• Home
• org.openehealth.ipf.oht.atna
• ipf-oht-atna-nodeauth
• 3.0.1
• source code
• AliasSensitiveX509KeyManager.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.openhealthtools.ihe.atna.nodeauth.utils.AliasSensitiveX509KeyManager Maven / Gradle / Ivy

/*******************************************************************************
 * Copyright (c) 2009 IBM Corporation and others.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *     IBM Corporation - initial API and implementation
 *******************************************************************************/

package org.openhealthtools.ihe.atna.nodeauth.utils;

import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;

import javax.net.ssl.X509KeyManager;

import org.openhealthtools.ihe.atna.nodeauth.SecurityDomain;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Wrapper for X509 Key Managers to allow custom selection of key to use in 
 * handshake from a user-defined alias.  If a key is not defined, then the 
 * key selection method defaults to the specific X509 Key Manager's implementation
 * routine.
 * 
 * @author Matthew Davis
 *
 */
public class AliasSensitiveX509KeyManager implements X509KeyManager 
{
	/**
	 * 
	 */
	public static final Logger LOGGER = LoggerFactory.getLogger(AliasSensitiveX509KeyManager.class);
	/**
	 * 
	 */
	private SecurityDomain domain;
	
	/**
	 * 
	 */
	private X509KeyManager parent;
	
	/**
	 * @param domain
	 * @param parent
	 */
	public AliasSensitiveX509KeyManager(SecurityDomain domain, X509KeyManager parent)
	{
		this.parent = parent;
		this.domain = domain;
	}
	
	/* (non-Javadoc)
	 * @see javax.net.ssl.X509KeyManager#chooseClientAlias(java.lang.String[], java.security.Principal[], java.net.Socket)
	 */
	public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) 
	{
		// If not security domain is available, or the preferred alias is NULL, 
		// then default to the nested key manager's process for selecting the keystore
		if (null == domain 
				|| domain.getPreferredKeyAlias() == null) {
			if (LOGGER.isInfoEnabled()) {
				LOGGER.info("No preferred key alias defined.  Defaulting to JSSE certificate selection.");
			}
			return parent.chooseClientAlias(keyType, issuers, socket);
		}
		
		String preferredAlias = domain.getPreferredKeyAlias();
		
		String alias = null;
		if (keyType != null && keyType.length > 0) {
			for (int i=0; i 0) {
			for (int i=0; i