X509KeyManager Interface
The javax.net.ssl.X509KeyManager interface extends
the general KeyManager interface. It must be implemented
by a key manager for X.509-based authentication. To support
X.509 authentication to remote socket peers through JSSE, an instance
of this interface must be passed to the init method
of an SSLContext object.
Creating an X509KeyManager
You can either implement this
interface directly yourself or obtain one from a provider-based KeyManagerFactory
(such as those supplied by the IBMJSSE2 provider). You could also implement your
own interface that delegates to a factory-generated key manager. For example, you might do this in
order to filter the resulting keys and query an end-user through a graphical user interface.
IBMJSSE2 default IbmX509
KeyManagerFactory, the factory tries to find key material by consulting the system properties
javax.net.ssl.keyStore
javax.net.ssl.keyStorePassword
javax.net.ssl.keyStoreType- If the
javax.net.ssl.keyStoresystem property was not specified, then if the file
exists, that file is used. (Where<install_dir>/jre/lib/security/jssecacerts<install_dir>refers to the directory where the runtime environment is installed.) - Else the following file is used:
<install_dir>/jre/lib/security/cacerts
Generally, the process acting as the server in the handshake will need a keystore for
its KeyManager to obtain credentials for authentication to the client. Unless the server
requires client authentication, the process acting as the client will not need a
KeyManager keystore.
Creating Your Own X509KeyManager
If
the default X509KeyManager behavior isn't suitable
for your situation, you can create your own X509KeyManager in
a way similiar to that shown in Creating
Your Own X509TrustManager.