Package com.sun.identity.liberty.ws.soapbinding

Class WSX509KeyManager

  • All Implemented Interfaces:
    KeyManager, X509KeyManager
    public class WSX509KeyManager
extends Object
implements X509KeyManager
    The WSX509KeyManager class implements JSSE X509KeyManager interface. This implementation is the same as JSSE default implementation exception it will supply user-specified client certificate alias when client authentication is on.

    • Constructor Detail

      • WSX509KeyManager

        public WSX509KeyManager​(X509KeyManager defaultX509KeyManager,
                        String certAlias)
        Constructor.
        Parameters:
        defaultX509KeyManager - a JSSE default implementation
        certAlias - the client certificate alias

    • Method Detail

      • chooseClientAlias

        public String chooseClientAlias​(String[] keyType,
                                Principal[] issuers,
                                Socket socket)
        Choose an alias to authenticate the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any). If the certAlias specified in the constructor is not null, it will be used.
        Specified by:
        chooseClientAlias in interface X509KeyManager
        Parameters:
        keyType - the key algorithm type name
        issuers - the list of acceptable CA issuer subject names
        Returns:
        the alias name for the desired key

      • chooseServerAlias

        public String chooseServerAlias​(String keyType,
                                Principal[] issuers,
                                Socket socket)
        Returns an alias to authenticate the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
        Specified by:
        chooseServerAlias in interface X509KeyManager
        Parameters:
        keyType - the key algorithm type name
        issuers - the list of acceptable CA issuer subject names
        Returns:
        the alias name for the desired key

      • getClientAliases

        public String[] getClientAliases​(String keyType,
                                 Principal[] issuers)
        Returns the matching aliases for authenticating the client of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
        Specified by:
        getClientAliases in interface X509KeyManager
        Parameters:
        keyType - the key algorithm type name
        issuers - the list of acceptable CA issuer subject names
        Returns:
        the matching alias names

      • getServerAliases

        public String[] getServerAliases​(String keyType,
                                 Principal[] issuers)
        Returns the matching aliases for authenticating the server of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
        Specified by:
        getServerAliases in interface X509KeyManager
        Parameters:
        keyType - the key algorithm type name
        issuers - the list of acceptable CA issuer subject names
        Returns:
        the matching alias names

      • getCertificateChain

        public X509Certificate[] getCertificateChain​(String alias)
        Returns the certificate chain associated with the given alias.
        Specified by:
        getCertificateChain in interface X509KeyManager
        Parameters:
        alias - the alias name
        Returns:
        the certificate chain (ordered with the user's certificate first and the root certificate authority last)

      • getPrivateKey

        public PrivateKey getPrivateKey​(String alias)
        Returns the private key associated with the given alias.
        Specified by:
        getPrivateKey in interface X509KeyManager
        Returns:
        the private key associated with the given alias