001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.geronimo.management.geronimo; 018 019 import java.security.PrivateKey; 020 import java.security.cert.Certificate; 021 022 import javax.net.ssl.KeyManager; 023 import javax.net.ssl.TrustManager; 024 025 /** 026 * Management interface for dealing with a specific Keystore 027 * 028 * @version $Rev: 476229 $ $Date: 2006-11-17 12:48:02 -0500 (Fri, 17 Nov 2006) $ 029 */ 030 public interface KeystoreInstance { 031 /** 032 * Returns the name of the keystore as known to the keystore manager. 033 */ 034 public String getKeystoreName(); 035 036 /** 037 * Saves a password to access the keystore as a whole. This means that any 038 * other server component can use this keystore to create a socket factory. 039 * However, the relevant private key in the keystore must also be unlocked. 040 * 041 * @return True if the keystore was unlocked successfully 042 */ 043 public void unlockKeystore(char[] password) throws KeystoreException; 044 045 /** 046 * Clears any saved password, meaning this keystore cannot be used by other 047 * server components. You can still query and update it by passing the 048 * password to other functions, 049 */ 050 public void lockKeystore(char[] password) throws KeystoreException; 051 052 /** 053 * Checks whether this keystore is unlocked, which is to say, available for 054 * other components to use to generate socket factories. 055 * Does not check whether the unlock password is actually correct. 056 */ 057 public boolean isKeystoreLocked(); 058 059 /** 060 * Gets the aliases of all private key entries in the keystore 061 * 062 * @param storePassword Used to open the keystore. If null, the 063 * internal password will be used and may 064 * @throws KeystoreIsLocked if a null password was provided and the keystore 065 * is locked, or if a bad password was provided 066 */ 067 public String[] listPrivateKeys(char[] storePassword) throws KeystoreException; 068 069 /** 070 * Saves a password to access a private key. This means that if the 071 * keystore is also unlocked, any server component can create an SSL 072 * socket factory using this private key. Note that the keystore 073 * must be unlocked before this can be called. 074 * 075 * @param password The password to save. 076 * @return True if the key was unlocked successfully 077 * @throws KeystoreException 078 */ 079 public void unlockPrivateKey(String alias, char[] storePassword, char[] keyPassword) throws KeystoreException; 080 081 /** 082 * Gets the aliases for all the private keys that are currently unlocked. 083 * This only works if the keystore is unlocked. 084 */ 085 public String[] getUnlockedKeys(char[] storePassword) throws KeystoreException; 086 087 /** 088 * Checks whether this keystore can be used as a trust store (e.g. has at 089 * least one trust certificate). This only works if the keystore is 090 * unlocked. 091 */ 092 public boolean isTrustStore(char[] storePassword) throws KeystoreException; 093 094 /** 095 * Clears any saved password for the specified private key, meaning this 096 * key cannot be used for a socket factory by other server components. 097 * You can still query and update it by passing the password to other 098 * functions, 099 * @param storePassword The password used to access the keystore. Must be non-null. 100 * @throws KeystoreIsLocked 101 */ 102 public void lockPrivateKey(String alias, char[] storePassword) throws KeystoreException; 103 104 /** 105 * Checks whether the specified private key is locked, which is to say, 106 * available for other components to use to generate socket factories. 107 * Does not check whether the unlock password is actually correct. 108 */ 109 public boolean isKeyLocked(String alias); 110 111 /** 112 * Gets the aliases of all trusted certificate entries in the keystore. 113 * 114 * @param storePassword Used to open the keystore or null to use the internal password. 115 * @throws KeystoreIsLocked if the keystore coul not be unlocked 116 */ 117 public String[] listTrustCertificates(char[] storePassword) throws KeystoreException; 118 119 /** 120 * Gets a particular certificate from the keystore. This may be a trust 121 * certificate or the certificate corresponding to a particular private 122 * key. 123 * @param alias The certificate to look at 124 * @param storePassword Used to open the keystore or null to use the internal password. 125 * @throws KeystoreException 126 */ 127 public Certificate getCertificate(String alias, char[] storePassword) throws KeystoreException; 128 129 /** 130 * Gets a particular certificate chain from the keystore. 131 * @param alias The certificate chain to look at 132 * @param storePassword Used to open the keystore or null to use the internal password. 