org.apache.geronimo.security.keystore
Class FileKeystoreManager

java.lang.Object
  extended by org.apache.geronimo.security.keystore.FileKeystoreManager
All Implemented Interfaces:
GBeanLifecycle, KeystoreManager

public class FileKeystoreManager
extends Object
implements KeystoreManager, GBeanLifecycle

An implementation of KeystoreManager that assumes every file in a specified directory is a keystore.


Field Summary
static GBeanInfo GBEAN_INFO
           
 
Constructor Summary
FileKeystoreManager(URI keystoreDir, ServerInfo serverInfo, Collection keystores, Kernel kernel)
           
 
Method Summary
 KeystoreInstance createKeystore(String name, char[] password, String keystoreType)
          Creates a new, empty keystore.
 SSLContext createSSLContext(String provider, String protocol, String algorithm, String keyStore, String keyAlias, String trustStore, ClassLoader loader)
          Gets a ServerSocketFactory using one Keystore to access the private key and another to provide the list of trusted certificate authorities.
 SSLSocketFactory createSSLFactory(String provider, String protocol, String algorithm, String trustStore, ClassLoader loader)
          Gets a SocketFactory using one Keystore to access the private key and another to provide the list of trusted certificate authorities.
 SSLSocketFactory createSSLFactory(String provider, String protocol, String algorithm, String keyStore, String keyAlias, String trustStore, ClassLoader loader)
          Gets a SocketFactory using one Keystore to access the private key and another to provide the list of trusted certificate authorities.
 SSLServerSocketFactory createSSLServerFactory(String provider, String protocol, String algorithm, String keyStore, String keyAlias, String trustStore, ClassLoader loader)
          Gets a ServerSocketFactory using one Keystore to access the private key and another to provide the list of trusted certificate authorities.
 void doFail()
          Fails the GBean.
 void doStart()
          Starts the GBean.
 void doStop()
          Stops the target.
 X509Certificate generateCert(PublicKey publicKey, PrivateKey privateKey, String sigalg, int validity, String cn, String ou, String o, String l, String st, String c)
           
static GBeanInfo getGBeanInfo()
           
 KeystoreInstance getKeystore(String name, String type)
           
 KeystoreInstance[] getKeystores()
          Gets the names of the keystores available in the server.
 KeystoreInstance[] getUnlockedKeyStores()
          Gets the aliases for any keystores that are available to be used as private key keystores for an SSL factory.
 KeystoreInstance[] getUnlockedTrustStores()
          Gets the aliases for any keystores that are available to be used as trusted certificate keystores for an SSL factory.
 String[] listKeystoreFiles()
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

GBEAN_INFO

public static final GBeanInfo GBEAN_INFO
Constructor Detail

FileKeystoreManager

public FileKeystoreManager(URI keystoreDir,
                           ServerInfo serverInfo,
                           Collection keystores,
                           Kernel kernel)
Method Detail

doStart

public void doStart()
             throws Exception
Description copied from interface: GBeanLifecycle
Starts the GBean. This informs the GBean that it is about to transition to the running state.

Specified by:
doStart in interface GBeanLifecycle
Throws:
Exception - if the target failed to start; this will cause a transition to the failed state

doStop

public void doStop()
            throws Exception
Description copied from interface: GBeanLifecycle
Stops the target. This informs the GBean that it is about to transition to the stopped state.

Specified by:
doStop in interface GBeanLifecycle
Throws:
Exception - if the target failed to stop; this will cause a transition to the failed state

doFail

public void doFail()
Description copied from interface: GBeanLifecycle
Fails the GBean. This informs the GBean that it is about to transition to the failed state.

Specified by:
doFail in interface GBeanLifecycle

listKeystoreFiles

public String[] listKeystoreFiles()

getKeystores

public KeystoreInstance[] getKeystores()
Description copied from interface: KeystoreManager
Gets the names of the keystores available in the server.

Specified by:
getKeystores in interface KeystoreManager

getKeystore

public KeystoreInstance getKeystore(String name,
                                    String type)

createSSLFactory

public SSLSocketFactory createSSLFactory(String provider,
                                         String protocol,
                                         String algorithm,
                                         String trustStore,
                                         ClassLoader loader)
                                  throws KeystoreException
Gets a SocketFactory using one Keystore to access the private key and another to provide the list of trusted certificate authorities.

Specified by:
createSSLFactory in interface KeystoreManager
Parameters:
provider - The SSL provider to use, or null for the default
protocol - The SSL protocol to use
algorithm - The SSL algorithm to use
trustStore - The trust keystore name as provided by listKeystores. The KeystoreInstance for this keystore must have unlocked this key.
loader - The class loader used to resolve factory classes.
Returns:
A created SSLSocketFactory item created from the KeystoreManager.
Throws:
KeystoreIsLocked - Occurs when the requested key keystore cannot be used because it has not been unlocked.
KeyIsLocked - Occurs when the requested private key in the key keystore cannot be used because it has not been unlocked.
NoSuchAlgorithmException
UnrecoverableKeyException
KeyStoreException
KeyManagementException
NoSuchProviderException
KeystoreException

createSSLFactory

public SSLSocketFactory createSSLFactory(String provider,
                                         String protocol,
                                         String algorithm,
                                         String keyStore,
                                         String keyAlias,
                                         String trustStore,
                                         ClassLoader loader)
                                  throws KeystoreException
Gets a SocketFactory using one Keystore to access the private key and another to provide the list of trusted certificate authorities.

