Package org.postgresql.ssl

Class BaseX509KeyManager

java.lang.Object
org.postgresql.ssl.BaseX509KeyManager
All Implemented Interfaces:
KeyManager, X509KeyManager
Direct Known Subclasses:
PEMKeyManager, PKCS12KeyManager
public abstract class BaseX509KeyManager extends Object implements X509KeyManager

  • Field Details

  • Constructor Details

    • BaseX509KeyManager

      public BaseX509KeyManager()

  • Method Details

    • throwKeyManagerException

      public void throwKeyManagerException() throws PSQLException
      getCertificateChain and getPrivateKey cannot throw exceptions, therefore any exception is stored in error and can be raised by this method.
      Throws:
      PSQLException - if any exception is stored in error and can be raised

    • getClientAliases

      public String[] getClientAliases(String keyType, Principal[] principals)
      Specified by:
      getClientAliases in interface X509KeyManager

    • chooseClientAlias

      public String chooseClientAlias(String[] keyType, Principal[] principals, Socket socket)
      Specified by:
      chooseClientAlias in interface X509KeyManager

    • getServerAliases

      public String[] getServerAliases(String s, Principal[] principals)
      Specified by:
      getServerAliases in interface X509KeyManager

    • chooseServerAlias

      public String chooseServerAlias(String s, Principal[] principals, Socket socket)
      Specified by:
      chooseServerAlias in interface X509KeyManager

    • validateKeyFilePermissions

      public static void validateKeyFilePermissions(Path keyPath) throws PSQLException
      Validates that the private key file has secure permissions (owner-only readable). On POSIX systems, ensures no group or other permissions are set. On Windows systems, checks ACLs to ensure only the owner and trusted system accounts have access.
      Parameters:
      keyPath - the path to the private key file
      Throws:
      PSQLException - if the file has insecure permissions