KeystoreInstance (Geronimo :: Management API 1.1 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.geronimo.management.geronimo
Interface KeystoreInstance

public interface KeystoreInstance

Management interface for dealing with a specific Keystore

Version:: $Rev: 409817 $ $Date: 2006-05-27 09:56:38 +0200 (Sat, 27 May 2006) $

Method Summary
`boolean`	`generateKeyPair(String alias, char[] storePassword, char[] keyPassword, String keyAlgorithm, int keySize, String signatureAlgorithm, int validity, String commonName, String orgUnit, String organization, String locality, String state, String country)` Generates a new private key and certificate pair in this keystore.
`Certificate`	`getCertificate(String alias, char[] storePassword)` Gets a particular certificate from the keystore.
`KeyManager[]`	`getKeyManager(String algorithm, String alias)` Gets a KeyManager for a key in this Keystore.
`String`	`getKeystoreName()` Returns the name of the keystore as known to the keystore manager.
`TrustManager[]`	`getTrustManager(String algorithm)` Gets a TrustManager for this keystore.
`String[]`	`getUnlockedKeys()` Gets the aliases for all the private keys that are currently unlocked.
`boolean`	`importTrustCertificate(Certificate cert, String alias, char[] storePassword)` Adds a certificate to this keystore as a trusted certificate.
`boolean`	`isKeyLocked(String alias)` Checks whether the specified private key is locked, which is to say, available for other components to use to generate socket factories.
`boolean`	`isKeystoreLocked()` Checks whether this keystore is unlocked, which is to say, available for other components to use to generate socket factories.
`boolean`	`isTrustStore()` Checks whether this keystore can be used as a trust store (e.g.
`String[]`	`listPrivateKeys(char[] storePassword)` Gets the aliases of all private key entries in the keystore
`String[]`	`listTrustCertificates(char[] storePassword)` Gets the aliases of all trusted certificate entries in the keystore.
`void`	`lockKeystore()` Clears any saved password, meaning this keystore cannot be used by other server components.
`void`	`lockPrivateKey(String alias)` Clears any saved password for the specified private key, meaning this key cannot be used for a socket factory by other server components.
`boolean`	`unlockKeystore(char[] password)` Saves a password to access the keystore as a whole.
`boolean`	`unlockPrivateKey(String alias, char[] password)` Saves a password to access a private key.

Method Detail

getKeystoreName

public String getKeystoreName()

Returns the name of the keystore as known to the keystore manager.

unlockKeystore

public boolean unlockKeystore(char[] password)

Saves a password to access the keystore as a whole. This means that any other server component can use this keystore to create a socket factory. However, the relevant private key in the keystore must also be unlocked.

Returns:: True if the keystore was unlocked successfully

lockKeystore

public void lockKeystore()

Clears any saved password, meaning this keystore cannot be used by other server components. You can still query and update it by passing the password to other functions,

isKeystoreLocked

public boolean isKeystoreLocked()

Checks whether this keystore is unlocked, which is to say, available for other components to use to generate socket factories. Does not check whether the unlock password is actually correct.

listPrivateKeys

public String[] listPrivateKeys(char[] storePassword)

Gets the aliases of all private key entries in the keystore

Parameters:: storePassword - Used to open the keystore.

unlockPrivateKey

public boolean unlockPrivateKey(String alias,
                                char[] password)
                         throws KeystoreIsLocked

Saves a password to access a private key. This means that if the keystore is also unlocked, any server component can create an SSL socket factory using this private key. Note that the keystore must be unlocked before this can be called.

Parameters:: password - The password to save.
Returns:: True if the key was unlocked successfully
Throws:: KeystoreIsLocked

getUnlockedKeys

public String[] getUnlockedKeys()
                         throws KeystoreIsLocked

Gets the aliases for all the private keys that are currently unlocked. This only works if the keystore is unlocked.

Throws:: KeystoreIsLocked

isTrustStore

public boolean isTrustStore()
                     throws KeystoreIsLocked

Checks whether this keystore can be used as a trust store (e.g. has at least one trust certificate). This only works if the keystore is unlocked.

Throws:: KeystoreIsLocked

lockPrivateKey

public void lockPrivateKey(String alias)

Clears any saved password for the specified private key, meaning this key cannot be used for a socket factory by other server components. You can still query and update it by passing the password to other functions,

isKeyLocked

public boolean isKeyLocked(String alias)

Checks whether the specified private key is locked, which is to say, available for other components to use to generate socket factories. Does not check whether the unlock password is actually correct.

listTrustCertificates

public String[] listTrustCertificates(char[] storePassword)

Gets the aliases of all trusted certificate entries in the keystore.

Parameters:: storePassword - Used to open the keystore.

getCertificate

public Certificate getCertificate(String alias,
                                  char[] storePassword)

Gets a particular certificate from the keystore. This may be a trust certificate or the certificate corresponding to a particular private key.

Parameters:: alias - The certificate to look at; storePassword - The password to use to access the keystore

importTrustCertificate

public boolean importTrustCertificate(Certificate cert,
                                      String alias,
                                      char[] storePassword)

Adds a certificate to this keystore as a trusted certificate.

Parameters:: cert - The certificate to add; alias - The alias to list the certificate under; storePassword - The password for the keystore
Returns:: True if the certificate was imported successfully

generateKeyPair

public boolean generateKeyPair(String alias,
                               char[] storePassword,
                               char[] keyPassword,
                               String keyAlgorithm,
                               int keySize,
                               String signatureAlgorithm,
                               int validity,
                               String commonName,
                               String orgUnit,
                               String organization,
                               String locality,
                               String state,
                               String country)

Generates a new private key and certificate pair in this keystore.

Parameters:: alias - The alias to store the new key pair under; storePassword - The password used to access the keystore; keyPassword - The password to use to protect the new key; keyAlgorithm - The algorithm used for the key (e.g. RSA); keySize - The number of bits in the key (e.g. 1024); signatureAlgorithm - The algorithm used to sign the key (e.g. MD5withRSA); validity - The number of days the certificate should be valid for; commonName - The CN portion of the identity on the certificate; orgUnit - The OU portion of the identity on the certificate; organization - The O portion of the identity on the certificate; locality - The L portion of the identity on the certificate; state - The ST portion of the identity on the certificate; country - The C portion of the identity on the certificate
Returns:: True if the key was generated successfully

getKeyManager

public KeyManager[] getKeyManager(String algorithm,
                                  String alias)
                           throws NoSuchAlgorithmException,
                                  UnrecoverableKeyException,
                                  KeyStoreException,
                                  KeystoreIsLocked

Gets a KeyManager for a key in this Keystore. This only works if both the keystore and the private key in question have been unlocked, allowing other components in the server to access them.

Parameters:: algorithm - The SSL algorithm to use for this key manager; alias - The alias of the key to use in the keystore
Throws:: NoSuchAlgorithmException; UnrecoverableKeyException; KeyStoreException; KeystoreIsLocked

getTrustManager

public TrustManager[] getTrustManager(String algorithm)
                               throws KeyStoreException,
                                      NoSuchAlgorithmException,
                                      KeystoreIsLocked

Gets a TrustManager for this keystore. This only works if the keystore has been unlocked, allowing other components in the server to access it.

Parameters:: algorithm - The SSL algorithm to use for this trust manager
Throws:: KeyStoreException; NoSuchAlgorithmException; KeystoreIsLocked