com.unboundid.util.ssl
Class WrapperKeyManager

java.lang.Object
  extended by javax.net.ssl.X509ExtendedKeyManager
      extended by com.unboundid.util.ssl.WrapperKeyManager
All Implemented Interfaces:
javax.net.ssl.KeyManager, javax.net.ssl.X509KeyManager
Direct Known Subclasses:
KeyStoreKeyManager, PKCS11KeyManager

@NotExtensible
@ThreadSafety(level=INTERFACE_THREADSAFE)
public abstract class WrapperKeyManager
extends javax.net.ssl.X509ExtendedKeyManager

This class provides an SSL key manager that may be used to wrap a provided set of key managers. It provides the ability to select the desired certificate based on a given nickname.


Constructor Summary
protected WrapperKeyManager(javax.net.ssl.KeyManager[] keyManagers, java.lang.String certificateAlias)
          Creates a new instance of this wrapper key manager with the provided information.
protected WrapperKeyManager(javax.net.ssl.X509KeyManager[] keyManagers, java.lang.String certificateAlias)
          Creates a new instance of this wrapper key manager with the provided information.
 
Method Summary
 java.lang.String chooseClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)
          Retrieves the nickname of the certificate that a client should use to authenticate to a server.
 java.lang.String chooseEngineClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
          Retrieves the nickname of the certificate that a client should use to authenticate to a server.
 java.lang.String chooseEngineServerAlias(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
          Retrieves the nickname of the certificate that a server should use to authenticate to a client.
 java.lang.String chooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)
          Retrieves the nickname of the certificate that a server should use to authenticate to a client.
 java.lang.String getCertificateAlias()
          Retrieves the nickname of the certificate that should be selected.
 java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias)
          Retrieves the certificate chain for the certificate with the given nickname.
 java.lang.String[] getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)
          Retrieves the nicknames of the client certificates of the specified type contained in the key store.
 java.security.PrivateKey getPrivateKey(java.lang.String alias)
          Retrieves the private key for the specified certificate.
 java.lang.String[] getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)
          Retrieves the nicknames of the server certificates of the specified type contained in the key store.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

WrapperKeyManager

protected WrapperKeyManager(javax.net.ssl.KeyManager[] keyManagers,
                            java.lang.String certificateAlias)
Creates a new instance of this wrapper key manager with the provided information.

Parameters:
keyManagers - The set of key managers to be wrapped. It must not be null or empty, and it must contain only X509KeyManager instances.
certificateAlias - The nickname of the certificate that should be selected. It may be null if any acceptable certificate found may be used.

WrapperKeyManager

protected WrapperKeyManager(javax.net.ssl.X509KeyManager[] keyManagers,
                            java.lang.String certificateAlias)
Creates a new instance of this wrapper key manager with the provided information.

Parameters:
keyManagers - The set of key managers to be wrapped. It must not be null or empty.
certificateAlias - The nickname of the certificate that should be selected. It may be null if any acceptable certificate found may be used.
Method Detail

getCertificateAlias

public java.lang.String getCertificateAlias()
Retrieves the nickname of the certificate that should be selected.

Returns:
The nickname of the certificate that should be selected, or null if any acceptable certificate found in the key store may be used.

getClientAliases

public final java.lang.String[] getClientAliases(java.lang.String keyType,
                                                 java.security.Principal[] issuers)
Retrieves the nicknames of the client certificates of the specified type contained in the key store.

Parameters:
keyType - The key algorithm name for which to retrieve the available certificate nicknames.
issuers - The list of acceptable issuer certificate subjects. It may be null if any issuer may be used.
Returns:
The nicknames of the client certificates, or null if none were found in the key store.

chooseClientAlias

public final java.lang.String chooseClientAlias(java.lang.String[] keyType,
                                                java.security.Principal[] issuers,
                                                java.net.Socket socket)
Retrieves the nickname of the certificate that a client should use to authenticate to a server.

Parameters:
keyType - The list of key algorithm names that may be used.
issuers - The list of acceptable issuer certificate subjects. It may be null if any issuer may be used.
socket - The socket to be used. It may be null if the certificate may be for any socket.
Returns:
The nickname of the certificate to use, or null if no appropriate certificate is found.

chooseEngineClientAlias

public final java.lang.String chooseEngineClientAlias(java.lang.String[] keyType,
                                                      java.security.Principal[] issuers,
                                                      javax.net.ssl.SSLEngine engine)
Retrieves the nickname of the certificate that a client should use to authenticate to a server.

Overrides:
chooseEngineClientAlias in class javax.net.ssl.X509ExtendedKeyManager
Parameters:
keyType - The list of key algorithm names that may be used.
issuers - The list of acceptable issuer certificate subjects. It may be null if any issuer may be used.
engine - The SSL engine to be used. It may be null if the certificate may be for any engine.
Returns:
The nickname of the certificate to use, or null if no appropriate certificate is found.

getServerAliases

public final java.lang.String[] getServerAliases(java.lang.String keyType,
                                                 java.security.Principal[] issuers)
Retrieves the nicknames of the server certificates of the specified type contained in the key store.

Parameters:
keyType - The key algorithm name for which to retrieve the available certificate nicknames.
issuers - The list of acceptable issuer certificate subjects. It may be null if any issuer may be used.
Returns:
The nicknames of the server certificates, or null if none were found in the key store.

chooseServerAlias

public final java.lang.String chooseServerAlias(java.lang.String keyType,
                                                java.security.Principal[] issuers,
                                                java.net.Socket socket)
Retrieves the nickname of the certificate that a server should use to authenticate to a client.

Parameters:
keyType - The key algorithm name that may be used.
issuers - The list of acceptable issuer certificate subjects. It may be null if any issuer may be used.
socket - The socket to be used. It may be null if the certificate may be for any socket.
Returns:
The nickname of the certificate to use, or null if no appropriate certificate is found.

chooseEngineServerAlias

public final java.lang.String chooseEngineServerAlias(java.lang.String keyType,
                                                      java.security.Principal[] issuers,
                                                      javax.net.ssl.SSLEngine engine)
Retrieves the nickname of the certificate that a server should use to authenticate to a client.

Overrides:
chooseEngineServerAlias in class javax.net.ssl.X509ExtendedKeyManager
Parameters:
keyType - The key algorithm name that may be used.
issuers - The list of acceptable issuer certificate subjects. It may be null if any issuer may be used.
engine - The SSL engine to be used. It may be null if the certificate may be for any engine.
Returns:
The nickname of the certificate to use, or null if no appropriate certificate is found.

getCertificateChain

public final java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias)
Retrieves the certificate chain for the certificate with the given nickname.

Parameters:
alias - The nickname of the certificate for which to retrieve the certificate chain.
Returns:
The certificate chain for the certificate with the given nickname, or null if the requested certificate cannot be found.

getPrivateKey

public final java.security.PrivateKey getPrivateKey(java.lang.String alias)
Retrieves the private key for the specified certificate.

Parameters:
alias - The nickname of the certificate for which to retrieve the private key.
Returns:
The private key for the requested certificate, or null if the requested certificate cannot be found.