Package com.unboundid.util.ssl

Class WrapperKeyManager

java.lang.Object
javax.net.ssl.X509ExtendedKeyManager
com.unboundid.util.ssl.WrapperKeyManager
All Implemented Interfaces:
KeyManager, X509KeyManager
Direct Known Subclasses:
KeyStoreKeyManager, PKCS11KeyManager
@NotExtensible @ThreadSafety(level=INTERFACE_THREADSAFE) public abstract class WrapperKeyManager extends X509ExtendedKeyManager
This class provides an SSL key manager that may be used to wrap a provided set of key managers. It provides the ability to select the desired certificate based on a given nickname.

  • Constructor Details

    • WrapperKeyManager

      protected WrapperKeyManager(@NotNull KeyManager[] keyManagers, @Nullable String certificateAlias)
      Creates a new instance of this wrapper key manager with the provided information.
      Parameters:
      keyManagers - The set of key managers to be wrapped. It must not be null or empty, and it must contain only X509KeyManager instances.
      certificateAlias - The nickname of the certificate that should be selected. It may be null if any acceptable certificate found may be used.

    • WrapperKeyManager

      protected WrapperKeyManager(@NotNull X509KeyManager[] keyManagers, @Nullable String certificateAlias)
      Creates a new instance of this wrapper key manager with the provided information.
      Parameters:
      keyManagers - The set of key managers to be wrapped. It must not be null or empty.
      certificateAlias - The nickname of the certificate that should be selected. It may be null if any acceptable certificate found may be used.

  • Method Details

    • getCertificateAlias

      @Nullable public String getCertificateAlias()
      Retrieves the nickname of the certificate that should be selected.
      Returns:
      The nickname of the certificate that should be selected, or null if any acceptable certificate found in the key store may be used.

    • getClientAliases

      @Nullable public final String[] getClientAliases(@NotNull String keyType, @Nullable Principal[] issuers)
      Retrieves the nicknames of the client certificates of the specified type contained in the key store.
      Parameters:
      keyType - The key algorithm name for which to retrieve the available certificate nicknames.
      issuers - The list of acceptable issuer certificate subjects. It may be null if any issuer may be used.
      Returns:
      The nicknames of the client certificates, or null if none were found in the key store.

    • chooseClientAlias

      @Nullable public final String chooseClientAlias(@NotNull String[] keyType, @Nullable Principal[] issuers, @Nullable Socket socket)
      Retrieves the nickname of the certificate that a client should use to authenticate to a server.
      Parameters:
      keyType - The list of key algorithm names that may be used.
      issuers - The list of acceptable issuer certificate subjects. It may be null if any issuer may be used.
      socket - The socket to be used. It may be null if the certificate may be for any socket.
      Returns:
      The nickname of the certificate to use, or null if no appropriate certificate is found.

    • chooseEngineClientAlias

      @Nullable public final String chooseEngineClientAlias(@NotNull String[] keyType, @Nullable Principal[] issuers, @Nullable SSLEngine engine)
      Retrieves the nickname of the certificate that a client should use to authenticate to a server.
      Overrides:
      chooseEngineClientAlias in class X509ExtendedKeyManager
      Parameters:
      keyType - The list of key algorithm names that may be used.
      issuers - The list of acceptable issuer certificate subjects. It may be null if any issuer may be used.
      engine - The SSL engine to be used. It may be null if the certificate may be for any engine.
      Returns:
      The nickname of the certificate to use, or null if no appropriate certificate is found.

    • getServerAliases

      @Nullable public final String[] getServerAliases(@NotNull String keyType, @Nullable Principal[] issuers)
      Retrieves the nicknames of the server certificates of the specified type contained in the key store.
      Parameters:
      keyType - The key algorithm name for which to retrieve the available certificate nicknames.
      issuers - The list of acceptable issuer certificate subjects. It may be null if any issuer may be used.
      Returns:
      The nicknames of the server certificates, or null if none were found in the key store.

    • chooseServerAlias

      @Nullable public final String chooseServerAlias(@NotNull String keyType, @Nullable Principal[] issuers, @Nullable Socket socket)
      Retrieves the nickname of the certificate that a server should use to authenticate to a client.
      Parameters:
      keyType - The key algorithm name that may be used.
      issuers - The list of acceptable issuer certificate subjects. It may be null if any issuer may be used.
      socket - The socket to be used. It may be null if the certificate may be for any socket.
      Returns:
      The nickname of the certificate to use, or null if no appropriate certificate is found.

    • chooseEngineServerAlias

      @Nullable public final String chooseEngineServerAlias(@NotNull String keyType, @Nullable Principal[] issuers, @Nullable SSLEngine engine)
      Retrieves the nickname of the certificate that a server should use to authenticate to a client.
      Overrides:
      chooseEngineServerAlias in class X509ExtendedKeyManager
      Parameters:
      keyType - The key algorithm name that may be used.
      issuers - The list of acceptable issuer certificate subjects. It may be null if any issuer may be used.
      engine - The SSL engine to be used. It may be null if the certificate may be for any engine.
      Returns:
      The nickname of the certificate to use, or null if no appropriate certificate is found.

    • getCertificateChain

      @Nullable public final X509Certificate[] getCertificateChain(@NotNull String alias)
      Retrieves the certificate chain for the certificate with the given nickname.
      Parameters:
      alias - The nickname of the certificate for which to retrieve the certificate chain.
      Returns:
      The certificate chain for the certificate with the given nickname, or null if the requested certificate cannot be found.

    • getPrivateKey

      @Nullable public final PrivateKey getPrivateKey(@NotNull String alias)
      Retrieves the private key for the specified certificate.
      Parameters:
      alias - The nickname of the certificate for which to retrieve the private key.
      Returns:
      The private key for the requested certificate, or null if the requested certificate cannot be found.