Package org.glassfish.grizzly.config.ssl

Class JSSEKeyManager

  • All Implemented Interfaces:
    KeyManager, X509KeyManager
    public final class JSSEKeyManager
extends X509ExtendedKeyManager
    X509KeyManager which allows selection of a specific keypair and certificate chain (identified by their keystore alias name) to be used by the server to authenticate itself to SSL clients.
    Author:
    Jan Luehe

    • Constructor Detail

      • JSSEKeyManager

        public JSSEKeyManager​(X509KeyManager mgr,
                      String serverKeyAlias)
        Constructor.
        Parameters:
        mgr - The X509KeyManager used as a delegate
        serverKeyAlias - The alias name of the server's key pair and supporting certificate chain

    • Method Detail

      • chooseEngineClientAlias

        public String chooseEngineClientAlias​(String[] keyType,
                                      Principal[] issuers,
                                      SSLEngine engine)
        Choose an alias to authenticate the client side of an SSLEngine connection given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
        Overrides:
        chooseEngineClientAlias in class X509ExtendedKeyManager
        Returns:
        The alias name for the desired key, or null if there are no matches

      • chooseEngineServerAlias

        public String chooseEngineServerAlias​(String keyType,
                                      Principal[] issuers,
                                      SSLEngine engine)
        Choose an alias to authenticate the server side of an SSLEngine connection given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
        Overrides:
        chooseEngineServerAlias in class X509ExtendedKeyManager
        Returns:
        Alias name for the desired key

      • chooseClientAlias

        public String chooseClientAlias​(String[] keyType,
                                Principal[] issuers,
                                Socket socket)
        Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
        Parameters:
        keyType - The key algorithm type name(s), ordered with the most-preferred key type first
        issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
        socket - The socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use
        Returns:
        The alias name for the desired key, or null if there are no matches

      • chooseServerAlias

        public String chooseServerAlias​(String keyType,
                                Principal[] issuers,
                                Socket socket)
        Returns this key manager's server key alias that was provided in the constructor.
        Parameters:
        keyType - The key algorithm type name (ignored)
        issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used (ignored)
        socket - The socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use (ignored)
        Returns:
        Alias name for the desired key

      • getCertificateChain

        public X509Certificate[] getCertificateChain​(String alias)
        Returns the certificate chain associated with the given alias.
        Parameters:
        alias - The alias name
        Returns:
        Certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the alias can't be found

      • getClientAliases

        public String[] getClientAliases​(String keyType,
                                 Principal[] issuers)
        Get the matching aliases for authenticating the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
        Parameters:
        keyType - The key algorithm type name
        issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
        Returns:
        Array of the matching alias names, or null if there were no matches

      • getServerAliases

        public String[] getServerAliases​(String keyType,
                                 Principal[] issuers)
        Get the matching aliases for authenticating the server side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
        Parameters:
        keyType - The key algorithm type name
        issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
        Returns:
        Array of the matching alias names, or null if there were no matches

      • getPrivateKey

        public PrivateKey getPrivateKey​(String alias)
        Returns the key associated with the given alias.
        Parameters:
        alias - The alias name
        Returns:
        The requested key, or null if the alias can't be found