001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.geronimo.management.geronimo;
018
019 import java.security.PrivateKey;
020 import java.security.cert.Certificate;
021
022 import javax.net.ssl.KeyManager;
023 import javax.net.ssl.TrustManager;
024
025 /**
026 * Management interface for dealing with a specific Keystore
027 *
028 * @version $Rev: 706640 $ $Date: 2008-10-21 14:44:05 +0000 (Tue, 21 Oct 2008) $
029 */
030 public interface KeystoreInstance {
031 /**
032 * Returns the name of the keystore as known to the keystore manager.
033 */
034 public String getKeystoreName();
035
036 /**
037 * Returns the type of the keystore.
038 */
039 public String getKeystoreType();
040
041 /**
042 * Saves a password to access the keystore as a whole. This means that any
043 * other server component can use this keystore to create a socket factory.
044 * However, the relevant private key in the keystore must also be unlocked.
045 *
046 * @return True if the keystore was unlocked successfully
047 */
048 public void unlockKeystore(char[] password) throws KeystoreException;
049
050 /**
051 * Clears any saved password, meaning this keystore cannot be used by other
052 * server components. You can still query and update it by passing the
053 * password to other functions,
054 */
055 public void lockKeystore(char[] password) throws KeystoreException;
056
057 /**
058 * Checks whether this keystore is unlocked, which is to say, available for
059 * other components to use to generate socket factories.
060 * Does not check whether the unlock password is actually correct.
061 */
062 public boolean isKeystoreLocked();
063
064 /**
065 * Gets the aliases of all private key entries in the keystore
066 *
067 * @param storePassword Used to open the keystore. If null, the
068 * internal password will be used and may
069 * @throws KeystoreIsLocked if a null password was provided and the keystore
070 * is locked, or if a bad password was provided
071 */
072 public String[] listPrivateKeys(char[] storePassword) throws KeystoreException;
073
074 /**
075 * Saves a password to access a private key. This means that if the
076 * keystore is also unlocked, any server component can create an SSL
077 * socket factory using this private key. Note that the keystore
078 * must be unlocked before this can be called.
079 *
080 * @param password The password to save.
081 * @return True if the key was unlocked successfully
082 * @throws KeystoreException
083 */
084 public void unlockPrivateKey(String alias, char[] storePassword, char[] keyPassword) throws KeystoreException;
085
086 /**
087 * Gets the aliases for all the private keys that are currently unlocked.
088 * This only works if the keystore is unlocked.
089 */
090 public String[] getUnlockedKeys(char[] storePassword) throws KeystoreException;
091
092 /**
093 * Checks whether this keystore can be used as a trust store (e.g. has at
094 * least one trust certificate). This only works if the keystore is
095 * unlocked.
096 */
097 public boolean isTrustStore(char[] storePassword) throws KeystoreException;
098
099 /**
100 * Clears any saved password for the specified private key, meaning this
101 * key cannot be used for a socket factory by other server components.
102 * You can still query and update it by passing the password to other
103 * functions,
104 * @param storePassword The password used to access the keystore. Must be non-null.
105 * @throws KeystoreIsLocked
106 */
107 public void lockPrivateKey(String alias, char[] storePassword) throws KeystoreException;
108
109 /**
110 * Checks whether the specified private key is locked, which is to say,
111 * available for other components to use to generate socket factories.
112 * Does not check whether the unlock password is actually correct.
113 */
114 public boolean isKeyLocked(String alias);
115
116 /**
117 * Gets the aliases of all trusted certificate entries in the keystore.
118 *
119 * @param storePassword Used to open the keystore or null to use the internal password.
120 * @throws KeystoreIsLocked if the keystore coul not be unlocked
121 */
122 public String[] listTrustCertificates(char[] storePassword) throws KeystoreException;
123
124 /**
125 * Gets a particular certificate from the keystore. This may be a trust
126 * certificate or the certificate corresponding to a particular private
127 * key.
128 * @param alias The certificate to look at
129 * @param storePassword Used to open the keystore or null to use the internal password.
130 * @throws KeystoreException
131 */
132 public Certificate getCertificate(String alias, char[] storePassword) throws KeystoreException;
133
134 /**
135 * Gets a particular certificate chain from the keystore.
136 * @param alias The certificate chain to look at
137 * @param storePassword Used to open the keystore or null to use the internal password.
138 * @throws KeystoreIsLocked if the keystore coul not be unlocked
139 */
140 public Certificate[] getCertificateChain(String alias, char[] storePassword) throws KeystoreException;
141
142 /**
143 * Gets the alias corresponding to the given certificate.
