Package org.jboss.modcluster.mcmp.impl

Class JSSEKeyManager

java.lang.Object

org.jboss.modcluster.mcmp.impl.JSSEKeyManager

All Implemented Interfaces:

KeyManager, X509KeyManager

public final class JSSEKeyManager
extends Object
implements X509KeyManager

X509KeyManager which allows selection of a specific keypair and certificate chain (identified by their keystore alias name) to be used by the server to authenticate itself to SSL clients.

Author:

Jan Luehe

Constructor Summary

Constructors

Constructor	Description
JSSEKeyManager(X509KeyManager mgr, String serverKeyAlias)	Constructor.

Method Summary

Modifier and Type	Method	Description
String	chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)	Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
String	chooseServerAlias(String keyType, Principal[] issuers, Socket socket)	Returns this key manager's server key alias that was provided in the constructor.
X509Certificate[]	getCertificateChain(String alias)	Returns the certificate chain associated with the given alias.
String[]	getClientAliases(String keyType, Principal[] issuers)	Get the matching aliases for authenticating the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
PrivateKey	getPrivateKey(String alias)	Returns the key associated with the given alias.
String[]	getServerAliases(String keyType, Principal[] issuers)	Get the matching aliases for authenticating the server side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JSSEKeyManager

public JSSEKeyManager(X509KeyManager mgr,
                      String serverKeyAlias)

Constructor.

Parameters:

mgr - The X509KeyManager used as a delegate

serverKeyAlias - The alias name of the server's keypair and supporting certificate chain

Method Detail

chooseClientAlias

public String chooseClientAlias(String[] keyType,
                                Principal[] issuers,
                                Socket socket)

Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Specified by:

chooseClientAlias in interface X509KeyManager

Parameters:

keyType - The key algorithm type name(s), ordered with the most-preferred key type first

issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used

socket - The socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use

Returns:

The alias name for the desired key, or null if there are no matches

chooseServerAlias

public String chooseServerAlias(String keyType,
                                Principal[] issuers,
                                Socket socket)

Returns this key manager's server key alias that was provided in the constructor.

Specified by:

chooseServerAlias in interface X509KeyManager

Parameters:

keyType - The key algorithm type name (ignored)

issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used (ignored)

socket - The socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use (ignored)

Returns:

Alias name for the desired key

getCertificateChain

public X509Certificate[] getCertificateChain(String alias)

Returns the certificate chain associated with the given alias.

Specified by:

getCertificateChain in interface X509KeyManager

Parameters:

alias - The alias name

Returns:

Certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the alias can't be found

getClientAliases

public String[] getClientAliases(String keyType,
                                 Principal[] issuers)

Get the matching aliases for authenticating the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Specified by:

getClientAliases in interface X509KeyManager

Parameters:

keyType - The key algorithm type name

issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used

Returns:

Array of the matching alias names, or null if there were no matches

getServerAliases

public String[] getServerAliases(String keyType,
                                 Principal[] issuers)

Get the matching aliases for authenticating the server side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Specified by:

getServerAliases in interface X509KeyManager

Parameters:

keyType - The key algorithm type name

issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used

Returns:

Array of the matching alias names, or null if there were no matches

getPrivateKey

public PrivateKey getPrivateKey(String alias)

Returns the key associated with the given alias.

Specified by:

getPrivateKey in interface X509KeyManager

Parameters:

alias - The alias name

Returns:

The requested key, or null if the alias can't be found