Package org.eclipse.jetty.util.ssl
Class SniX509ExtendedKeyManager
- java.lang.Object
-
- javax.net.ssl.X509ExtendedKeyManager
-
- org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager
-
- All Implemented Interfaces:
javax.net.ssl.KeyManager,javax.net.ssl.X509KeyManager
@Deprecated(since="2021-05-27") public class SniX509ExtendedKeyManager extends javax.net.ssl.X509ExtendedKeyManagerDeprecated.The Eclipse Jetty and Apache Felix Http Jetty packages are no longer supported.A
X509ExtendedKeyManagerthat selects a key with an alias retrieved from SNI information, delegating other processing to a nested X509ExtendedKeyManager.Can only be used on server side.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static interfaceSniX509ExtendedKeyManager.SniSelectorDeprecated.The Eclipse Jetty and Apache Felix Http Jetty packages are no longer supported.
-
Field Summary
Fields Modifier and Type Field Description static java.lang.StringSNI_X509Deprecated.
-
Constructor Summary
Constructors Constructor Description SniX509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager keyManager)Deprecated.not supported, you must have aSslContextFactory.Serverfor this to work.SniX509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager keyManager, SslContextFactory.Server sslContextFactory)Deprecated.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description java.lang.StringchooseClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)Deprecated.java.lang.StringchooseEngineClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)Deprecated.java.lang.StringchooseEngineServerAlias(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)Deprecated.java.lang.StringchooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)Deprecated.java.util.function.UnaryOperator<java.lang.String>getAliasMapper()Deprecated.java.security.cert.X509Certificate[]getCertificateChain(java.lang.String alias)Deprecated.java.lang.String[]getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)Deprecated.java.security.PrivateKeygetPrivateKey(java.lang.String alias)Deprecated.java.lang.String[]getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)Deprecated.voidsetAliasMapper(java.util.function.UnaryOperator<java.lang.String> aliasMapper)Deprecated.Sets a function that transforms the alias into a possibly different alias, invoked when the SNI logic must choose the alias to pick the right certificate.
-
-
-
Field Detail
-
SNI_X509
public static final java.lang.String SNI_X509
Deprecated.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
SniX509ExtendedKeyManager
@Deprecated public SniX509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager keyManager)
Deprecated.not supported, you must have aSslContextFactory.Serverfor this to work.
-
SniX509ExtendedKeyManager
public SniX509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager keyManager, SslContextFactory.Server sslContextFactory)Deprecated.
-
-
Method Detail
-
getAliasMapper
public java.util.function.UnaryOperator<java.lang.String> getAliasMapper()
Deprecated.- Returns:
- the function that transforms the alias
- See Also:
setAliasMapper(UnaryOperator)
-
setAliasMapper
public void setAliasMapper(java.util.function.UnaryOperator<java.lang.String> aliasMapper)
Deprecated.Sets a function that transforms the alias into a possibly different alias, invoked when the SNI logic must choose the alias to pick the right certificate.
This function is required when using the
PKIX KeyManagerFactory algorithmwhich suffers from bug https://bugs.openjdk.java.net/browse/JDK-8246262, where aliases are returned by the OpenJDK implementation to the application in the formN.0.aliaswhereNis an always increasing number. Such mangled aliases won't match the aliases in the keystore, so that for example SNI matching will always fail.Other implementations such as BouncyCastle have been reported to mangle the alias in a different way, namely
0.alias.N.This function allows to "unmangle" the alias from the implementation specific mangling back to just
aliasso that SNI matching will work again.- Parameters:
aliasMapper- the function that transforms the alias
-
chooseClientAlias
public java.lang.String chooseClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)Deprecated.
-
chooseEngineClientAlias
public java.lang.String chooseEngineClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)Deprecated.- Overrides:
chooseEngineClientAliasin classjavax.net.ssl.X509ExtendedKeyManager
-
chooseServerAlias
public java.lang.String chooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)Deprecated.
-
chooseEngineServerAlias
public java.lang.String chooseEngineServerAlias(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLEngine engine)Deprecated.- Overrides:
chooseEngineServerAliasin classjavax.net.ssl.X509ExtendedKeyManager
-
getCertificateChain
public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias)
Deprecated.
-
getClientAliases
public java.lang.String[] getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)Deprecated.
-
getPrivateKey
public java.security.PrivateKey getPrivateKey(java.lang.String alias)
Deprecated.
-
getServerAliases
public java.lang.String[] getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)Deprecated.
-
-