org.edg.security.trustmanager
Class UpdatingKeyManager
java.lang.Object
|
+--org.edg.security.trustmanager.UpdatingKeyManager
- All Implemented Interfaces:
- javax.net.ssl.KeyManager, javax.net.ssl.X509KeyManager
- public class UpdatingKeyManager
- extends java.lang.Object
- implements javax.net.ssl.X509KeyManager
A KeyManager that reloads the credentials periodically.
Notice! If the identity certificate changes, the private key changes too.
The SSL mechanism fetches the certificate chain and the private key using two
different calls, so there is a possibility that
update happens between calls to these methods thus leading to the situation
that you get old cert and new private key and they do not work together.
If the system has built-in retry, this shouldn't matter, only a small delay
occurs. But if there is no retry, failure occurs. This can only be solved by
changing the internal api inside java or by using mutexes in the software that
uses this class. So, solution is not likely.
Method Summary |
java.lang.String |
chooseClientAlias(java.lang.String[] str,
java.security.Principal[] principal,
java.net.Socket socket)
|
java.lang.String |
chooseServerAlias(java.lang.String str,
java.security.Principal[] principal,
java.net.Socket socket)
|
java.lang.String |
findProxy()
|
java.security.cert.X509Certificate[] |
getCertificateChain(java.lang.String str)
|
java.lang.String[] |
getClientAliases(java.lang.String str,
java.security.Principal[] principal)
|
java.security.PrivateKey |
getPrivateKey(java.lang.String str)
|
java.lang.String[] |
getServerAliases(java.lang.String str,
java.security.Principal[] principal)
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
UpdatingKeyManager
public UpdatingKeyManager(CaseInsensitiveProperties config,
org.bouncycastle.openssl.PasswordFinder finder)
throws java.lang.Exception
- Creates a new instance of UpdatingKeyManager
UpdatingKeyManager
public UpdatingKeyManager(java.security.KeyStore store,
char[] pass)
throws java.lang.Exception
chooseClientAlias
public java.lang.String chooseClientAlias(java.lang.String[] str,
java.security.Principal[] principal,
java.net.Socket socket)
- Specified by:
chooseClientAlias
in interface javax.net.ssl.X509KeyManager
chooseServerAlias
public java.lang.String chooseServerAlias(java.lang.String str,
java.security.Principal[] principal,
java.net.Socket socket)
- Specified by:
chooseServerAlias
in interface javax.net.ssl.X509KeyManager
getCertificateChain
public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String str)
- Specified by:
getCertificateChain
in interface javax.net.ssl.X509KeyManager
getClientAliases
public java.lang.String[] getClientAliases(java.lang.String str,
java.security.Principal[] principal)
- Specified by:
getClientAliases
in interface javax.net.ssl.X509KeyManager
getPrivateKey
public java.security.PrivateKey getPrivateKey(java.lang.String str)
- Specified by:
getPrivateKey
in interface javax.net.ssl.X509KeyManager
getServerAliases
public java.lang.String[] getServerAliases(java.lang.String str,
java.security.Principal[] principal)
- Specified by:
getServerAliases
in interface javax.net.ssl.X509KeyManager
findProxy
public java.lang.String findProxy()
throws java.lang.Exception
java.lang.Exception