CompositeX509ExtendedKeyManager (sslcontext-kickstart 7.4.3 API)

java.lang.Object
- javax.net.ssl.X509ExtendedKeyManager
- - nl.altindag.ssl.keymanager.CompositeX509ExtendedKeyManager

All Implemented Interfaces:

KeyManager, X509KeyManager
```
public final class CompositeX509ExtendedKeyManager
extends X509ExtendedKeyManager
```
Represents an ordered list of X509ExtendedKeyManager with most-preferred managers first.
This is necessary because of the fine-print on SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], java.security.SecureRandom): Only the first instance of a particular key and/or key manager implementation type in the array is used. (For example, only the first javax.net.ssl.X509KeyManager in the array will be used.) The KeyManager can be build from one or more of any combination provided within the KeyManagerUtils.KeyManagerBuilder.

This includes:
```
     - Any amount of custom KeyManagers
     - Any amount of custom Identities
 
```
NOTE: Please don't use this class directly as it is part of the internal API. Class name and methods can be changed any time. Instead use the KeyManagerUtils which provides the same functionality while it has a stable API because it is part of the public API.
Author:

Cody Ray, Hakan Altindag

See Also:

http://stackoverflow.com/questions/1793979/registering-multiple-keystores-in-jvm , http://codyaray.com/2013/04/java-ssl-with-multiple-keystores

Field Summary

Fields
Modifier and Type Field and Description

static Predicate<String> NON_NULL

Fields
Modifier and Type	Field and Description
`static Predicate<String>`	`NON_NULL`

Constructor Summary

Constructors
Constructor and Description
`CompositeX509ExtendedKeyManager(List<? extends X509ExtendedKeyManager> keyManagers)` Creates a new `CompositeX509ExtendedKeyManager`.
`CompositeX509ExtendedKeyManager(List<? extends X509ExtendedKeyManager> keyManagers, Map<String,List<URI>> preferredAliasToHost)` Creates a new `CompositeX509ExtendedKeyManager`.

Method Summary

All Methods Instance Methods Concrete Methods Default Methods
Modifier and Type	Method and Description
`default String`	`chooseAlias(Supplier<String> preferredAliasSupplier, Function<X509ExtendedKeyManager,String> aliasExtractor)`
`String`	`chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)` Chooses the first non-null client alias returned from the delegate `X509ExtendedKeyManager`, or `null` if there are no matches.
`default <T> String`	`chooseClientAlias(T object, Predicate<T> predicate, Function<T,Map.Entry<String,Integer>> hostToPortExtractor, Function<X509ExtendedKeyManager,String> aliasExtractor)`
`String`	`chooseEngineClientAlias(String[] keyTypes, Principal[] issuers, SSLEngine sslEngine)` Chooses the first non-null client alias returned from the delegate `X509ExtendedKeyManager`, or `null` if there are no matches.
`String`	`chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine sslEngine)` Chooses the first non-null server alias returned from the delegate `X509ExtendedKeyManager`, or `null` if there are no matches.
`String`	`chooseServerAlias(String keyType, Principal[] issuers, Socket socket)` Chooses the first non-null server alias returned from the delegate `X509ExtendedKeyManager`, or `null` if there are no matches.
`default <T> String`	`chooseServerAlias(T object, Predicate<T> predicate, Function<T,SSLSession> sslSessionExtractor, Function<X509ExtendedKeyManager,String> aliasExtractor)`
`default boolean`	`containsInetSocketAddress(Socket socket)`
`default Map.Entry<String,Integer>`	`extractHostAndPort(Socket socket)`
`default Map.Entry<String,Integer>`	`extractHostAndPort(SSLEngine sslEngine)`
`default <T> T`	`extractInnerField(Function<X509ExtendedKeyManager,T> keyManagerMapper, Predicate<T> predicate)`
`default String[]`	`getAliases(Function<X509ExtendedKeyManager,String[]> aliasExtractor)`
`X509Certificate[]`	`getCertificateChain(String alias)` Returns the first non-null certificate chain associated with the given alias, or `null` if the alias can't be found.
`String[]`	`getClientAliases(String keyType, Principal[] issuers)` Get all matching aliases for authenticating the client side of a secure socket, or `null` if there are no matches.
`Map<String,List<URI>>`	`getIdentityRoute()`
`List<X509ExtendedKeyManager>`	`getKeyManagers()`
`default String`	`getPreferredClientAlias(String peerHost, int peerPort)`
`default <T> String`	`getPreferredClientAlias(T object, Predicate<T> predicate, Function<T,Map.Entry<String,Integer>> hostToPortExtractor)`
`default String`	`getPreferredServerAlias(Set<String> hostnames)`
`default <T> String`	`getPreferredServerAlias(T object, Predicate<T> predicate, Function<T,SSLSession> sslSessionExtractor)`
`PrivateKey`	`getPrivateKey(String alias)` Returns the first non-null private key associated with the given alias, or `null` if the alias can't be found.
`String[]`	`getServerAliases(String keyType, Principal[] issuers)` Get all matching aliases for authenticating the server side of a secure socket, or `null` if there are no matches.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

NON_NULL

public static final Predicate<String> NON_NULL

Constructor Detail
- CompositeX509ExtendedKeyManager
```
public CompositeX509ExtendedKeyManager(List<? extends X509ExtendedKeyManager> keyManagers)
```
  Creates a new CompositeX509ExtendedKeyManager.
  
