java.lang.Object
- javax.net.ssl.X509ExtendedKeyManager
- - org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager

All Implemented Interfaces:

KeyManager, X509KeyManager
```
@Deprecated(since="2021-05-27")
public class SniX509ExtendedKeyManager
extends X509ExtendedKeyManager
```
Deprecated.
The Eclipse Jetty and Apache Felix Http Jetty packages are no longer supported.

A X509ExtendedKeyManager that selects a key with an alias retrieved from SNI information, delegating other processing to a nested X509ExtendedKeyManager.

Can only be used on server side.

Nested Class Summary

Nested Classes
Modifier and Type	Class	Description
`static interface`	`SniX509ExtendedKeyManager.SniSelector`	Deprecated. The Eclipse Jetty and Apache Felix Http Jetty packages are no longer supported.

Field Summary

Fields
Modifier and Type Field Description

static String SNI_X509
Deprecated.

Constructor Summary

Constructors
Constructor	Description
`SniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager)`	Deprecated. not supported, you must have a `SslContextFactory.Server` for this to work.
`SniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager, SslContextFactory.Server sslContextFactory)`	Deprecated.

Method Summary

All Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method	Description
`String`	`chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)`	Deprecated.
`String`	`chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine)`	Deprecated.
`String`	`chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine)`	Deprecated.
`String`	`chooseServerAlias(String keyType, Principal[] issuers, Socket socket)`	Deprecated.
`UnaryOperator<String>`	`getAliasMapper()`	Deprecated.
`X509Certificate[]`	`getCertificateChain(String alias)`	Deprecated.
`String[]`	`getClientAliases(String keyType, Principal[] issuers)`	Deprecated.
`PrivateKey`	`getPrivateKey(String alias)`	Deprecated.
`String[]`	`getServerAliases(String keyType, Principal[] issuers)`	Deprecated.
`void`	`setAliasMapper(UnaryOperator<String> aliasMapper)`	Deprecated. Sets a function that transforms the alias into a possibly different alias, invoked when the SNI logic must choose the alias to pick the right certificate.

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail
- SNI_X509
```
public static final String SNI_X509
```
  Deprecated.
  
  See Also:
  
  Constant Field Values

Constructor Detail

SniX509ExtendedKeyManager
```
@Deprecated
public SniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager)
```
Deprecated.
not supported, you must have a SslContextFactory.Server for this to work.

SniX509ExtendedKeyManager

public SniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager,
                                 SslContextFactory.Server sslContextFactory)

Deprecated.

Method Detail

getAliasMapper
```
public UnaryOperator<String> getAliasMapper()
```
Deprecated.

Returns:

the function that transforms the alias

See Also:

setAliasMapper(UnaryOperator)

setAliasMapper
```
public void setAliasMapper(UnaryOperator<String> aliasMapper)
```
Deprecated.

Sets a function that transforms the alias into a possibly different alias, invoked when the SNI logic must choose the alias to pick the right certificate.

This function is required when using the PKIX KeyManagerFactory algorithm which suffers from bug https://bugs.openjdk.java.net/browse/JDK-8246262, where aliases are returned by the OpenJDK implementation to the application in the form N.0.alias where N is an always increasing number. Such mangled aliases won't match the aliases in the keystore, so that for example SNI matching will always fail.

Other implementations such as BouncyCastle have been reported to mangle the alias in a different way, namely 0.alias.N.

This function allows to "unmangle" the alias from the implementation specific mangling back to just alias so that SNI matching will work again.

Parameters:

aliasMapper - the function that transforms the alias

chooseClientAlias

public String chooseClientAlias(String[] keyType,
                                Principal[] issuers,
                                Socket socket)

Deprecated.

chooseEngineClientAlias

public String chooseEngineClientAlias(String[] keyType,
                                      Principal[] issuers,
                                      SSLEngine engine)

Deprecated.

Overrides:: chooseEngineClientAlias in class X509ExtendedKeyManager

chooseServerAlias

public String chooseServerAlias(String keyType,
                                Principal[] issuers,
                                Socket socket)

Deprecated.

chooseEngineServerAlias

public String chooseEngineServerAlias(String keyType,
                                      Principal[] issuers,
                                      SSLEngine engine)

Deprecated.

Overrides:: chooseEngineServerAlias in class X509ExtendedKeyManager

getCertificateChain

public X509Certificate[] getCertificateChain(String alias)

Deprecated.

getClientAliases

public String[] getClientAliases(String keyType,
                                 Principal[] issuers)

Deprecated.

getPrivateKey

public PrivateKey getPrivateKey(String alias)

Deprecated.

getServerAliases

public String[] getServerAliases(String keyType,
                                 Principal[] issuers)

Deprecated.

Class SniX509ExtendedKeyManager

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

SNI_X509

Constructor Detail

SniX509ExtendedKeyManager

SniX509ExtendedKeyManager

Method Detail

getAliasMapper

setAliasMapper

chooseClientAlias

chooseEngineClientAlias

chooseServerAlias

chooseEngineServerAlias

getCertificateChain

getClientAliases

getPrivateKey

getServerAliases