001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.geronimo.management.geronimo; 018 019 import java.security.PrivateKey; 020 import java.security.cert.Certificate; 021 022 import javax.net.ssl.KeyManager; 023 import javax.net.ssl.TrustManager; 024 025 /** 026 * Management interface for dealing with a specific Keystore 027 * 028 * @version $Rev: 706640 $ $Date: 2008-10-21 14:44:05 +0000 (Tue, 21 Oct 2008) $ 029 */ 030 public interface KeystoreInstance { 031 /** 032 * Returns the name of the keystore as known to the keystore manager. 033 */ 034 public String getKeystoreName(); 035 036 /** 037 * Returns the type of the keystore. 038 */ 039 public String getKeystoreType(); 040 041 /** 042 * Saves a password to access the keystore as a whole. This means that any 043 * other server component can use this keystore to create a socket factory. 044 * However, the relevant private key in the keystore must also be unlocked. 045 * 046 * @return True if the keystore was unlocked successfully 047 */ 048 public void unlockKeystore(char[] password) throws KeystoreException; 049 050 /** 051 * Clears any saved password, meaning this keystore cannot be used by other 052 * server components. You can still query and update it by passing the 053 * password to other functions, 054 */ 055 public void lockKeystore(char[] password) throws KeystoreException; 056 057 /** 058 * Checks whether this keystore is unlocked, which is to say, available for 059 * other components to use to generate socket factories. 060 * Does not check whether the unlock password is actually correct. 061 */ 062 public boolean isKeystoreLocked(); 063 064 /** 065 * Gets the aliases of all private key entries in the keystore 066 * 067 * @param storePassword Used to open the keystore. If null, the 068 * internal password will be used and may 069 * @throws KeystoreIsLocked if a null password was provided and the keystore 070 * is locked, or if a bad password was provided 071 */ 072 public String[] listPrivateKeys(char[] storePassword) throws KeystoreException; 073 074 /** 075 * Saves a password to access a private key. This means that if the 076 * keystore is also unlocked, any server component can create an SSL 077 * socket factory using this private key. Note that the keystore 078 * must be unlocked before this can be called. 079 * 080 * @param password The password to save. 081 * @return True if the key was unlocked successfully 082 * @throws KeystoreException 083 */ 084 public void unlockPrivateKey(String alias, char[] storePassword, char[] keyPassword) throws KeystoreException; 085 086 /** 087 * Gets the aliases for all the private keys that are currently unlocked. 088 * This only works if the keystore is unlocked. 089 */ 090 public String[] getUnlockedKeys(char[] storePassword) throws KeystoreException; 091 092 /** 093 * Checks whether this keystore can be used as a trust store (e.g. has at 094 * least one trust certificate). This only works if the keystore is 095 * unlocked. 096 */ 097 public boolean isTrustStore(char[] storePassword) throws KeystoreException; 098 099 /** 100 * Clears any saved password for the specified private key, meaning this 101 * key cannot be used for a socket factory by other server components. 102 * You can still query and update it by passing the password to other 103 * functions, 104 * @param storePassword The password used to access the keystore. Must be non-null. 105 * @throws KeystoreIsLocked 106 */ 107 public void lockPrivateKey(String alias, char[] storePassword) throws KeystoreException; 108 109 /** 110 * Checks whether the specified private key is locked, which is to say, 111 * available for other components to use to generate socket factories. 112 * Does not check whether the unlock password is actually correct. 113 */ 114 public boolean isKeyLocked(String alias); 115 116 /** 117 * Gets the aliases of all trusted certificate entries in the keystore. 118 * 119 * @param storePassword Used to open the keystore or null to use the internal password. 120 * @throws KeystoreIsLocked if the keystore coul not be unlocked 121 */ 122 public String[] listTrustCertificates(char[] storePassword) throws KeystoreException; 123 124 /** 125 * Gets a particular certificate from the keystore. This may be a trust 126 * certificate or the certificate corresponding to a particular private 127 * key. 128 * @param alias The certificate to look at 129 * @param storePassword Used to open the keystore or null to use the internal password. 130 * @throws KeystoreException 131 */ 132 public Certificate getCertificate(String alias, char[] storePassword) throws KeystoreException; 133 134 /** 135 * Gets a particular certificate chain from the keystore. 136 * @param alias The certificate chain to look at 137 * @param storePassword Used to open the keystore or null to use the internal password. 138 * @throws KeystoreIsLocked if the keystore coul not be unlocked 139 */ 140 public Certificate[] getCertificateChain(String alias, char[] storePassword) throws KeystoreException; 141 142 /** 143 * Gets the alias corresponding to the given certificate. 144 * @param alias The certificate used to retrieve the alias 145 * @param storePassword Used to open the keystore or null to use the internal password. 