001    /**
002     *  Licensed to the Apache Software Foundation (ASF) under one or more
003     *  contributor license agreements.  See the NOTICE file distributed with
004     *  this work for additional information regarding copyright ownership.
005     *  The ASF licenses this file to You under the Apache License, Version 2.0
006     *  (the "License"); you may not use this file except in compliance with
007     *  the License.  You may obtain a copy of the License at
008     *
009     *     http://www.apache.org/licenses/LICENSE-2.0
010     *
011     *  Unless required by applicable law or agreed to in writing, software
012     *  distributed under the License is distributed on an "AS IS" BASIS,
013     *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014     *  See the License for the specific language governing permissions and
015     *  limitations under the License.
016     */
017    package org.apache.geronimo.management.geronimo;
018    
019    import javax.net.ssl.SSLServerSocketFactory;
020    import javax.net.ssl.SSLSocketFactory;
021    import javax.net.ssl.SSLContext;
022    
023    /**
024     * Management interface for working with keystores.  Mostly this is used to
025     * identify KeystoreInstances to work with individual keystores.
026     *
027     * @see KeystoreInstance
028     *
029     * @version $Rev: 543715 $ $Date: 2007-06-02 04:10:16 -0400 (Sat, 02 Jun 2007) $
030     */
031    public interface KeystoreManager {
032        /**
033         * Gets the names of the keystores available in the server.
034         */
035        public KeystoreInstance[] getKeystores();
036    
037        /**
038         * Gets a ServerSocketFactory using one Keystore to access the private key
039         * and another to provide the list of trusted certificate authorities.
040         * @param provider The SSL provider to use, or null for the default
041         * @param protocol The SSL protocol to use
042         * @param algorithm The SSL algorithm to use
043         * @param keyStore The key keystore name as provided by listKeystores.  The
044         *                 KeystoreInstance for this keystore must be unlocked.
045         * @param keyAlias The name of the private key in the keystore.  The
046         *                 KeystoreInstance for this keystore must have unlocked
047         *                 this key.
048         * @param trustStore The trust keystore name as provided by listKeystores.
049         *                   The KeystoreInstance for this keystore must have
050         *                   unlocked this key.
051         * @param loader     The class loader used to resolve factory classes.
052         *
053         * @throws KeystoreIsLocked Occurs when the requested key keystore cannot
054         *                          be used because it has not been unlocked.
055         * @throws KeyIsLocked Occurs when the requested private key in the key
056         *                     keystore cannot be used because it has not been
057         *                     unlocked.
058         */
059        public SSLServerSocketFactory createSSLServerFactory(String provider, String protocol, String algorithm,
060                                                       String keyStore, String keyAlias, String trustStore, ClassLoader loader)
061                throws KeystoreException;
062    
063    
064        /**
065         * Gets a SocketFactory using one Keystore to access the private key
066         * and another to provide the list of trusted certificate authorities.
067         * @param provider The SSL provider to use, or null for the default
068         * @param protocol The SSL protocol to use
069         * @param algorithm The SSL algorithm to use
070         * @param keyStore The key keystore name as provided by listKeystores.  The
071         *                 KeystoreInstance for this keystore must be unlocked.
072         * @param keyAlias The name of the private key in the keystore.  The
073         *                 KeystoreInstance for this keystore must have unlocked
074         *                 this key.
075         * @param trustStore The trust keystore name as provided by listKeystores.
076         *                   The KeystoreInstance for this keystore must have
077         *                   unlocked this key.
078         * @param loader     The class loader used to resolve factory classes.
079         *
080         * @throws KeystoreIsLocked Occurs when the requested key keystore cannot
081         *                          be used because it has not been unlocked.
082         * @throws KeyIsLocked Occurs when the requested private key in the key
083         *                     keystore cannot be used because it has not been
084         *                     unlocked.
085         */
086        public SSLSocketFactory createSSLFactory(String provider, String protocol, String algorithm,
087                                                       String keyStore, String keyAlias, String trustStore, ClassLoader loader)
088                throws KeystoreException;
089    
090    
091        /**
092         * Gets a SocketFactory using one Keystore to access the private key
093         * and another to provide the list of trusted certificate authorities.
094         * @param provider The SSL provider to use, or null for the default
095         * @param protocol The SSL protocol to use
096         * @param algorithm The SSL algorithm to use
097         * @param trustStore The trust keystore name as provided by listKeystores.
098         *                   The KeystoreInstance for this keystore must have
099         *                   unlocked this key.
100         * @param loader     The class loader used to resolve factory classes.
101         *
102         * @throws KeystoreIsLocked Occurs when the requested key keystore cannot
103         *                          be used because it has not been unlocked.
104         * @throws KeyIsLocked Occurs when the requested private key in the key
105         *                     keystore cannot be used because it has not been
106         *                     unlocked.
107         */
108        public SSLSocketFactory createSSLFactory(String provider, String protocol, String algorithm,
109                                                       String trustStore, ClassLoader loader)
110                throws KeystoreException;
111    
112        /**
113         * Creates a new, empty keystore.  The name should be a valid file name
114         * with no path separator characters.
115         *
116         * @param name The name of the keystore to create
117         * @param password The password to use to protect the new keystore
118         */
119        public KeystoreInstance createKeystore(String name, char[] password) throws KeystoreException;
120    
121        /**
122         * Gets the aliases for any keystores that are available to be used as
123         * private key keystores for an SSL factory.  This means the keystore is
124         * unlocked and contains at least one private key that's unlocked.
125         */
126        public KeystoreInstance[] getUnlockedKeyStores();
127    
128        /**
129         * Gets the aliases for any keystores that are available to be used as
130         * trusted certificate keystores for an SSL factory.  This means the
131         * keystore is unlocked and contains at least one trust certificate.
132         */
133        public KeystoreInstance[] getUnlockedTrustStores();
134    
135        SSLContext createSSLContext(String provider, String protocol, String algorithm, String keyStore, String keyAlias, String trustStore, ClassLoader loader) throws KeystoreException;
136    }