133 * @throws KeystoreIsLocked if the keystore coul not be unlocked 134 */ 135 public Certificate[] getCertificateChain(String alias, char[] storePassword) throws KeystoreException; 136 137 /** 138 * Gets the alias corresponding to the given certificate. 139 * @param alias The certificate used to retrieve the alias 140 * @param storePassword Used to open the keystore or null to use the internal password. 141 * @throws KeystoreIsLocked if the keystore coul not be unlocked 142 */ 143 public String getCertificateAlias(Certificate cert, char[] storePassword) throws KeystoreException; 144 145 /** 146 * Adds a certificate to this keystore as a trusted certificate. 147 * @param cert The certificate to add 148 * @param alias The alias to list the certificate under 149 * @param storePassword Used to open the keystore. Must be non null 150 * @return True if the certificate was imported successfully 151 * @throws KeystoreException 152 */ 153 public void importTrustCertificate(Certificate cert, String alias, char[] storePassword) throws KeystoreException; 154 155 /** 156 * Generates a new private key and certificate pair in this keystore. 157 * @param alias The alias to store the new key pair under 158 * @param storePassword The password used to access the keystore 159 * @param keyPassword The password to use to protect the new key 160 * @param keyAlgorithm The algorithm used for the key (e.g. RSA) 161 * @param keySize The number of bits in the key (e.g. 1024) 162 * @param signatureAlgorithm The algorithm used to sign the key (e.g. MD5withRSA) 163 * @param validity The number of days the certificate should be valid for 164 * @param commonName The CN portion of the identity on the certificate 165 * @param orgUnit The OU portion of the identity on the certificate 166 * @param organization The O portion of the identity on the certificate 167 * @param locality The L portion of the identity on the certificate 168 * @param state The ST portion of the identity on the certificate 169 * @param country The C portion of the identity on the certificate 170 * @return True if the key was generated successfully 171 * @throws KeystoreException 172 */ 173 public void generateKeyPair(String alias, char[] storePassword, char[] keyPassword, String keyAlgorithm, int keySize, 174 String signatureAlgorithm, int validity, String commonName, String orgUnit, 175 String organization, String locality, String state, String country) throws KeystoreException; 176 177 178 /** 179 * Gets a KeyManager for a key in this Keystore. This only works if both 180 * the keystore and the private key in question have been unlocked, 181 * allowing other components in the server to access them. 182 * @param algorithm The SSL algorithm to use for this key manager 183 * @param alias The alias of the key to use in the keystore 184 * @param storePassword The password used to access the keystore 185 */ 186 public KeyManager[] getKeyManager(String algorithm, String alias, char[] storePassword) throws KeystoreException; 187 188 /** 189 * Gets a TrustManager for this keystore. This only works if the keystore 190 * has been unlocked, allowing other components in the server to access it. 191 * @param algorithm The SSL algorithm to use for this trust manager 192 * @param storePassword The password used to access the keystore 193 */ 194 public TrustManager[] getTrustManager(String algorithm, char[] storePassword) throws KeystoreException; 195 196 public String generateCSR(String alias, char[] storePassword) throws KeystoreException; 197 198 public void importPKCS7Certificate(String alias, String certbuf, char[] storePassword) throws KeystoreException; 199 200 /** 201 * Deletes a key from this Keystore. 202 * @param alias the alias to delete 203 * @param storePassword The password used to access the keystore 204 * @return True if the key was deleted successfully 205 * @throws KeystoreException 206 */ 207 public void deleteEntry(String alias, char[] storePassword) throws KeystoreException; 208 209 210 /** 211 * Gets the private key with the specified alias. 212 * @param alias The alias of the private key to be retrieved 213 * @param storePassword The password used to access the keystore 214 * @param keyPassword The password to use to protect the new key 215 * @return PrivateKey with the alias specified 216 */ 217 public PrivateKey getPrivateKey(String alias, char[] storePassword, char[] keyPassword) throws KeystoreException; 218 219 /** 220 * Gets a particular certificate from the keystore. This may be a trust 221 * certificate or the certificate corresponding to a particular private 222 * key. 223 * This only works if the keystore is unlocked. 224 * @param alias Alias of the certificate 225 */ 226 public Certificate getCertificate(String alias); 227 }