AI-generated Key Takeaways
-
The
X509KeyManagerinterface manages X509 certificate-based key pairs for authenticating the local side of a secure socket. -
It provides methods to choose aliases for client/server authentication based on criteria like key type and issuer authorities.
-
Implementations use this interface to retrieve the certificate chain and private key associated with a chosen alias.
-
X509ExtendedKeyManageris recommended over this interface for enhanced functionality.
Instances of this interface manage which X509 certificate-based key pairs are used to authenticate the local side of a secure socket.
During secure socket negotiations, implentations call methods in this interface to:
- determine the set of aliases that are available for negotiations based on the criteria presented,
- select the best alias based on the criteria presented, and
- obtain the corresponding key material for given aliases.
Note: the X509ExtendedKeyManager should be used in favor of this class.
Public Method Summary
| abstract String |
chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
Choose an alias to authenticate the client side of a secure
socket given the public key type and the list of
certificate issuer authorities recognized by the peer (if any).
|
| abstract String |
chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
Choose an alias to authenticate the server side of a secure
socket given the public key type and the list of
certificate issuer authorities recognized by the peer (if any).
|
| abstract X509Certificate[] | |
| abstract String[] |
getClientAliases(String keyType, Principal[] issuers)
Get the matching aliases for authenticating the client side of a secure
socket given the public key type and the list of
certificate issuer authorities recognized by the peer (if any).
|
| abstract PrivateKey | |
| abstract String[] |
getServerAliases(String keyType, Principal[] issuers)
Get the matching aliases for authenticating the server side of a secure
socket given the public key type and the list of
certificate issuer authorities recognized by the peer (if any).
|
Public Methods
public abstract String chooseClientAlias (String[] keyType, Principal[] issuers, Socket socket)
Choose an alias to authenticate the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
Parameters
| keyType | the key algorithm type name(s), ordered with the most-preferred key type first. |
|---|---|
| issuers | the list of acceptable CA issuer subject names or null if it does not matter which issuers are used. |
| socket | the socket to be used for this connection. This parameter can be null, which indicates that implementations are free to select an alias applicable to any socket. |
Returns
- the alias name for the desired key, or null if there are no matches.
public abstract String chooseServerAlias (String keyType, Principal[] issuers, Socket socket)
Choose an alias to authenticate the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
Parameters
| keyType | the key algorithm type name. |
|---|---|
| issuers | the list of acceptable CA issuer subject names or null if it does not matter which issuers are used. |
| socket | the socket to be used for this connection. This parameter can be null, which indicates that implementations are free to select an alias applicable to any socket. |
Returns
- the alias name for the desired key, or null if there are no matches.
public abstract X509Certificate[] getCertificateChain (String alias)
Returns the certificate chain associated with the given alias.
Parameters
| alias | the alias name |
|---|
Returns
- the certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the alias can't be found.
public abstract String[] getClientAliases (String keyType, Principal[] issuers)
Get the matching aliases for authenticating the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
Parameters
| keyType | the key algorithm type name |
|---|---|
| issuers | the list of acceptable CA issuer subject names, or null if it does not matter which issuers are used. |
Returns
- an array of the matching alias names, or null if there were no matches.
public abstract PrivateKey getPrivateKey (String alias)
Returns the key associated with the given alias.
Parameters
| alias | the alias name |
|---|
Returns
- the requested key, or null if the alias can't be found.
public abstract String[] getServerAliases (String keyType, Principal[] issuers)
Get the matching aliases for authenticating the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
Parameters
| keyType | the key algorithm type name |
|---|---|
| issuers | the list of acceptable CA issuer subject names or null if it does not matter which issuers are used. |
Returns
- an array of the matching alias names, or null if there were no matches.