com.sun.identity.security.keystore

Class AMX509KeyManagerImpl

java.lang.Object

com.sun.identity.security.keystore.AMX509KeyManagerImpl

All Implemented Interfaces:

AMX509KeyManager, KeyManager, X509KeyManager

public class AMX509KeyManagerImpl
extends Object
implements AMX509KeyManager

The WSX509KeyManager class implements JSSE X509KeyManager interface. This implementation is the same as JSSE default implementation exception it will supply user-specified client certificate alias when client authentication is on.

Field Summary

Fields

Modifier and Type	Field and Description
static Debug	debug

Constructor Summary

Constructors

Constructor and Description
AMX509KeyManagerImpl()
AMX509KeyManagerImpl(String ksType, String ksFile, String ksProvider, AMCallbackHandler cbHandle)

Method Summary

Modifier and Type	Method and Description
String	chooseClientAlias(String[] keyType, Principal[] issuers, Socket sock) Choose an alias to authenticate the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
String	chooseServerAlias(String keyType, Principal[] issuers, Socket sock) Choose an alias to authenticate the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
X509Certificate[]	getCertificateChain(String alias) Returns the certificate chain associated with the given alias.
String[]	getClientAliases(String keyType, Principal[] issuers) Get the matching aliases for authenticating the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
PrivateKey	getPrivateKey(String alias) Returns the private key associated with the given alias.
String[]	getServerAliases(String keyType, Principal[] issuers) Get the matching aliases for authenticating the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
X509KeyManager	initX509KeyManager(String ksType, String ksFile, String ksProvider, AMCallbackHandler cbHandle)
void	setAlias(String alias) This constructor takes a JSSE default implementation and a user-specified client certificate alias.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

debug

public static Debug debug

Constructor Detail

AMX509KeyManagerImpl

public AMX509KeyManagerImpl()

AMX509KeyManagerImpl

public AMX509KeyManagerImpl(String ksType,
                            String ksFile,
                            String ksProvider,
                            AMCallbackHandler cbHandle)

Method Detail

initX509KeyManager

public X509KeyManager initX509KeyManager(String ksType,
                                         String ksFile,
                                         String ksProvider,
                                         AMCallbackHandler cbHandle)

setAlias

public void setAlias(String alias)

This constructor takes a JSSE default implementation and a user-specified client certificate alias.

Specified by:

setAlias in interface AMX509KeyManager

Parameters:

alias - certificate alias

chooseClientAlias

public String chooseClientAlias(String[] keyType,
                                Principal[] issuers,
                                Socket sock)

Choose an alias to authenticate the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any). If the certAlias specified in the constructor is not null, it will be used.

Specified by:

chooseClientAlias in interface X509KeyManager

Parameters:

keyType - the key algorithm type name

issuers - the list of acceptable CA issuer subject names

Returns:

the alias name for the desired key

chooseServerAlias

public String chooseServerAlias(String keyType,
                                Principal[] issuers,
                                Socket sock)

Choose an alias to authenticate the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Specified by:

chooseServerAlias in interface X509KeyManager

Parameters:

keyType - the key algorithm type name

issuers - the list of acceptable CA issuer subject names

Returns:

the alias name for the desired key

getClientAliases

public String[] getClientAliases(String keyType,
                                 Principal[] issuers)

Get the matching aliases for authenticating the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Specified by:

getClientAliases in interface X509KeyManager

Parameters:

keyType - the key algorithm type name

issuers - the list of acceptable CA issuer subject names

Returns:

the matching alias names

getServerAliases

public String[] getServerAliases(String keyType,
                                 Principal[] issuers)

Get the matching aliases for authenticating the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Specified by:

getServerAliases in interface X509KeyManager

Parameters:

keyType - the key algorithm type name

issuers - the list of acceptable CA issuer subject names

Returns:

the matching alias names

getCertificateChain

public X509Certificate[] getCertificateChain(String alias)

Returns the certificate chain associated with the given alias.

Specified by:

getCertificateChain in interface X509KeyManager

Parameters:

alias - the alias name

Returns:

the certificate chain (ordered with the user's certificate first and the root certificate authority last)

getPrivateKey

public PrivateKey getPrivateKey(String alias)

Returns the private key associated with the given alias.

Specified by:

getPrivateKey in interface X509KeyManager

Returns:

the private key associated with the given alias