@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class PEMFileKeyManager extends java.lang.Object implements javax.net.ssl.X509KeyManager, java.io.Serializable
Constructor and Description |
---|
PEMFileKeyManager(java.io.File[] certificateChainPEMFiles,
java.io.File privateKeyPEMFile)
Creates a new instance of this key manager with the provided PEM files.
|
PEMFileKeyManager(java.io.File certificateChainPEMFile,
java.io.File privateKeyPEMFile)
Creates a new instance of this key manager with the provided PEM files.
|
PEMFileKeyManager(java.util.List<java.io.File> certificateChainPEMFiles,
java.io.File privateKeyPEMFile)
Creates a new instance of this key manager with the provided PEM files.
|
Modifier and Type | Method and Description |
---|---|
java.lang.String |
chooseAlias(java.lang.String[] keyTypes,
java.security.Principal[] issuers)
Chooses the alias that should be used for the preferred certificate chain
with the requested settings.
|
java.lang.String |
chooseClientAlias(java.lang.String[] keyTypes,
java.security.Principal[] issuers,
java.net.Socket socket)
Chooses the alias that should be used for the preferred client certificate
chain with the requested settings.
|
java.lang.String |
chooseServerAlias(java.lang.String keyType,
java.security.Principal[] issuers,
java.net.Socket socket)
Chooses the alias that should be used for the preferred server certificate
chain with the requested settings.
|
java.security.cert.X509Certificate[] |
getCertificateChain(java.lang.String alias)
Retrieves the certificate chain with the specified alias.
|
java.lang.String[] |
getClientAliases(java.lang.String keyType,
java.security.Principal[] issuers)
Retrieves the aliases that may be used for a client certificate chain with
the requested settings.
|
java.security.PrivateKey |
getPrivateKey(java.lang.String alias)
Retrieves the private key for the certificate chain with the specified
alias.
|
java.lang.String[] |
getServerAliases(java.lang.String keyType,
java.security.Principal[] issuers)
Retrieves the aliases that may be used for a server certificate chain with
the requested settings.
|
public PEMFileKeyManager(@NotNull java.io.File certificateChainPEMFile, @NotNull java.io.File privateKeyPEMFile) throws java.security.KeyStoreException
certificateChainPEMFile
- The file containing the PEM-formatted
X.509 representations of the certificates
in the certificate chain. This must not
be null
, the file must exist, and
it must contain at least one certificate
(the end entity certificate), but may
contain additional certificates as needed
for the complete certificate chain.
Certificates should be ordered such that
the first certificate must be the end
entity certificate, and each subsequent
certificate must be the issuer for the
previous certificate. The chain does not
need to be complete as long as the peer
may be expected to have prior knowledge of
any missing issuer certificates.privateKeyPEMFile
- The file containing the PEM-formatted
PKCS #8 representation of the private key
for the end entity certificate. This must
not be null
, the file must exist,
and it must contain exactly one
PEM-encoded private key.java.security.KeyStoreException
- If there is a problem with any of the provided
PEM files.public PEMFileKeyManager(@NotNull java.io.File[] certificateChainPEMFiles, @NotNull java.io.File privateKeyPEMFile) throws java.security.KeyStoreException
certificateChainPEMFiles
- The files containing the PEM-formatted
X.509 representations of the certificates
in the certificate chain. This must not
be null
or empty. Each file must
exist and must contain at least one
certificate. The files will be processed
in the order in which they are provided.
