JSSEX509KeyManager ("Entrust Authority Security Toolkit for the Java Platform")

java.lang.Object
- javax.net.ssl.X509ExtendedKeyManager
- - com.entrust.toolkit.x509.jsse.JSSEX509KeyManager

All Implemented Interfaces:

LogoutListener, javax.net.ssl.KeyManager, javax.net.ssl.X509KeyManager
```
public class JSSEX509KeyManager
extends javax.net.ssl.X509ExtendedKeyManager
implements javax.net.ssl.X509KeyManager, LogoutListener
```
The JSSEX509KeyManager class implements the javax.net.ssl.X509KeyManager interface.
The javax.net.ssl.X509KeyManager class is used to initialize an SSLContext object to support X.509 authentication to remote socket peers through JSSE. You can create an instance of this class either by calling the constructor or by using the KeyManagerFactory engine.

For details, see the SUN Microsystems API user's guide for the Java Secure Socket Extension (JSSE) version 1.0.2

Since:

7.0

See Also:
JSSEX509KeyManagerFactory, KeyManagerFactory, SSLContext

Constructor Summary

Constructors
Constructor and Description
`JSSEX509KeyManager(java.security.cert.Certificate[] certChain, java.security.PrivateKey key)` Creates an instance of the `JSSEX509KeyManager` class.
`JSSEX509KeyManager(java.security.KeyStore keyStore)` Creates an instance of the `JSSEX509KeyManager` class.
`JSSEX509KeyManager(java.security.KeyStore keyStore, char[] password)` Creates an instance of the `JSSEX509KeyManager` class.
`JSSEX509KeyManager(User user)` Creates a `JSSEX509KeyManager` instance that uses an Entrust User object as the key store.

Method Summary

Methods
Modifier and Type	Method and Description
`java.lang.String`	`chooseClientAlias(java.lang.String[] keyTypes, java.security.Principal[] issuers, java.net.Socket socket)` Choose an alias to authenticate the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
`java.lang.String`	`chooseEngineClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)` Choose an alias to authenticate the client side of a SSLEngine given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
`java.lang.String`	`chooseEngineServerAlias(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)` Choose an alias to authenticate the server side of an SSLEngine given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
`java.lang.String`	`chooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)` Choose an alias to authenticate the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
`java.security.cert.X509Certificate[]`	`getCertificateChain(java.lang.String name)` Retrieves the certificate chain with the given name.
`java.lang.String[]`	`getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)` Returns the key type.
`java.security.PrivateKey`	`getPrivateKey(java.lang.String name)` Retrieves the private key with the given name.
`java.lang.String[]`	`getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)` Returns the key type.
`void`	`logout()` The logout callback function; called from the user when logging out.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - JSSEX509KeyManager
```
public JSSEX509KeyManager(java.security.cert.Certificate[] certChain,
                  java.security.PrivateKey key)
                   throws java.security.cert.CertificateException
```
    Creates an instance of the JSSEX509KeyManager class.
    
    Parameters:
    certChain - the certificate chain
    key - the private key
    
    Throws:
    
    java.security.cert.CertificateException - thrown if the certificate chain contains any non-X509 certificate
  - JSSEX509KeyManager
```
public JSSEX509KeyManager(java.security.KeyStore keyStore)
```
    Creates an instance of the JSSEX509KeyManager class.
    
    Parameters:
    keyStore - the key store containing keys and certificates
  - JSSEX509KeyManager
```
public JSSEX509KeyManager(java.security.KeyStore keyStore,
                  char[] password)
                   throws java.security.KeyStoreException
```
    Creates an instance of the JSSEX509KeyManager class.
    
    Parameters:
    keyStore - the key store containing keys and certificates
    password, - the password used to protect the KeyStore
    
    Throws:
    
    java.security.KeyStoreException
  - JSSEX509KeyManager
```
public JSSEX509KeyManager(User user)
                   throws UserNotLoggedInException,
                          java.security.cert.CertificateException,
                          UserFatalException
```
    Creates a JSSEX509KeyManager instance that uses an Entrust User object as the key store. When the user logs out the keys will no longer be available.
    
    Parameters:
    user - a logged in Entrust user
    
    Throws:
    
    UserNotLoggedInException - if the user is not logged in
    
    java.security.cert.CertificateException - if the certificate chain contains any non-X509 certificates
    
    UserFatalException - if the certificate chain cannot be built
    
    java.lang.IllegalArgumentException - if the user is not provided (null)
    Since:
    
    8.0
- Method Detail
  - getClientAliases
```
public java.lang.String[] getClientAliases(java.lang.String keyType,
                                  java.security.Principal[] issuers)
```
    Returns the key type.
    
    Specified by:
    
    getClientAliases in interface javax.net.ssl.X509KeyManager
    
    Parameters:
    keyType - ignored
    issuers - ignored
    
    Returns:
    The key type, or null if there were no matches.
  - getServerAliases
```
public java.lang.String[] getServerAliases(java.lang.String keyType,
                                  java.security.Principal[] issuers)
```
    Returns the key type.
    
