Class Pk8OrPemKeyManager

  • All Implemented Interfaces:
    javax.net.ssl.KeyManager, javax.net.ssl.X509KeyManager

    public class Pk8OrPemKeyManager
    extends java.lang.Object
    implements javax.net.ssl.X509KeyManager
    A key manager that selects PEM when its header is found within the first 64 KiB of the key file, and PK8/DER otherwise. This preserves libpq's preference for PEM before DER, while using a bounded marker scan rather than parsing the key during format detection.

    The delegate is resolved lazily on the first call to any X509KeyManager method, so this works regardless of which method the TLS engine calls first.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String chooseClientAlias​(java.lang.String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)  
      java.lang.String chooseServerAlias​(java.lang.String keyType, java.security.Principal[] issuers, java.net.Socket socket)  
      java.security.cert.X509Certificate[] getCertificateChain​(java.lang.String alias)  
      java.lang.String[] getClientAliases​(java.lang.String keyType, java.security.Principal[] issuers)  
      java.security.PrivateKey getPrivateKey​(java.lang.String alias)  
      java.lang.String[] getServerAliases​(java.lang.String keyType, java.security.Principal[] issuers)  
      void throwKeyManagerException()
      Propagates any exception from the resolved delegate key manager, including an insecure-permission error detected while probing the key file.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Method Detail

      • getClientAliases

        public java.lang.String[] getClientAliases​(java.lang.String keyType,
                                                   java.security.Principal[] issuers)
        Specified by:
        getClientAliases in interface javax.net.ssl.X509KeyManager
      • chooseClientAlias

        public java.lang.String chooseClientAlias​(java.lang.String[] keyType,
                                                  java.security.Principal[] issuers,
                                                  java.net.Socket socket)
        Specified by:
        chooseClientAlias in interface javax.net.ssl.X509KeyManager
      • getServerAliases

        public java.lang.String[] getServerAliases​(java.lang.String keyType,
                                                   java.security.Principal[] issuers)
        Specified by:
        getServerAliases in interface javax.net.ssl.X509KeyManager
      • chooseServerAlias

        public java.lang.String chooseServerAlias​(java.lang.String keyType,
                                                  java.security.Principal[] issuers,
                                                  java.net.Socket socket)
        Specified by:
        chooseServerAlias in interface javax.net.ssl.X509KeyManager
      • getCertificateChain

        public java.security.cert.X509Certificate[] getCertificateChain​(java.lang.String alias)
        Specified by:
        getCertificateChain in interface javax.net.ssl.X509KeyManager
      • getPrivateKey

        public java.security.PrivateKey getPrivateKey​(java.lang.String alias)
        Specified by:
        getPrivateKey in interface javax.net.ssl.X509KeyManager
      • throwKeyManagerException

        public void throwKeyManagerException()
                                      throws PSQLException
        Propagates any exception from the resolved delegate key manager, including an insecure-permission error detected while probing the key file.
        Throws:
        PSQLException - if the delegate key manager has a stored exception