|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectjavax.net.ssl.X509ExtendedKeyManager
org.glite.security.trustmanager.UpdatingKeyManager
public class UpdatingKeyManager
A KeyManager that reloads the credentials periodically. Notice! If the identity certificate changes, the private key changes too. The SSL mechanism fetches the certificate chain and the private key using two different calls, so there is a possibility that update happens between calls to these methods thus leading to the situation that you get old cert and new private key and they do not work together. If the system has built-in retry, this shouldn't matter, only a small delay occurs. But if there is no retry, failure occurs. This can only be solved by changing the internal api inside java or by using mutexes in the software that uses this class. So, solution is not likely.
Constructor Summary | |
---|---|
UpdatingKeyManager(CaseInsensitiveProperties config,
org.bouncycastle.openssl.PasswordFinder finder)
Creates a new instance of UpdatingKeyManager |
|
UpdatingKeyManager(java.security.KeyStore store,
char[] pass)
Creates a new UpdatingKeyManager object. |
Method Summary | |
---|---|
java.lang.String |
chooseClientAlias(java.lang.String[] str,
java.security.Principal[] principal,
java.net.Socket socket)
|
java.lang.String |
chooseEngineClientAlias(java.lang.String[] keyType,
java.security.Principal[] issuers,
javax.net.ssl.SSLEngine engine)
|
java.lang.String |
chooseEngineServerAlias(java.lang.String keyType,
java.security.Principal[] issuers,
javax.net.ssl.SSLEngine engine)
|
java.lang.String |
chooseServerAlias(java.lang.String str,
java.security.Principal[] principal,
java.net.Socket socket)
|
java.lang.String |
findProxy()
Searches for a |
java.security.cert.X509Certificate[] |
getCertificateChain(java.lang.String str)
|
java.lang.String[] |
getClientAliases(java.lang.String str,
java.security.Principal[] principal)
|
java.security.PrivateKey |
getPrivateKey(java.lang.String str)
|
java.lang.String[] |
getServerAliases(java.lang.String str,
java.security.Principal[] principal)
|
java.lang.String |
toString()
|
Methods inherited from class java.lang.Object |
---|
equals, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Constructor Detail |
---|
public UpdatingKeyManager(CaseInsensitiveProperties config, org.bouncycastle.openssl.PasswordFinder finder) throws java.security.NoSuchAlgorithmException, java.security.cert.CertificateException
config
- the configuration to get the information from for setting up the keymanager.finder
- the class to use for prompting the user for password.
java.security.NoSuchAlgorithmException
- thrown in case the RSA algorithm or the cert algoritmh is not supported.
java.security.cert.CertificateException
- in case the certificate loading fails.public UpdatingKeyManager(java.security.KeyStore store, char[] pass) throws java.lang.Exception
store
- DOCUMENT ME!pass
- DOCUMENT ME!
java.lang.Exception
- DOCUMENT ME!Method Detail |
---|
public java.lang.String chooseEngineClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
chooseEngineClientAlias
in class javax.net.ssl.X509ExtendedKeyManager
X509ExtendedKeyManager.chooseEngineClientAlias(java.lang.String[], java.security.Principal[],
javax.net.ssl.SSLEngine)
public java.lang.String chooseEngineServerAlias(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
chooseEngineServerAlias
in class javax.net.ssl.X509ExtendedKeyManager
X509ExtendedKeyManager.chooseEngineServerAlias(java.lang.String, java.security.Principal[],
javax.net.ssl.SSLEngine)
public java.lang.String chooseClientAlias(java.lang.String[] str, java.security.Principal[] principal, java.net.Socket socket)
public java.lang.String chooseServerAlias(java.lang.String str, java.security.Principal[] principal, java.net.Socket socket)
public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String str)
public java.lang.String[] getClientAliases(java.lang.String str, java.security.Principal[] principal)
public java.security.PrivateKey getPrivateKey(java.lang.String str)
public java.lang.String[] getServerAliases(java.lang.String str, java.security.Principal[] principal)
public java.lang.String findProxy() throws java.io.IOException
java.io.IOException
- DOCUMENT ME!public java.lang.String toString()
toString
in class java.lang.Object
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |