server/util/SelectableCertificateKeyManager.java

850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson/*
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson * CDDL HEADER START
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson * The contents of this file are subject to the terms of the
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson * Common Development and Distribution License, Version 1.0 only
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson * (the "License").  You may not use this file except in compliance
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson * with the License.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson *
8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac * or http://forgerock.org/license/CDDLv1.0.html.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson * See the License for the specific language governing permissions
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson * and limitations under the License.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson * When distributing Covered Code, include this CDDL HEADER in each
8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac * file and include the License file at legal-notices/CDDLv1_0.txt.
8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac * If applicable, add the following below this CDDL HEADER, with the
8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac * fields enclosed by brackets "[]" replaced with your own identifying
8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac * information:
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson *      Portions Copyright [yyyy] [name of copyright owner]
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson * CDDL HEADER END
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson *
3a77154d8a20abd1fd1013237086303f1a3107fcludovicp *      Copyright 2008-2010 Sun Microsystems, Inc.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson */
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilsonpackage org.opends.server.util;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilsonimport java.net.Socket;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilsonimport java.security.Principal;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilsonimport java.security.PrivateKey;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilsonimport java.security.cert.X509Certificate;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilsonimport javax.net.ssl.KeyManager;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilsonimport javax.net.ssl.SSLEngine;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilsonimport javax.net.ssl.X509ExtendedKeyManager;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilsonimport javax.net.ssl.X509KeyManager;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson/**
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson * This class implements an X.509 key manager that will be used to wrap an
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson * existing key manager and makes it possible to configure which certificate(s)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson * should be used for client and/or server operations.  The certificate
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson * selection will be based on the alias (also called the nickname) of the
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson * certificate.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson */
8d7126a8f999e88851c7dd851a17c27cb6d2ec3fneil_a_wilson@org.opends.server.types.PublicAPI(
8d7126a8f999e88851c7dd851a17c27cb6d2ec3fneil_a_wilson     stability=org.opends.server.types.StabilityLevel.UNCOMMITTED,
8d7126a8f999e88851c7dd851a17c27cb6d2ec3fneil_a_wilson     mayInstantiate=true,
8d7126a8f999e88851c7dd851a17c27cb6d2ec3fneil_a_wilson     mayExtend=false,
8d7126a8f999e88851c7dd851a17c27cb6d2ec3fneil_a_wilson     mayInvoke=true)
8d7126a8f999e88851c7dd851a17c27cb6d2ec3fneil_a_wilsonpublic final class SelectableCertificateKeyManager
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson       extends X509ExtendedKeyManager
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson{
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  // The alias of the certificate that should be selected from the key manager.
3a77154d8a20abd1fd1013237086303f1a3107fcludovicp  private final String alias;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  // The key manager that is wrapped by this key manager.
3a77154d8a20abd1fd1013237086303f1a3107fcludovicp  private final X509KeyManager keyManager;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  /**
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * Creates a new instance of this key manager that will wrap the provided key
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * manager and use the certificate with the specified alias.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  keyManager  The key manager to be wrapped by this key manager.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  alias       The nickname of the certificate that should be
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *                     selected for operations involving this key manager.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   */
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  public SelectableCertificateKeyManager(X509KeyManager keyManager,
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson                                         String alias)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    super();
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    this.keyManager = keyManager;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    this.alias      = alias;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  /**
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * Chooses the alias of the client certificate that should be used based on
3a77154d8a20abd1fd1013237086303f1a3107fcludovicp   * the provided criteria.  This will either return the preferred alias
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * configured for this key manager, or {@code null} if no client certificate
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * with that alias is configured in the underlying key manager.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  keyType  The set of key algorithm names, ordered with the most
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *                  preferred key type first.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  issuers  The list of acceptable issuer subject names, or
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *                  {@code null} if any issuer may be used.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  socket   The socket to be used for this connection.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @return  The alias configured for this key manager, or {@code null} if no
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *          such client certificate is available with that alias.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   */
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  public String chooseClientAlias(String[] keyType, Principal[] issuers,
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson                                  Socket socket)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    for (String type : keyType)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson      String[] clientAliases = keyManager.getClientAliases(type, issuers);
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson      if (clientAliases != null)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson      {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson        for (String clientAlias : clientAliases)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson        {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson          if (clientAlias.equals(alias))
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson          {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson            return alias;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson          }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson        }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson      }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    return null;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  /**
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * Chooses the alias of the client certificate that should be used based on
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * the provided critieria.  This will either return the preferred alias
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * configured for this key manager, or {@code null} if no client certificate
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * with that alias is configured in the underlying key manager.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  keyType  The set of key algorithm names, ordered with the most
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *                  preferred key type first.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  issuers  The list of acceptable issuer subject names, or
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *                  {@code null} if any issuer may be used.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  engine   The SSL engine to be used for this connection.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @return  The alias configured for this key manager, or {@code null} if no
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *          such client certificate is available with that alias.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   */
3a77154d8a20abd1fd1013237086303f1a3107fcludovicp  @Override
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  public String chooseEngineClientAlias(String[] keyType, Principal[] issuers,
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson                                        SSLEngine engine)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    for (String type : keyType)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson      String[] clientAliases = keyManager.getClientAliases(type, issuers);
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson      if (clientAliases != null)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson      {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson        for (String clientAlias : clientAliases)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson        {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson          if (clientAlias.equals(alias))
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson          {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson            return alias;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson          }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson        }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson      }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    return null;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  /**
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * Chooses the alias of the server certificate that should be used based on
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * the provided critieria.  This will either return the preferred alias
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * configured for this key manager, or {@code null} if no server certificate
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * with that alias is configured in the underlying key manager.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  keyType  The public key type for the certificate.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  issuers  The list of acceptable issuer subject names, or
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *                  {@code null} if any issuer may be used.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  socket   The socket to be used for this connection.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @return  The alias configured for this key manager, or {@code null} if no
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *          such server certificate is available with that alias.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   */
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  public String chooseServerAlias(String keyType, Principal[] issuers,
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson                                  Socket socket)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    String[] serverAliases = keyManager.getServerAliases(keyType, issuers);
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    if (serverAliases != null)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson      for (String serverAlias : serverAliases)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson      {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson        if (serverAlias.equals(alias))
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson        {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson          return alias;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson        }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson      }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    return null;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  /**
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * Chooses the alias of the server certificate that should be used based on
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * the provided critieria.  This will either return the preferred alias
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * configured for this key manager, or {@code null} if no server certificate
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * with that alias is configured in the underlying key manager.
