org.apache.geronimo.management.geronimo
Interface KeystoreInstance


public interface KeystoreInstance

Management interface for dealing with a specific Keystore

Version:
$Rev: 409817 $ $Date: 2006-05-27 09:56:38 +0200 (Sat, 27 May 2006) $

Method Summary
 boolean generateKeyPair(String alias, char[] storePassword, char[] keyPassword, String keyAlgorithm, int keySize, String signatureAlgorithm, int validity, String commonName, String orgUnit, String organization, String locality, String state, String country)
          Generates a new private key and certificate pair in this keystore.
 Certificate getCertificate(String alias, char[] storePassword)
          Gets a particular certificate from the keystore.
 KeyManager[] getKeyManager(String algorithm, String alias)
          Gets a KeyManager for a key in this Keystore.
 String getKeystoreName()
          Returns the name of the keystore as known to the keystore manager.
 TrustManager[] getTrustManager(String algorithm)
          Gets a TrustManager for this keystore.
 String[] getUnlockedKeys()
          Gets the aliases for all the private keys that are currently unlocked.
 boolean importTrustCertificate(Certificate cert, String alias, char[] storePassword)
          Adds a certificate to this keystore as a trusted certificate.
 boolean isKeyLocked(String alias)
          Checks whether the specified private key is locked, which is to say, available for other components to use to generate socket factories.
 boolean isKeystoreLocked()
          Checks whether this keystore is unlocked, which is to say, available for other components to use to generate socket factories.
 boolean isTrustStore()
          Checks whether this keystore can be used as a trust store (e.g.
 String[] listPrivateKeys(char[] storePassword)
          Gets the aliases of all private key entries in the keystore
 String[] listTrustCertificates(char[] storePassword)
          Gets the aliases of all trusted certificate entries in the keystore.
 void lockKeystore()
          Clears any saved password, meaning this keystore cannot be used by other server components.
 void lockPrivateKey(String alias)
          Clears any saved password for the specified private key, meaning this key cannot be used for a socket factory by other server components.
 boolean unlockKeystore(char[] password)
          Saves a password to access the keystore as a whole.
 boolean unlockPrivateKey(String alias, char[] password)
          Saves a password to access a private key.
 

Method Detail

getKeystoreName

public String getKeystoreName()
Returns the name of the keystore as known to the keystore manager.


unlockKeystore

public boolean unlockKeystore(char[] password)
Saves a password to access the keystore as a whole. This means that any other server component can use this keystore to create a socket factory. However, the relevant private key in the keystore must also be unlocked.

Returns:
True if the keystore was unlocked successfully

lockKeystore

public void lockKeystore()
Clears any saved password, meaning this keystore cannot be used by other server components. You can still query and update it by passing the password to other functions,


isKeystoreLocked

public boolean isKeystoreLocked()
Checks whether this keystore is unlocked, which is to say, available for other components to use to generate socket factories. Does not check whether the unlock password is actually correct.


listPrivateKeys

public String[] listPrivateKeys(char[] storePassword)
Gets the aliases of all private key entries in the keystore

Parameters:
storePassword - Used to open the keystore.

unlockPrivateKey

public boolean unlockPrivateKey(String alias,
                                char[] password)
                         throws KeystoreIsLocked
Saves a password to access a private key. This means that if the keystore is also unlocked, any server component can create an SSL socket factory using this private key. Note that the keystore must be unlocked before this can be called.

Parameters:
password - The password to save.
Returns:
True if the key was unlocked successfully
Throws:
KeystoreIsLocked

getUnlockedKeys

public String[] getUnlockedKeys()
                         throws KeystoreIsLocked
Gets the aliases for all the private keys that are currently unlocked. This only works if the keystore is unlocked.

Throws:
KeystoreIsLocked

isTrustStore

public boolean isTrustStore()
                     throws KeystoreIsLocked
Checks whether this keystore can be used as a trust store (e.g. has at least one trust certificate). This only works if the keystore is unlocked.

Throws:
KeystoreIsLocked

lockPrivateKey

public void lockPrivateKey(String alias)
Clears any saved password for the specified private key, meaning this key cannot be used for a socket factory by other server components. You can still query and update it by passing the password to other functions,


isKeyLocked

public boolean isKeyLocked(String alias)
Checks whether the specified private key is locked, which is to say, available for other components to use to generate socket factories. Does not check whether the unlock password is actually correct.


listTrustCertificates

public String[] listTrustCertificates(char[] storePassword)
Gets the aliases of all trusted certificate entries in the keystore.

Parameters:
storePassword - Used to open the keystore.

getCertificate

public Certificate getCertificate(String alias,
                                  char[] storePassword)
Gets a particular certificate from the keystore. This may be a trust certificate or the certificate corresponding to a particular private key.

Parameters:
alias - The certificate to look at
storePassword - The password to use to access the keystore

importTrustCertificate

public boolean importTrustCertificate(Certificate cert,
                                      String alias,
                                      char[] storePassword)
Adds a certificate to this keystore as a trusted certificate.

Parameters:
cert - The certificate to add
alias - The alias to list the certificate under
storePassword - The password for the keystore
Returns:
True if the certificate was imported successfully

generateKeyPair

public boolean generateKeyPair(String alias,
                               char[] storePassword,
                               char[] keyPassword,
                               String keyAlgorithm,
                               int keySize,
                               String signatureAlgorithm,
                               int validity,
                               String commonName,
                               String orgUnit,
                               String organization,
                               String locality,
                               String state,
                               String country)
Generates a new private key and certificate pair in this keystore.

Parameters:
alias - The alias to store the new key pair under
storePassword - The password used to access the keystore
keyPassword - The password to use to protect the new key
keyAlgorithm - The algorithm used for the key (e.g. RSA)
keySize - The number of bits in the key (e.g. 1024)
signatureAlgorithm - The algorithm used to sign the key (e.g. MD5withRSA)
validity - The number of days the certificate should be valid for
commonName - The CN portion of the identity on the certificate
orgUnit - The OU portion of the identity on the certificate
organization - The O portion of the identity on the certificate
locality - The L portion of the identity on the certificate
state - The ST portion of the identity on the certificate
country - The C portion of the identity on the certificate
Returns:
True if the key was generated successfully

getKeyManager

public KeyManager[] getKeyManager(String algorithm,
                                  String alias)
                           throws NoSuchAlgorithmException,
                                  UnrecoverableKeyException,
                                  KeyStoreException,
                                  KeystoreIsLocked
Gets a KeyManager for a key in this Keystore. This only works if both the keystore and the private key in question have been unlocked, allowing other components in the server to access them.

Parameters:
algorithm - The SSL algorithm to use for this key manager
alias - The alias of the key to use in the keystore
Throws:
NoSuchAlgorithmException
UnrecoverableKeyException
KeyStoreException
KeystoreIsLocked

getTrustManager

public TrustManager[] getTrustManager(String algorithm)
                               throws KeyStoreException,
                                      NoSuchAlgorithmException,
                                      KeystoreIsLocked
Gets a TrustManager for this keystore. This only works if the keystore has been unlocked, allowing other components in the server to access it.

Parameters:
algorithm - The SSL algorithm to use for this trust manager
Throws:
KeyStoreException
NoSuchAlgorithmException
KeystoreIsLocked


Copyright © 2003-2007 Apache Software Foundation. All Rights Reserved.