The first certificate in the first file
must be the end entity certificate, and
each subsequent certificate must be the
issuer for the previous certificate. The
chain does not need to be complete as
long as the peer may be expected to have
prior knowledge of any missing issuer
certificates.privateKeyPEMFile
- The file containing the PEM-formatted
PKCS #8 representation of the private key
for the end entity certificate. This
must not be null
, the file must
exist, and it must contain exactly one
PEM-encoded private key.java.security.KeyStoreException
- If there is a problem with any of the provided
PEM files.public PEMFileKeyManager(@NotNull java.util.List<java.io.File> certificateChainPEMFiles, @NotNull java.io.File privateKeyPEMFile) throws java.security.KeyStoreException
certificateChainPEMFiles
- The files containing the PEM-formatted
X.509 representations of the certificates
in the certificate chain. This must not
be null
or empty. Each file must
exist and must contain at least one
certificate. The files will be processed
in the order in which they are provided.
The first certificate in the first file
must be the end entity certificate, and
each subsequent certificate must be the
issuer for the previous certificate. The
chain does not need to be complete as
long as the peer may be expected to have
prior knowledge of any missing issuer
certificates.privateKeyPEMFile
- The file containing the PEM-formatted
PKCS #8 representation of the private key
for the end entity certificate. This
must not be null
, the file must
exist, and it must contain exactly one
PEM-encoded private key.java.security.KeyStoreException
- If there is a problem with any of the provided
PEM files.@Nullable public java.lang.String[] getClientAliases(@Nullable java.lang.String keyType, @Nullable java.security.Principal[] issuers)
getClientAliases
in interface javax.net.ssl.X509KeyManager
keyType
- The key type for the alias to retrieve. It may be
null
if any key type may be used.issuers
- The set of allowed issuers for the aliases to retrieve.
It may be null
if any issuers should be allowed.null
if the
certificate chain does not match the requested criteria.@Nullable public java.lang.String[] getServerAliases(@Nullable java.lang.String keyType, @Nullable java.security.Principal[] issuers)
getServerAliases
in interface javax.net.ssl.X509KeyManager
keyType
- The key type for the alias to retrieve. It may be
null
if any key type may be used.issuers
- The set of allowed issuers for the aliases to retrieve.
It may be null
if any issuers should be allowed.null
if the
certificate chain does not match the requested criteria.@Nullable public java.lang.String chooseClientAlias(@Nullable java.lang.String[] keyTypes, @Nullable java.security.Principal[] issuers, @Nullable java.net.Socket socket)
chooseClientAlias
in interface javax.net.ssl.X509KeyManager
keyTypes
- The set of allowed key types for the alias to retrieve.
It may be null
if any key type may be used.issuers
- The set of allowed issuers for the alias to retrieve. It
may be null
if any issuers should be allowed.socket
- The socket with which the certificate chain will be used.
It may be null
if no socket should be taken into
consideration.null
if there is no
applicable alias.@Nullable public java.lang.String chooseServerAlias(@Nullable java.lang.String keyType, @Nullable java.security.Principal[] issuers, @Nullable java.net.Socket socket)
chooseServerAlias
in interface javax.net.ssl.X509KeyManager
keyType
- The key type for the alias to retrieve. It may be
null
if any key type may be u sed.issuers
- The set of allowed issuers for the alias to retrieve. It
may be null
if any issuers should be allowed.socket
- The socket with which the certificate chain will be used.
It may be null
if no socket should be taken into
consideration.null
if there is no
applicable alias.@Nullable public java.lang.String chooseAlias(@Nullable java.lang.String[] keyTypes, @Nullable java.security.Principal[] issuers)
keyTypes
- The set of allowed key types for the alias to retrieve.
It may be null
if any key type may be used.issuers
- The set of allowed issuers for the alias to retrieve. It
may be null
if any issuers should be allowed.null
if there is no
applicable alias.@NotNull public java.security.cert.X509Certificate[] getCertificateChain(@Nullable java.lang.String alias)
null
.getCertificateChain
in interface javax.net.ssl.X509KeyManager
alias
- The alias for the certificate chain to retrieve.@NotNull public java.security.PrivateKey getPrivateKey(@Nullable java.lang.String alias)
null
.getPrivateKey
in interface javax.net.ssl.X509KeyManager
alias
- The alias for the private key to retrieve.