1/* 2 * Copyright (c) 2001, 2004, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24import javax.net.ssl.X509KeyManager; 25import java.io.*; 26import java.security.*; 27import java.security.cert.*; 28import java.security.cert.Certificate; 29import java.util.*; 30import java.net.Socket; 31import javax.net.ssl.X509KeyManager; 32import java.util.Set; 33 34final class MyKeyManager implements X509KeyManager { 35 private HashMap keyMap = new HashMap(); 36 private HashMap certChainMap = new HashMap(); 37 38 MyKeyManager(KeyStore ks, char[] password) 39 throws KeyStoreException, NoSuchAlgorithmException, 40 UnrecoverableKeyException 41 { 42 if (ks == null) { 43 return; 44 } 45 46 Enumeration aliases = ks.aliases(); 47 while (aliases.hasMoreElements()) { 48 String alias = (String)aliases.nextElement(); 49 if (ks.isKeyEntry(alias)) { 50 Certificate[] certs; 51 certs = ks.getCertificateChain(alias); 52 if (certs != null && certs.length > 0 && 53 certs[0] instanceof X509Certificate) { 54 if (!(certs instanceof X509Certificate[])) { 55 Certificate[] tmp = new X509Certificate[certs.length]; 56 System.arraycopy(certs, 0, tmp, 0, certs.length); 57 certs = tmp; 58 } 59 Key key = ks.getKey(alias, password); 60 certChainMap.put(alias, certs); 61 keyMap.put(alias, key); 62 } 63 } 64 } 65 } 66 67 /* 68 * Choose an alias to authenticate the client side of a secure 69 * socket given the public key type and the list of 70 * certificate issuer authorities recognized by the peer (if any). 71 */ 72 public String chooseClientAlias(String[] keyTypes, Principal[] issuers, 73 Socket socket) { 74 return "client"; 75 } 76 77 /* 78 * Get the matching aliases for authenticating the client side of a secure 79 * socket given the public key type and the list of 80 * certificate issuer authorities recognized by the peer (if any). 81 */ 82 public String[] getClientAliases(String keyType, Principal[] issuers) { 83 String[] s = new String[1]; 84 s[0] = "client"; 85 return s; 86 } 87 88 private HashMap serverAliasCache = new HashMap(); 89 90 /* 91 * Choose an alias to authenticate the server side of a secure 92 * socket given the public key type and the list of 93 * certificate issuer authorities recognized by the peer (if any). 94 */ 95 public synchronized String chooseServerAlias(String keyType, 96 Principal[] issuers, Socket socket) { 97 return "server"; 98 } 99 100 /* 101 * Get the matching aliases for authenticating the server side of a secure 102 * socket given the public key type and the list of 103 * certificate issuer authorities recognized by the peer (if any). 104 */ 105 public String[] getServerAliases(String keyType, Principal[] issuers) { 106 String[] s = new String[1]; 107 s[0] = "server"; 108 return s; 109 } 110 111 /** 112 * Returns the certificate chain associated with the given alias. 113 * 114 * @param alias the alias name 115 * 116 * @return the certificate chain (ordered with the user's certificate first 117 * and the root certificate authority last) 118 * 119 * @exception KeyStoreException if the alias is invalid 120 */ 121 public X509Certificate[] getCertificateChain(String alias) { 122 Object chain; 123 124 chain = certChainMap.get(alias); 125 if (!(chain instanceof X509Certificate[])) 126 return null; 127 return (X509Certificate[]) chain; 128 } 129 130 /* 131 * Returns the key associated with the given alias, using the given 132 * password to recover it. 133 * 134 * @param alias the alias name 135 * 136 * @return the requested key 137 * @exception KeyStoreException if the alias is invalid 138 */ 139 public PrivateKey getPrivateKey(String alias) { 140 Object key; 141 142 key = keyMap.get(alias); 143 if (!(key instanceof PrivateKey)) 144 return null; 145 return (PrivateKey)key; 146 } 147} 148