Class SpiffeKeyManager

java.lang.Object

javax.net.ssl.X509ExtendedKeyManager

io.spiffe.provider.SpiffeKeyManager

All Implemented Interfaces:

KeyManager, X509KeyManager

public final class SpiffeKeyManager
extends X509ExtendedKeyManager

Represents an X.509 key manager for the SPIFFE provider.

Provides the chain of X.509 certificates and the private key to be used in secure socket negotiations.

Constructor Summary

Constructors

Constructor	Description
SpiffeKeyManager(@NonNull io.spiffe.svid.x509svid.X509SvidSource x509SvidSource)	Constructor.

Method Summary

Modifier and Type	Method	Description
String	chooseClientAlias(String[] keyTypes, Principal[] issuers, Socket socket)
String	chooseEngineClientAlias(String[] keyTypes, Principal[] issuers, SSLEngine sslEngine)
String	chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine sslEngine)
String	chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
X509Certificate[]	getCertificateChain(String alias)	Returns the X.509 certificates chain associated with the given alias.
String[]	getClientAliases(String keyType, Principal[] issuers)
PrivateKey	getPrivateKey(String alias)	Returns the private key handled by this key manager.
String[]	getServerAliases(String keyType, Principal[] issuers)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SpiffeKeyManager

public SpiffeKeyManager(@NonNull
 @NonNull io.spiffe.svid.x509svid.X509SvidSource x509SvidSource)

Constructor.

Parameters:

x509SvidSource - source of X.509 SVIDs

Method Details

getCertificateChain

public X509Certificate[] getCertificateChain(String alias)

Returns the X.509 certificates chain associated with the given alias.

Returns:

the certificate chain (ordered with the leaf certificate first and the intermediate CA certificates), or an empty Array if the alias is not 'Spiffe'.

getPrivateKey

public PrivateKey getPrivateKey(String alias)

Returns the private key handled by this key manager.

Parameters:

alias - a key entry, as this KeyManager only handles one identity, i.e. one SVID, it will return the PrivateKey if the given alias is 'Spiffe'.

Returns:

the PrivateKey handled by this key manager, or null if the alias is not 'Spiffe'

getClientAliases

public String[] getClientAliases(String keyType,
 Principal[] issuers)

chooseClientAlias

public String chooseClientAlias(String[] keyTypes,
 Principal[] issuers,
 Socket socket)

chooseEngineClientAlias

public String chooseEngineClientAlias(String[] keyTypes,
 Principal[] issuers,
 SSLEngine sslEngine)

Overrides:

chooseEngineClientAlias in class X509ExtendedKeyManager

getServerAliases

public String[] getServerAliases(String keyType,
 Principal[] issuers)

chooseEngineServerAlias

public String chooseEngineServerAlias(String keyType,
 Principal[] issuers,
 SSLEngine sslEngine)

Overrides:

chooseEngineServerAlias in class X509ExtendedKeyManager

chooseServerAlias

public String chooseServerAlias(String keyType,
 Principal[] issuers,
 Socket socket)