X509KeyManager
public interface X509KeyManager
implements KeyManager
| javax.net.ssl.X509KeyManager |
Instances of this interface manage which X509 certificate-based key pairs are used to authenticate the local side of a secure socket.
During secure socket negotiations, implentations call methods in this interface to:
- determine the set of aliases that are available for negotiations based on the criteria presented,
- select the best alias based on the criteria presented, and
- obtain the corresponding key material for given aliases.
Note: the X509ExtendedKeyManager should be used in favor of this class.
Summary
Public methods | |
|---|---|
abstract String | chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) Choose an alias to authenticate the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any). |
abstract String | chooseServerAlias(String keyType, Principal[] issuers, Socket socket) Choose an alias to authenticate the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any). |
abstract X509Certificate[] | getCertificateChain(String alias) Returns the certificate chain associated with the given alias. |
abstract String[] | getClientAliases(String keyType, Principal[] issuers) Get the matching aliases for authenticating the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any). |
abstract PrivateKey | getPrivateKey(String alias) Returns the key associated with the given alias. |
abstract String[] | getServerAliases(String keyType, Principal[] issuers) Get the matching aliases for authenticating the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any). |
Public methods
chooseClientAlias
public abstract String chooseClientAlias (String[] keyType, Principal[] issuers, Socket socket)
Choose an alias to authenticate the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
| Parameters | |
|---|---|
keyType | String: the key algorithm type name(s), ordered with the most-preferred key type first. |
issuers | Principal: the list of acceptable CA issuer subject names or null if it does not matter which issuers are used. |
socket | Socket: the socket to be used for this connection. This parameter can be null, which indicates that implementations are free to select an alias applicable to any socket. |
| Returns | |
|---|---|
String | the alias name for the desired key, or null if there are no matches. |
chooseServerAlias
public abstract String chooseServerAlias (String keyType, Principal[] issuers, Socket socket)
Choose an alias to authenticate the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
| Parameters | |
|---|---|
keyType | String: the key algorithm type name. |
issuers | Principal: the list of acceptable CA issuer subject names or null if it does not matter which issuers are used. |
socket | Socket: the socket to be used for this connection. This parameter can be null, which indicates that implementations are free to select an alias applicable to any socket. |
| Returns | |
|---|---|
String | the alias name for the desired key, or null if there are no matches. |
getCertificateChain
public abstract X509Certificate[] getCertificateChain (String alias)
Returns the certificate chain associated with the given alias.
| Parameters | |
|---|---|
alias | String: the alias name |
| Returns | |
|---|---|
X509Certificate[] | the certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the alias can't be found. |
getClientAliases
public abstract String[] getClientAliases (String keyType, Principal[] issuers)
Get the matching aliases for authenticating the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
| Parameters | |
|---|---|
keyType | String: the key algorithm type name |
issuers | Principal: the list of acceptable CA issuer subject names, or null if it does not matter which issuers are used. |
| Returns | |
|---|---|
String[] | an array of the matching alias names, or null if there were no matches. |
getPrivateKey
public abstract PrivateKey getPrivateKey (String alias)
Returns the key associated with the given alias.
| Parameters | |
|---|---|
alias | String: the alias name |
| Returns | |
|---|---|
PrivateKey | the requested key, or null if the alias can't be found. |
getServerAliases
public abstract String[] getServerAliases (String keyType, Principal[] issuers)
Get the matching aliases for authenticating the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
| Parameters | |
|---|---|
keyType | String: the key algorithm type name |
issuers | Principal: the list of acceptable CA issuer subject names or null if it does not matter which issuers are used. |
| Returns | |
|---|---|
String[] | an array of the matching alias names, or null if there were no matches. |