@PublicAPI(stability=UNCOMMITTED, mayInstantiate=true, mayExtend=false, mayInvoke=true) public final class SelectableCertificateKeyManager extends X509ExtendedKeyManager
Modifier and Type | Method and Description |
---|---|
String |
chooseClientAlias(String[] keyType,
Principal[] issuers,
Socket socket)
Chooses the alias of the client certificate that should be used based on the provided criteria.
|
String |
chooseEngineClientAlias(String[] keyType,
Principal[] issuers,
SSLEngine engine)
Chooses the alias of the client certificate that should be used based on the provided criteria.
|
String |
chooseEngineServerAlias(String keyType,
Principal[] issuers,
SSLEngine engine)
Chooses the alias of the server certificate that should be used based on the provided criteria.
|
String |
chooseServerAlias(String keyType,
Principal[] issuers,
Socket socket)
Chooses the alias of the server certificate that should be used based on the provided criteria.
|
X509Certificate[] |
getCertificateChain(String alias)
Retrieves the certificate chain for the provided alias.
|
String[] |
getClientAliases(String keyType,
Principal[] issuers)
Retrieves the set of certificate aliases that may be used for client authentication with the given public key
type and set of issuers.
|
PrivateKey |
getPrivateKey(String alias)
Retrieves the private key for the provided alias.
|
String[] |
getServerAliases(String keyType,
Principal[] issuers)
Retrieves the set of certificate aliases that may be used for server authentication with the given public key
type and set of issuers.
|
static KeyManager[] |
wrap(KeyManager[] keyManagers,
SortedSet<String> aliases)
Wraps the provided set of key managers in selectable certificate key managers using the provided alias.
|
static KeyManager[] |
wrap(KeyManager[] keyManagers,
SortedSet<String> aliases,
String componentName)
Wraps the provided set of key managers in selectable certificate key managers using the provided alias.
|
public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
null
if no client certificate with that
alias is configured in the underlying key manager.keyType
- The set of key algorithm names, ordered with the most preferred key type first.issuers
- The list of acceptable issuer subject names, or null
if any issuer may be used.socket
- The socket to be used for this connection.null
if no such client certificate is available
with that alias.public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine)
null
if no client certificate with that
alias is configured in the underlying key manager.chooseEngineClientAlias
in class X509ExtendedKeyManager
keyType
- The set of key algorithm names, ordered with the most preferred key type first.issuers
- The list of acceptable issuer subject names, or null
if any issuer may be used.engine
- The SSL engine to be used for this connection.null
if no such client certificate is available
with that alias.public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
null
if no server certificate with that
alias is configured in the underlying key manager.keyType
- The public key type for the certificate.issuers
- The list of acceptable issuer subject names, or null
if any issuer may be used.socket
- The socket to be used for this connection.null
if no such server certificate is available
with that alias.public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine)
null
if no server certificate with that
alias is configured in the underlying key manager. Note that the returned alias can be transformed in lowercase,
depending on the KeyStore implementation. It is recommended not to use aliases in a KeyStore that only differ in
case.chooseEngineServerAlias
in class X509ExtendedKeyManager
keyType
- The public key type for the certificate.issuers
- The list of acceptable issuer subject names, or null
if any issuer may be used.engine
- The SSL engine to be used for this connection.null
if no such server certificate is available
with that alias.public X509Certificate[] getCertificateChain(String alias)
alias
- The alias for the certificate chain to retrieve.null
if no certificate is associated with the
provided alias.public String[] getClientAliases(String keyType, Principal[] issuers)
keyType
- The public key type for the aliases to retrieve.issuers
- The list of acceptable issuer subject names, or null
if any issuer may be used.null
if there were none.public PrivateKey getPrivateKey(String alias)
alias
- The alias for the private key to return.null
if no private key is available for the provided
alias.public String[] getServerAliases(String keyType, Principal[] issuers)
keyType
- The public key type for the aliases to retrieve.issuers
- The list of acceptable issuer subject names, or null
if any issuer may be used.null
if there were none.public static KeyManager[] wrap(KeyManager[] keyManagers, SortedSet<String> aliases, String componentName)
keyManagers
- The set of key managers to be wrapped.aliases
- The aliases to use for selecting the desired certificate.componentName
- Name of the component to which is associated this key managerpublic static KeyManager[] wrap(KeyManager[] keyManagers, SortedSet<String> aliases)
keyManagers
- The set of key managers to be wrapped.aliases
- The aliases to use for selecting the desired certificate.Copyright © 2010–2017 ForgeRock AS. All rights reserved.