CredentialX509KeyManager.java example

Explorer

canl-java-master
- src
  - main
    - java
      - eu
        emi
        security
        authn
        x509
        CommonX509TrustManager.java
        CrlCheckingMode.java
        NamespaceCheckingMode.java
        OCSPCheckingMode.java
        OCSPParametes.java
        OCSPResponder.java
        ProxySupport.java
        RevocationParameters.java
        StoreUpdateListener.java
        ValidationError.java
        ValidationErrorCategory.java
        ValidationErrorCode.java
        ValidationErrorListener.java
        ValidationResult.java
        X509CertChainValidator.java
        X509CertChainValidatorExt.java
        X509Credential.java
        helpers
        AbstractDelegatingX509Credential.java
        AbstractX509Credential.java
        BinaryCertChainValidator.java
        CachedElement.java
        CachedPEMReader.java
        CertificateHelpers.java
        CharArrayPasswordFinder.java
        DNComparator.java
        FlexiblePEMReader.java
        JavaAndBCStyle.java
        KeyStoreHelper.java
        ObserversHandler.java
        PKCS8DERReader.java
        PasswordSupplier.java
        ReaderInputStream.java
        WeakTimerTask.java
        crl
        AbstractCRLStoreSPI.java
        LazyOpensslCRLStoreSpi.java
        OpensslCRLStoreSpi.java
        PlainCRLStoreSpi.java
        SimpleCRLStore.java
        package-info.java
        ns
        AbstractEuGridPmaNamespacesStore.java
        AbstractGlobusNamespacesStore.java
        AbstractNamespacesStore.java
        EuGridPmaNamespacesParser.java
        EuGridPmaNamespacesStore.java
        GlobusNamespacesParser.java
        GlobusNamespacesStore.java
        LazyEuGridPmaNamespacesStore.java
        LazyGlobusNamespacesStore.java
        NamespaceChecker.java
        NamespacePolicy.java
        NamespacesParser.java
        NamespacesStore.java
        OpensslNamespacePolicyImpl.java
        ParserUtils.java
        package-info.java
        ocsp
        BoundedSizeLruMap.java
        OCSPCacheBase.java
        OCSPCachingClient.java
        OCSPClientImpl.java
        OCSPRespondersCache.java
        OCSPResponseStructure.java
        OCSPResponsesCache.java
        OCSPResult.java
        OCSPRevocationChecker.java
        OCSPVerifier.java
        package-info.java
        package-info.java
        pkipath
        AbstractValidator.java
        BCCertPathValidator.java
        BCErrorMapper.java
        ExtPKIXParameters2.java
        NonValidatingCertPathBuilder.java
        PKIXProxyCertificateChecker.java
        PlainCRLValidator.java
        PlainStoreUtils.java
        SimpleValidationErrorException.java
        ValidationErrorException.java
        bc
        CertPathValidatorUtilities.java
        CertPathValidatorUtilitiesCanl.java
        CertStatus.java
        FixedBCPKIXCertPathReviewer.java
        PKIXCRLUtil.java
        PKIXPolicyNode.java
        PrincipalUtils.java
        RFC3280CertPathUtilities.java
        RFC3280CertPathUtilitiesCanl.java
        ReasonsMask.java
        package-info.java
        package-info.java
        proxy
        DraftRFCProxyCertInfoExtension.java
        ExtendedProxyType.java
        IPAddressHelper.java
        ProxyACExtension.java
        ProxyAddressRestrictionData.java
        ProxyCSRImpl.java
        ProxyCertInfoExtension.java
        ProxyCertificateImpl.java
        ProxyGeneratorHelper.java
        ProxyHelper.java
        ProxySAMLExtension.java
        ProxyTracingExtension.java
        RFCProxyCertInfoExtension.java
        X509v3CertificateBuilder.java
        package-info.java
        revocation
        CRLRevocationChecker.java
        RevocationChecker.java
        RevocationStatus.java
        package-info.java
        ssl
        CredentialX509KeyManager.java
        HostnameToCertificateChecker.java
        SSLTrustManager.java
        package-info.java
        trust
        AbstractTrustAnchorStore.java
        DirectoryTrustAnchorStore.java
        JDKFSTrustAnchorStore.java
        JDKInMemoryTrustAnchorStore.java
        LazyOpensslTrustAnchorStoreImpl.java
        OpensslTrustAnchorStore.java
        OpensslTrustAnchorStoreImpl.java
        OpensslTruststoreHelper.java
        TimedTrustAnchorStoreBase.java
        TrustAnchorExt.java
        TrustAnchorStore.java
        package-info.java
        impl
        AbstractHostnameToCertificateChecker.java
        CRLParameters.java
        CertificateUtils.java
        DERCredential.java
        DirectoryCertChainValidator.java
        FormatMode.java
        HostnameMismatchCallback.java
        InMemoryKeystoreCertChainValidator.java
        KeyAndCertCredential.java
        KeystoreCertChainValidator.java
        KeystoreCredential.java
        OpensslCertChainValidator.java
        OpensslNameUtils.java
        PEMCredential.java
        RevocationParametersExt.java
        SocketFactoryCreator.java
        ValidatorParams.java
        ValidatorParamsExt.java
        X500NameUtils.java
        X509Formatter.java
        package-info.java
        package-info.java
        proxy
        BaseProxyCertificateOptions.java
        CertificateExtension.java
        OidAndValue.java
        ProxyCSR.java
        ProxyCSRGenerator.java
        ProxyCSRInfo.java
        ProxyCertificate.java
        ProxyCertificateOptions.java
        ProxyChainInfo.java
        ProxyChainType.java
        ProxyGenerator.java
        ProxyPolicy.java
        ProxyRequestOptions.java
        ProxyType.java
        ProxyUtils.java
        package-info.java
  - test
    - java
      - eu
        emi
        security
        authn
        x509
        ErrorTest.java
        Examples.java
        RiskyIntegrationTests.java
        impl
        CRLIfValidTest.java
        CRLTest.java
        CertificateUtilsTest.java
        CredentialsTest.java
        GLiteValidatorTest.java
        HostnameCheckerTest.java
        NISTValidator01_5Test.java
        NISTValidator06_12Test.java
        NISTValidator13_16Test.java
        NISTValidatorTestBase.java
        OpensslNamesTest.java
        OpensslNewHashTest.java
        OpensslStrangeDNProducer.java
        OpensslValidatorStressTest.java
        OpensslValidatorTest.java
        RolloverTest.java
        TestDirectoryValidator.java
        TestKSValidators.java
        TestSSLHelpers.java
        V1CertValidationTest.java
        ValidatorTestBase.java
        X500NameUtilsTest.java
        ns
        Case.java
        GlobusParserTest.java
        NamespacesParserTest.java
        OpensslDirTest.java
        ocsp
        CacheTest.java
        OCSPClientTest.java
        OCSPIntegrationTest.java
        proxy
        ExtensionsTest.java
        PathRetrievalTest.java
        ProxyGenerationTest.java
        TestDraftRFCProxy.java

