JSSEKeyManager (Apache Tomcat 6.0.53 API Documentation)

Overview

Package

Class

Tree

Deprecated

Index

Help

Apache Tomcat 6.0.53

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.tomcat.util.net.jsse
Class JSSEKeyManager

java.lang.Object
  org.apache.tomcat.util.net.jsse.JSSEKeyManager

All Implemented Interfaces:: javax.net.ssl.KeyManager, javax.net.ssl.X509KeyManager

public final class JSSEKeyManager
extends java.lang.Object
implements javax.net.ssl.X509KeyManager
extends java.lang.Object
implements javax.net.ssl.X509KeyManager

X509KeyManager which allows selection of a specific keypair and certificate chain (identified by their keystore alias name) to be used by the server to authenticate itself to SSL clients.

Author:: Jan Luehe

Constructor Summary
`JSSEKeyManager(javax.net.ssl.X509KeyManager mgr, java.lang.String serverKeyAlias)` Constructor.

Method Summary
`java.lang.String`	`chooseClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)` Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
`java.lang.String`	`chooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)` Returns this key manager's server key alias that was provided in the constructor.
`java.security.cert.X509Certificate[]`	`getCertificateChain(java.lang.String alias)` Returns the certificate chain associated with the given alias.
`java.lang.String[]`	`getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)` Get the matching aliases for authenticating the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
`java.security.PrivateKey`	`getPrivateKey(java.lang.String alias)` Returns the key associated with the given alias.
`java.lang.String[]`	`getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)` Get the matching aliases for authenticating the server side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

JSSEKeyManager

public JSSEKeyManager(javax.net.ssl.X509KeyManager mgr,
                      java.lang.String serverKeyAlias)

Constructor.

Parameters:: mgr - The X509KeyManager used as a delegate; serverKeyAlias - The alias name of the server's keypair and supporting certificate chain

Method Detail

chooseClientAlias

public java.lang.String chooseClientAlias(java.lang.String[] keyType,
                                          java.security.Principal[] issuers,
                                          java.net.Socket socket)

Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Specified by:: chooseClientAlias in interface javax.net.ssl.X509KeyManager

Parameters:: keyType - The key algorithm type name(s), ordered with the most-preferred key type first; issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used; socket - The socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use
Returns:: The alias name for the desired key, or null if there are no matches

chooseServerAlias

public java.lang.String chooseServerAlias(java.lang.String keyType,
                                          java.security.Principal[] issuers,
                                          java.net.Socket socket)

Returns this key manager's server key alias that was provided in the constructor.

Specified by:: chooseServerAlias in interface javax.net.ssl.X509KeyManager

Parameters:: keyType - The key algorithm type name (ignored); issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used (ignored); socket - The socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use (ignored)
Returns:: Alias name for the desired key

getCertificateChain

public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias)

Returns the certificate chain associated with the given alias.

Specified by:: getCertificateChain in interface javax.net.ssl.X509KeyManager

Parameters:: alias - The alias name
Returns:: Certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the alias can't be found

getClientAliases

public java.lang.String[] getClientAliases(java.lang.String keyType,
                                           java.security.Principal[] issuers)

Get the matching aliases for authenticating the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Specified by:: getClientAliases in interface javax.net.ssl.X509KeyManager

Parameters:: keyType - The key algorithm type name; issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
Returns:: Array of the matching alias names, or null if there were no matches

getServerAliases

public java.lang.String[] getServerAliases(java.lang.String keyType,
                                           java.security.Principal[] issuers)

Get the matching aliases for authenticating the server side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Specified by:: getServerAliases in interface javax.net.ssl.X509KeyManager

Parameters:: keyType - The key algorithm type name; issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
Returns:: Array of the matching alias names, or null if there were no matches

getPrivateKey

public java.security.PrivateKey getPrivateKey(java.lang.String alias)

Returns the key associated with the given alias.

Specified by:: getPrivateKey in interface javax.net.ssl.X509KeyManager

Parameters:: alias - The alias name
Returns:: The requested key, or null if the alias can't be found