diff options
Diffstat (limited to 'src/com/isode/stroke/tls/java/CAPIKeyManager.java')
-rw-r--r-- | src/com/isode/stroke/tls/java/CAPIKeyManager.java | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/src/com/isode/stroke/tls/java/CAPIKeyManager.java b/src/com/isode/stroke/tls/java/CAPIKeyManager.java new file mode 100644 index 0000000..84e0d97 --- /dev/null +++ b/src/com/isode/stroke/tls/java/CAPIKeyManager.java @@ -0,0 +1,110 @@ +/* Copyright (c) 2013, Isode Limited, London, England. + * All rights reserved. + * + * Acquisition and use of this software and related materials for any + * purpose requires a written licence agreement from Isode Limited, + * or a written licence from an organisation licensed by Isode Limited Limited + * to grant such a licence. + * + */ + +package com.isode.stroke.tls.java; + +import java.net.Socket; +import java.security.Principal; +import java.security.PrivateKey; +import java.security.cert.X509Certificate; + +import javax.net.ssl.SSLEngine; +import javax.net.ssl.X509ExtendedKeyManager; + +import com.isode.stroke.base.NotNull; + +/** + * This class is used to provide a way of overriding the behaviour of a KeyManager + * returned from SunMSCAPI. + * <p>Specifically, this implementation allows callers to specify what should + * be returned by {@link #chooseEngineClientAlias(String[], Principal[], SSLEngine) + */ +public class CAPIKeyManager extends X509ExtendedKeyManager { + + X509ExtendedKeyManager parentKeyManager = null; + String engineClientAlias = null; + + /** + * Create a new object. + * @param parent the actual X509ExtendedKeyManager to which work will + * be delegated unless overridden by caller-specified values. Must + * not be null. + */ + public CAPIKeyManager(X509ExtendedKeyManager parent) { + NotNull.exceptIfNull(parent,"parent"); + this.parentKeyManager = parent; + } + + /** + * Set the value which should be returned by + * {@link #chooseEngineClientAlias(String[], Principal[], SSLEngine)}. + * + * <p>The default behaviour of the SunMSCAPI KeyManager is to pick what it + * thinks is the most suitable client certificate for the session. + * However, this may not be the same as the certificate which was specified + * by the client. This method allows callers to override the default + * behaviour and force a specific certificate to be used. + * + * @param engineClientAlias the alias of an entry in the KeyStore. This + * may be null, in which case when + * {@link #chooseEngineClientAlias(String[], Principal[], SSLEngine) is + * called, it will return whatever value the original KeyManager returns. + */ + public void setEngineClientAlias(String engineClientAlias) { + this.engineClientAlias = engineClientAlias; + } + + @Override + public String[] getServerAliases(String keyType, Principal[] issuers) { + return parentKeyManager.getServerAliases(keyType, issuers); + } + + @Override + public PrivateKey getPrivateKey(String alias) { + return parentKeyManager.getPrivateKey(alias); + } + + @Override + public String[] getClientAliases(String keyType, Principal[] issuers) { + return parentKeyManager.getClientAliases(keyType, issuers); + } + + @Override + public X509Certificate[] getCertificateChain(String alias) { + return parentKeyManager.getCertificateChain(alias); + } + + @Override + public String chooseServerAlias(String keyType, Principal[] issuers, + Socket socket) { + return parentKeyManager.chooseServerAlias(keyType, issuers, socket); + + } + + @Override + public String chooseClientAlias(String[] keyType, Principal[] issuers, + Socket socket) { + return parentKeyManager.chooseClientAlias(keyType, issuers, socket); + } + + @Override + public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine) { + if (engineClientAlias != null) { + return engineClientAlias; + } + return parentKeyManager.chooseEngineClientAlias(keyType, issuers, engine); + } + @Override + public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) { + return parentKeyManager.chooseEngineServerAlias(keyType, issuers, engine); + + } + +} |