/*
 *  Licensed to the Apache Software Foundation (ASF) under one or more
 *  contributor license agreements.  See the NOTICE file distributed with
 *  this work for additional information regarding copyright ownership.
 *  The ASF licenses this file to You under the Apache License, Version 2.0
 *  (the "License"); you may not use this file except in compliance with
 *  the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

package org.apache.tomcat.util.net.jsse;

import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;

X509KeyManager which allows selection of a specific keypair and certificate chain (identified by their keystore alias name) to be used by the server to authenticate itself to SSL clients.
Author:Jan Luehe
/** * X509KeyManager which allows selection of a specific keypair and certificate * chain (identified by their keystore alias name) to be used by the server to * authenticate itself to SSL clients. * * @author Jan Luehe */
public final class JSSEKeyManager extends X509ExtendedKeyManager { private X509KeyManager delegate; private String serverKeyAlias;
Constructor.
Params:
  • mgr – The X509KeyManager used as a delegate
  • serverKeyAlias – The alias name of the server's keypair and supporting certificate chain
/** * Constructor. * * @param mgr The X509KeyManager used as a delegate * @param serverKeyAlias The alias name of the server's keypair and * supporting certificate chain */
public JSSEKeyManager(X509KeyManager mgr, String serverKeyAlias) { super(); this.delegate = mgr; this.serverKeyAlias = serverKeyAlias; }
Returns the server key alias that was provided in the constructor or the result from X509KeyManager.chooseServerAlias(String, Principal[], Socket) for the delegate if no alias is specified.
/** * Returns the server key alias that was provided in the constructor or the * result from {@link X509KeyManager#chooseServerAlias(String, Principal[], * Socket)} for the delegate if no alias is specified. */
@Override public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { if (serverKeyAlias != null) { return serverKeyAlias; } return delegate.chooseServerAlias(keyType, issuers, socket); }
Returns the server key alias that was provided in the constructor or the result from X509ExtendedKeyManager.chooseEngineServerAlias(String, Principal[], SSLEngine) for the delegate if no alias is specified.
/** * Returns the server key alias that was provided in the constructor or the * result from {@link X509ExtendedKeyManager#chooseEngineServerAlias(String, * Principal[], SSLEngine)} for the delegate if no alias is specified. */
@Override public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) { if (serverKeyAlias!=null) { return serverKeyAlias; } return super.chooseEngineServerAlias(keyType, issuers, engine); } @Override public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) { return delegate.chooseClientAlias(keyType, issuers, socket); } @Override public X509Certificate[] getCertificateChain(String alias) { return delegate.getCertificateChain(alias); } @Override public String[] getClientAliases(String keyType, Principal[] issuers) { return delegate.getClientAliases(keyType, issuers); } @Override public String[] getServerAliases(String keyType, Principal[] issuers) { return delegate.getServerAliases(keyType, issuers); } @Override public PrivateKey getPrivateKey(String alias) { return delegate.getPrivateKey(alias); } @Override public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine) { return delegate.chooseClientAlias(keyType, issuers, null); } }