com.genesyslab.platform.commons.connection.tls
Class ThumbprintKeyManager
java.lang.Object
javax.net.ssl.X509ExtendedKeyManager
com.genesyslab.platform.commons.connection.tls.ThumbprintKeyManager
- All Implemented Interfaces:
- javax.net.ssl.KeyManager, javax.net.ssl.X509KeyManager
public class ThumbprintKeyManager
- extends javax.net.ssl.X509ExtendedKeyManager
Specific implementation of X509ExtendedKeyManager to be used with Windows Certificate Services (WCS)
key stores.
WCS uses SHA1 thumbprints to identify and search certificates. These thumbprints are not available
in Java directly and this class fill this gap by calculating them on its own and allowing users
to search certificate entries by WCS thumbprint.
Note that it may take considerable time iterating over WCS key store and calculating SHA1 over
certificates. Actual time depends on number of certificates stored and CPU speed, but delays observed
during development (XP Pro, Java 1.5-1.7, Core Duo E4600 @ 2.4GHz) were about 30-50 seconds.
Constructor Summary |
ThumbprintKeyManager(java.security.KeyStore keyStore,
java.lang.String thumbprint)
Creates key manager. |
Method Summary |
java.lang.String |
chooseClientAlias(java.lang.String[] strings,
java.security.Principal[] principals,
java.net.Socket socket)
|
java.lang.String |
chooseEngineClientAlias(java.lang.String[] strings,
java.security.Principal[] principals,
javax.net.ssl.SSLEngine sslEngine)
|
java.lang.String |
chooseEngineServerAlias(java.lang.String s,
java.security.Principal[] principals,
javax.net.ssl.SSLEngine sslEngine)
|
java.lang.String |
chooseServerAlias(java.lang.String s,
java.security.Principal[] principals,
java.net.Socket socket)
|
java.security.cert.X509Certificate[] |
getCertificateChain(java.lang.String s)
|
java.lang.String[] |
getClientAliases(java.lang.String s,
java.security.Principal[] principals)
|
java.security.PrivateKey |
getPrivateKey(java.lang.String s)
|
java.lang.String[] |
getServerAliases(java.lang.String s,
java.security.Principal[] principals)
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
ThumbprintKeyManager
public ThumbprintKeyManager(java.security.KeyStore keyStore,
java.lang.String thumbprint)
throws java.security.GeneralSecurityException
- Creates key manager. Performs search for entry with matching thumbprint.
Search is performed only once on creation, this class will not account for dynamic changes in
key store.
- Parameters:
keyStore
- KeyStore, supposedly WCS/MSCAPI one.thumbprint
- Hexadecimal string, space characters are allowed inside and will be ignored.
- Throws:
java.security.GeneralSecurityException
- If there are problems accessing key store
getClientAliases
public java.lang.String[] getClientAliases(java.lang.String s,
java.security.Principal[] principals)
chooseClientAlias
public java.lang.String chooseClientAlias(java.lang.String[] strings,
java.security.Principal[] principals,
java.net.Socket socket)
getServerAliases
public java.lang.String[] getServerAliases(java.lang.String s,
java.security.Principal[] principals)
chooseServerAlias
public java.lang.String chooseServerAlias(java.lang.String s,
java.security.Principal[] principals,
java.net.Socket socket)
getCertificateChain
public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String s)
getPrivateKey
public java.security.PrivateKey getPrivateKey(java.lang.String s)
chooseEngineClientAlias
public java.lang.String chooseEngineClientAlias(java.lang.String[] strings,
java.security.Principal[] principals,
javax.net.ssl.SSLEngine sslEngine)
- Overrides:
chooseEngineClientAlias
in class javax.net.ssl.X509ExtendedKeyManager
chooseEngineServerAlias
public java.lang.String chooseEngineServerAlias(java.lang.String s,
java.security.Principal[] principals,
javax.net.ssl.SSLEngine sslEngine)
- Overrides:
chooseEngineServerAlias
in class javax.net.ssl.X509ExtendedKeyManager
Send comments on this topicTechpubs.webadmin@genesys.com.
Document version: 8.5.302.00
Copyright © 2006–2017 Genesys Telecommunications Laboratories, Inc. All rights reserved.