Package org.postgresql.ssl
Class BaseX509KeyManager
java.lang.Object
org.postgresql.ssl.BaseX509KeyManager
- All Implemented Interfaces:
KeyManager,X509KeyManager
- Direct Known Subclasses:
PEMKeyManager,PKCS12KeyManager
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescription@Nullable StringchooseClientAlias(String[] keyType, Principal @Nullable [] principals, @Nullable Socket socket) @Nullable StringchooseServerAlias(String s, Principal @Nullable [] principals, @Nullable Socket socket) String @Nullable []getClientAliases(String keyType, Principal @Nullable [] principals) String @Nullable []getServerAliases(String s, Principal @Nullable [] principals) voidgetCertificateChain and getPrivateKey cannot throw exceptions, therefore any exception is stored inerrorand can be raised by this method.static voidvalidateKeyFilePermissions(Path keyPath) Validates that the private key file has secure permissions (owner-only readable).Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface javax.net.ssl.X509KeyManager
getCertificateChain, getPrivateKey
-
Field Details
-
error
-
-
Constructor Details
-
BaseX509KeyManager
public BaseX509KeyManager()
-
-
Method Details
-
throwKeyManagerException
getCertificateChain and getPrivateKey cannot throw exceptions, therefore any exception is stored inerrorand can be raised by this method.- Throws:
PSQLException- if any exception is stored inerrorand can be raised
-
getClientAliases
- Specified by:
getClientAliasesin interfaceX509KeyManager
-
chooseClientAlias
public @Nullable String chooseClientAlias(String[] keyType, Principal @Nullable [] principals, @Nullable Socket socket) - Specified by:
chooseClientAliasin interfaceX509KeyManager
-
getServerAliases
- Specified by:
getServerAliasesin interfaceX509KeyManager
-
chooseServerAlias
public @Nullable String chooseServerAlias(String s, Principal @Nullable [] principals, @Nullable Socket socket) - Specified by:
chooseServerAliasin interfaceX509KeyManager
-
validateKeyFilePermissions
Validates that the private key file has secure permissions (owner-only readable). On POSIX systems, ensures no group or other permissions are set. On Windows systems, checks ACLs to ensure only the owner and trusted system accounts have access.- Parameters:
keyPath- the path to the private key file- Throws:
PSQLException- if the file has insecure permissions
-