org.glite.security.trustmanager
Class UpdatingKeyManager

java.lang.Object
  extended byorg.glite.security.trustmanager.UpdatingKeyManager
All Implemented Interfaces:
javax.net.ssl.KeyManager, javax.net.ssl.X509KeyManager

public class UpdatingKeyManager
extends java.lang.Object
implements javax.net.ssl.X509KeyManager

A KeyManager that reloads the credentials periodically. Notice! If the identity certificate changes, the private key changes too. The SSL mechanism fetches the certificate chain and the private key using two different calls, so there is a possibility that update happens between calls to these methods thus leading to the situation that you get old cert and new private key and they do not work together. If the system has built-in retry, this shouldn't matter, only a small delay occurs. But if there is no retry, failure occurs. This can only be solved by changing the internal api inside java or by using mutexes in the software that uses this class. So, solution is not likely.


Constructor Summary
UpdatingKeyManager(org.glite.security.util.CaseInsensitiveProperties config, org.bouncycastle.openssl.PasswordFinder finder)
          Creates a new instance of UpdatingKeyManager
UpdatingKeyManager(java.security.KeyStore store, char[] pass)
          Creates a new UpdatingKeyManager object.
 
Method Summary
 java.lang.String chooseClientAlias(java.lang.String[] str, java.security.Principal[] principal, java.net.Socket socket)
          DOCUMENT ME!
 java.lang.String chooseServerAlias(java.lang.String str, java.security.Principal[] principal, java.net.Socket socket)
          DOCUMENT ME!
 java.lang.String findProxy()
          DOCUMENT ME!
 java.security.cert.X509Certificate[] getCertificateChain(java.lang.String str)
          DOCUMENT ME!
 java.lang.String[] getClientAliases(java.lang.String str, java.security.Principal[] principal)
          DOCUMENT ME!
 java.security.PrivateKey getPrivateKey(java.lang.String str)
          DOCUMENT ME!
 java.lang.String[] getServerAliases(java.lang.String str, java.security.Principal[] principal)
          DOCUMENT ME!
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

UpdatingKeyManager

public UpdatingKeyManager(org.glite.security.util.CaseInsensitiveProperties config,
                          org.bouncycastle.openssl.PasswordFinder finder)
                   throws java.security.NoSuchAlgorithmException,
                          java.security.cert.CertificateException
Creates a new instance of UpdatingKeyManager


UpdatingKeyManager

public UpdatingKeyManager(java.security.KeyStore store,
                          char[] pass)
                   throws java.lang.Exception
Creates a new UpdatingKeyManager object.

Parameters:
store - DOCUMENT ME!
pass - DOCUMENT ME!
Throws:
java.lang.Exception - DOCUMENT ME!
Method Detail

chooseClientAlias

public java.lang.String chooseClientAlias(java.lang.String[] str,
                                          java.security.Principal[] principal,
                                          java.net.Socket socket)
DOCUMENT ME!

Specified by:
chooseClientAlias in interface javax.net.ssl.X509KeyManager
Parameters:
str - DOCUMENT ME!
principal - DOCUMENT ME!
socket - DOCUMENT ME!
Returns:
DOCUMENT ME!

chooseServerAlias

public java.lang.String chooseServerAlias(java.lang.String str,
                                          java.security.Principal[] principal,
                                          java.net.Socket socket)
DOCUMENT ME!

Specified by:
chooseServerAlias in interface javax.net.ssl.X509KeyManager
Parameters:
str - DOCUMENT ME!
principal - DOCUMENT ME!
socket - DOCUMENT ME!
Returns:
DOCUMENT ME!

getCertificateChain

public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String str)
DOCUMENT ME!

Specified by:
getCertificateChain in interface javax.net.ssl.X509KeyManager
Parameters:
str - DOCUMENT ME!
Returns:
DOCUMENT ME!

getClientAliases

public java.lang.String[] getClientAliases(java.lang.String str,
                                           java.security.Principal[] principal)
DOCUMENT ME!

Specified by:
getClientAliases in interface javax.net.ssl.X509KeyManager
Parameters:
str - DOCUMENT ME!
principal - DOCUMENT ME!
Returns:
DOCUMENT ME!

getPrivateKey

public java.security.PrivateKey getPrivateKey(java.lang.String str)
DOCUMENT ME!

Specified by:
getPrivateKey in interface javax.net.ssl.X509KeyManager
Parameters:
str - DOCUMENT ME!
Returns:
DOCUMENT ME!

getServerAliases

public java.lang.String[] getServerAliases(java.lang.String str,
                                           java.security.Principal[] principal)
DOCUMENT ME!

Specified by:
getServerAliases in interface javax.net.ssl.X509KeyManager
Parameters:
str - DOCUMENT ME!
principal - DOCUMENT ME!
Returns:
DOCUMENT ME!

findProxy

public java.lang.String findProxy()
                           throws java.io.IOException
DOCUMENT ME!

Returns:
DOCUMENT ME!
Throws:
java.io.IOException - DOCUMENT ME!