144 * @param alias The certificate used to retrieve the alias
145 * @param storePassword Used to open the keystore or null to use the internal password.
146 * @throws KeystoreIsLocked if the keystore coul not be unlocked
147 */
148 public String getCertificateAlias(Certificate cert, char[] storePassword) throws KeystoreException;
149
150 /**
151 * Adds a certificate to this keystore as a trusted certificate.
152 * @param cert The certificate to add
153 * @param alias The alias to list the certificate under
154 * @param storePassword Used to open the keystore. Must be non null
155 * @return True if the certificate was imported successfully
156 * @throws KeystoreException
157 */
158 public void importTrustCertificate(Certificate cert, String alias, char[] storePassword) throws KeystoreException;
159
160 /**
161 * Generates a new private key and certificate pair in this keystore.
162 * @param alias The alias to store the new key pair under
163 * @param storePassword The password used to access the keystore
164 * @param keyPassword The password to use to protect the new key
165 * @param keyAlgorithm The algorithm used for the key (e.g. RSA)
166 * @param keySize The number of bits in the key (e.g. 1024)
167 * @param signatureAlgorithm The algorithm used to sign the key (e.g. MD5withRSA)
168 * @param validity The number of days the certificate should be valid for
169 * @param commonName The CN portion of the identity on the certificate
170 * @param orgUnit The OU portion of the identity on the certificate
171 * @param organization The O portion of the identity on the certificate
172 * @param locality The L portion of the identity on the certificate
173 * @param state The ST portion of the identity on the certificate
174 * @param country The C portion of the identity on the certificate
175 * @return True if the key was generated successfully
176 * @throws KeystoreException
177 */
178 public void generateKeyPair(String alias, char[] storePassword, char[] keyPassword, String keyAlgorithm, int keySize,
179 String signatureAlgorithm, int validity, String commonName, String orgUnit,
180 String organization, String locality, String state, String country) throws KeystoreException;
181
182
183 /**
184 * Gets a KeyManager for a key in this Keystore. This only works if both
185 * the keystore and the private key in question have been unlocked,
186 * allowing other components in the server to access them.
187 * @param algorithm The SSL algorithm to use for this key manager
188 * @param alias The alias of the key to use in the keystore
189 * @param storePassword The password used to access the keystore
190 */
191 public KeyManager[] getKeyManager(String algorithm, String alias, char[] storePassword) throws KeystoreException;
192
193 /**
194 * Gets a TrustManager for this keystore. This only works if the keystore
195 * has been unlocked, allowing other components in the server to access it.
196 * @param algorithm The SSL algorithm to use for this trust manager
197 * @param storePassword The password used to access the keystore
198 */
199 public TrustManager[] getTrustManager(String algorithm, char[] storePassword) throws KeystoreException;
200
201 public String generateCSR(String alias, char[] storePassword) throws KeystoreException;
202
203 public void importPKCS7Certificate(String alias, String certbuf, char[] storePassword) throws KeystoreException;
204
205 /**
206 * Deletes a key from this Keystore.
207 * @param alias the alias to delete
208 * @param storePassword The password used to access the keystore
209 * @return True if the key was deleted successfully
210 * @throws KeystoreException
211 */
212 public void deleteEntry(String alias, char[] storePassword) throws KeystoreException;
213
214
215 /**
216 * Gets the private key with the specified alias.
217 * @param alias The alias of the private key to be retrieved
218 * @param storePassword The password used to access the keystore
219 * @param keyPassword The password to use to protect the new key
220 * @return PrivateKey with the alias specified
221 */
222 public PrivateKey getPrivateKey(String alias, char[] storePassword, char[] keyPassword) throws KeystoreException;
223
224 /**
225 * Gets a particular certificate from the keystore. This may be a trust
226 * certificate or the certificate corresponding to a particular private
227 * key.
228 * This only works if the keystore is unlocked.
229 * @param alias Alias of the certificate
230 */
231 public Certificate getCertificate(String alias);
232
233 /**
234 * Changes the keystore password.
235 * @param storePassword Current password for the keystore
236 * @param newPassword New password for the keystore
237 * @throws KeystoreException
238 */
239 public void changeKeystorePassword(char[] storePassword, char[] newPassword) throws KeystoreException;
240
241 /**
242 * Changes the password for a private key entry in the keystore.
243 * @param storePassword Password for the keystore
244 * @param keyPassword Current password for the private key
245 * @param newKeyPassword New password for the private key
246 * @throws KeystoreException
247 */
248 public void changeKeyPassword(String alias, char[] storePassword, char[] keyPassword, char[] newKeyPassword) throws KeystoreException;
249 }