1 // 2 // ======================================================================== 3 // Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd. 4 // ------------------------------------------------------------------------ 5 // All rights reserved. This program and the accompanying materials 6 // are made available under the terms of the Eclipse Public License v1.0 7 // and Apache License v2.0 which accompanies this distribution. 8 // 9 // The Eclipse Public License is available at 10 // http://www.eclipse.org/legal/epl-v10.html 11 // 12 // The Apache License v2.0 is available at 13 // http://www.opensource.org/licenses/apache2.0.php 14 // 15 // You may elect to redistribute this code under either of these licenses. 16 // ======================================================================== 17 // 18 19 package org.eclipse.jetty.util.ssl; 20 21 import java.net.Socket; 22 import java.security.Principal; 23 import java.security.PrivateKey; 24 import java.security.cert.X509Certificate; 25 26 import javax.net.ssl.SSLEngine; 27 import javax.net.ssl.X509ExtendedKeyManager; 28 import javax.net.ssl.X509KeyManager; 29 30 31 /* ------------------------------------------------------------ */ 32 /** 33 * KeyManager to select a key with desired alias 34 * while delegating processing to specified KeyManager 35 * Can be used both with server and client sockets 36 */ 37 public class AliasedX509ExtendedKeyManager extends X509ExtendedKeyManager 38 { 39 private String _keyAlias; 40 private X509KeyManager _keyManager; 41 42 /* ------------------------------------------------------------ */ 43 /** 44 * Construct KeyManager instance 45 * @param keyAlias Alias of the key to be selected 46 * @param keyManager Instance of KeyManager to be wrapped 47 * @throws Exception 48 */ 49 public AliasedX509ExtendedKeyManager(String keyAlias, X509KeyManager keyManager) throws Exception 50 { 51 _keyAlias = keyAlias; 52 _keyManager = keyManager; 53 } 54 55 /* ------------------------------------------------------------ */ 56 /** 57 * @see javax.net.ssl.X509KeyManager#chooseClientAlias(java.lang.String[], java.security.Principal[], java.net.Socket) 58 */ 59 public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) 60 { 61 return _keyAlias == null ? _keyManager.chooseClientAlias(keyType, issuers, socket) : _keyAlias; 62 } 63 64 /* ------------------------------------------------------------ */ 65 /** 66 * @see javax.net.ssl.X509KeyManager#chooseServerAlias(java.lang.String, java.security.Principal[], java.net.Socket) 67 */ 68 public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) 69 { 70 return _keyAlias == null ? _keyManager.chooseServerAlias(keyType, issuers, socket) : _keyAlias; 71 } 72 73 /* ------------------------------------------------------------ */ 74 /** 75 * @see javax.net.ssl.X509KeyManager#getClientAliases(java.lang.String, java.security.Principal[]) 76 */ 77 public String[] getClientAliases(String keyType, Principal[] issuers) 78 { 79 return _keyManager.getClientAliases(keyType, issuers); 80 } 81 82 83 /* ------------------------------------------------------------ */ 84 /** 85 * @see javax.net.ssl.X509KeyManager#getServerAliases(java.lang.String, java.security.Principal[]) 86 */ 87 public String[] getServerAliases(String keyType, Principal[] issuers) 88 { 89 return _keyManager.getServerAliases(keyType, issuers); 90 } 91 92 /* ------------------------------------------------------------ */ 93 /** 94 * @see javax.net.ssl.X509KeyManager#getCertificateChain(java.lang.String) 95 */ 96 public X509Certificate[] getCertificateChain(String alias) 97 { 98 return _keyManager.getCertificateChain(alias); 99 } 100 101 /* ------------------------------------------------------------ */ 102 /** 103 * @see javax.net.ssl.X509KeyManager#getPrivateKey(java.lang.String) 104 */ 105 public PrivateKey getPrivateKey(String alias) 106 { 107 return _keyManager.getPrivateKey(alias); 108 } 109 110 /* ------------------------------------------------------------ */ 111 /** 112 * @see javax.net.ssl.X509ExtendedKeyManager#chooseEngineServerAlias(java.lang.String, java.security.Principal[], javax.net.ssl.SSLEngine) 113 */ 114 @Override 115 public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) 116 { 117 return _keyAlias == null ? super.chooseEngineServerAlias(keyType,issuers,engine) : _keyAlias; 118 } 119 120 121 /* ------------------------------------------------------------ */ 122 /** 123 * @see javax.net.ssl.X509ExtendedKeyManager#chooseEngineClientAlias(String[], Principal[], SSLEngine) 124 */ 125 @Override 126 public String chooseEngineClientAlias(String keyType[], Principal[] issuers, SSLEngine engine) 127 { 128 return _keyAlias == null ? super.chooseEngineClientAlias(keyType,issuers,engine) : _keyAlias; 129 } 130 }