X509KeyManager


1   /*
2    * @(#)X509KeyManager.java  1.10 04/02/16
3    *
4    * Copyright (c) 2004 Sun Microsystems, Inc. All Rights Reserved.
5    * SUN PROPRIETARY/CONFIDENTIAL.  Use is subject to license terms.
6    */
7     
8   /*
9    * NOTE:
10   * Because of various external restrictions (i.e. US export
11   * regulations, etc.), the actual source code can not be provided
12   * at this time. This file represents the skeleton of the source
13   * file, so that javadocs of the API can be created.
14   */
15  
16  package javax.net.ssl;
17  
18  import java.security.KeyManagementException;
19  import java.security.PrivateKey;
20  import java.security.Principal;
21  import java.security.cert.X509Certificate;
22  import java.net.Socket;
23  
24  /** 
25   * Instances of this interface manage which X509 certificate-based
26   * key pairs are used to authenticate the local side of a secure
27   * socket.
28   * <P>
29   * During secure socket negotiations, implentations
30   * call methods in this interface to:
31   * <UL>
32   * <LI> determine the set of aliases that are available for negotiations
33   *  based on the criteria presented,
34   * <LI> select the <ITALIC> best alias </ITALIC> based on
35   *  the criteria presented, and
36   * <LI> obtain the corresponding key material for given aliases.
37   * </UL>
38   * <P>
39   * Note: the X509ExtendedKeyManager should be used in favor of this
40   * class.
41   *
42   * @since 1.4
43   * @version 1.16
44   */
45  public interface X509KeyManager extends KeyManager
46  {
47  
48      /** 
49       * Get the matching aliases for authenticating the client side of a secure
50       * socket given the public key type and the list of
51       * certificate issuer authorities recognized by the peer (if any).
52       *
53       * @param keyType the key algorithm type name
54       * @param issuers the list of acceptable CA issuer subject names,
55       *      or null if it does not matter which issuers are used.
56       * @return an array of the matching alias names, or null if there
57       *      were no matches.
58       */
59      public String[] getClientAliases(String keyType, Principal[] issuers);
60  
61      /** 
62       * Choose an alias to authenticate the client side of a secure
63       * socket given the public key type and the list of
64       * certificate issuer authorities recognized by the peer (if any).
65       *
66       * @param keyType the key algorithm type name(s), ordered
67       *      with the most-preferred key type first.
68       * @param issuers the list of acceptable CA issuer subject names
69       *       or null if it does not matter which issuers are used.
70       * @param socket the socket to be used for this connection.  This
71       *      parameter can be null, which indicates that
72       *      implementations are free to select an alias applicable
73       *      to any socket.
74       * @return the alias name for the desired key, or null if there
75       *      are no matches.
76       */
77      public String chooseClientAlias(String[] keyType, Principal[] issuers,
78          Socket socket);
79  
80      /** 
81       * Get the matching aliases for authenticating the server side of a secure
82       * socket given the public key type and the list of
83       * certificate issuer authorities recognized by the peer (if any).
84       *
85       * @param keyType the key algorithm type name
86       * @param issuers the list of acceptable CA issuer subject names
87       *      or null if it does not matter which issuers are used.
88       * @return an array of the matching alias names, or null
89       *      if there were no matches.
90       */
91      public String[] getServerAliases(String keyType, Principal[] issuers);
92  
93      /** 
94       * Choose an alias to authenticate the server side of a secure
95       * socket given the public key type and the list of
96       * certificate issuer authorities recognized by the peer (if any).
97       *
98       * @param keyType the key algorithm type name.
99       * @param issuers the list of acceptable CA issuer subject names
100      *      or null if it does not matter which issuers are used.
101      * @param socket the socket to be used for this connection.  This
102      *      parameter can be null, which indicates that
103      *      implementations are free to select an alias applicable
104      *      to any socket.
105      * @return the alias name for the desired key, or null if there
106      *      are no matches.
107      */
108     public String chooseServerAlias(String keyType, Principal[] issuers, Socket
109         socket);
110 
111     /** 
112      * Returns the certificate chain associated with the given alias.
113      *
114      * @param alias the alias name
115      * @return the certificate chain (ordered with the user's certificate first
116      *      and the root certificate authority last), or null
117      *      if the alias can't be found.
118      */
119     public X509Certificate[] getCertificateChain(String alias);
120 
121     /** 
122      * Returns the key associated with the given alias.
123      *
124      * @param alias the alias name
125      * @return the requested key, or null if the alias can't be found.
126      */
127     public PrivateKey getPrivateKey(String alias);
128 }
129
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Java Books Remove Frame
Popular Tags