Package org.postgresql.ssl

Class BaseX509KeyManager

  • All Implemented Interfaces:
    javax.net.ssl.KeyManager, javax.net.ssl.X509KeyManager
    Direct Known Subclasses:
    PEMKeyManager, PKCS12KeyManager
    public abstract class BaseX509KeyManager
extends java.lang.Object
implements javax.net.ssl.X509KeyManager

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String chooseClientAlias​(java.lang.String[] keyType, java.security.Principal[] principals, java.net.Socket socket)  
      java.lang.String chooseServerAlias​(java.lang.String s, java.security.Principal[] principals, java.net.Socket socket)  
      java.lang.String[] getClientAliases​(java.lang.String keyType, java.security.Principal[] principals)  
      java.lang.String[] getServerAliases​(java.lang.String s, java.security.Principal[] principals)  
      void throwKeyManagerException()
      getCertificateChain and getPrivateKey cannot throw exceptions, therefore any exception is stored in error and can be raised by this method.
      static void validateKeyFilePermissions​(java.nio.file.Path keyPath)
      Validates that the private key file has secure permissions (owner-only readable).

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

      • Methods inherited from interface javax.net.ssl.X509KeyManager

        getCertificateChain, getPrivateKey

    • Constructor Detail

      • BaseX509KeyManager

        public BaseX509KeyManager()

    • Method Detail

      • throwKeyManagerException

        public void throwKeyManagerException()
                              throws PSQLException
        getCertificateChain and getPrivateKey cannot throw exceptions, therefore any exception is stored in error and can be raised by this method.
        Throws:
        PSQLException - if any exception is stored in error and can be raised

      • getClientAliases

        public java.lang.String[] getClientAliases​(java.lang.String keyType,
                                           java.security.Principal[] principals)
        Specified by:
        getClientAliases in interface javax.net.ssl.X509KeyManager

      • chooseClientAlias

        public java.lang.String chooseClientAlias​(java.lang.String[] keyType,
                                          java.security.Principal[] principals,
                                          java.net.Socket socket)
        Specified by:
        chooseClientAlias in interface javax.net.ssl.X509KeyManager

      • getServerAliases

        public java.lang.String[] getServerAliases​(java.lang.String s,
                                           java.security.Principal[] principals)
        Specified by:
        getServerAliases in interface javax.net.ssl.X509KeyManager

      • chooseServerAlias

        public java.lang.String chooseServerAlias​(java.lang.String s,
                                          java.security.Principal[] principals,
                                          java.net.Socket socket)
        Specified by:
        chooseServerAlias in interface javax.net.ssl.X509KeyManager

      • validateKeyFilePermissions

        public static void validateKeyFilePermissions​(java.nio.file.Path keyPath)
                                       throws PSQLException
        Validates that the private key file has secure permissions (owner-only readable). On POSIX systems, ensures no group or other permissions are set. On Windows systems, checks ACLs to ensure only the owner and trusted system accounts have access.
        Parameters:
        keyPath - the path to the private key file
        Throws:
        PSQLException - if the file has insecure permissions