001 /*
002 * Copyright 1999-2004 Sun Microsystems, Inc. All Rights Reserved.
003 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
004 *
005 * This code is free software; you can redistribute it and/or modify it
006 * under the terms of the GNU General Public License version 2 only, as
007 * published by the Free Software Foundation. Sun designates this
008 * particular file as subject to the "Classpath" exception as provided
009 * by Sun in the LICENSE file that accompanied this code.
010 *
011 * This code is distributed in the hope that it will be useful, but WITHOUT
012 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
013 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
014 * version 2 for more details (a copy is included in the LICENSE file that
015 * accompanied this code).
016 *
017 * You should have received a copy of the GNU General Public License version
018 * 2 along with this work; if not, write to the Free Software Foundation,
019 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
020 *
021 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
022 * CA 95054 USA or visit www.sun.com if you need additional information or
023 * have any questions.
024 */
025
026 package javax.net.ssl;
027
028 import java.security.KeyManagementException;
029 import java.security.PrivateKey;
030 import java.security.Principal;
031 import java.security.cert.X509Certificate;
032 import java.net.Socket;
033
034 /**
035 * Instances of this interface manage which X509 certificate-based
036 * key pairs are used to authenticate the local side of a secure
037 * socket.
038 * <P>
039 * During secure socket negotiations, implentations
040 * call methods in this interface to:
041 * <UL>
042 * <LI> determine the set of aliases that are available for negotiations
043 * based on the criteria presented,
044 * <LI> select the <ITALIC> best alias </ITALIC> based on
045 * the criteria presented, and
046 * <LI> obtain the corresponding key material for given aliases.
047 * </UL>
048 * <P>
049 * Note: the X509ExtendedKeyManager should be used in favor of this
050 * class.
051 *
052 * @since 1.4
053 * @version 1.22
054 */
055 public interface X509KeyManager extends KeyManager {
056 /**
057 * Get the matching aliases for authenticating the client side of a secure
058 * socket given the public key type and the list of
059 * certificate issuer authorities recognized by the peer (if any).
060 *
061 * @param keyType the key algorithm type name
062 * @param issuers the list of acceptable CA issuer subject names,
063 * or null if it does not matter which issuers are used.
064 * @return an array of the matching alias names, or null if there
065 * were no matches.
066 */
067 public String[] getClientAliases(String keyType, Principal[] issuers);
068
069 /**
070 * Choose an alias to authenticate the client side of a secure
071 * socket given the public key type and the list of
072 * certificate issuer authorities recognized by the peer (if any).
073 *
074 * @param keyType the key algorithm type name(s), ordered
075 * with the most-preferred key type first.
076 * @param issuers the list of acceptable CA issuer subject names
077 * or null if it does not matter which issuers are used.
078 * @param socket the socket to be used for this connection. This
079 * parameter can be null, which indicates that
080 * implementations are free to select an alias applicable
081 * to any socket.
082 * @return the alias name for the desired key, or null if there
083 * are no matches.
084 */
085 public String chooseClientAlias(String[] keyType,
086 Principal[] issuers, Socket socket);
087
088 /**
089 * Get the matching aliases for authenticating the server side of a secure
090 * socket given the public key type and the list of
091 * certificate issuer authorities recognized by the peer (if any).
092 *
093 * @param keyType the key algorithm type name
094 * @param issuers the list of acceptable CA issuer subject names
095 * or null if it does not matter which issuers are used.
096 * @return an array of the matching alias names, or null
097 * if there were no matches.
098 */
099 public String[] getServerAliases(String keyType, Principal[] issuers);
100
101 /**
102 * Choose an alias to authenticate the server side of a secure
103 * socket given the public key type and the list of
104 * certificate issuer authorities recognized by the peer (if any).
105 *
106 * @param keyType the key algorithm type name.
107 * @param issuers the list of acceptable CA issuer subject names
108 * or null if it does not matter which issuers are used.
109 * @param socket the socket to be used for this connection. This
110 * parameter can be null, which indicates that
111 * implementations are free to select an alias applicable
112 * to any socket.
113 * @return the alias name for the desired key, or null if there
114 * are no matches.
115 */
116 public String chooseServerAlias(String keyType,
117 Principal[] issuers, Socket socket);
118
119 /**
120 * Returns the certificate chain associated with the given alias.
121 *
122 * @param alias the alias name
123 * @return the certificate chain (ordered with the user's certificate first
124 * and the root certificate authority last), or null
125 * if the alias can't be found.
126 */
127 public X509Certificate[] getCertificateChain(String alias);
128
129 /**
130 * Returns the key associated with the given alias.
131 *
132 * @param alias the alias name
133 * @return the requested key, or null if the alias can't be found.
134 */
135 public PrivateKey getPrivateKey(String alias);
136 }
|