager - The key manager to be wrapped by this key manager.
alias - The nickname of the certificate that should be selected for operations involving this key manager.
Method Detail

chooseClientAlias

public java.lang.String chooseClientAlias(java.lang.String[] keyType,
                                          java.security.Principal[] issuers,
                                          java.net.Socket socket)
Chooses the alias of the client certificate that should be used based on the provided critieria. This will either return the preferred alias configured for this key manager, or null if no client certificate with that alias is configured in the underlying key manager.

Parameters:
keyType - The set of key algorithm names, ordered with the most preferred key type first.
issuers - The list of acceptable issuer subject names, or null if any issuer may be used.
socket - The socket to be used for this connection.
Returns:
The alias configured for this key manager, or null if no such client certificate is available with that alias.

chooseEngineClientAlias

public java.lang.String chooseEngineClientAlias(java.lang.String[] keyType,
                                                java.security.Principal[] issuers,
                                                javax.net.ssl.SSLEngine engine)
Chooses the alias of the client certificate that should be used based on the provided critieria. This will either return the preferred alias configured for this key manager, or null if no client certificate with that alias is configured in the underlying key manager.

Overrides:
chooseEngineClientAlias in class javax.net.ssl.X509ExtendedKeyManager
Parameters:
keyType - The set of key algorithm names, ordered with the most preferred key type first.
issuers - The list of acceptable issuer subject names, or null if any issuer may be used.
engine - The SSL engine to be used for this connection.
Returns:
The alias configured for this key manager, or null if no such client certificate is available with that alias.

chooseServerAlias

public java.lang.String chooseServerAlias(java.lang.String keyType,
                                          java.security.Principal[] issuers,
                                          java.net.Socket socket)
Chooses the alias of the server certificate that should be used based on the provided critieria. This will either return the preferred alias configured for this key manager, or null if no server certificate with that alias is configured in the underlying key manager.

Parameters:
keyType - The public key type for the certificate.
issuers - The list of acceptable issuer subject names, or null if any issuer may be used.
socket - The socket to be used for this connection.
Returns:
The alias configured for this key manager, or null if no such server certificate is available with that alias.

chooseEngineServerAlias

public java.lang.String chooseEngineServerAlias(java.lang.String keyType,
                                                java.security.Principal[] issuers,
                                                javax.net.ssl.SSLEngine engine)
Chooses the alias of the server certificate that should be used based on the provided critieria. This will either return the preferred alias configured for this key manager, or null if no server certificate with that alias is configured in the underlying key manager.

Overrides:
chooseEngineServerAlias in class javax.net.ssl.X509ExtendedKeyManager
Parameters:
keyType - The public key type for the certificate.
issuers - The list of acceptable issuer subject names, or null if any issuer may be used.
engine - The SSL engine to be used for this connection.
Returns:
The alias configured for this key manager, or null if no such server certificate is available with that alias.

getCertificateChain

public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias)
Retrieves the certificate chain for the provided alias.

Parameters:
alias - The alias for the certificate chain to retrieve.
Returns:
The certificate chain for the provided alias, or null if no certificate is associated with the provided alias.

getClientAliases

public java.lang.String[] getClientAliases(java.lang.String keyType,
                                           java.security.Principal[] issuers)
Retrieves the set of certificate aliases that may be used for client authentication with the given public key type and set of issuers.

Parameters:
keyType - The public key type for the aliases to retrieve.
issuers - The list of acceptable issuer subject names, or null if any issuer may be used.
Returns:
The set of certificate aliases that may be used for client authentication with the given public key type and set of issuers, or null if there were none.

getPrivateKey

public java.security.PrivateKey getPrivateKey(java.lang.String alias)
Retrieves the private key for the provided alias.

Parameters:
alias - The alias for the private key to return.
Returns:
The private key for the provided alias, or null if no private key is available for the provided alias.

getServerAliases

public java.lang.String[] getServerAliases(java.lang.String keyType,
                                           java.security.Principal[] issuers)
Retrieves the set of certificate aliases that may be used for server authentication with the given public key type and set of issuers.

Parameters:
keyType - The public key type for the aliases to retrieve.
issuers - The list of acceptable issuer subject names, or null if any issuer may be used.
Returns:
The set of certificate aliases that may be used for server authentication with the given public key type and set of issuers, or null if there were none.

wrap

public static javax.net.ssl.X509ExtendedKeyManager[] wrap(javax.net.ssl.KeyManager[] keyManagers,
                                                          java.lang.String alias)
Wraps the provided set of key managers in selectable certificate key managers using the provided alias.

Parameters:
keyManagers - The set of key managers to be wrapped.
alias - The alias to use for selecting the desired certificate.
Returns:
A key manager array