/*
 * Copyright (c) 2011-2012 ICM Uniwersytet Warszawski All rights reserved.
 * See LICENCE.txt file for licensing information.
 */
package eu.emi.security.authn.x509.helpers.ssl;

import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;

import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;

import eu.emi.security.authn.x509.X509Credential;

/**
 * Simple {@link KeyManager} implementation which always returns the only key and certificate
 * which is available in the configured {@link X509Credential} object.
 * Note that this class could return null in case when server provides 
 * a list of trusted issuers and our credential is not issued by any of them. However
 * such behavior results in quite cryptic errors from the server side ("null cert chain"),
 * so we try to authenticate with what we have always.  
 * 
 * @author K. Benedyczak
 */
public class CredentialX509KeyManager extends X509ExtendedKeyManager
{
	private X509Credential credential; 
	
	
	public CredentialX509KeyManager(X509Credential credential)
	{
		this.credential = credential;
	}

	@Override
	public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
	{
		return credential.getKeyAlias();
	}

	@Override
	public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
	{
		return credential.getKeyAlias();
	}

	@Override
	public X509Certificate[] getCertificateChain(String alias)
	{
		return credential.getCertificateChain();
	}

	@Override
	public String[] getClientAliases(String keyType, Principal[] issuers)
	{
		return new String[] {credential.getKeyAlias()};
	}

	@Override
	public PrivateKey getPrivateKey(String alias)
	{
		return credential.getKey();
	}

	@Override
	public String[] getServerAliases(String keyType, Principal[] issuers)
	{
		return new String[] {credential.getKeyAlias()};
	}

	@Override
	public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, 
			SSLEngine engine)
	{
		return credential.getKeyAlias();
	}

	@Override
	public String chooseEngineServerAlias(String keyType, Principal[] issuers, 
			SSLEngine engine)
	{
		return credential.getKeyAlias();
	}
}