1/*
2 * Copyright (c) 2001, 2004, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24import javax.net.ssl.X509KeyManager;
25import java.io.*;
26import java.security.*;
27import java.security.cert.*;
28import java.security.cert.Certificate;
29import java.util.*;
30import java.net.Socket;
31import javax.net.ssl.X509KeyManager;
32import java.util.Set;
33
34final class MyKeyManager implements X509KeyManager {
35    private HashMap keyMap = new HashMap();
36    private HashMap certChainMap = new HashMap();
37
38    MyKeyManager(KeyStore ks, char[] password)
39        throws KeyStoreException, NoSuchAlgorithmException,
40        UnrecoverableKeyException
41    {
42        if (ks == null) {
43            return;
44        }
45
46        Enumeration aliases = ks.aliases();
47        while (aliases.hasMoreElements()) {
48            String alias = (String)aliases.nextElement();
49            if (ks.isKeyEntry(alias)) {
50                Certificate[] certs;
51                certs = ks.getCertificateChain(alias);
52                if (certs != null && certs.length > 0 &&
53                    certs[0] instanceof X509Certificate) {
54                    if (!(certs instanceof X509Certificate[])) {
55                        Certificate[] tmp = new X509Certificate[certs.length];
56                        System.arraycopy(certs, 0, tmp, 0, certs.length);
57                        certs = tmp;
58                    }
59                    Key key = ks.getKey(alias, password);
60                    certChainMap.put(alias, certs);
61                    keyMap.put(alias, key);
62                }
63            }
64        }
65    }
66
67    /*
68     * Choose an alias to authenticate the client side of a secure
69     * socket given the public key type and the list of
70     * certificate issuer authorities recognized by the peer (if any).
71     */
72    public String chooseClientAlias(String[] keyTypes, Principal[] issuers,
73            Socket socket) {
74        return "client";
75    }
76
77    /*
78     * Get the matching aliases for authenticating the client side of a secure
79     * socket given the public key type and the list of
80     * certificate issuer authorities recognized by the peer (if any).
81     */
82    public String[] getClientAliases(String keyType, Principal[] issuers) {
83        String[] s = new String[1];
84        s[0] = "client";
85        return s;
86    }
87
88    private HashMap serverAliasCache = new HashMap();
89
90    /*
91     * Choose an alias to authenticate the server side of a secure
92     * socket given the public key type and the list of
93     * certificate issuer authorities recognized by the peer (if any).
94     */
95    public synchronized String chooseServerAlias(String keyType,
96            Principal[] issuers, Socket socket) {
97        return "server";
98    }
99
100    /*
101     * Get the matching aliases for authenticating the server side of a secure
102     * socket given the public key type and the list of
103     * certificate issuer authorities recognized by the peer (if any).
104     */
105    public String[] getServerAliases(String keyType, Principal[] issuers) {
106        String[] s = new String[1];
107        s[0] = "server";
108        return s;
109    }
110
111    /**
112     * Returns the certificate chain associated with the given alias.
113     *
114     * @param alias the alias name
115     *
116     * @return the certificate chain (ordered with the user's certificate first
117     * and the root certificate authority last)
118     *
119     * @exception KeyStoreException if the alias is invalid
120     */
121    public X509Certificate[] getCertificateChain(String alias) {
122        Object chain;
123
124        chain = certChainMap.get(alias);
125        if (!(chain instanceof X509Certificate[]))
126            return null;
127        return (X509Certificate[]) chain;
128    }
129
130    /*
131     * Returns the key associated with the given alias, using the given
132     * password to recover it.
133     *
134     * @param alias the alias name
135     *
136     * @return the requested key
137     * @exception KeyStoreException if the alias is invalid
138     */
139    public PrivateKey getPrivateKey(String alias) {
140        Object key;
141
142        key = keyMap.get(alias);
143        if (!(key instanceof PrivateKey))
144            return null;
145        return (PrivateKey)key;
146    }
147}
148