KeyManagers.java revision f537744cea5b0e4dcdf1786437346b5131272829
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2010 Sun Microsystems, Inc.
* Portions copyright 2012 ForgeRock AS.
*/
/**
* This class contains methods for creating common types of key manager.
*/
public final class KeyManagers {
/**
* This class implements an X.509 key manager that will be used to wrap an
* existing key manager and makes it possible to configure which
* certificate selection will be based on the alias (also called the
* nickname) of the certificate.
*/
private static final class SelectCertificate extends X509ExtendedKeyManager {
private final X509KeyManager keyManager;
this.keyManager = keyManager;
}
/**
* {@inheritDoc}
*/
if (clientAliases != null) {
return alias;
}
}
}
}
return null;
}
/**
* {@inheritDoc}
*/
if (clientAliases != null) {
return alias;
}
}
}
}
return null;
}
/**
* {@inheritDoc}
*/
if (serverAliases != null) {
return serverAlias;
}
}
}
return null;
}
/**
* {@inheritDoc}
*/
if (serverAliases != null) {
return alias;
}
}
}
return null;
}
/**
* {@inheritDoc}
*/
}
/**
* {@inheritDoc}
*/
}
/**
* {@inheritDoc}
*/
}
/**
* {@inheritDoc}
*/
}
}
/**
* Creates a new {@code X509KeyManager} which will use the named key store
* file for retrieving certificates. It will use the default key store
* format for the JVM (e.g. {@code JKS}) and will not use a password to open
* the key store.
*
* @param file
* The key store file name.
* @return A new {@code X509KeyManager} which will use the named key store
* file for retrieving certificates.
* @throws GeneralSecurityException
* If the key store could not be loaded, perhaps due to
* incorrect format, or missing algorithms.
* @throws IOException
* If the key store file could not be found or could not be
* read.
* @throws NullPointerException
* If {@code file} was {@code null}.
*/
throws GeneralSecurityException, IOException {
}
/**
* Creates a new {@code X509KeyManager} which will use the named key store
* file for retrieving certificates. It will use the provided key store
* format and password.
*
* @param file
* The key store file name.
* @param password
* The key store password, which may be {@code null}.
* @param format
* The key store format, which may be {@code null} to indicate
* that the default key store format for the JVM (e.g.
* {@code JKS}) should be used.
* @return A new {@code X509KeyManager} which will use the named key store
* file for retrieving certificates.
* @throws GeneralSecurityException
* If the key store could not be loaded, perhaps due to
* incorrect format, or missing algorithms.
* @throws IOException
* If the key store file could not be found or could not be
* read.
* @throws NullPointerException
* If {@code file} was {@code null}.
*/
try {
} finally {
try {
} catch (final IOException ignored) {
// Ignore.
}
}
}
final KeyManagerFactory kmf =
if (km instanceof X509KeyManager) {
break;
}
}
throw new NoSuchAlgorithmException();
}
return x509km;
}
/**
* Creates a new {@code X509KeyManager} which will use a PKCS#11 token for
* retrieving certificates.
*
* @param password
* The password to use for accessing the PKCS#11 token, which may
* be {@code null} if no password is required.
* @return A new {@code X509KeyManager} which will use a PKCS#11 token for
* retrieving certificates.
* @throws GeneralSecurityException
* If the PKCS#11 token could not be accessed, perhaps due to
* incorrect password, or missing algorithms.
* @throws IOException
* If the PKCS#11 token could not be found or could not be read.
*/
throws GeneralSecurityException, IOException {
final KeyManagerFactory kmf =
if (km instanceof X509KeyManager) {
break;
}
}
throw new NoSuchAlgorithmException();
}
return x509km;
}
/**
* Returns a new {@code X509KeyManager} which selects the named certificate
* from the provided {@code X509KeyManager}.
*
* @param alias
* The nickname of the certificate that should be selected for
* operations involving this key manager.
* @param keyManager
* The key manager to be filtered.
* @return The filtered key manager.
* @throws NullPointerException
* If {@code keyManager} or {@code alias} was {@code null}.
*/
final X509KeyManager keyManager) {
}
// Prevent insantiation.
private KeyManagers() {
// Nothing to do.
}
}