org.opends.admin.ads.util
Class ApplicationKeyManager

java.lang.Object
  extended by org.opends.admin.ads.util.ApplicationKeyManager
All Implemented Interfaces:
javax.net.ssl.KeyManager, javax.net.ssl.X509KeyManager

public class ApplicationKeyManager
extends java.lang.Object
implements javax.net.ssl.X509KeyManager

This class is in charge of checking whether the certificates that are presented are trusted or not. This implementation tries to check also that the subject DN of the certificate corresponds to the host passed using the setHostName method. The constructor tries to use a default TrustManager from the system and if it cannot be retrieved this class will only accept the certificates explicitly accepted by the user (and specified by calling acceptCertificate). NOTE: this class is not aimed to be used when we have connections in paralel.


Constructor Summary
ApplicationKeyManager(java.security.KeyStore keystore, char[] password)
          The default constructor.
 
Method Summary
 java.lang.String chooseClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)
          Choose an alias to authenticate the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
 java.lang.String chooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)
          Choose an alias to authenticate the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
 java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias)
          Returns the certificate chain associated with the given alias.
 java.lang.String[] getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)
          Get the matching aliases for authenticating the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
 java.security.PrivateKey getPrivateKey(java.lang.String alias)
          Returns the key associated with the given alias.
 java.lang.String[] getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)
          Get the matching aliases for authenticating the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ApplicationKeyManager

public ApplicationKeyManager(java.security.KeyStore keystore,
                             char[] password)
The default constructor.

Parameters:
keystore - The keystore to use for this keymanager.
password - The keystore password to use for this keymanager.
Method Detail

chooseClientAlias

public java.lang.String chooseClientAlias(java.lang.String[] keyType,
                                          java.security.Principal[] issuers,
                                          java.net.Socket socket)
Choose an alias to authenticate the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Specified by:
chooseClientAlias in interface javax.net.ssl.X509KeyManager
Parameters:
keyType - the key algorithm type name(s), ordered with the most-preferred key type first.
issuers - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used.
socket - the socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use.
Returns:
the alias name for the desired key, or null if there are no matches.

chooseServerAlias

public java.lang.String chooseServerAlias(java.lang.String keyType,
                                          java.security.Principal[] issuers,
                                          java.net.Socket socket)
Choose an alias to authenticate the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Specified by:
chooseServerAlias in interface javax.net.ssl.X509KeyManager
Parameters:
keyType - the key algorithm type name(s), ordered with the most-preferred key type first.
issuers - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used.
socket - the socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use.
Returns:
the alias name for the desired key, or null if there are no matches.

getCertificateChain

public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias)
Returns the certificate chain associated with the given alias.

Specified by:
getCertificateChain in interface javax.net.ssl.X509KeyManager
Parameters:
alias - the alias name
Returns:
the certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the alias can't be found.

getClientAliases

public java.lang.String[] getClientAliases(java.lang.String keyType,
                                           java.security.Principal[] issuers)
Get the matching aliases for authenticating the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Specified by:
getClientAliases in interface javax.net.ssl.X509KeyManager
Parameters:
keyType - the key algorithm type name
issuers - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used.
Returns:
an array of the matching alias names, or null if there were no matches.

getPrivateKey

public java.security.PrivateKey getPrivateKey(java.lang.String alias)
Returns the key associated with the given alias.

Specified by:
getPrivateKey in interface javax.net.ssl.X509KeyManager
Parameters:
alias - the alias name
Returns:
the requested key, or null if the alias can't be found.

getServerAliases

public java.lang.String[] getServerAliases(java.lang.String keyType,
                                           java.security.Principal[] issuers)
Get the matching aliases for authenticating the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Specified by:
getServerAliases in interface javax.net.ssl.X509KeyManager
Parameters:
keyType - the key algorithm type name
issuers - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used.
Returns:
an array of the matching alias names, or null if there were no matches.