001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.geronimo.management.geronimo;
018
019 import java.security.PrivateKey;
020 import java.security.cert.Certificate;
021
022 import javax.net.ssl.KeyManager;
023 import javax.net.ssl.TrustManager;
024
025 /**
026 * Management interface for dealing with a specific Keystore
027 *
028 * @version $Rev: 476229 $ $Date: 2006-11-17 12:48:02 -0500 (Fri, 17 Nov 2006) $
029 */
030 public interface KeystoreInstance {
031 /**
032 * Returns the name of the keystore as known to the keystore manager.
033 */
034 public String getKeystoreName();
035
036 /**
037 * Saves a password to access the keystore as a whole. This means that any
038 * other server component can use this keystore to create a socket factory.
039 * However, the relevant private key in the keystore must also be unlocked.
040 *
041 * @return True if the keystore was unlocked successfully
042 */
043 public void unlockKeystore(char[] password) throws KeystoreException;
044
045 /**
046 * Clears any saved password, meaning this keystore cannot be used by other
047 * server components. You can still query and update it by passing the
048 * password to other functions,
049 */
050 public void lockKeystore(char[] password) throws KeystoreException;
051
052 /**
053 * Checks whether this keystore is unlocked, which is to say, available for
054 * other components to use to generate socket factories.
055 * Does not check whether the unlock password is actually correct.
056 */
057 public boolean isKeystoreLocked();
058
059 /**
060 * Gets the aliases of all private key entries in the keystore
061 *
062 * @param storePassword Used to open the keystore. If null, the
063 * internal password will be used and may
064 * @throws KeystoreIsLocked if a null password was provided and the keystore
065 * is locked, or if a bad password was provided
066 */
067 public String[] listPrivateKeys(char[] storePassword) throws KeystoreException;
068
069 /**
070 * Saves a password to access a private key. This means that if the
071 * keystore is also unlocked, any server component can create an SSL
072 * socket factory using this private key. Note that the keystore
073 * must be unlocked before this can be called.
074 *
075 * @param password The password to save.
076 * @return True if the key was unlocked successfully
077 * @throws KeystoreException
078 */
079 public void unlockPrivateKey(String alias, char[] storePassword, char[] keyPassword) throws KeystoreException;
080
081 /**
082 * Gets the aliases for all the private keys that are currently unlocked.
083 * This only works if the keystore is unlocked.
084 */
085 public String[] getUnlockedKeys(char[] storePassword) throws KeystoreException;
086
087 /**
088 * Checks whether this keystore can be used as a trust store (e.g. has at
089 * least one trust certificate). This only works if the keystore is
090 * unlocked.
091 */
092 public boolean isTrustStore(char[] storePassword) throws KeystoreException;
093
094 /**
095 * Clears any saved password for the specified private key, meaning this
096 * key cannot be used for a socket factory by other server components.
097 * You can still query and update it by passing the password to other
098 * functions,
099 * @param storePassword The password used to access the keystore. Must be non-null.
100 * @throws KeystoreIsLocked
101 */
102 public void lockPrivateKey(String alias, char[] storePassword) throws KeystoreException;
103
104 /**
105 * Checks whether the specified private key is locked, which is to say,
106 * available for other components to use to generate socket factories.
107 * Does not check whether the unlock password is actually correct.
108 */
109 public boolean isKeyLocked(String alias);
110
111 /**
112 * Gets the aliases of all trusted certificate entries in the keystore.
113 *
114 * @param storePassword Used to open the keystore or null to use the internal password.
115 * @throws KeystoreIsLocked if the keystore coul not be unlocked
116 */
117 public String[] listTrustCertificates(char[] storePassword) throws KeystoreException;
118
119 /**
120 * Gets a particular certificate from the keystore. This may be a trust
121 * certificate or the certificate corresponding to a particular private
122 * key.
123 * @param alias The certificate to look at
124 * @param storePassword Used to open the keystore or null to use the internal password.
125 * @throws KeystoreException
126 */
127 public Certificate getCertificate(String alias, char[] storePassword) throws KeystoreException;
128
129 /**
130 * Gets a particular certificate chain from the keystore.
131 * @param alias The certificate chain to look at
132 * @param storePassword Used to open the keystore or null to use the internal password.
