Package org.jboss.modcluster.mcmp.impl

Class JSSEKeyManager

java.lang.Object
org.jboss.modcluster.mcmp.impl.JSSEKeyManager
All Implemented Interfaces:
KeyManager, X509KeyManager
public final class JSSEKeyManager extends Object implements X509KeyManager
X509KeyManager which allows selection of a specific keypair and certificate chain (identified by their keystore alias name) to be used by the server to authenticate itself to SSL clients.
Author:
Jan Luehe

  • Constructor Details

    • JSSEKeyManager

      public JSSEKeyManager(X509KeyManager mgr, String serverKeyAlias)
      Constructor.
      Parameters:
      mgr - The X509KeyManager used as a delegate
      serverKeyAlias - The alias name of the server's keypair and supporting certificate chain

  • Method Details

    • chooseClientAlias

      public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
      Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
      Specified by:
      chooseClientAlias in interface X509KeyManager
      Parameters:
      keyType - The key algorithm type name(s), ordered with the most-preferred key type first
      issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
      socket - The socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use
      Returns:
      The alias name for the desired key, or null if there are no matches

    • chooseServerAlias

      public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
      Returns this key manager's server key alias that was provided in the constructor.
      Specified by:
      chooseServerAlias in interface X509KeyManager
      Parameters:
      keyType - The key algorithm type name (ignored)
      issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used (ignored)
      socket - The socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use (ignored)
      Returns:
      Alias name for the desired key

    • getCertificateChain

      public X509Certificate[] getCertificateChain(String alias)
      Returns the certificate chain associated with the given alias.
      Specified by:
      getCertificateChain in interface X509KeyManager
      Parameters:
      alias - The alias name
      Returns:
      Certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the alias can't be found

    • getClientAliases

      public String[] getClientAliases(String keyType, Principal[] issuers)
      Get the matching aliases for authenticating the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
      Specified by:
      getClientAliases in interface X509KeyManager
      Parameters:
      keyType - The key algorithm type name
      issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
      Returns:
      Array of the matching alias names, or null if there were no matches

    • getServerAliases

      public String[] getServerAliases(String keyType, Principal[] issuers)
      Get the matching aliases for authenticating the server side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
      Specified by:
      getServerAliases in interface X509KeyManager
      Parameters:
      keyType - The key algorithm type name
      issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
      Returns:
      Array of the matching alias names, or null if there were no matches

    • getPrivateKey

      public PrivateKey getPrivateKey(String alias)
      Returns the key associated with the given alias.
      Specified by:
      getPrivateKey in interface X509KeyManager
      Parameters:
      alias - The alias name
      Returns:
      The requested key, or null if the alias can't be found