KeyManagerFactory Class

javax.net.ssl.KeyManagerFactory is an engine class for a provider-based service that acts as a factory for one or more types of KeyManager objects. The IBMJSSE2 provider implements a factory which can return a basic X.509 key manager. Because it is provider-based, additional factories can be implemented and configured to provide additional or alternate key managers.

Creating a KeyManagerFactory

You create an instance of this class in a manner similar to SSLContext, except for passing an algorithm name string instead of a protocol name to the getInstance method: 
public static KeyManagerFactory getInstance(String  algorithm);
public static KeyManagerFactory getInstance(String algorithm, String provider);
public static KeyManagerFactory getInstance(String algorithm, Provider provider);

A sample algorithm name string is: IbmX509

A sample call is the following: 
KeyManagerFactory kmf = KeyManagerFactory.getInstance("IbmX509", "IBMJSSE2");

This call will create an instance of the IBMJSSE2 provider's default key manager factory, which provides basic X.509-based authentication keys.

A newly-created factory should be initialized by calling one of the init methods: 
public void init(KeyStore ks, char[] password);
public void init(ManagerFactoryParameters spec);

You should call whichever init method is appropriate for the KeyManagerFactory you are using. (Ask the provider vendor.)

For many factories, such as the default IbmX509 KeyManagerFactory from the IBMJSSE2 provider, the KeyStore and password are the only information required to initialize the KeyManagerFactory and thus the first init method is the appropriate one to call. The KeyManagerFactory will query the KeyStore for information on which private key and matching public key certificates should be used for authenticating to a remote socket peer. The password parameter specifies the password that will be used with the methods for accessing keys from the KeyStore. All keys in the KeyStore must be protected by the same password.

In some cases, initialization parameters other than a KeyStore and password may be needed by a provider. Users of that particular provider are expected to pass an implementation of the appropriate ManagerFactoryParameters as defined by the provider. The provider can then call the specified methods in the ManagerFactoryParameters implementation to obtain the needed information.

Some factories are capable of providing access to authentication material without having to be initialized with a KeyStore object or any other parameters. For example, they may access key material as part of a login mechanism such as one based on JAAS, the Java™ Authentication and Authorization Service.

As indicated previously, the IBMJSSE2 provider supports an IbmX509 factory that must be initialized with a KeyStore parameter.