org.edg.security.trustmanager
Class UpdatingKeyManager

java.lang.Object
  |
  +--org.edg.security.trustmanager.UpdatingKeyManager
All Implemented Interfaces:
javax.net.ssl.KeyManager, javax.net.ssl.X509KeyManager

public class UpdatingKeyManager
extends java.lang.Object
implements javax.net.ssl.X509KeyManager

A KeyManager that reloads the credentials periodically. Notice! If the identity certificate changes, the private key changes too. The SSL mechanism fetches the certificate chain and the private key using two different calls, so there is a possibility that update happens between calls to these methods thus leading to the situation that you get old cert and new private key and they do not work together. If the system has built-in retry, this shouldn't matter, only a small delay occurs. But if there is no retry, failure occurs. This can only be solved by changing the internal api inside java or by using mutexes in the software that uses this class. So, solution is not likely.


Constructor Summary
UpdatingKeyManager(CaseInsensitiveProperties config, org.bouncycastle.openssl.PasswordFinder finder)
          Creates a new instance of UpdatingKeyManager
UpdatingKeyManager(java.security.KeyStore store, char[] pass)
           
 
Method Summary
 java.lang.String chooseClientAlias(java.lang.String[] str, java.security.Principal[] principal, java.net.Socket socket)
           
 java.lang.String chooseServerAlias(java.lang.String str, java.security.Principal[] principal, java.net.Socket socket)
           
 java.lang.String findProxy()
           
 java.security.cert.X509Certificate[] getCertificateChain(java.lang.String str)
           
 java.lang.String[] getClientAliases(java.lang.String str, java.security.Principal[] principal)
           
 java.security.PrivateKey getPrivateKey(java.lang.String str)
           
 java.lang.String[] getServerAliases(java.lang.String str, java.security.Principal[] principal)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

UpdatingKeyManager

public UpdatingKeyManager(CaseInsensitiveProperties config,
                          org.bouncycastle.openssl.PasswordFinder finder)
                   throws java.lang.Exception
Creates a new instance of UpdatingKeyManager


UpdatingKeyManager

public UpdatingKeyManager(java.security.KeyStore store,
                          char[] pass)
                   throws java.lang.Exception
Method Detail

chooseClientAlias

public java.lang.String chooseClientAlias(java.lang.String[] str,
                                          java.security.Principal[] principal,
                                          java.net.Socket socket)
Specified by:
chooseClientAlias in interface javax.net.ssl.X509KeyManager

chooseServerAlias

public java.lang.String chooseServerAlias(java.lang.String str,
                                          java.security.Principal[] principal,
                                          java.net.Socket socket)
Specified by:
chooseServerAlias in interface javax.net.ssl.X509KeyManager

getCertificateChain

public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String str)
Specified by:
getCertificateChain in interface javax.net.ssl.X509KeyManager

getClientAliases

public java.lang.String[] getClientAliases(java.lang.String str,
                                           java.security.Principal[] principal)
Specified by:
getClientAliases in interface javax.net.ssl.X509KeyManager

getPrivateKey

public java.security.PrivateKey getPrivateKey(java.lang.String str)
Specified by:
getPrivateKey in interface javax.net.ssl.X509KeyManager

getServerAliases

public java.lang.String[] getServerAliases(java.lang.String str,
                                           java.security.Principal[] principal)
Specified by:
getServerAliases in interface javax.net.ssl.X509KeyManager

findProxy

public java.lang.String findProxy()
                           throws java.lang.Exception
java.lang.Exception