Package org.jboss.modcluster.mcmp.impl
Class JSSEKeyManager
- java.lang.Object
-
- org.jboss.modcluster.mcmp.impl.JSSEKeyManager
-
- All Implemented Interfaces:
KeyManager
,X509KeyManager
public final class JSSEKeyManager extends Object implements X509KeyManager
X509KeyManager which allows selection of a specific keypair and certificate chain (identified by their keystore alias name) to be used by the server to authenticate itself to SSL clients.- Author:
- Jan Luehe
-
-
Constructor Summary
Constructors Constructor Description JSSEKeyManager(X509KeyManager mgr, String serverKeyAlias)
Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description String
chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).String
chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
Returns this key manager's server key alias that was provided in the constructor.X509Certificate[]
getCertificateChain(String alias)
Returns the certificate chain associated with the given alias.String[]
getClientAliases(String keyType, Principal[] issuers)
Get the matching aliases for authenticating the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).PrivateKey
getPrivateKey(String alias)
Returns the key associated with the given alias.String[]
getServerAliases(String keyType, Principal[] issuers)
Get the matching aliases for authenticating the server side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
-
-
-
Constructor Detail
-
JSSEKeyManager
public JSSEKeyManager(X509KeyManager mgr, String serverKeyAlias)
Constructor.- Parameters:
mgr
- The X509KeyManager used as a delegateserverKeyAlias
- The alias name of the server's keypair and supporting certificate chain
-
-
Method Detail
-
chooseClientAlias
public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).- Specified by:
chooseClientAlias
in interfaceX509KeyManager
- Parameters:
keyType
- The key algorithm type name(s), ordered with the most-preferred key type firstissuers
- The list of acceptable CA issuer subject names, or null if it does not matter which issuers are usedsocket
- The socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use- Returns:
- The alias name for the desired key, or null if there are no matches
-
chooseServerAlias
public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
Returns this key manager's server key alias that was provided in the constructor.- Specified by:
chooseServerAlias
in interfaceX509KeyManager
- Parameters:
keyType
- The key algorithm type name (ignored)issuers
- The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used (ignored)socket
- The socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use (ignored)- Returns:
- Alias name for the desired key
-
getCertificateChain
public X509Certificate[] getCertificateChain(String alias)
Returns the certificate chain associated with the given alias.- Specified by:
getCertificateChain
in interfaceX509KeyManager
- Parameters:
alias
- The alias name- Returns:
- Certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the alias can't be found
-
getClientAliases
public String[] getClientAliases(String keyType, Principal[] issuers)
Get the matching aliases for authenticating the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).- Specified by:
getClientAliases
in interfaceX509KeyManager
- Parameters:
keyType
- The key algorithm type nameissuers
- The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used- Returns:
- Array of the matching alias names, or null if there were no matches
-
getServerAliases
public String[] getServerAliases(String keyType, Principal[] issuers)
Get the matching aliases for authenticating the server side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).- Specified by:
getServerAliases
in interfaceX509KeyManager
- Parameters:
keyType
- The key algorithm type nameissuers
- The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used- Returns:
- Array of the matching alias names, or null if there were no matches
-
getPrivateKey
public PrivateKey getPrivateKey(String alias)
Returns the key associated with the given alias.- Specified by:
getPrivateKey
in interfaceX509KeyManager
- Parameters:
alias
- The alias name- Returns:
- The requested key, or null if the alias can't be found
-
-