  Parameters:
  
  keyManagers - the X509ExtendedKeyManager, ordered with the most-preferred managers first.
- CompositeX509ExtendedKeyManager
```
public CompositeX509ExtendedKeyManager(List<? extends X509ExtendedKeyManager> keyManagers,
                                       Map<String,List<URI>> preferredAliasToHost)
```
  Creates a new CompositeX509ExtendedKeyManager.
  
  Parameters:
  
  keyManagers - the X509ExtendedKeyManager, ordered with the most-preferred managers first.
  
  preferredAliasToHost - the preferred client alias to be used for the given host

Method Detail

chooseClientAlias

public String chooseClientAlias(String[] keyType,
                                Principal[] issuers,
                                Socket socket)

Chooses the first non-null client alias returned from the delegate X509ExtendedKeyManager, or null if there are no matches.

Specified by:: chooseClientAlias in interface X509KeyManager

chooseEngineClientAlias

public String chooseEngineClientAlias(String[] keyTypes,
                                      Principal[] issuers,
                                      SSLEngine sslEngine)

Chooses the first non-null client alias returned from the delegate X509ExtendedKeyManager, or null if there are no matches.

Overrides:: chooseEngineClientAlias in class X509ExtendedKeyManager

chooseServerAlias

public String chooseServerAlias(String keyType,
                                Principal[] issuers,
                                Socket socket)

Chooses the first non-null server alias returned from the delegate X509ExtendedKeyManager, or null if there are no matches.

Specified by:: chooseServerAlias in interface X509KeyManager

chooseEngineServerAlias

public String chooseEngineServerAlias(String keyType,
                                      Principal[] issuers,
                                      SSLEngine sslEngine)

Chooses the first non-null server alias returned from the delegate X509ExtendedKeyManager, or null if there are no matches.

Overrides:: chooseEngineServerAlias in class X509ExtendedKeyManager

getPrivateKey
```
public PrivateKey getPrivateKey(String alias)
```
Returns the first non-null private key associated with the given alias, or null if the alias can't be found.

Specified by:

getPrivateKey in interface X509KeyManager

getCertificateChain
```
public X509Certificate[] getCertificateChain(String alias)
```
Returns the first non-null certificate chain associated with the given alias, or null if the alias can't be found.

Specified by:

getCertificateChain in interface X509KeyManager

getClientAliases
```
public String[] getClientAliases(String keyType,
                                 Principal[] issuers)
```
Get all matching aliases for authenticating the client side of a secure socket, or null if there are no matches.

Specified by:

getClientAliases in interface X509KeyManager

getServerAliases
```
public String[] getServerAliases(String keyType,
                                 Principal[] issuers)
```
Get all matching aliases for authenticating the server side of a secure socket, or null if there are no matches.

Specified by:

getServerAliases in interface X509KeyManager

getKeyManagers

public List<X509ExtendedKeyManager> getKeyManagers()

getIdentityRoute

public Map<String,List<URI>> getIdentityRoute()

chooseClientAlias

public <T> String chooseClientAlias(T object,
                                    Predicate<T> predicate,
                                    Function<T,Map.Entry<String,Integer>> hostToPortExtractor,
                                    Function<X509ExtendedKeyManager,String> aliasExtractor)

getPreferredClientAlias

public <T> String getPreferredClientAlias(T object,
                                          Predicate<T> predicate,
                                          Function<T,Map.Entry<String,Integer>> hostToPortExtractor)

getPreferredClientAlias

public String getPreferredClientAlias(String peerHost,
                                      int peerPort)

chooseServerAlias

public <T> String chooseServerAlias(T object,
                                    Predicate<T> predicate,
                                    Function<T,SSLSession> sslSessionExtractor,
                                    Function<X509ExtendedKeyManager,String> aliasExtractor)

getPreferredServerAlias

public <T> String getPreferredServerAlias(T object,
                                          Predicate<T> predicate,
                                          Function<T,SSLSession> sslSessionExtractor)

getPreferredServerAlias

public String getPreferredServerAlias(Set<String> hostnames)

chooseAlias

public String chooseAlias(Supplier<String> preferredAliasSupplier,
                          Function<X509ExtendedKeyManager,String> aliasExtractor)

containsInetSocketAddress

public boolean containsInetSocketAddress(Socket socket)

extractHostAndPort

public Map.Entry<String,Integer> extractHostAndPort(Socket socket)

extractHostAndPort

public Map.Entry<String,Integer> extractHostAndPort(SSLEngine sslEngine)

extractInnerField

public <T> T extractInnerField(Function<X509ExtendedKeyManager,T> keyManagerMapper,
                               Predicate<T> predicate)

getAliases

public String[] getAliases(Function<X509ExtendedKeyManager,String[]> aliasExtractor)

Class CompositeX509ExtendedKeyManager

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

NON_NULL

Constructor Detail

CompositeX509ExtendedKeyManager

CompositeX509ExtendedKeyManager

Method Detail

chooseClientAlias

chooseEngineClientAlias

chooseServerAlias

chooseEngineServerAlias

getPrivateKey

getCertificateChain

getClientAliases

getServerAliases

getKeyManagers

getIdentityRoute

chooseClientAlias

getPreferredClientAlias

getPreferredClientAlias

chooseServerAlias

getPreferredServerAlias

getPreferredServerAlias

chooseAlias

containsInetSocketAddress

extractHostAndPort

extractHostAndPort

extractInnerField

getAliases