649c804654e929c5921fa30ac6c5faf593ae896cfloblanc   * Note that the returned alias can be transformed in lowercase, depending
649c804654e929c5921fa30ac6c5faf593ae896cfloblanc   * on the KeyStore implementation. It is recommended not to use aliases in a
649c804654e929c5921fa30ac6c5faf593ae896cfloblanc   * KeyStore that only differ in case.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  keyType  The public key type for the certificate.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  issuers  The list of acceptable issuer subject names, or
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *                  {@code null} if any issuer may be used.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  engine   The SSL engine to be used for this connection.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @return  The alias configured for this key manager, or {@code null} if no
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *          such server certificate is available with that alias.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   */
3a77154d8a20abd1fd1013237086303f1a3107fcludovicp  @Override
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  public String chooseEngineServerAlias(String keyType, Principal[] issuers,
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson                                        SSLEngine engine)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    String[] serverAliases = keyManager.getServerAliases(keyType, issuers);
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    if (serverAliases != null)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson      for (String serverAlias : serverAliases)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson      {
649c804654e929c5921fa30ac6c5faf593ae896cfloblanc        if (serverAlias.equalsIgnoreCase(alias))
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson        {
649c804654e929c5921fa30ac6c5faf593ae896cfloblanc          return serverAlias;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson        }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson      }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    return null;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  /**
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * Retrieves the certificate chain for the provided alias.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  alias  The alias for the certificate chain to retrieve.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @return  The certificate chain for the provided alias, or {@code null} if
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *          no certificate is associated with the provided alias.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   */
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  public X509Certificate[] getCertificateChain(String alias)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    return keyManager.getCertificateChain(alias);
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  /**
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * Retrieves the set of certificate aliases that may be used for client
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * authentication with the given public key type and set of issuers.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  keyType  The public key type for the aliases to retrieve.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  issuers  The list of acceptable issuer subject names, or
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *                  {@code null} if any issuer may be used.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @return  The set of certificate aliases that may be used for client
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *          authentication with the given public key type and set of issuers,
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *          or {@code null} if there were none.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   */
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  public String[] getClientAliases(String keyType, Principal[] issuers)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    return keyManager.getClientAliases(keyType, issuers);
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  /**
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * Retrieves the private key for the provided alias.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  alias  The alias for the private key to return.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @return  The private key for the provided alias, or {@code null} if no
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *          private key is available for the provided alias.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   */
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  public PrivateKey getPrivateKey(String alias)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    return keyManager.getPrivateKey(alias);
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  /**
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * Retrieves the set of certificate aliases that may be used for server
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * authentication with the given public key type and set of issuers.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  keyType  The public key type for the aliases to retrieve.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  issuers  The list of acceptable issuer subject names, or
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *                  {@code null} if any issuer may be used.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @return  The set of certificate aliases that may be used for server
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *          authentication with the given public key type and set of issuers,
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *          or {@code null} if there were none.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   */
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  public String[] getServerAliases(String keyType, Principal[] issuers)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    return keyManager.getServerAliases(keyType, issuers);
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  /**
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * Wraps the provided set of key managers in selectable certificate key
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * managers using the provided alias.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  keyManagers  The set of key managers to be wrapped.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @param  alias        The alias to use for selecting the desired
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *                      certificate.
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   *
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   * @return  A key manager array
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson   */
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  public static X509ExtendedKeyManager[] wrap(KeyManager[] keyManagers,
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson                                              String alias)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    X509ExtendedKeyManager[] newKeyManagers =
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson         new X509ExtendedKeyManager[keyManagers.length];
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    for (int i=0; i < keyManagers.length; i++)
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    {
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson      newKeyManagers[i] = new SelectableCertificateKeyManager(
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson                                   (X509KeyManager) keyManagers[i], alias);
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson    return newKeyManagers;
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson  }
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson}
850c096c45562d3484ccb1dac672977530201cd2neil_a_wilson