jetty-exssl/src/main/java/org/eclipse/jetty/exssl/SslKeyManager.java

// ========================================================================
// Copyright (c) 2009-2009 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
// The Eclipse Public License is available at 
// http://www.eclipse.org/legal/epl-v10.html
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
// You may elect to redistribute this code under either of these licenses. 
// ========================================================================


package org.eclipse.jetty.exssl;

import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;

import javax.net.ssl.X509KeyManager;


/* ------------------------------------------------------------ */
/**
 * KeyManager to select a key with desired alias
 */
public class SslKeyManager implements X509KeyManager
{
    private String _keyAlias;
    private X509KeyManager _keyManager;
    private CertificateValidator _certValidator;

    /* ------------------------------------------------------------ */
    public SslKeyManager(String keyAlias, X509KeyManager keyManager, 
                         CertificateValidator certValidator) throws Exception
    {
        _keyAlias = keyAlias;
        _keyManager = keyManager;
        _certValidator = certValidator;
    }

    /* ------------------------------------------------------------ */
    /**
     * @see javax.net.ssl.X509KeyManager#chooseClientAlias(java.lang.String[], java.security.Principal[], java.net.Socket)
     */
    public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
    {
        return _keyManager.chooseClientAlias(keyType, issuers, socket);
    }

    /* ------------------------------------------------------------ */
    /**
     * @see javax.net.ssl.X509KeyManager#chooseServerAlias(java.lang.String, java.security.Principal[], java.net.Socket)
     */
    public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
    {   
        if (_keyAlias == null)
        {
            _keyAlias = _keyManager.chooseServerAlias(keyType, issuers, socket);
        }
        
        return _keyAlias;
    }

    /* ------------------------------------------------------------ */
    /**
     * @see javax.net.ssl.X509KeyManager#getClientAliases(java.lang.String, java.security.Principal[])
     */
    public String[] getClientAliases(String keyType, Principal[] issuers)
    {
        return _keyManager.getClientAliases(keyType, issuers);
    }


    /* ------------------------------------------------------------ */
    /**
     * @see javax.net.ssl.X509KeyManager#getServerAliases(java.lang.String, java.security.Principal[])
     */
    public String[] getServerAliases(String keyType, Principal[] issuers)
    {
        return _keyManager.getServerAliases(keyType, issuers);
    }

    /* ------------------------------------------------------------ */
    /**
     * @see javax.net.ssl.X509KeyManager#getCertificateChain(java.lang.String)
     */
    public X509Certificate[] getCertificateChain(String alias)
    {
        return _keyManager.getCertificateChain(alias);
    }

    /* ------------------------------------------------------------ */
    /**
     * @see javax.net.ssl.X509KeyManager#getPrivateKey(java.lang.String)
     */
    public PrivateKey getPrivateKey(String alias)
    {
        return _keyManager.getPrivateKey(alias);
    }

    public String getKeyAlias()
    {
        return _keyAlias;
    }
}