org.apache.geronimo.management.geronimo
Interface KeystoreInstance

All Known Implementing Classes:
FileKeystoreInstance

public interface KeystoreInstance

Management interface for dealing with a specific Keystore


Method Summary
 void deleteEntry(String alias, char[] storePassword)
          Deletes a key from this Keystore.
 String generateCSR(String alias, char[] storePassword)
           
 void generateKeyPair(String alias, char[] storePassword, char[] keyPassword, String keyAlgorithm, int keySize, String signatureAlgorithm, int validity, String commonName, String orgUnit, String organization, String locality, String state, String country)
          Generates a new private key and certificate pair in this keystore.
 Certificate getCertificate(String alias)
          Gets a particular certificate from the keystore.
 Certificate getCertificate(String alias, char[] storePassword)
          Gets a particular certificate from the keystore.
 String getCertificateAlias(Certificate cert, char[] storePassword)
          Gets the alias corresponding to the given certificate.
 Certificate[] getCertificateChain(String alias, char[] storePassword)
          Gets a particular certificate chain from the keystore.
 KeyManager[] getKeyManager(String algorithm, String alias, char[] storePassword)
          Gets a KeyManager for a key in this Keystore.
 String getKeystoreName()
          Returns the name of the keystore as known to the keystore manager.
 PrivateKey getPrivateKey(String alias, char[] storePassword, char[] keyPassword)
          Gets the private key with the specified alias.
 TrustManager[] getTrustManager(String algorithm, char[] storePassword)
          Gets a TrustManager for this keystore.
 String[] getUnlockedKeys(char[] storePassword)
          Gets the aliases for all the private keys that are currently unlocked.
 void importPKCS7Certificate(String alias, String certbuf, char[] storePassword)
           
 void importTrustCertificate(Certificate cert, String alias, char[] storePassword)
          Adds a certificate to this keystore as a trusted certificate.
 boolean isKeyLocked(String alias)
          Checks whether the specified private key is locked, which is to say, available for other components to use to generate socket factories.
 boolean isKeystoreLocked()
          Checks whether this keystore is unlocked, which is to say, available for other components to use to generate socket factories.
 boolean isTrustStore(char[] storePassword)
          Checks whether this keystore can be used as a trust store (e.g. has at least one trust certificate).
 String[] listPrivateKeys(char[] storePassword)
          Gets the aliases of all private key entries in the keystore
 String[] listTrustCertificates(char[] storePassword)
          Gets the aliases of all trusted certificate entries in the keystore.
 void lockKeystore(char[] password)
          Clears any saved password, meaning this keystore cannot be used by other server components.
 void lockPrivateKey(String alias, char[] storePassword)
          Clears any saved password for the specified private key, meaning this key cannot be used for a socket factory by other server components.
 void unlockKeystore(char[] password)
          Saves a password to access the keystore as a whole.
 void unlockPrivateKey(String alias, char[] storePassword, char[] keyPassword)
          Saves a password to access a private key.
 

Method Detail

getKeystoreName

String getKeystoreName()
Returns the name of the keystore as known to the keystore manager.


unlockKeystore

void unlockKeystore(char[] password)
                    throws KeystoreException
Saves a password to access the keystore as a whole. This means that any other server component can use this keystore to create a socket factory. However, the relevant private key in the keystore must also be unlocked.

Throws:
KeystoreException

lockKeystore

void lockKeystore(char[] password)
                  throws KeystoreException
Clears any saved password, meaning this keystore cannot be used by other server components. You can still query and update it by passing the password to other functions,

Throws:
KeystoreException

isKeystoreLocked

boolean isKeystoreLocked()
Checks whether this keystore is unlocked, which is to say, available for other components to use to generate socket factories. Does not check whether the unlock password is actually correct.


listPrivateKeys

String[] listPrivateKeys(char[] storePassword)
                         throws KeystoreException
Gets the aliases of all private key entries in the keystore

Parameters:
storePassword - Used to open the keystore. If null, the internal password will be used and may
Throws:
KeystoreIsLocked - if a null password was provided and the keystore is locked, or if a bad password was provided
KeystoreException

unlockPrivateKey

void unlockPrivateKey(String alias,
                      char[] storePassword,
                      char[] keyPassword)
                      throws KeystoreException
Saves a password to access a private key. This means that if the keystore is also unlocked, any server component can create an SSL socket factory using this private key. Note that the keystore must be unlocked before this can be called.

Parameters:
password - The password to save.
Throws:
KeystoreException

getUnlockedKeys

String[] getUnlockedKeys(char[] storePassword)
                         throws KeystoreException
Gets the aliases for all the private keys that are currently unlocked. This only works if the keystore is unlocked.

Throws:
KeystoreException

isTrustStore

boolean isTrustStore(char[] storePassword)
                     throws KeystoreException
Checks whether this keystore can be used as a trust store (e.g. has at least one trust certificate). This only works if the keystore is unlocked.

