Package org.eclipse.jetty.util.ssl
Interface SniX509ExtendedKeyManager.SniSelector
-
- All Known Implementing Classes:
SslContextFactory.Server
- Enclosing class:
- SniX509ExtendedKeyManager
- Functional Interface:
- This is a functional interface and can therefore be used as the assignment target for a lambda expression or method reference.
@FunctionalInterface public static interface SniX509ExtendedKeyManager.SniSelector
Selects a certificate based on SNI information.
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
DELEGATE
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description java.lang.String
sniSelect(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLSession session, java.lang.String sniHost, java.util.Collection<X509> certificates)
Selects a certificate based on SNI information.
-
-
-
Field Detail
-
DELEGATE
static final java.lang.String DELEGATE
- See Also:
- Constant Field Values
-
-
Method Detail
-
sniSelect
java.lang.String sniSelect(java.lang.String keyType, java.security.Principal[] issuers, javax.net.ssl.SSLSession session, java.lang.String sniHost, java.util.Collection<X509> certificates) throws javax.net.ssl.SSLHandshakeException
Selects a certificate based on SNI information.
This method may be invoked multiple times during the TLS handshake, with different parameters. For example, the
keyType
could be different, and subsequently the collection of certificates (because they need to match thekeyType
).- Parameters:
keyType
- the key algorithm type nameissuers
- the list of acceptable CA issuer subject names or null if it does not matter which issuers are usedsession
- the TLS handshake session or null if not known.sniHost
- the server name indication sent by the client, or null if the client did not send the server name indicationcertificates
- the list of certificates matchingkeyType
andissuers
known to this SslContextFactory- Returns:
- the alias of the certificate to return to the client, from the
certificates
list, orDELEGATE
if the certificate choice should be delegated to the nested key manager or null for no match. - Throws:
javax.net.ssl.SSLHandshakeException
- if the TLS handshake should be aborted
-
-