    Specified by:
    
    getServerAliases in interface javax.net.ssl.X509KeyManager
    
    Parameters:
    keyType - ignored
    issuers - ignored
    
    Returns:
    The key type, or null if there were no matches.
  - getCertificateChain
```
public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String name)
```
    Retrieves the certificate chain with the given name.
    
    Specified by:
    
    getCertificateChain in interface javax.net.ssl.X509KeyManager
    
    Parameters:
    name - the name of the certificate to be retrieved
    
    Returns:
    The certificate chain with the given name if this object was created by a key store. If the object was created by a private key and a certificate chain, the entire certificate chain is returned. Or null if the name can't be found.
  - getPrivateKey
```
public java.security.PrivateKey getPrivateKey(java.lang.String name)
```
    Retrieves the private key with the given name.
    
    Specified by:
    
    getPrivateKey in interface javax.net.ssl.X509KeyManager
    
    Parameters:
    name - the name of the private key to be retrieved
    
    Returns:
    The private key with the given name if this object was created by a key store. If more than one private key is found, the first one to be found is returned. If the object was created by a private key and a certificate chain, the private key is returned. Or null if the alias can't be found.
  - chooseClientAlias
```
public java.lang.String chooseClientAlias(java.lang.String[] keyTypes,
                                 java.security.Principal[] issuers,
                                 java.net.Socket socket)
```
    Choose an alias to authenticate the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
    
    Specified by:
    
    chooseClientAlias in interface javax.net.ssl.X509KeyManager
    
    Parameters:
    keyTypes - - the key algorithm type name(s), ordered with the most-preferred key type first
    issuers - - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used.
    socket - - the socket to be used for this connection. This parameter is ignored.
    
    Returns:
    the alias name for the desired key, or null if there are no matches.
    Since:
    
    7.0
    
    See Also:
    X509KeyManager.chooseClientAlias(java.lang.String[], java.security.Principal[], java.net.Socket)
  - chooseServerAlias
```
public java.lang.String chooseServerAlias(java.lang.String keyType,
                                 java.security.Principal[] issuers,
                                 java.net.Socket socket)
```
    Choose an alias to authenticate the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
    
    Specified by:
    
    chooseServerAlias in interface javax.net.ssl.X509KeyManager
    
    Parameters:
    keyType - - the key algorithm type name.
    issuers - - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used.
    socket - - the socket to be used for this connection. This parameter is ignored.
    
    Returns:
    the alias name for the desired key, or null if there are no matches.
    Since:
    
    7.0
    
    See Also:
    X509KeyManager.chooseServerAlias(java.lang.String, java.security.Principal[], java.net.Socket)
  - chooseEngineClientAlias
```
public java.lang.String chooseEngineClientAlias(java.lang.String[] keyType,
                                       java.security.Principal[] issuers,
                                       javax.net.ssl.SSLEngine engine)
```
    Choose an alias to authenticate the client side of a SSLEngine given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
    
    Overrides:
    
    chooseEngineClientAlias in class javax.net.ssl.X509ExtendedKeyManager
    
    Parameters:
    keyTypes - - the key algorithm type name(s), ordered with the most-preferred key type first
    issuers - - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used.
    engine - - the SSLEngine used for this connection. This parameter is ignored.
    
    Returns:
    the alias name for the desired key, or null if there are no matches.
    Since:
    
    8.0 Patch
    
    See Also:
    javax.net.ssl.X509KeyManager#chooseEngineClientAlias
  - chooseEngineServerAlias
```
public java.lang.String chooseEngineServerAlias(java.lang.String keyType,
                                       java.security.Principal[] issuers,
                                       javax.net.ssl.SSLEngine engine)
```
    Choose an alias to authenticate the server side of an SSLEngine given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
    
    Overrides:
    
    chooseEngineServerAlias in class javax.net.ssl.X509ExtendedKeyManager
    
    Parameters:
    keyType - - the key algorithm type name.
    issuers - - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used.
    engine - - the SSLEngine used for this connection. This parameter is ignored.
    
    Returns:
    the alias name for the desired key, or null if there are no matches.
    Since:
    
    8.0 Patch
    
    See Also:
    javax.net.ssl.X509KeyManager#chooseEngineServerAlias
  - logout
```
public void logout()
```
    Description copied from interface: LogoutListener
    
    The logout callback function; called from the user when logging out.
    
    Specified by:
    
    logout in interface LogoutListener

Class JSSEX509KeyManager

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

JSSEX509KeyManager

JSSEX509KeyManager

JSSEX509KeyManager

JSSEX509KeyManager

Method Detail

getClientAliases

getServerAliases

getCertificateChain

getPrivateKey

chooseClientAlias

chooseServerAlias

chooseEngineClientAlias

chooseEngineServerAlias

logout