org.glite.security.trustmanager
Class UpdatingKeyManager

java.lang.Object
  extended by javax.net.ssl.X509ExtendedKeyManager
      extended by org.glite.security.trustmanager.UpdatingKeyManager
All Implemented Interfaces:
javax.net.ssl.KeyManager, javax.net.ssl.X509KeyManager

public class UpdatingKeyManager
extends javax.net.ssl.X509ExtendedKeyManager

A KeyManager that reloads the credentials periodically. Notice! If the identity certificate changes, the private key changes too. The SSL mechanism fetches the certificate chain and the private key using two different calls, so there is a possibility that update happens between calls to these methods thus leading to the situation that you get old cert and new private key and they do not work together. If the system has built-in retry, this shouldn't matter, only a small delay occurs. But if there is no retry, failure occurs. This can only be solved by changing the internal api inside java or by using mutexes in the software that uses this class. So, solution is not likely.

Author:
Joni Hahkala Created on January 20, 2003, 5:07 PM

Constructor Summary
UpdatingKeyManager(CaseInsensitiveProperties config, org.bouncycastle.openssl.PasswordFinder finder)
          Creates a new instance of UpdatingKeyManager
UpdatingKeyManager(java.security.KeyStore store, char[] pass)
          Creates a new UpdatingKeyManager object.
 
Method Summary
 java.lang.String chooseClientAlias(java.lang.String[] str, java.security.Principal[] principal, java.net.Socket socket)
           
 java.lang.String chooseEngineClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
           
 java.lang.String chooseEngineServerAlias(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)
           
 java.lang.String chooseServerAlias(java.lang.String str, java.security.Principal[] principal, java.net.Socket socket)
           
 java.lang.String findProxy()
          Searches for a
 java.security.cert.X509Certificate[] getCertificateChain(java.lang.String str)
           
 java.lang.String[] getClientAliases(java.lang.String str, java.security.Principal[] principal)
           
 java.security.PrivateKey getPrivateKey(java.lang.String str)
           
 java.lang.String[] getServerAliases(java.lang.String str, java.security.Principal[] principal)
           
 java.lang.String toString()
           
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

UpdatingKeyManager

public UpdatingKeyManager(CaseInsensitiveProperties config,
                          org.bouncycastle.openssl.PasswordFinder finder)
                   throws java.security.NoSuchAlgorithmException,
                          java.security.cert.CertificateException
Creates a new instance of UpdatingKeyManager

Parameters:
config - the configuration to get the information from for setting up the keymanager.
finder - the class to use for prompting the user for password.
Throws:
java.security.NoSuchAlgorithmException - thrown in case the RSA algorithm or the cert algoritmh is not supported.
java.security.cert.CertificateException - in case the certificate loading fails.

UpdatingKeyManager

public UpdatingKeyManager(java.security.KeyStore store,
                          char[] pass)
                   throws java.lang.Exception
Creates a new UpdatingKeyManager object.

Parameters:
store - DOCUMENT ME!
pass - DOCUMENT ME!
Throws:
java.lang.Exception - DOCUMENT ME!
Method Detail

chooseEngineClientAlias

public java.lang.String chooseEngineClientAlias(java.lang.String[] keyType,
                                                java.security.Principal[] issuers,
                                                javax.net.ssl.SSLEngine engine)
Overrides:
chooseEngineClientAlias in class javax.net.ssl.X509ExtendedKeyManager
See Also:
X509ExtendedKeyManager.chooseEngineClientAlias(java.lang.String[], java.security.Principal[], javax.net.ssl.SSLEngine)

chooseEngineServerAlias

public java.lang.String chooseEngineServerAlias(java.lang.String keyType,
                                                java.security.Principal[] issuers,
                                                javax.net.ssl.SSLEngine engine)
Overrides:
chooseEngineServerAlias in class javax.net.ssl.X509ExtendedKeyManager
See Also:
X509ExtendedKeyManager.chooseEngineServerAlias(java.lang.String, java.security.Principal[], javax.net.ssl.SSLEngine)

chooseClientAlias

public java.lang.String chooseClientAlias(java.lang.String[] str,
                                          java.security.Principal[] principal,
                                          java.net.Socket socket)

chooseServerAlias

public java.lang.String chooseServerAlias(java.lang.String str,
                                          java.security.Principal[] principal,
                                          java.net.Socket socket)

getCertificateChain

public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String str)

getClientAliases

public java.lang.String[] getClientAliases(java.lang.String str,
                                           java.security.Principal[] principal)

getPrivateKey

public java.security.PrivateKey getPrivateKey(java.lang.String str)

getServerAliases

public java.lang.String[] getServerAliases(java.lang.String str,
                                           java.security.Principal[] principal)

findProxy

public java.lang.String findProxy()
                           throws java.io.IOException
Searches for a

Returns:
DOCUMENT ME!
Throws:
java.io.IOException - DOCUMENT ME!

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object