com.sun.identity.liberty.ws.soapbinding.WSX509KeyManager Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of openam-federation-library Show documentation
Show all versions of openam-federation-library Show documentation
OpenAM Federation Library Components
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* https://opensso.dev.java.net/public/CDDLv1.0.html or
* opensso/legal/CDDLv1.0.txt
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: WSX509KeyManager.java,v 1.2 2008/06/25 05:47:24 qcheng Exp $
*
*/
package com.sun.identity.liberty.ws.soapbinding;
import java.net.Socket;
import java.security.cert.X509Certificate;
import java.security.Principal;
import java.security.PrivateKey;
import javax.net.ssl.X509KeyManager;
/**
* The WSX509KeyManager
class implements JSSE X509KeyManager
* interface. This implementation is the same as JSSE default implementation
* exception it will supply user-specified client certificate alias when
* client authentication is on.
*/
public class WSX509KeyManager implements X509KeyManager {
private X509KeyManager defaultX509KM = null;
private String certAlias = null;
/**
* Constructor.
*
* @param defaultX509KeyManager a JSSE default implementation
* @param certAlias the client certificate alias
*/
public WSX509KeyManager(X509KeyManager defaultX509KeyManager,
String certAlias) {
defaultX509KM = defaultX509KeyManager;
this.certAlias = certAlias;
}
/**
* Choose an alias to authenticate the client side of a secure socket given
* the public key type and the list of certificate issuer authorities
* recognized by the peer (if any). If the certAlias specified in the
* constructor is not null, it will be used.
*
* @param keyType the key algorithm type name
* @param issuers the list of acceptable CA issuer subject names
* @return the alias name for the desired key
*/
public String chooseClientAlias(String[] keyType,
Principal[] issuers,Socket socket) {
if (certAlias != null && certAlias.length() > 0) {
if (Utils.debug.messageEnabled()) {
Utils.debug.message("WSX509KeyManager.chooseClientAlias: " +
"certAlias = " + certAlias);
}
return certAlias;
}
if (Utils.debug.messageEnabled()) {
Utils.debug.message("WSX509KeyManager.chooseClientAlias: " +
"using default implementation");
}
return defaultX509KM.chooseClientAlias(keyType, issuers, socket);
}
/**
* Returns an alias to authenticate the server side of a secure socket
* given the public key type and the list of certificate issuer
* authorities recognized by the peer (if any).
*
* @param keyType the key algorithm type name
* @param issuers the list of acceptable CA issuer subject names
* @return the alias name for the desired key
*/
public String chooseServerAlias(String keyType,Principal[] issuers,
Socket socket) {
return defaultX509KM.chooseServerAlias(keyType, issuers, socket);
}
/**
* Returns the matching aliases for authenticating the client of a secure
* socket given the public key type and the list of certificate issuer
* authorities recognized by the peer (if any).
*
* @param keyType the key algorithm type name
* @param issuers the list of acceptable CA issuer subject names
* @return the matching alias names
*/
public String[] getClientAliases(String keyType,Principal[] issuers) {
return defaultX509KM.getClientAliases(keyType, issuers);
}
/**
* Returns the matching aliases for authenticating the server of a secure
* socket given the public key type and the list of certificate issuer
* authorities recognized by the peer (if any).
*
* @param keyType the key algorithm type name
* @param issuers the list of acceptable CA issuer subject names
* @return the matching alias names
*/
public String[] getServerAliases(String keyType,Principal[] issuers) {
return defaultX509KM.getServerAliases(keyType, issuers);
}
/**
* Returns the certificate chain associated with the given alias.
*
* @param alias the alias name
* @return the certificate chain (ordered with the user's certificate first
* and the root certificate authority last)
*/
public X509Certificate[] getCertificateChain(String alias) {
return defaultX509KM.getCertificateChain(alias);
}
/**
* Returns the private key associated with the given alias.
*
* @return the private key associated with the given alias
*/
public PrivateKey getPrivateKey(String alias) {
return defaultX509KM.getPrivateKey(alias);
}
}