Examples of javax.security.auth.x500.X500PrivateCredential

• javax.security.auth.x500.X500PrivateCredential

  This class represents an {@code X500PrivateCredential}. It associates an X.509 certificate, corresponding private key and the KeyStore alias used to reference that exact key pair in the KeyStore. This enables looking up the private credentials for an X.500 principal in a subject.

     * attempt to find another key.
     */
    public String chooseServerAlias(
  String keyType, Principal[] issuers, Socket socket)
    {
  X500PrivateCredential cred = null;
  synchronized (credentialCache) {
      Object val = credentialCache.get(keyType);
      if (val instanceof X500PrivateCredential) {
    cred = (X500PrivateCredential) val;
    try {
        checkCredentials(cred, null, "listen");
    } catch (SecurityException e) {
        if (logger.isLoggable(Levels.HANDLED)) {
      logThrow(logger, Levels.HANDLED,
         ServerAuthManager.class, "chooseServerAlias",
         "choose server alias for key type {0}\n" +
         "and issuers {1}\ncaught exception",
         new Object[] { keyType, toString(issuers) },
         e);
        }
        /*
         * This credential is no longer present or we don't have
         * permission to use it.  Clear the cache and invalidate
         * sessions with this key type.
         */
        cred = null;
        credentialCache.remove(keyType);
        for (Enumeration en = sslSessionContext.getIds();
       en.hasMoreElements(); )
        {
      SSLSession session =
          sslSessionContext.getSession(
        (byte[]) en.nextElement());
      if (session != null) {
          String suite = session.getCipherSuite();
          if (keyType.equals(getKeyAlgorithm(suite))) {
        session.invalidate();
          }
      }
        }
    }
      }
      if (cred == null) {
    /* Try to select a new alias */
    Exception exception = null;
    try {
        cred = chooseCredential(keyType, issuers);
        if (cred != null) {
      credentialCache.put(keyType, cred);
        }
    } catch (GeneralSecurityException e) {
        exception = e;
    } catch (SecurityException e) {
        exception = e;
    }
    if (exception != null) {
        credentialCache.put(keyType, exception.getMessage());
        return null;
    }
      }
  }
  String result = (cred == null)
      ? null
      : SubjectCredentials.getCertificateName(cred.getCertificate());
  if (logger.isLoggable(Level.FINE)) {
      logger.log(Level.FINE,
           "choose server alias for key type {0}\nissuers {1}\n" +
           "returns {2}",
           new Object[] { keyType, toString(issuers), result });

  try {
      X500Constraints cons = X500Constraints.process(constraints, true);

      // REMIND: instead iterate through constraint-designated principals
      X500PrivateCredential[] creds = getPrivateCredentials();
      X500PrivateCredential chosen = null;
      int best = -1;
      SecurityException se = null;
      for (int i = 0; i < creds.length; i++) {
    X500PrivateCredential c = creds[i];
    X500Principal p = c.getCertificate().getSubjectX500Principal();
    int score = cons.checkClientPrincipal(p);
    if (score < 0) {
        if (logger.isLoggable(Level.FINEST)) {
      logger.log(Level.FINEST,
           "skipping disallowed principal {0}",

        if (includePrivateKey) {
                PublicKey publicKey = certificate.getPublicKey();
        PrivateKey privateKey =
            (PrivateKey) keyStore.getKey(alias, keyStorePassword);
        subject.getPrivateCredentials().add(
            new X500PrivateCredential(certificate, privateKey));
        }
    } catch (KeyStoreException e) {
        throw new RuntimeException(e.toString());
    } catch (GeneralSecurityException e) {
        throw new RuntimeException(e.toString());

      });
  Collection ppals = subjInfo[0];
  Collection creds = subjInfo[1];
  List l = new ArrayList();
  for (Iterator i = creds.iterator(); i.hasNext(); ) {
      X500PrivateCredential cred = (X500PrivateCredential) i.next();
      X509Certificate cert = cred.getCertificate();
      try {
    checkCertificate(cert);
      } catch (CertificateException e) {
    logger.log(Levels.HANDLED, "invalid certificate", e);
    continue;
      }
      if (keyAlgorithm.equals(cred.getPrivateKey().getAlgorithm()) &&
    ppals.contains(cert.getSubjectX500Principal()))
      {
    l.add(cred);
      }
  }

  try {
      X500Constraints cons = X500Constraints.process(constraints, false);

      // REMIND: instead iterate through constraint-designated principals
      X500PrivateCredential[] creds = getPrivateCredentials();
      X500PrivateCredential chosen = null;
      int best = -1;
      SecurityException se = null;
      for (int i = 0; i < creds.length; i++) {
    X500PrivateCredential c = creds[i];
    X500Principal p = c.getCertificate().getSubjectX500Principal();
    int score = cons.checkServerPrincipal(p);
    if (score < 0) {
        if (logger.isLoggable(Level.FINEST)) {
      logger.log(Level.FINEST,
           "skipping disallowed principal {0}",

    X500Principal principal = getPrincipal(subject, cert);
    if (principal != null) {
        boolean pcOK = privateCredentials == null;
        if (!pcOK) {
      for (int j = privateCredentials.length; --j >= 0; ) {
          X500PrivateCredential xpc = privateCredentials[j];
          if (cert.equals(xpc.getCertificate())) {
        pcOK = true;
        break;
          }
      }
        }

     * @return the X500PrivateCredential or null
     */
    static X500PrivateCredential getPrivateCredential(Subject subject,
                  X509Certificate cert)
    {
  X500PrivateCredential result = null;
  Set privateCreds = subject.getPrivateCredentials();
  synchronized (privateCreds) {
      /*
       * XXX: Include this synchronization to work around BugID 4892913,
       * Subject.getPrivateCredentials not thread-safe against changes to
       * principals.  -tjb[18.Jul.2003]
       *
       * synchronized (subject.getPrincipals()) {
       */
      for (Iterator it = privateCreds.iterator(); it.hasNext(); ) {
    Object cred = it.next();
    if (cred instanceof X500PrivateCredential) {
        X500PrivateCredential xpc =
      (X500PrivateCredential) cred;
        if (cert.equals(xpc.getCertificate())) {
      result = xpc;
      break;
        }
    }
      }

    buf.append("    Public key: ");
    appendKeyString(cert.getPublicKey(), buf);
    buf.append('\n');
    buf.append("    Private key: ");
    try {
        X500PrivateCredential cred =
      (X500PrivateCredential) Security.doPrivileged(
          new GetPrivateCredentialAction(subject, cert));
        PrivateKey privateKey =
      cred != null ? cred.getPrivateKey() : null;
        if (privateKey == null) {
      buf.append("Not found");
        } else {
      appendKeyString(privateKey, buf);
        }

  List exceptions = null;
  for (int i = certPaths.size(); --i >= 0; ) {
      CertPath chain = (CertPath) certPaths.get(i);
      Exception exception;
      try {
    X500PrivateCredential pc = checkChain(chain, keyType, issuers);
    if (pc == null) {
        continue;
    } else {
        return pc;
    }

      throw new CertificateException(
    "Certificate not permitted for digital signatures: " + head);
  }

  /* Also throws SecurityException */
  X500PrivateCredential xpc = getPrivateCredential(head);
  if (xpc == null) {
      throw new KeyException(
    "Private key not found for certificate: " + head);
  }