Package org.postgresql.ssl
Class Pk8OrPemKeyManager
- java.lang.Object
-
- org.postgresql.ssl.Pk8OrPemKeyManager
-
- All Implemented Interfaces:
javax.net.ssl.KeyManager,javax.net.ssl.X509KeyManager
public class Pk8OrPemKeyManager extends java.lang.Object implements javax.net.ssl.X509KeyManagerA key manager that selects PEM when its header is found within the first 64 KiB of the key file, and PK8/DER otherwise. This preserves libpq's preference for PEM before DER, while using a bounded marker scan rather than parsing the key during format detection.The delegate is resolved lazily on the first call to any
X509KeyManagermethod, so this works regardless of which method the TLS engine calls first.
-
-
Constructor Summary
Constructors Constructor Description Pk8OrPemKeyManager(java.lang.String keyFilePath, PEMKeyManager pem, LazyKeyManager pk8)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.StringchooseClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)java.lang.StringchooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)java.security.cert.X509Certificate[]getCertificateChain(java.lang.String alias)java.lang.String[]getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)java.security.PrivateKeygetPrivateKey(java.lang.String alias)java.lang.String[]getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)voidthrowKeyManagerException()Propagates any exception from the resolved delegate key manager, including an insecure-permission error detected while probing the key file.
-
-
-
Constructor Detail
-
Pk8OrPemKeyManager
public Pk8OrPemKeyManager(java.lang.String keyFilePath, PEMKeyManager pem, LazyKeyManager pk8)
-
-
Method Detail
-
getClientAliases
public java.lang.String[] getClientAliases(java.lang.String keyType, java.security.Principal[] issuers)- Specified by:
getClientAliasesin interfacejavax.net.ssl.X509KeyManager
-
chooseClientAlias
public java.lang.String chooseClientAlias(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)- Specified by:
chooseClientAliasin interfacejavax.net.ssl.X509KeyManager
-
getServerAliases
public java.lang.String[] getServerAliases(java.lang.String keyType, java.security.Principal[] issuers)- Specified by:
getServerAliasesin interfacejavax.net.ssl.X509KeyManager
-
chooseServerAlias
public java.lang.String chooseServerAlias(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)- Specified by:
chooseServerAliasin interfacejavax.net.ssl.X509KeyManager
-
getCertificateChain
public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias)
- Specified by:
getCertificateChainin interfacejavax.net.ssl.X509KeyManager
-
getPrivateKey
public java.security.PrivateKey getPrivateKey(java.lang.String alias)
- Specified by:
getPrivateKeyin interfacejavax.net.ssl.X509KeyManager
-
throwKeyManagerException
public void throwKeyManagerException() throws PSQLExceptionPropagates any exception from the resolved delegate key manager, including an insecure-permission error detected while probing the key file.- Throws:
PSQLException- if the delegate key manager has a stored exception
-
-