X509KeyManager (Java SE 15 & JDK 15) (original) (raw)

All Superinterfaces:

[KeyManager](KeyManager.html "interface in javax.net.ssl")

All Known Implementing Classes:

[X509ExtendedKeyManager](X509ExtendedKeyManager.html "class in javax.net.ssl")

public interface X509KeyManager extends KeyManager

Instances of this interface manage which X509 certificate-based key pairs are used to authenticate the local side of a secure socket.

During secure socket negotiations, implementations call methods in this interface to:

• determine the set of aliases that are available for negotiations based on the criteria presented,
• select the best alias based on the criteria presented, and
• obtain the corresponding key material for given aliases.

Note: the X509ExtendedKeyManager should be used in favor of this class.

Since:

1.4

• Method Summary

• Method Details

  • getClientAliases

  Get the matching aliases for authenticating the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
  Parameters:
  keyType - the key algorithm type name
  issuers - the list of acceptable CA issuer subject names, or null if it does not matter which issuers are used.
  Returns:
  an array of the matching alias names, or null if there were no matches.

  • chooseClientAlias

  Choose an alias to authenticate the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
  Parameters:
  keyType - the key algorithm type name(s), ordered with the most-preferred key type first.
  issuers - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used.
  socket - the socket to be used for this connection. This parameter can be null, which indicates that implementations are free to select an alias applicable to any socket.
  Returns:
  the alias name for the desired key, or null if there are no matches.

  • getServerAliases

  Get the matching aliases for authenticating the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
  Parameters:
  keyType - the key algorithm type name
  issuers - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used.
  Returns:
  an array of the matching alias names, or null if there were no matches.

  • chooseServerAlias

  Choose an alias to authenticate the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
  Parameters:
  keyType - the key algorithm type name.
  issuers - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used.
  socket - the socket to be used for this connection. This parameter can be null, which indicates that implementations are free to select an alias applicable to any socket.
  Returns:
  the alias name for the desired key, or null if there are no matches.

  • getCertificateChain

  Returns the certificate chain associated with the given alias.
  Parameters:
  alias - the alias name
  Returns:
  the certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the alias can't be found.

  • getPrivateKey

  Returns the key associated with the given alias.
  Parameters:
  alias - the alias name
  Returns:
  the requested key, or null if the alias can't be found.