Example usage for javax.net.ssl X509KeyManager getServerAliases

Introduction

In this page you can find the example usage for javax.net.ssl X509KeyManager getServerAliases.

Prototype

public String[] getServerAliases(String keyType, Principal[] issuers);

Source Link

Document

Get the matching aliases for authenticating the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

Usage

From source file:org.elasticsearch.xpack.security.authc.saml.SamlRealm.java

private static List<X509Credential> buildCredential(RealmConfig config, X509KeyPairSettings keyPairSettings,
        Setting<String> aliasSetting, final boolean allowMultiple) {
    final X509KeyManager keyManager = CertParsingUtils.getKeyManager(keyPairSettings, config.settings(), null,
            config.env());//from   w  w  w.  j  a v a2 s.  c om

    if (keyManager == null) {
        return null;
    }

    final Set<String> aliases = new HashSet<>();
    final String configuredAlias = aliasSetting.get(config.settings());
    if (Strings.isNullOrEmpty(configuredAlias)) {

        final String[] serverAliases = keyManager.getServerAliases("RSA", null);
        if (serverAliases != null) {
            aliases.addAll(Arrays.asList(serverAliases));
        }

        if (aliases.isEmpty()) {
            throw new IllegalArgumentException("The configured key store for "
                    + RealmSettings.getFullSettingKey(config, keyPairSettings.getPrefix())
                    + " does not contain any RSA key pairs");
        } else if (allowMultiple == false && aliases.size() > 1) {
            throw new IllegalArgumentException("The configured key store for "
                    + RealmSettings.getFullSettingKey(config, keyPairSettings.getPrefix())
                    + " has multiple keys but no alias has been specified (from setting "
                    + RealmSettings.getFullSettingKey(config, aliasSetting) + ")");
        }
    } else {
        aliases.add(configuredAlias);
    }

    final List<X509Credential> credentials = new ArrayList<>();
    for (String alias : aliases) {
        if (keyManager.getPrivateKey(alias) == null) {
            throw new IllegalArgumentException("The configured key store for "
                    + RealmSettings.getFullSettingKey(config, keyPairSettings.getPrefix())
                    + " does not have a key associated with alias [" + alias + "] "
                    + ((Strings.isNullOrEmpty(configuredAlias) == false)
                            ? "(from setting " + RealmSettings.getFullSettingKey(config, aliasSetting) + ")"
                            : ""));
        }

        final String keyType = keyManager.getPrivateKey(alias).getAlgorithm();
        if (keyType.equals("RSA") == false) {
            throw new IllegalArgumentException("The key associated with alias [" + alias + "] "
                    + "(from setting " + RealmSettings.getFullSettingKey(config, aliasSetting)
                    + ") uses unsupported key algorithm type [" + keyType + "], only RSA is supported");
        }
        credentials.add(new X509KeyManagerX509CredentialAdapter(keyManager, alias));
    }

    return credentials;
}

---

From source file:de.betterform.connector.http.ssl.BetterFORMKeyStoreManager.java

public String[] getServerAliases(String keyType, Principal[] principals) {
    String[] customClientAliases = null;
    Iterator<X509KeyManager> iterator = this.customX509KeyManagers.iterator();
    while (iterator.hasNext()) {
        X509KeyManager x509KeyManager = iterator.next();
        customClientAliases = (String[]) ArrayUtils.addAll(customClientAliases,
                x509KeyManager.getServerAliases(keyType, principals));
    }/*from ww  w  .j  a  v a 2s  . co  m*/
    return (String[]) ArrayUtils.addAll(customClientAliases,
            javaDefaultKeyManager.getServerAliases(keyType, principals));
}

---