001: /**
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */package org.apache.geronimo.management.geronimo;
017:
018: import java.security.PrivateKey;
019: import java.security.cert.Certificate;
020:
021: import javax.net.ssl.KeyManager;
022: import javax.net.ssl.TrustManager;
023:
024: /**
025: * Management interface for dealing with a specific Keystore
026: *
027: * @version $Rev: 615625 $ $Date: 2008-01-27 10:12:55 -0800 (Sun, 27 Jan 2008) $
028: */
029: public interface KeystoreInstance {
030: /**
031: * Returns the name of the keystore as known to the keystore manager.
032: */
033: public String getKeystoreName();
034:
035: /**
036: * Returns the type of the keystore.
037: */
038: public String getKeystoreType();
039:
040: /**
041: * Saves a password to access the keystore as a whole. This means that any
042: * other server component can use this keystore to create a socket factory.
043: * However, the relevant private key in the keystore must also be unlocked.
044: *
045: * @return True if the keystore was unlocked successfully
046: */
047: public void unlockKeystore(char[] password)
048: throws KeystoreException;
049:
050: /**
051: * Clears any saved password, meaning this keystore cannot be used by other
052: * server components. You can still query and update it by passing the
053: * password to other functions,
054: */
055: public void lockKeystore(char[] password) throws KeystoreException;
056:
057: /**
058: * Checks whether this keystore is unlocked, which is to say, available for
059: * other components to use to generate socket factories.
060: * Does not check whether the unlock password is actually correct.
061: */
062: public boolean isKeystoreLocked();
063:
064: /**
065: * Gets the aliases of all private key entries in the keystore
066: *
067: * @param storePassword Used to open the keystore. If null, the
068: * internal password will be used and may
069: * @throws KeystoreIsLocked if a null password was provided and the keystore
070: * is locked, or if a bad password was provided
071: */
072: public String[] listPrivateKeys(char[] storePassword)
073: throws KeystoreException;
074:
075: /**
076: * Saves a password to access a private key. This means that if the
077: * keystore is also unlocked, any server component can create an SSL
078: * socket factory using this private key. Note that the keystore
079: * must be unlocked before this can be called.
080: *
081: * @param password The password to save.
082: * @return True if the key was unlocked successfully
083: * @throws KeystoreException
084: */
085: public void unlockPrivateKey(String alias, char[] storePassword,
086: char[] keyPassword) throws KeystoreException;
087:
088: /**
089: * Gets the aliases for all the private keys that are currently unlocked.
090: * This only works if the keystore is unlocked.
091: */
092: public String[] getUnlockedKeys(char[] storePassword)
093: throws KeystoreException;
094:
095: /**
096: * Checks whether this keystore can be used as a trust store (e.g. has at
097: * least one trust certificate). This only works if the keystore is
098: * unlocked.
099: */
100: public boolean isTrustStore(char[] storePassword)
101: throws KeystoreException;
102:
103: /**
104: * Clears any saved password for the specified private key, meaning this
105: * key cannot be used for a socket factory by other server components.
106: * You can still query and update it by passing the password to other
107: * functions,
108: * @param storePassword The password used to access the keystore. Must be non-null.
109: * @throws KeystoreIsLocked
110: */
111: public void lockPrivateKey(String alias, char[] storePassword)
112: throws KeystoreException;
113:
114: /**
115: * Checks whether the specified private key is locked, which is to say,
116: * available for other components to use to generate socket factories.
117: * Does not check whether the unlock password is actually correct.
118: */
119: public boolean isKeyLocked(String alias);
120:
121: /**
122: * Gets the aliases of all trusted certificate entries in the keystore.
123: *
124: * @param storePassword Used to open the keystore or null to use the internal password.
125: * @throws KeystoreIsLocked if the keystore coul not be unlocked
126: */
127: public String[] listTrustCertificates(char[] storePassword)
128: throws KeystoreException;
129:
130: /**
131: * Gets a particular certificate from the keystore. This may be a trust
132: * certificate or the certificate corresponding to a particular private
133: * key.
134: * @param alias The certificate to look at
135: * @param storePassword Used to open the keystore or null to use the internal password.
136: * @throws KeystoreException
137: */
138: public Certificate getCertificate(String alias, char[] storePassword)
139: throws KeystoreException;
140:
141: /**
142: * Gets a particular certificate chain from the keystore.
143: * @param alias The certificate chain to look at
144: * @param storePassword Used to open the keystore or null to use the internal password.
145: * @throws KeystoreIsLocked if the keystore coul not be unlocked
146: */
147: public Certificate[] getCertificateChain(String alias,
148: char[] storePassword) throws KeystoreException;
149:
150: /**
151: * Gets the alias corresponding to the given certificate.