Specified by:
createSSLFactory in interface KeystoreManager
Parameters:
provider - The SSL provider to use, or null for the default
protocol - The SSL protocol to use
algorithm - The SSL algorithm to use
keyStore - The key keystore name as provided by listKeystores. The KeystoreInstance for this keystore must be unlocked.
keyAlias - The name of the private key in the keystore. The KeystoreInstance for this keystore must have unlocked this key.
trustStore - The trust keystore name as provided by listKeystores. The KeystoreInstance for this keystore must have unlocked this key.
loader - The class loader used to resolve factory classes.
Returns:
A created SSLSocketFactory item created from the KeystoreManager.
Throws:
KeystoreIsLocked - Occurs when the requested key keystore cannot be used because it has not been unlocked.
KeyIsLocked - Occurs when the requested private key in the key keystore cannot be used because it has not been unlocked.
KeystoreException

createSSLServerFactory

public SSLServerSocketFactory createSSLServerFactory(String provider,
                                                     String protocol,
                                                     String algorithm,
                                                     String keyStore,
                                                     String keyAlias,
                                                     String trustStore,
                                                     ClassLoader loader)
                                              throws KeystoreException
Gets a ServerSocketFactory using one Keystore to access the private key and another to provide the list of trusted certificate authorities.

Specified by:
createSSLServerFactory in interface KeystoreManager
Parameters:
provider - The SSL provider to use, or null for the default
protocol - The SSL protocol to use
algorithm - The SSL algorithm to use
keyStore - The key keystore name as provided by listKeystores. The KeystoreInstance for this keystore must be unlocked.
keyAlias - The name of the private key in the keystore. The KeystoreInstance for this keystore must have unlocked this key.
trustStore - The trust keystore name as provided by listKeystores. The KeystoreInstance for this keystore must have unlocked this key.
loader - The class loader used to resolve factory classes.
Throws:
KeystoreIsLocked - Occurs when the requested key keystore cannot be used because it has not been unlocked.
KeyIsLocked - Occurs when the requested private key in the key keystore cannot be used because it has not been unlocked.
KeystoreException

createSSLContext

public SSLContext createSSLContext(String provider,
                                   String protocol,
                                   String algorithm,
                                   String keyStore,
                                   String keyAlias,
                                   String trustStore,
                                   ClassLoader loader)
                            throws KeystoreException
Gets a ServerSocketFactory using one Keystore to access the private key and another to provide the list of trusted certificate authorities.

Specified by:
createSSLContext in interface KeystoreManager
Parameters:
provider - The SSL provider to use, or null for the default
protocol - The SSL protocol to use
algorithm - The SSL algorithm to use
keyStore - The key keystore name as provided by listKeystores. The KeystoreInstance for this keystore must be unlocked.
keyAlias - The name of the private key in the keystore. The KeystoreInstance for this keystore must have unlocked this key.
trustStore - The trust keystore name as provided by listKeystores. The KeystoreInstance for this keystore must have unlocked this key.
loader - The class loader used to resolve factory classes.
Returns:
SSLContext using the security info provided
Throws:
KeystoreIsLocked - Occurs when the requested key keystore cannot be used because it has not been unlocked.
KeyIsLocked - Occurs when the requested private key in the key keystore cannot be used because it has not been unlocked.
KeystoreException

createKeystore

public KeystoreInstance createKeystore(String name,
                                       char[] password,
                                       String keystoreType)
                                throws KeystoreException
Description copied from interface: KeystoreManager
Creates a new, empty keystore. The name should be a valid file name with no path separator characters.

Specified by:
createKeystore in interface KeystoreManager
Parameters:
name - The name of the keystore to create
password - The password to use to protect the new keystore
keystoreType - The keystore type
Throws:
KeystoreException

getUnlockedKeyStores

public KeystoreInstance[] getUnlockedKeyStores()
Description copied from interface: KeystoreManager
Gets the aliases for any keystores that are available to be used as private key keystores for an SSL factory. This means the keystore is unlocked and contains at least one private key that's unlocked.

Specified by:
getUnlockedKeyStores in interface KeystoreManager

getUnlockedTrustStores

public KeystoreInstance[] getUnlockedTrustStores()
Description copied from interface: KeystoreManager
Gets the aliases for any keystores that are available to be used as trusted certificate keystores for an SSL factory. This means the keystore is unlocked and contains at least one trust certificate.

Specified by:
getUnlockedTrustStores in interface KeystoreManager

getGBeanInfo

public static GBeanInfo getGBeanInfo()

generateCert

public X509Certificate generateCert(PublicKey publicKey,
                                    PrivateKey privateKey,
                                    String sigalg,
                                    int validity,
                                    String cn,
                                    String ou,
                                    String o,
                                    String l,
                                    String st,
                                    String c)
                             throws SignatureException,
                                    InvalidKeyException
Throws:
SignatureException
InvalidKeyException


Copyright © 2003-2008 The Apache Geronimo development community. All Rights Reserved.