/* * Copyright (c) 1999, 2004, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package javax.net.ssl; import java.security.KeyManagementException; import java.security.PrivateKey; import java.security.Principal; import java.security.cert.X509Certificate; import java.net.Socket; /** * Instances of this interface manage which X509 certificate-based * key pairs are used to authenticate the local side of a secure * socket. *
* During secure socket negotiations, implentations * call methods in this interface to: *
* Note: the X509ExtendedKeyManager should be used in favor of this * class. * * @since 1.4 */ public interface X509KeyManager extends KeyManager { /** * Get the matching aliases for authenticating the client side of a secure * socket given the public key type and the list of * certificate issuer authorities recognized by the peer (if any). * * @param keyType the key algorithm type name * @param issuers the list of acceptable CA issuer subject names, * or null if it does not matter which issuers are used. * @return an array of the matching alias names, or null if there * were no matches. */ public String[] getClientAliases(String keyType, Principal[] issuers); /** * Choose an alias to authenticate the client side of a secure * socket given the public key type and the list of * certificate issuer authorities recognized by the peer (if any). * * @param keyType the key algorithm type name(s), ordered * with the most-preferred key type first. * @param issuers the list of acceptable CA issuer subject names * or null if it does not matter which issuers are used. * @param socket the socket to be used for this connection. This * parameter can be null, which indicates that * implementations are free to select an alias applicable * to any socket. * @return the alias name for the desired key, or null if there * are no matches. */ public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket); /** * Get the matching aliases for authenticating the server side of a secure * socket given the public key type and the list of * certificate issuer authorities recognized by the peer (if any). * * @param keyType the key algorithm type name * @param issuers the list of acceptable CA issuer subject names * or null if it does not matter which issuers are used. * @return an array of the matching alias names, or null * if there were no matches. */ public String[] getServerAliases(String keyType, Principal[] issuers); /** * Choose an alias to authenticate the server side of a secure * socket given the public key type and the list of * certificate issuer authorities recognized by the peer (if any). * * @param keyType the key algorithm type name. * @param issuers the list of acceptable CA issuer subject names * or null if it does not matter which issuers are used. * @param socket the socket to be used for this connection. This * parameter can be null, which indicates that * implementations are free to select an alias applicable * to any socket. * @return the alias name for the desired key, or null if there * are no matches. */ public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket); /** * Returns the certificate chain associated with the given alias. * * @param alias the alias name * @return the certificate chain (ordered with the user's certificate first * and the root certificate authority last), or null * if the alias can't be found. */ public X509Certificate[] getCertificateChain(String alias); /** * Returns the key associated with the given alias. * * @param alias the alias name * @return the requested key, or null if the alias can't be found. */ public PrivateKey getPrivateKey(String alias); }