Class CustomLoadingKeyManager

java.lang.Object
javax.net.ssl.X509ExtendedKeyManager
de.xima.fc.certificate.provider.internal.CustomLoadingKeyManager
All Implemented Interfaces:
KeyManager, X509KeyManager
public class CustomLoadingKeyManager extends X509ExtendedKeyManager
A custom implementation of X509ExtendedKeyManager that loads and manages X.509 certificates and their corresponding private keys from a KeyStore.

This implementation provides: - Dynamic certificate loading from KeyStore - Caching of server aliases for improved performance - Support for X.509 certificate chains - Thread-safe operations

  • Constructor Details

    • CustomLoadingKeyManager

      public CustomLoadingKeyManager(de.xima.fc.certificate.provider.internal.KeyStoreAccess keyStoreAccess, KeyStore ks) throws KeyStoreException
      Constructs a new CustomLoadingKeyManager and loads certificates from the provided KeyStore backed by fc-certificate.
      Parameters:
      keyStoreAccess - interface for accessing private keys from the fc-certificate backed KeyStore
      ks - the KeyStore containing the certificates and private keys
      Throws:
      KeyStoreException - if there's an error accessing the KeyStore

  • Method Details

    • getClientAliases

      public String[] getClientAliases(String keyType, Principal[] issuers)
      Returns the client aliases for a specific key type and set of issuers.
      Parameters:
      keyType - the type of key (e.g., "RSA", "DSA")
      issuers - the acceptable certificate issuers, or null if any issuer is allowed
      Returns:
      an array of matching alias names, or null if none match

    • chooseClientAlias

      public String chooseClientAlias(String[] keyTypes, Principal[] issuers, Socket socket)
      Chooses a client alias based on the given parameters. Returns the FIRST(!) matching alias for the specified key types and issuers.
      Parameters:
      keyTypes - array of key types to choose from
      issuers - acceptable certificate issuers, or null if any issuer is allowed
      socket - this implementation ignores the socket parameter as it does not affect alias selection
      Returns:
      the chosen alias, or null if no matching alias exists

    • chooseEngineClientAlias

      public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine)
      As this implementation does not use the SSLEngine parameter, it simply calls chooseClientAlias(String[], Principal[], Socket) with a null socket. This allows the implementation to select an alias applicable to any engine.
      Overrides:
      chooseEngineClientAlias in class X509ExtendedKeyManager
      Parameters:
      keyType - the key algorithm type name(s), ordered with the most-preferred key type first.
      issuers - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used.
      engine - This implementation does not use it for alias selection.
      Returns:
      the chosen alias, or null if no matching alias exists

    • getServerAliases

      public String[] getServerAliases(String keyType, Principal[] issuers)
      Returns the server aliases for a specific key type and set of issuers.
      Parameters:
      keyType - the key algorithm type name
      issuers - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used.
      Returns:
      an array of matching alias names, or null if none match

    • chooseServerAlias

      public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
      Chooses a server alias based on the given parameters.
      Parameters:
      keyType - the key algorithm type name.
      issuers - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used.
      socket - this implementation does not use the socket parameter as it does not affect alias selection.
      Returns:
      the chosen alias, or null if no matching alias exists

    • chooseEngineServerAlias

      public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine)
      Chooses a server alias based on the given parameters. This implementation does not use the SSLEngine parameter, so it simply calls chooseServerAlias(String, Principal[], Socket) with a null socket.
      Overrides:
      chooseEngineServerAlias in class X509ExtendedKeyManager
      Parameters:
      keyType - the key algorithm type name.
      issuers - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used.
      engine - This implementation does not use it for alias selection.
      Returns:
      the chosen alias, or null if no matching alias exists

    • getCertificateChain

      public X509Certificate[] getCertificateChain(String alias)
      Returns the certificate chain for the specified alias.
      Parameters:
      alias - the alias of the certificate
      Returns:
      an array of X509Certificates representing the certificate chain, or null if the alias is null or does not exist

    • getPrivateKey

      public PrivateKey getPrivateKey(String alias)
      Returns the private key for the specified alias.
      Parameters:
      alias - the alias of the private key
      Returns:
      the PrivateKey associated with the alias, or null if the alias is null or does not exist