133 * @throws KeystoreIsLocked if the keystore coul not be unlocked
134 */
135 public Certificate[] getCertificateChain(String alias, char[] storePassword) throws KeystoreException;
136
137 /**
138 * Gets the alias corresponding to the given certificate.
139 * @param alias The certificate used to retrieve the alias
140 * @param storePassword Used to open the keystore or null to use the internal password.
141 * @throws KeystoreIsLocked if the keystore coul not be unlocked
142 */
143 public String getCertificateAlias(Certificate cert, char[] storePassword) throws KeystoreException;
144
145 /**
146 * Adds a certificate to this keystore as a trusted certificate.
147 * @param cert The certificate to add
148 * @param alias The alias to list the certificate under
149 * @param storePassword Used to open the keystore. Must be non null
150 * @return True if the certificate was imported successfully
151 * @throws KeystoreException
152 */
153 public void importTrustCertificate(Certificate cert, String alias, char[] storePassword) throws KeystoreException;
154
155 /**
156 * Generates a new private key and certificate pair in this keystore.
157 * @param alias The alias to store the new key pair under
158 * @param storePassword The password used to access the keystore
159 * @param keyPassword The password to use to protect the new key
160 * @param keyAlgorithm The algorithm used for the key (e.g. RSA)
161 * @param keySize The number of bits in the key (e.g. 1024)
162 * @param signatureAlgorithm The algorithm used to sign the key (e.g. MD5withRSA)
163 * @param validity The number of days the certificate should be valid for
164 * @param commonName The CN portion of the identity on the certificate
165 * @param orgUnit The OU portion of the identity on the certificate
166 * @param organization The O portion of the identity on the certificate
167 * @param locality The L portion of the identity on the certificate
168 * @param state The ST portion of the identity on the certificate
169 * @param country The C portion of the identity on the certificate
170 * @return True if the key was generated successfully
171 * @throws KeystoreException
172 */
173 public void generateKeyPair(String alias, char[] storePassword, char[] keyPassword, String keyAlgorithm, int keySize,
174 String signatureAlgorithm, int validity, String commonName, String orgUnit,
175 String organization, String locality, String state, String country) throws KeystoreException;
176
177
178 /**
179 * Gets a KeyManager for a key in this Keystore. This only works if both
180 * the keystore and the private key in question have been unlocked,
181 * allowing other components in the server to access them.
182 * @param algorithm The SSL algorithm to use for this key manager
183 * @param alias The alias of the key to use in the keystore
184 * @param storePassword The password used to access the keystore
185 */
186 public KeyManager[] getKeyManager(String algorithm, String alias, char[] storePassword) throws KeystoreException;
187
188 /**
189 * Gets a TrustManager for this keystore. This only works if the keystore
190 * has been unlocked, allowing other components in the server to access it.
191 * @param algorithm The SSL algorithm to use for this trust manager
192 * @param storePassword The password used to access the keystore
193 */
194 public TrustManager[] getTrustManager(String algorithm, char[] storePassword) throws KeystoreException;
195
196 public String generateCSR(String alias, char[] storePassword) throws KeystoreException;
197
198 public void importPKCS7Certificate(String alias, String certbuf, char[] storePassword) throws KeystoreException;
199
200 /**
201 * Deletes a key from this Keystore.
202 * @param alias the alias to delete
203 * @param storePassword The password used to access the keystore
204 * @return True if the key was deleted successfully
205 * @throws KeystoreException
206 */
207 public void deleteEntry(String alias, char[] storePassword) throws KeystoreException;
208
209
210 /**
211 * Gets the private key with the specified alias.
212 * @param alias The alias of the private key to be retrieved
213 * @param storePassword The password used to access the keystore
214 * @param keyPassword The password to use to protect the new key
215 * @return PrivateKey with the alias specified
216 */
217 public PrivateKey getPrivateKey(String alias, char[] storePassword, char[] keyPassword) throws KeystoreException;
218
219 /**
220 * Gets a particular certificate from the keystore. This may be a trust
221 * certificate or the certificate corresponding to a particular private
222 * key.
223 * This only works if the keystore is unlocked.
224 * @param alias Alias of the certificate
225 */
226 public Certificate getCertificate(String alias);
227 }