org.apache.ftpserver.ssl.impl
Class ExtendedAliasKeyManager

java.lang.Object
  extended by javax.net.ssl.X509ExtendedKeyManager
      extended by org.apache.ftpserver.ssl.impl.ExtendedAliasKeyManager
All Implemented Interfaces:
javax.net.ssl.KeyManager, javax.net.ssl.X509KeyManager

public final class ExtendedAliasKeyManager
extends javax.net.ssl.X509ExtendedKeyManager

Internal class, do not use directly. X509KeyManager which allows selection of a specific keypair and certificate chain (identified by their keystore alias name) to be used by the server to authenticate itself to SSL clients. Based of org.apache.tomcat.util.net.jsse.JSSEKeyManager.

Version:
$Rev$, $Date$
Author:
The Apache MINA Project (dev@mina.apache.org)

Constructor Summary
ExtendedAliasKeyManager(javax.net.ssl.KeyManager mgr, java.lang.String keyAlias)
          Constructor.
 
Method Summary
 java.lang.String chooseClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)
          Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
 java.lang.String chooseEngineClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
          Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
 java.lang.String chooseEngineServerAlias(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
          Returns this key manager's server key alias that was provided in the constructor if matching the key type.
 java.lang.String chooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)
          Returns this key manager's server key alias that was provided in the constructor if matching the key type.
 java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias)
          Returns the certificate chain associated with the given alias.
 java.lang.String[] getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)
          Get the matching aliases for authenticating the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
 java.security.PrivateKey getPrivateKey(java.lang.String alias)
          Returns the key associated with the given alias.
 java.lang.String[] getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)
          Get the matching aliases for authenticating the server side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ExtendedAliasKeyManager

public ExtendedAliasKeyManager(javax.net.ssl.KeyManager mgr,
                               java.lang.String keyAlias)
Constructor.

Parameters:
mgr - The X509KeyManager used as a delegate
keyStore -
serverKeyAlias - The alias name of the server's keypair and supporting certificate chain
keyAlias -
Method Detail

chooseClientAlias

public java.lang.String chooseClientAlias(java.lang.String[] keyType,
                                          java.security.Principal[] issuers,
                                          java.net.Socket socket)
Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Parameters:
keyType - The key algorithm type name(s), ordered with the most-preferred key type first
issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
socket - The socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use
Returns:
The alias name for the desired key, or null if there are no matches

chooseServerAlias

public java.lang.String chooseServerAlias(java.lang.String keyType,
                                          java.security.Principal[] issuers,
                                          java.net.Socket socket)
Returns this key manager's server key alias that was provided in the constructor if matching the key type.

Parameters:
keyType - The key algorithm type name
issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used (ignored)
socket - The socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use (ignored)
Returns:
Alias name for the desired key

getCertificateChain

public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias)
Returns the certificate chain associated with the given alias.

Parameters:
alias - The alias name
Returns:
Certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the alias can't be found

getClientAliases

public java.lang.String[] getClientAliases(java.lang.String keyType,
                                           java.security.Principal[] issuers)
Get the matching aliases for authenticating the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Parameters:
keyType - The key algorithm type name
issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
Returns:
Array of the matching alias names, or null if there were no matches

getServerAliases

public java.lang.String[] getServerAliases(java.lang.String keyType,
                                           java.security.Principal[] issuers)
Get the matching aliases for authenticating the server side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Parameters:
keyType - The key algorithm type name
issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used
Returns:
Array of the matching alias names, or null if there were no matches

getPrivateKey

public java.security.PrivateKey getPrivateKey(java.lang.String alias)
Returns the key associated with the given alias.

Parameters:
alias - The alias name
Returns:
The requested key, or null if the alias can't be found

chooseEngineClientAlias

public java.lang.String chooseEngineClientAlias(java.lang.String[] keyType,
                                                java.security.Principal[] issuers,
                                                javax.net.ssl.SSLEngine engine)
Choose an alias to authenticate the client side of a secure socket, given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Overrides:
chooseEngineClientAlias in class javax.net.ssl.X509ExtendedKeyManager
Parameters:
keyType - The key algorithm type name
issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used (ignored)
socket - The socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use (ignored)
Returns:
The alias name for the desired key, or null if there are no matches

chooseEngineServerAlias

public java.lang.String chooseEngineServerAlias(java.lang.String keyType,
                                                java.security.Principal[] issuers,
                                                javax.net.ssl.SSLEngine engine)
Returns this key manager's server key alias that was provided in the constructor if matching the key type.

Overrides:
chooseEngineServerAlias in class javax.net.ssl.X509ExtendedKeyManager
Parameters:
keyType - The key algorithm type name
issuers - The list of acceptable CA issuer subject names, or null if it does not matter which issuers are used (ignored)
socket - The socket to be used for this connection. This parameter can be null, in which case this method will return the most generic alias to use (ignored)
Returns:
Alias name for the desired key


Copyright © 2003-2011 Apache Software Foundation. All Rights Reserved.