- 所有已实现的接口:
- KeyManager, X509KeyManager
final class SunX509KeyManagerImpl
extends X509ExtendedKeyManager
An implementation of X509KeyManager backed by a KeyStore.
The backing KeyStore is inspected when this object is constructed.
All key entries containing a PrivateKey and a non-empty chain of
X509Certificate are then copied into an internal store. This means
that subsequent modifications of the KeyStore have no effect on the
X509KeyManagerImpl object.
Note that this class assumes that all keys are protected by the same
password.
The JSSE handshake code currently calls into this class via
chooseClientAlias() and chooseServerAlias() to find the certificates to
use. As implemented here, both always return the first alias returned by
getClientAliases() and getServerAliases(). In turn, these methods are
implemented by calling getAliases(), which performs the actual lookup.
Note that this class currently implements no checking of the local
certificates. In particular, it is *not* guaranteed that:
. the certificates are within their validity period and not revoked
. the signatures verify
. they form a PKIX compliant chain.
. the certificate extensions allow the certificate to be used for
the desired purpose.
Chains that fail any of these criteria will probably be rejected by
the remote peer.