Jake Slack | 03928ae | 2014-05-13 18:41:56 -0700 | [diff] [blame] | 1 | // |
| 2 | // ======================================================================== |
| 3 | // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. |
| 4 | // ------------------------------------------------------------------------ |
| 5 | // All rights reserved. This program and the accompanying materials |
| 6 | // are made available under the terms of the Eclipse Public License v1.0 |
| 7 | // and Apache License v2.0 which accompanies this distribution. |
| 8 | // |
| 9 | // The Eclipse Public License is available at |
| 10 | // http://www.eclipse.org/legal/epl-v10.html |
| 11 | // |
| 12 | // The Apache License v2.0 is available at |
| 13 | // http://www.opensource.org/licenses/apache2.0.php |
| 14 | // |
| 15 | // You may elect to redistribute this code under either of these licenses. |
| 16 | // ======================================================================== |
| 17 | // |
| 18 | |
| 19 | package org.eclipse.jetty.util.ssl; |
| 20 | |
| 21 | import java.net.Socket; |
| 22 | import java.security.Principal; |
| 23 | import java.security.PrivateKey; |
| 24 | import java.security.cert.X509Certificate; |
| 25 | |
| 26 | import javax.net.ssl.SSLEngine; |
| 27 | import javax.net.ssl.X509ExtendedKeyManager; |
| 28 | import javax.net.ssl.X509KeyManager; |
| 29 | |
| 30 | |
| 31 | /* ------------------------------------------------------------ */ |
| 32 | /** |
| 33 | * KeyManager to select a key with desired alias |
| 34 | * while delegating processing to specified KeyManager |
| 35 | * Can be used both with server and client sockets |
| 36 | */ |
| 37 | public class AliasedX509ExtendedKeyManager extends X509ExtendedKeyManager |
| 38 | { |
| 39 | private String _keyAlias; |
| 40 | private X509KeyManager _keyManager; |
| 41 | |
| 42 | /* ------------------------------------------------------------ */ |
| 43 | /** |
| 44 | * Construct KeyManager instance |
| 45 | * @param keyAlias Alias of the key to be selected |
| 46 | * @param keyManager Instance of KeyManager to be wrapped |
| 47 | * @throws Exception |
| 48 | */ |
| 49 | public AliasedX509ExtendedKeyManager(String keyAlias, X509KeyManager keyManager) throws Exception |
| 50 | { |
| 51 | _keyAlias = keyAlias; |
| 52 | _keyManager = keyManager; |
| 53 | } |
| 54 | |
| 55 | /* ------------------------------------------------------------ */ |
| 56 | /** |
| 57 | * @see javax.net.ssl.X509KeyManager#chooseClientAlias(java.lang.String[], java.security.Principal[], java.net.Socket) |
| 58 | */ |
| 59 | public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) |
| 60 | { |
| 61 | return _keyAlias == null ? _keyManager.chooseClientAlias(keyType, issuers, socket) : _keyAlias; |
| 62 | } |
| 63 | |
| 64 | /* ------------------------------------------------------------ */ |
| 65 | /** |
| 66 | * @see javax.net.ssl.X509KeyManager#chooseServerAlias(java.lang.String, java.security.Principal[], java.net.Socket) |
| 67 | */ |
| 68 | public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) |
| 69 | { |
| 70 | return _keyAlias == null ? _keyManager.chooseServerAlias(keyType, issuers, socket) : _keyAlias; |
| 71 | } |
| 72 | |
| 73 | /* ------------------------------------------------------------ */ |
| 74 | /** |
| 75 | * @see javax.net.ssl.X509KeyManager#getClientAliases(java.lang.String, java.security.Principal[]) |
| 76 | */ |
| 77 | public String[] getClientAliases(String keyType, Principal[] issuers) |
| 78 | { |
| 79 | return _keyManager.getClientAliases(keyType, issuers); |
| 80 | } |
| 81 | |
| 82 | |
| 83 | /* ------------------------------------------------------------ */ |
| 84 | /** |
| 85 | * @see javax.net.ssl.X509KeyManager#getServerAliases(java.lang.String, java.security.Principal[]) |
| 86 | */ |
| 87 | public String[] getServerAliases(String keyType, Principal[] issuers) |
| 88 | { |
| 89 | return _keyManager.getServerAliases(keyType, issuers); |
| 90 | } |
| 91 | |
| 92 | /* ------------------------------------------------------------ */ |
| 93 | /** |
| 94 | * @see javax.net.ssl.X509KeyManager#getCertificateChain(java.lang.String) |
| 95 | */ |
| 96 | public X509Certificate[] getCertificateChain(String alias) |
| 97 | { |
| 98 | return _keyManager.getCertificateChain(alias); |
| 99 | } |
| 100 | |
| 101 | /* ------------------------------------------------------------ */ |
| 102 | /** |
| 103 | * @see javax.net.ssl.X509KeyManager#getPrivateKey(java.lang.String) |
| 104 | */ |
| 105 | public PrivateKey getPrivateKey(String alias) |
| 106 | { |
| 107 | return _keyManager.getPrivateKey(alias); |
| 108 | } |
| 109 | |
| 110 | /* ------------------------------------------------------------ */ |
| 111 | /** |
| 112 | * @see javax.net.ssl.X509ExtendedKeyManager#chooseEngineServerAlias(java.lang.String, java.security.Principal[], javax.net.ssl.SSLEngine) |
| 113 | */ |
| 114 | @Override |
| 115 | public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) |
| 116 | { |
| 117 | return _keyAlias == null ? super.chooseEngineServerAlias(keyType,issuers,engine) : _keyAlias; |
| 118 | } |
| 119 | |
| 120 | |
| 121 | /* ------------------------------------------------------------ */ |
| 122 | /** |
| 123 | * @see javax.net.ssl.X509ExtendedKeyManager#chooseEngineClientAlias(String[], Principal[], SSLEngine) |
| 124 | */ |
| 125 | @Override |
| 126 | public String chooseEngineClientAlias(String keyType[], Principal[] issuers, SSLEngine engine) |
| 127 | { |
| 128 | return _keyAlias == null ? super.chooseEngineClientAlias(keyType,issuers,engine) : _keyAlias; |
| 129 | } |
| 130 | } |