Package org.eclipse.jetty.util.ssl

Interface SniX509ExtendedKeyManager.SniSelector

  • All Known Implementing Classes:
    SslContextFactory.Server
    Enclosing class:
    SniX509ExtendedKeyManager
    Functional Interface:
    This is a functional interface and can therefore be used as the assignment target for a lambda expression or method reference.
    @FunctionalInterface
@Deprecated(since="2021-05-27")
public static interface SniX509ExtendedKeyManager.SniSelector
    Deprecated.
    The Eclipse Jetty and Apache Felix Http Jetty packages are no longer supported.

    Selects a certificate based on SNI information.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String DELEGATE
      Deprecated.
       

    • Method Summary

      All Methods Instance Methods Abstract Methods Deprecated Methods 
      Modifier and Type Method Description
      java.lang.String sniSelect​(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLSession session, java.lang.String sniHost, java.util.Collection<X509> certificates)
      Deprecated.
      Selects a certificate based on SNI information.

    • Method Detail

      • sniSelect

        java.lang.String sniSelect​(java.lang.String keyType,
                           java.security.Principal[] issuers,
                           javax.net.ssl.SSLSession session,
                           java.lang.String sniHost,
                           java.util.Collection<X509> certificates)
                    throws javax.net.ssl.SSLHandshakeException
        Deprecated.

        Selects a certificate based on SNI information.

        This method may be invoked multiple times during the TLS handshake, with different parameters. For example, the keyType could be different, and subsequently the collection of certificates (because they need to match the keyType).

        Parameters:
        keyType - the key algorithm type name
        issuers - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used
        session - the TLS handshake session or null if not known.
        sniHost - the server name indication sent by the client, or null if the client did not send the server name indication
        certificates - the list of certificates matching keyType and issuers known to this SslContextFactory
        Returns:
        the alias of the certificate to return to the client, from the certificates list, or DELEGATE if the certificate choice should be delegated to the nested key manager or null for no match.
        Throws:
        javax.net.ssl.SSLHandshakeException - if the TLS handshake should be aborted