nl.altindag.ssl.keymanager

Class CompositeX509ExtendedKeyManager

java.lang.Object

javax.net.ssl.X509ExtendedKeyManager

nl.altindag.ssl.keymanager.CompositeX509ExtendedKeyManager

All Implemented Interfaces:

KeyManager, X509KeyManager

public final class CompositeX509ExtendedKeyManager
extends X509ExtendedKeyManager

Represents an ordered list of X509ExtendedKeyManager with most-preferred managers first. This is necessary because of the fine-print on SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], java.security.SecureRandom): Only the first instance of a particular key and/or key manager implementation type in the array is used. (For example, only the first javax.net.ssl.X509KeyManager in the array will be used.) The KeyManager can be build from one or more of any combination provided within the KeyManagerUtils.KeyManagerBuilder.

This includes:

     - Any amount of custom KeyManagers
     - Any amount of custom Identities
 

NOTE: Please don't use this class directly as it is part of the internal API. Class name and methods can be changed any time. Instead use the KeyManagerUtils which provides the same functionality while it has a stable API because it is part of the public API.

Author:

Cody Ray, Hakan Altinda

See Also:

http://stackoverflow.com/questions/1793979/registering-multiple-keystores-in-jvm , http://codyaray.com/2013/04/java-ssl-with-multiple-keystores

Constructor Summary

Constructors

Constructor and Description
CompositeX509ExtendedKeyManager(List<? extends X509ExtendedKeyManager> keyManagers) Creates a new CompositeX509ExtendedKeyManager.
CompositeX509ExtendedKeyManager(List<? extends X509ExtendedKeyManager> keyManagers, Map<String,List<URI>> preferredClientAliasToHost) Creates a new CompositeX509ExtendedKeyManager.

Method Summary

Modifier and Type	Method and Description
String	chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) Chooses the first non-null client alias returned from the delegate X509ExtendedKeyManager, or null if there are no matches.
String	chooseEngineClientAlias(String[] keyTypes, Principal[] issuers, SSLEngine sslEngine) Chooses the first non-null client alias returned from the delegate X509ExtendedKeyManager, or null if there are no matches.
String	chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine sslEngine) Chooses the first non-null server alias returned from the delegate X509ExtendedKeyManager, or null if there are no matches.
String	chooseServerAlias(String keyType, Principal[] issuers, Socket socket) Chooses the first non-null server alias returned from the delegate X509ExtendedKeyManager, or null if there are no matches.
X509Certificate[]	getCertificateChain(String alias) Returns the first non-null certificate chain associated with the given alias, or null if the alias can't be found.
String[]	getClientAliases(String keyType, Principal[] issuers) Get all matching aliases for authenticating the client side of a secure socket, or null if there are no matches.
List<X509ExtendedKeyManager>	getKeyManagers()
Map<String,List<URI>>	getPreferredClientAliasToHosts()
PrivateKey	getPrivateKey(String alias) Returns the first non-null private key associated with the given alias, or null if the alias can't be found.
String[]	getServerAliases(String keyType, Principal[] issuers) Get all matching aliases for authenticating the server side of a secure socket, or null if there are no matches.
int	size()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CompositeX509ExtendedKeyManager

public CompositeX509ExtendedKeyManager(List<? extends X509ExtendedKeyManager> keyManagers)

Creates a new CompositeX509ExtendedKeyManager.

Parameters:

keyManagers - the X509ExtendedKeyManager, ordered with the most-preferred managers first.

CompositeX509ExtendedKeyManager

public CompositeX509ExtendedKeyManager(List<? extends X509ExtendedKeyManager> keyManagers,
                                       Map<String,List<URI>> preferredClientAliasToHost)

Creates a new CompositeX509ExtendedKeyManager.

Parameters:

keyManagers - the X509ExtendedKeyManager, ordered with the most-preferred managers first.

preferredClientAliasToHost - the preferred client alias to be used for the given host

Method Detail

chooseClientAlias

public String chooseClientAlias(String[] keyType,
                                Principal[] issuers,
                                Socket socket)

Chooses the first non-null client alias returned from the delegate X509ExtendedKeyManager, or null if there are no matches.

chooseEngineClientAlias

public String chooseEngineClientAlias(String[] keyTypes,
                                      Principal[] issuers,
                                      SSLEngine sslEngine)

Chooses the first non-null client alias returned from the delegate X509ExtendedKeyManager, or null if there are no matches.

Overrides:

chooseEngineClientAlias in class X509ExtendedKeyManager

chooseServerAlias

public String chooseServerAlias(String keyType,
                                Principal[] issuers,
                                Socket socket)

Chooses the first non-null server alias returned from the delegate X509ExtendedKeyManager, or null if there are no matches.

chooseEngineServerAlias

public String chooseEngineServerAlias(String keyType,
                                      Principal[] issuers,
                                      SSLEngine sslEngine)

Chooses the first non-null server alias returned from the delegate X509ExtendedKeyManager, or null if there are no matches.

Overrides:

chooseEngineServerAlias in class X509ExtendedKeyManager

getPrivateKey

public PrivateKey getPrivateKey(String alias)

Returns the first non-null private key associated with the given alias, or null if the alias can't be found.

getCertificateChain

public X509Certificate[] getCertificateChain(String alias)

Returns the first non-null certificate chain associated with the given alias, or null if the alias can't be found.

getClientAliases

public String[] getClientAliases(String keyType,
                                 Principal[] issuers)

Get all matching aliases for authenticating the client side of a secure socket, or null if there are no matches.

getServerAliases

public String[] getServerAliases(String keyType,
                                 Principal[] issuers)

Get all matching aliases for authenticating the server side of a secure socket, or null if there are no matches.

size

public int size()

getKeyManagers

public List<X509ExtendedKeyManager> getKeyManagers()

getPreferredClientAliasToHosts

public Map<String,List<URI>> getPreferredClientAliasToHosts()