X509KeyManager (Java Platform SE 8 )

All Superinterfaces:

KeyManager

All Known Implementing Classes:

X509ExtendedKeyManager
```
public interface X509KeyManager
extends KeyManager
```
Instances of this interface manage which X509 certificate-based key pairs are used to authenticate the local side of a secure socket.
During secure socket negotiations, implentations call methods in this interface to:
- determine the set of aliases that are available for negotiations based on the criteria presented,
- select the best alias based on the criteria presented, and
- obtain the corresponding key material for given aliases.
Note: the X509ExtendedKeyManager should be used in favor of this class.
Since:

1.4

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method	Description
`String`	`chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)`	Choose an alias to authenticate the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
`String`	`chooseServerAlias(String keyType, Principal[] issuers, Socket socket)`	Choose an alias to authenticate the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
`X509Certificate[]`	`getCertificateChain(String alias)`	Returns the certificate chain associated with the given alias.
`String[]`	`getClientAliases(String keyType, Principal[] issuers)`	Get the matching aliases for authenticating the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
`PrivateKey`	`getPrivateKey(String alias)`	Returns the key associated with the given alias.
`String[]`	`getServerAliases(String keyType, Principal[] issuers)`	Get the matching aliases for authenticating the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).

- Method Detail
  - getClientAliases
```
String[] getClientAliases(String keyType,
                          Principal[] issuers)
```
    Get the matching aliases for authenticating the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
    
    Parameters:
    
    keyType - the key algorithm type name
    
    issuers - the list of acceptable CA issuer subject names, or null if it does not matter which issuers are used.
    
    Returns:
    
    an array of the matching alias names, or null if there were no matches.
  - chooseClientAlias
```
String chooseClientAlias(String[] keyType,
                         Principal[] issuers,
                         Socket socket)
```
    Choose an alias to authenticate the client side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
    
    Parameters:
    
    keyType - the key algorithm type name(s), ordered with the most-preferred key type first.
    
    issuers - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used.
    
    socket - the socket to be used for this connection. This parameter can be null, which indicates that implementations are free to select an alias applicable to any socket.
    
    Returns:
    
    the alias name for the desired key, or null if there are no matches.
  - getServerAliases
```
String[] getServerAliases(String keyType,
                          Principal[] issuers)
```
    Get the matching aliases for authenticating the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
    
    Parameters:
    
    keyType - the key algorithm type name
    
    issuers - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used.
    
    Returns:
    
    an array of the matching alias names, or null if there were no matches.
  - chooseServerAlias
```
String chooseServerAlias(String keyType,
                         Principal[] issuers,
                         Socket socket)
```
    Choose an alias to authenticate the server side of a secure socket given the public key type and the list of certificate issuer authorities recognized by the peer (if any).
    
    Parameters:
    
    keyType - the key algorithm type name.
    
    issuers - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used.
    
    socket - the socket to be used for this connection. This parameter can be null, which indicates that implementations are free to select an alias applicable to any socket.
    
    Returns:
    
    the alias name for the desired key, or null if there are no matches.
  - getCertificateChain
```
X509Certificate[] getCertificateChain(String alias)
```
    Returns the certificate chain associated with the given alias.
    
    Parameters:
    
    alias - the alias name
    
    Returns:
    
    the certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the alias can't be found.
  - getPrivateKey
```
PrivateKey getPrivateKey(String alias)
```
    Returns the key associated with the given alias.
    
    Parameters:
    
    alias - the alias name
    
    Returns:
    
    the requested key, or null if the alias can't be found.

Submit a bug or feature
For further API reference and developer documentation, see Java SE Documentation. That documentation contains more detailed, developer-targeted descriptions, with conceptual overviews, definitions of terms, workarounds, and working code examples.
Copyright © 1993, 2025, Oracle and/or its affiliates. All rights reserved. Use is subject to license terms. Also see the documentation redistribution policy.

Interface X509KeyManager

Method Summary

Method Detail

getClientAliases

chooseClientAlias

getServerAliases

chooseServerAlias

getCertificateChain

getPrivateKey