Class SniX509ExtendedKeyManager
- All Implemented Interfaces:
KeyManager,X509KeyManager
A X509ExtendedKeyManager that selects a key with an alias
retrieved from SNI information, delegating other processing to a nested X509ExtendedKeyManager.
Can only be used on server side.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interfaceDeprecated.The Eclipse Jetty and Apache Felix Http Jetty packages are no longer supported. -
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionSniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager) Deprecated.not supported, you must have aSslContextFactory.Serverfor this to work.SniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager, SslContextFactory.Server sslContextFactory) Deprecated. -
Method Summary
Modifier and TypeMethodDescriptionchooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) Deprecated.chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine) Deprecated.chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) Deprecated.chooseServerAlias(String keyType, Principal[] issuers, Socket socket) Deprecated.Deprecated.getCertificateChain(String alias) Deprecated.String[]getClientAliases(String keyType, Principal[] issuers) Deprecated.getPrivateKey(String alias) Deprecated.String[]getServerAliases(String keyType, Principal[] issuers) Deprecated.voidsetAliasMapper(UnaryOperator<String> aliasMapper) Deprecated.Sets a function that transforms the alias into a possibly different alias, invoked when the SNI logic must choose the alias to pick the right certificate.
-
Field Details
-
SNI_X509
Deprecated.- See Also:
-
-
Constructor Details
-
SniX509ExtendedKeyManager
Deprecated.not supported, you must have aSslContextFactory.Serverfor this to work. -
SniX509ExtendedKeyManager
public SniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager, SslContextFactory.Server sslContextFactory) Deprecated.
-
-
Method Details
-
getAliasMapper
Deprecated.- Returns:
- the function that transforms the alias
- See Also:
-
setAliasMapper
Deprecated.Sets a function that transforms the alias into a possibly different alias, invoked when the SNI logic must choose the alias to pick the right certificate.
This function is required when using the
PKIX KeyManagerFactory algorithmwhich suffers from bug https://bugs.openjdk.java.net/browse/JDK-8246262, where aliases are returned by the OpenJDK implementation to the application in the formN.0.aliaswhereNis an always increasing number. Such mangled aliases won't match the aliases in the keystore, so that for example SNI matching will always fail.Other implementations such as BouncyCastle have been reported to mangle the alias in a different way, namely
0.alias.N.This function allows to "unmangle" the alias from the implementation specific mangling back to just
aliasso that SNI matching will work again.- Parameters:
aliasMapper- the function that transforms the alias
-
chooseClientAlias
Deprecated. -
chooseEngineClientAlias
Deprecated.- Overrides:
chooseEngineClientAliasin classX509ExtendedKeyManager
-
chooseServerAlias
Deprecated. -
chooseEngineServerAlias
Deprecated.- Overrides:
chooseEngineServerAliasin classX509ExtendedKeyManager
-
getCertificateChain
Deprecated. -
getClientAliases
Deprecated. -
getPrivateKey
Deprecated. -
getServerAliases
Deprecated.
-