146 * @throws KeystoreIsLocked if the keystore coul not be unlocked 147 */ 148 public String getCertificateAlias(Certificate cert, char[] storePassword) throws KeystoreException; 149 150 /** 151 * Adds a certificate to this keystore as a trusted certificate. 152 * @param cert The certificate to add 153 * @param alias The alias to list the certificate under 154 * @param storePassword Used to open the keystore. Must be non null 155 * @return True if the certificate was imported successfully 156 * @throws KeystoreException 157 */ 158 public void importTrustCertificate(Certificate cert, String alias, char[] storePassword) throws KeystoreException; 159 160 /** 161 * Generates a new private key and certificate pair in this keystore. 162 * @param alias The alias to store the new key pair under 163 * @param storePassword The password used to access the keystore 164 * @param keyPassword The password to use to protect the new key 165 * @param keyAlgorithm The algorithm used for the key (e.g. RSA) 166 * @param keySize The number of bits in the key (e.g. 1024) 167 * @param signatureAlgorithm The algorithm used to sign the key (e.g. MD5withRSA) 168 * @param validity The number of days the certificate should be valid for 169 * @param commonName The CN portion of the identity on the certificate 170 * @param orgUnit The OU portion of the identity on the certificate 171 * @param organization The O portion of the identity on the certificate 172 * @param locality The L portion of the identity on the certificate 173 * @param state The ST portion of the identity on the certificate 174 * @param country The C portion of the identity on the certificate 175 * @return True if the key was generated successfully 176 * @throws KeystoreException 177 */ 178 public void generateKeyPair(String alias, char[] storePassword, char[] keyPassword, String keyAlgorithm, int keySize, 179 String signatureAlgorithm, int validity, String commonName, String orgUnit, 180 String organization, String locality, String state, String country) throws KeystoreException; 181 182 183 /** 184 * Gets a KeyManager for a key in this Keystore. This only works if both 185 * the keystore and the private key in question have been unlocked, 186 * allowing other components in the server to access them. 187 * @param algorithm The SSL algorithm to use for this key manager 188 * @param alias The alias of the key to use in the keystore 189 * @param storePassword The password used to access the keystore 190 */ 191 public KeyManager[] getKeyManager(String algorithm, String alias, char[] storePassword) throws KeystoreException; 192 193 /** 194 * Gets a TrustManager for this keystore. This only works if the keystore 195 * has been unlocked, allowing other components in the server to access it. 196 * @param algorithm The SSL algorithm to use for this trust manager 197 * @param storePassword The password used to access the keystore 198 */ 199 public TrustManager[] getTrustManager(String algorithm, char[] storePassword) throws KeystoreException; 200 201 public String generateCSR(String alias, char[] storePassword) throws KeystoreException; 202 203 public void importPKCS7Certificate(String alias, String certbuf, char[] storePassword) throws KeystoreException; 204 205 /** 206 * Deletes a key from this Keystore. 207 * @param alias the alias to delete 208 * @param storePassword The password used to access the keystore 209 * @return True if the key was deleted successfully 210 * @throws KeystoreException 211 */ 212 public void deleteEntry(String alias, char[] storePassword) throws KeystoreException; 213 214 215 /** 216 * Gets the private key with the specified alias. 217 * @param alias The alias of the private key to be retrieved 218 * @param storePassword The password used to access the keystore 219 * @param keyPassword The password to use to protect the new key 220 * @return PrivateKey with the alias specified 221 */ 222 public PrivateKey getPrivateKey(String alias, char[] storePassword, char[] keyPassword) throws KeystoreException; 223 224 /** 225 * Gets a particular certificate from the keystore. This may be a trust 226 * certificate or the certificate corresponding to a particular private 227 * key. 228 * This only works if the keystore is unlocked. 229 * @param alias Alias of the certificate 230 */ 231 public Certificate getCertificate(String alias); 232 233 /** 234 * Changes the keystore password. 235 * @param storePassword Current password for the keystore 236 * @param newPassword New password for the keystore 237 * @throws KeystoreException 238 */ 239 public void changeKeystorePassword(char[] storePassword, char[] newPassword) throws KeystoreException; 240 241 /** 242 * Changes the password for a private key entry in the keystore. 243 * @param storePassword Password for the keystore 244 * @param keyPassword Current password for the private key 245 * @param newKeyPassword New password for the private key 246 * @throws KeystoreException 247 */ 248 public void changeKeyPassword(String alias, char[] storePassword, char[] keyPassword, char[] newKeyPassword) throws KeystoreException; 249 }