152: * @param alias The certificate used to retrieve the alias
153: * @param storePassword Used to open the keystore or null to use the internal password.
154: * @throws KeystoreIsLocked if the keystore coul not be unlocked
155: */
156: public String getCertificateAlias(Certificate cert,
157: char[] storePassword) throws KeystoreException;
158:
159: /**
160: * Adds a certificate to this keystore as a trusted certificate.
161: * @param cert The certificate to add
162: * @param alias The alias to list the certificate under
163: * @param storePassword Used to open the keystore. Must be non null
164: * @return True if the certificate was imported successfully
165: * @throws KeystoreException
166: */
167: public void importTrustCertificate(Certificate cert, String alias,
168: char[] storePassword) throws KeystoreException;
169:
170: /**
171: * Generates a new private key and certificate pair in this keystore.
172: * @param alias The alias to store the new key pair under
173: * @param storePassword The password used to access the keystore
174: * @param keyPassword The password to use to protect the new key
175: * @param keyAlgorithm The algorithm used for the key (e.g. RSA)
176: * @param keySize The number of bits in the key (e.g. 1024)
177: * @param signatureAlgorithm The algorithm used to sign the key (e.g. MD5withRSA)
178: * @param validity The number of days the certificate should be valid for
179: * @param commonName The CN portion of the identity on the certificate
180: * @param orgUnit The OU portion of the identity on the certificate
181: * @param organization The O portion of the identity on the certificate
182: * @param locality The L portion of the identity on the certificate
183: * @param state The ST portion of the identity on the certificate
184: * @param country The C portion of the identity on the certificate
185: * @return True if the key was generated successfully
186: * @throws KeystoreException
187: */
188: public void generateKeyPair(String alias, char[] storePassword,
189: char[] keyPassword, String keyAlgorithm, int keySize,
190: String signatureAlgorithm, int validity, String commonName,
191: String orgUnit, String organization, String locality,
192: String state, String country) throws KeystoreException;
193:
194: /**
195: * Gets a KeyManager for a key in this Keystore. This only works if both
196: * the keystore and the private key in question have been unlocked,
197: * allowing other components in the server to access them.
198: * @param algorithm The SSL algorithm to use for this key manager
199: * @param alias The alias of the key to use in the keystore
200: * @param storePassword The password used to access the keystore
201: */
202: public KeyManager[] getKeyManager(String algorithm, String alias,
203: char[] storePassword) throws KeystoreException;
204:
205: /**
206: * Gets a TrustManager for this keystore. This only works if the keystore
207: * has been unlocked, allowing other components in the server to access it.
208: * @param algorithm The SSL algorithm to use for this trust manager
209: * @param storePassword The password used to access the keystore
210: */
211: public TrustManager[] getTrustManager(String algorithm,
212: char[] storePassword) throws KeystoreException;
213:
214: public String generateCSR(String alias, char[] storePassword)
215: throws KeystoreException;
216:
217: public void importPKCS7Certificate(String alias, String certbuf,
218: char[] storePassword) throws KeystoreException;
219:
220: /**
221: * Deletes a key from this Keystore.
222: * @param alias the alias to delete
223: * @param storePassword The password used to access the keystore
224: * @return True if the key was deleted successfully
225: * @throws KeystoreException
226: */
227: public void deleteEntry(String alias, char[] storePassword)
228: throws KeystoreException;
229:
230: /**
231: * Gets the private key with the specified alias.
232: * @param alias The alias of the private key to be retrieved
233: * @param storePassword The password used to access the keystore
234: * @param keyPassword The password to use to protect the new key
235: * @return PrivateKey with the alias specified
236: */
237: public PrivateKey getPrivateKey(String alias, char[] storePassword,
238: char[] keyPassword) throws KeystoreException;
239:
240: /**
241: * Gets a particular certificate from the keystore. This may be a trust
242: * certificate or the certificate corresponding to a particular private
243: * key.
244: * This only works if the keystore is unlocked.
245: * @param alias Alias of the certificate
246: */
247: public Certificate getCertificate(String alias);
248:
249: /**
250: * Changes the keystore password.
251: * @param storePassword Current password for the keystore
252: * @param newPassword New password for the keystore
253: * @throws KeystoreException
254: */
255: public void changeKeystorePassword(char[] storePassword,
256: char[] newPassword) throws KeystoreException;
257:
258: /**
259: * Changes the password for a private key entry in the keystore.
260: * @param storePassword Password for the keystore
261: * @param keyPassword Current password for the private key
262: * @param newKeyPassword New password for the private key
263: * @throws KeystoreException
264: */
265: public void changeKeyPassword(String alias, char[] storePassword,
266: char[] keyPassword, char[] newKeyPassword)
267: throws KeystoreException;
268: }
|