Throws:
KeystoreException

lockPrivateKey

void lockPrivateKey(String alias,
                    char[] storePassword)
                    throws KeystoreException
Clears any saved password for the specified private key, meaning this key cannot be used for a socket factory by other server components. You can still query and update it by passing the password to other functions,

Parameters:
storePassword - The password used to access the keystore. Must be non-null.
Throws:
KeystoreIsLocked
KeystoreException

isKeyLocked

boolean isKeyLocked(String alias)
Checks whether the specified private key is locked, which is to say, available for other components to use to generate socket factories. Does not check whether the unlock password is actually correct.


listTrustCertificates

String[] listTrustCertificates(char[] storePassword)
                               throws KeystoreException
Gets the aliases of all trusted certificate entries in the keystore.

Parameters:
storePassword - Used to open the keystore or null to use the internal password.
Throws:
KeystoreIsLocked - if the keystore coul not be unlocked
KeystoreException

getCertificate

Certificate getCertificate(String alias,
                           char[] storePassword)
                           throws KeystoreException
Gets a particular certificate from the keystore. This may be a trust certificate or the certificate corresponding to a particular private key.

Parameters:
alias - The certificate to look at
storePassword - Used to open the keystore or null to use the internal password.
Throws:
KeystoreException

getCertificateChain

Certificate[] getCertificateChain(String alias,
                                  char[] storePassword)
                                  throws KeystoreException
Gets a particular certificate chain from the keystore.

Parameters:
alias - The certificate chain to look at
storePassword - Used to open the keystore or null to use the internal password.
Throws:
KeystoreIsLocked - if the keystore coul not be unlocked
KeystoreException

getCertificateAlias

String getCertificateAlias(Certificate cert,
                           char[] storePassword)
                           throws KeystoreException
Gets the alias corresponding to the given certificate.

Parameters:
alias - The certificate used to retrieve the alias
storePassword - Used to open the keystore or null to use the internal password.
Throws:
KeystoreIsLocked - if the keystore coul not be unlocked
KeystoreException

importTrustCertificate

void importTrustCertificate(Certificate cert,
                            String alias,
                            char[] storePassword)
                            throws KeystoreException
Adds a certificate to this keystore as a trusted certificate.

Parameters:
cert - The certificate to add
alias - The alias to list the certificate under
storePassword - Used to open the keystore. Must be non null
Throws:
KeystoreException

generateKeyPair

void generateKeyPair(String alias,
                     char[] storePassword,
                     char[] keyPassword,
                     String keyAlgorithm,
                     int keySize,
                     String signatureAlgorithm,
                     int validity,
                     String commonName,
                     String orgUnit,
                     String organization,
                     String locality,
                     String state,
                     String country)
                     throws KeystoreException
Generates a new private key and certificate pair in this keystore.

Parameters:
alias - The alias to store the new key pair under
storePassword - The password used to access the keystore
keyPassword - The password to use to protect the new key
keyAlgorithm - The algorithm used for the key (e.g. RSA)
keySize - The number of bits in the key (e.g. 1024)
signatureAlgorithm - The algorithm used to sign the key (e.g. MD5withRSA)
validity - The number of days the certificate should be valid for
commonName - The CN portion of the identity on the certificate
orgUnit - The OU portion of the identity on the certificate
organization - The O portion of the identity on the certificate
locality - The L portion of the identity on the certificate
state - The ST portion of the identity on the certificate
country - The C portion of the identity on the certificate
Throws:
KeystoreException

getKeyManager

KeyManager[] getKeyManager(String algorithm,
                           String alias,
                           char[] storePassword)
                           throws KeystoreException
Gets a KeyManager for a key in this Keystore. This only works if both the keystore and the private key in question have been unlocked, allowing other components in the server to access them.

Parameters:
algorithm - The SSL algorithm to use for this key manager
alias - The alias of the key to use in the keystore
storePassword - The password used to access the keystore
Throws:
KeystoreException

getTrustManager

TrustManager[] getTrustManager(String algorithm,
                               char[] storePassword)
                               throws KeystoreException
Gets a TrustManager for this keystore. This only works if the keystore has been unlocked, allowing other components in the server to access it.

Parameters:
algorithm - The SSL algorithm to use for this trust manager
storePassword - The password used to access the keystore
Throws:
KeystoreException

generateCSR

String generateCSR(String alias,
                   char[] storePassword)
                   throws KeystoreException
Throws:
KeystoreException

importPKCS7Certificate

void importPKCS7Certificate(String alias,
                            String certbuf,
                            char[] storePassword)
                            throws KeystoreException
Throws:
KeystoreException

deleteEntry

void deleteEntry(String alias,
                 char[] storePassword)
                 throws KeystoreException
Deletes a key from this Keystore.

Parameters:
alias - the alias to delete
storePassword - The password used to access the keystore
Throws:
KeystoreException

getPrivateKey

PrivateKey getPrivateKey(String alias,
                         char[] storePassword,
                         char[] keyPassword)
                         throws KeystoreException
Gets the private key with the specified alias.

Parameters:
alias - The alias of the private key to be retrieved
storePassword - The password used to access the keystore
keyPassword - The password to use to protect the new key
Returns:
PrivateKey with the alias specified
Throws:
KeystoreException

getCertificate

Certificate getCertificate(String alias)
Gets a particular certificate from the keystore. This may be a trust certificate or the certificate corresponding to a particular private key. This only works if the keystore is unlocked.

Parameters:
alias - Alias of the certificate


Copyright © 2003-2007 Apache Software Foundation. All Rights Reserved.