JSSEKeyManager (Apache Tomcat 8.0.53 API Documentation)

java.lang.Object
- javax.net.ssl.X509ExtendedKeyManager
- - org.apache.tomcat.util.net.jsse.JSSEKeyManager

All Implemented Interfaces:

javax.net.ssl.KeyManager, javax.net.ssl.X509KeyManager
```
public final class JSSEKeyManager
extends javax.net.ssl.X509ExtendedKeyManager
```
X509KeyManager which allows selection of a specific keypair and certificate chain (identified by their keystore alias name) to be used by the server to authenticate itself to SSL clients.

Author:

Jan Luehe

Constructor Summary

Constructors
Constructor and Description

JSSEKeyManager(javax.net.ssl.X509KeyManager mgr, java.lang.String serverKeyAlias)
Constructor.

Constructors
Constructor and Description
`JSSEKeyManager(javax.net.ssl.X509KeyManager mgr, java.lang.String serverKeyAlias)` Constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`java.lang.String`	`chooseClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)` Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
`java.lang.String`	`chooseEngineClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)` Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
`java.lang.String`	`chooseEngineServerAlias(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)` Returns this key manager's server key alias that was provided in the constructor.
`java.lang.String`	`chooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)` Returns this key manager's server key alias that was provided in the constructor.
`java.security.cert.X509Certificate[]`	`getCertificateChain(java.lang.String alias)` Returns the certificate chain associated with the given alias.
`java.lang.String[]`	`getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)` Get the matching aliases for authenticating the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
`java.security.PrivateKey`	`getPrivateKey(java.lang.String alias)` Returns the key associated with the given alias.
`java.lang.String[]`	`getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)` Get the matching aliases for authenticating the server side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - JSSEKeyManager
```
public JSSEKeyManager(javax.net.ssl.X509KeyManager mgr,
              java.lang.String serverKeyAlias)
```
    Constructor.
    
    Parameters:
    mgr - The X509KeyManager used as a delegate
    serverKeyAlias - The alias name of the server's keypair and supporting certificate chain
- Method Detail
  - chooseClientAlias
```
public java.lang.String chooseClientAlias(java.lang.String[] keyType,
                                 java.security.Principal[] issuers,
                                 java.net.Socket socket)
```
    Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
    
    Parameters:
    keyType - The key algorithm type name(s), ordered with the most-preferred key type first
    issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
    socket - The socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use
    
    Returns:
    The alias name for the desired key, or null if there are no matches
  - chooseServerAlias
```
public java.lang.String chooseServerAlias(java.lang.String keyType,
                                 java.security.Principal[] issuers,
                                 java.net.Socket socket)
```
    Returns this key manager's server key alias that was provided in the constructor.
    
    Parameters:
    keyType - Ignored
    issuers - Ignored
    socket - Ignored
    
    Returns:
    Alias name for the desired key
  - getCertificateChain
```
public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias)
```
    Returns the certificate chain associated with the given alias.
    
    Parameters:
    alias - The alias name
    
    Returns:
    Certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the alias can't be found
  - getClientAliases
```
public java.lang.String[] getClientAliases(java.lang.String keyType,
                                  java.security.Principal[] issuers)
```
    Get the matching aliases for authenticating the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
    
    Parameters:
    keyType - The key algorithm type name
    issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
    
    Returns:
    Array of the matching alias names, or null if there were no matches
  - getServerAliases
```
public java.lang.String[] getServerAliases(java.lang.String keyType,
                                  java.security.Principal[] issuers)
```
    Get the matching aliases for authenticating the server side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
    
    Parameters:
    keyType - The key algorithm type name
    issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
    
    Returns:
    Array of the matching alias names, or null if there were no matches
  - getPrivateKey
```
public java.security.PrivateKey getPrivateKey(java.lang.String alias)
```
    Returns the key associated with the given alias.
    
    Parameters:
    alias - The alias name
    
    Returns:
    The requested key, or null if the alias can't be found
  - chooseEngineClientAlias
```
public java.lang.String chooseEngineClientAlias(java.lang.String[] keyType,
                                       java.security.Principal[] issuers,
                                       javax.net.ssl.SSLEngine engine)
```
    Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
    
    Overrides:
    
    chooseEngineClientAlias in class javax.net.ssl.X509ExtendedKeyManager
    
    Parameters:
    keyType - The key algorithm type name(s), ordered with the most-preferred key type first
    issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
    engine - Ignored
    
    Returns:
    The alias name for the desired key, or null if there are no matches
  - chooseEngineServerAlias
```
public java.lang.String chooseEngineServerAlias(java.lang.String keyType,
                                       java.security.Principal[] issuers,
                                       javax.net.ssl.SSLEngine engine)
```
    Returns this key manager's server key alias that was provided in the constructor.
    
    Overrides:
    
    chooseEngineServerAlias in class javax.net.ssl.X509ExtendedKeyManager
    
    Parameters:
    keyType - Ignored
    issuers - Ignored
    engine - Ignored
    
    Returns:
    Alias name for the desired key

Class JSSEKeyManager

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

JSSEKeyManager

Method Detail

chooseClientAlias

chooseServerAlias

getCertificateChain

getClientAliases

getServerAliases

getPrivateKey

chooseEngineClientAlias

chooseEngineServerAlias