Class SniX509ExtendedKeyManager

  • All Implemented Interfaces:,

    public class SniX509ExtendedKeyManager

    A X509ExtendedKeyManager that selects a key with an alias retrieved from SNI information, delegating other processing to a nested X509ExtendedKeyManager.

    Can only be used on server side.

    • Field Summary

      Modifier and Type Field Description
      static java.lang.String SNI_X509  
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String chooseClientAlias​(java.lang.String[] keyType,[] issuers, socket)  
      java.lang.String chooseEngineClientAlias​(java.lang.String[] keyType,[] issuers, engine)  
      java.lang.String chooseEngineServerAlias​(java.lang.String keyType,[] issuers, engine)  
      java.lang.String chooseServerAlias​(java.lang.String keyType,[] issuers, socket)  
      protected java.lang.String chooseServerAlias​(java.lang.String keyType,[] issuers, java.util.Collection<> matchers, session)  
      java.util.function.UnaryOperator<java.lang.String> getAliasMapper()[] getCertificateChain​(java.lang.String alias)  
      java.lang.String[] getClientAliases​(java.lang.String keyType,[] issuers) getPrivateKey​(java.lang.String alias)  
      java.lang.String[] getServerAliases​(java.lang.String keyType,[] issuers)  
      void setAliasMapper​(java.util.function.UnaryOperator<java.lang.String> aliasMapper)
      Sets a function that transforms the alias into a possibly different alias, invoked when the SNI logic must choose the alias to pick the right certificate.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • SniX509ExtendedKeyManager

        public SniX509ExtendedKeyManager​( keyManager)
        not supported, you must have a SslContextFactory.Server for this to work.
      • SniX509ExtendedKeyManager

        public SniX509ExtendedKeyManager​( keyManager,
                                         SslContextFactory.Server sslContextFactory)
    • Method Detail

      • getAliasMapper

        public java.util.function.UnaryOperator<java.lang.String> getAliasMapper()
        the function that transforms the alias
        See Also:
      • setAliasMapper

        public void setAliasMapper​(java.util.function.UnaryOperator<java.lang.String> aliasMapper)

        Sets a function that transforms the alias into a possibly different alias, invoked when the SNI logic must choose the alias to pick the right certificate.

        This function is required when using the PKIX KeyManagerFactory algorithm which suffers from bug, where aliases are returned by the OpenJDK implementation to the application in the form N.0.alias where N is an always increasing number. Such mangled aliases won't match the aliases in the keystore, so that for example SNI matching will always fail.

        Other implementations such as BouncyCastle have been reported to mangle the alias in a different way, namely 0.alias.N.

        This function allows to "unmangle" the alias from the implementation specific mangling back to just alias so that SNI matching will work again.

        aliasMapper - the function that transforms the alias
      • chooseClientAlias

        public java.lang.String chooseClientAlias​(java.lang.String[] keyType,
                                        [] issuers,
      • chooseEngineClientAlias

        public java.lang.String chooseEngineClientAlias​(java.lang.String[] keyType,
                                              [] issuers,
        chooseEngineClientAlias in class
      • chooseServerAlias

        protected java.lang.String chooseServerAlias​(java.lang.String keyType,
                                           [] issuers,
                                                     java.util.Collection<> matchers,
      • chooseServerAlias

        public java.lang.String chooseServerAlias​(java.lang.String keyType,
                                        [] issuers,
      • chooseEngineServerAlias

        public java.lang.String chooseEngineServerAlias​(java.lang.String keyType,
                                              [] issuers,
        chooseEngineServerAlias in class
      • getCertificateChain

        public[] getCertificateChain​(java.lang.String alias)
      • getClientAliases

        public java.lang.String[] getClientAliases​(java.lang.String keyType,
                                         [] issuers)
      • getPrivateKey

        public getPrivateKey​(java.lang.String alias)
      • getServerAliases

        public java.lang.String[] getServerAliases​(java.lang.String keyType,
                                         [] issuers)