org.apache.geronimo.security.keystore
Class FileKeystoreInstance

java.lang.Object
  extended by org.apache.geronimo.security.keystore.FileKeystoreInstance
All Implemented Interfaces:
GBeanLifecycle, KeystoreInstance

public class FileKeystoreInstance
extends Object
implements KeystoreInstance, GBeanLifecycle

Implementation of KeystoreInstance that accesses a keystore file on the local filesystem, identified by the file's name (the last component of the name only, not the full path).


Field Summary
static GBeanInfo GBEAN_INFO
           
 
Constructor Summary
FileKeystoreInstance(ServerInfo serverInfo, URI keystorePath, String keystoreName, String keystorePassword, String keystoreType, String keyPasswords, Kernel kernel, AbstractName abstractName)
           
 
Method Summary
 void changeKeyPassword(String alias, char[] storePassword, char[] keyPassword, char[] newKeyPassword)
          Changes the password for a private key entry in the keystore.
 void changeKeystorePassword(char[] storePassword, char[] newPassword)
          Changes the keystore password.
 void deleteEntry(String alias, char[] storePassword)
          Deletes a key from this Keystore.
 void doFail()
          Fails the GBean.
 void doStart()
          Starts the GBean.
 void doStop()
          Stops the target.
 String generateCSR(String alias, char[] storePassword)
           
 void generateKeyPair(String alias, char[] storePassword, char[] keyPassword, String keyAlgorithm, int keySize, String signatureAlgorithm, int validity, String commonName, String orgUnit, String organization, String locality, String state, String country)
          Generates a new private key and certificate pair in this keystore.
 Certificate getCertificate(String alias)
          Gets a particular certificate from the keystore.
 Certificate getCertificate(String alias, char[] storePassword)
          Gets a particular certificate from the keystore.
 String getCertificateAlias(Certificate cert, char[] storePassword)
          Gets the alias corresponding to the given certificate.
 Certificate[] getCertificateChain(String alias, char[] storePassword)
          Gets a particular certificate chain from the keystore.
static GBeanInfo getGBeanInfo()
           
 KeyManager[] getKeyManager(String algorithm, String alias, char[] storePassword)
          Gets a KeyManager for a key in this Keystore.
 String getKeystoreName()
          Returns the name of the keystore as known to the keystore manager.
 String getKeystoreType()
          Returns the type of the keystore.
 PrivateKey getPrivateKey(String alias, char[] storePassword, char[] keyPassword)
          Gets the private key with the specified alias.
 TrustManager[] getTrustManager(String algorithm, char[] storePassword)
          Gets a TrustManager for this keystore.
 String[] getUnlockedKeys(char[] storePassword)
          Gets the aliases for all the private keys that are currently unlocked.
 void importPKCS7Certificate(String alias, String certbuf, char[] storePassword)
           
 void importTrustCertificate(Certificate cert, String alias, char[] storePassword)
          Adds a certificate to this keystore as a trusted certificate.
 boolean isKeyLocked(String alias)
          Checks whether the specified private key is locked, which is to say, available for other components to use to generate socket factories.
 boolean isKeystoreLocked()
          Checks whether this keystore is unlocked, which is to say, available for other components to use to generate socket factories.
 boolean isTrustStore(char[] storePassword)
          Checks whether this keystore can be used as a trust store (e.g. has at least one trust certificate).
 String[] listPrivateKeys(char[] storePassword)
          Gets the aliases of all private key entries in the keystore
 String[] listTrustCertificates(char[] storePassword)
          Gets the aliases of all trusted certificate entries in the keystore.
 void lockKeystore(char[] password)
          Clears any saved password, meaning this keystore cannot be used by other server components.
 void lockPrivateKey(String alias, char[] storePassword)
          Clears any saved password for the specified private key, meaning this key cannot be used for a socket factory by other server components.
 void setKeyPasswords(String passwords)
           
 void setKeystorePassword(String password)
           
 void unlockKeystore(char[] password)
          Saves a password to access the keystore as a whole.
 void unlockPrivateKey(String alias, char[] storePassword, char[] password)
          Saves a password to access a private key.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

GBEAN_INFO

public static final GBeanInfo GBEAN_INFO
Constructor Detail

FileKeystoreInstance

public FileKeystoreInstance(ServerInfo serverInfo,
                            URI keystorePath,
                            String keystoreName,
                            String keystorePassword,
                            String keystoreType,
                            String keyPasswords,
                            Kernel kernel,
                            AbstractName abstractName)
Method Detail

doStart

public void doStart()
             throws Exception
Description copied from interface: GBeanLifecycle
Starts the GBean. This informs the GBean that it is about to transition to the running state.

Specified by:
doStart in interface GBeanLifecycle
Throws:
Exception - if the target failed to start; this will cause a transition to the failed state

doStop

public void doStop()
            throws Exception
Description copied from interface: GBeanLifecycle
Stops the target. This informs the GBean that it is about to transition to the stopped state.

Specified by:
doStop in interface GBeanLifecycle
Throws:
Exception - if the target failed to stop; this will cause a transition to the failed state

doFail

public void doFail()
Description copied from interface: GBeanLifecycle
Fails the GBean. This informs the GBean that it is about to transition to the failed state.

Specified by:
doFail in interface GBeanLifecycle

getGBeanInfo

public static GBeanInfo getGBeanInfo()

getKeystoreName

public String getKeystoreName()
Description copied from interface: KeystoreInstance
Returns the name of the keystore as known to the keystore manager.

Specified by:
getKeystoreName in interface KeystoreInstance

getKeystoreType

public String getKeystoreType()
Description copied from interface: KeystoreInstance
Returns the type of the keystore.

Specified by:
getKeystoreType in interface KeystoreInstance

unlockKeystore

public void unlockKeystore(char[] password)
                    throws KeystoreException
Description copied from interface: KeystoreInstance
Saves a password to access the keystore as a whole. This means that any other server component can use this keystore to create a socket factory. However, the relevant private key in the keystore must also be unlocked.

Specified by:
unlockKeystore in interface KeystoreInstance
Throws:
KeystoreException

setKeystorePassword

public void setKeystorePassword(String password)

lockKeystore

public void lockKeystore(char[] password)
                  throws KeystoreException
Description copied from interface: KeystoreInstance
Clears any saved password, meaning this keystore cannot be used by other server components. You can still query and update it by passing the password to other functions,

Specified by:
lockKeystore in interface KeystoreInstance
Throws:
KeystoreException

isKeystoreLocked

public boolean isKeystoreLocked()
Description copied from interface: KeystoreInstance
Checks whether this keystore is unlocked, which is to say, available for other components to use to generate socket factories. Does not check whether the unlock password is actually correct.

Specified by:
isKeystoreLocked in interface KeystoreInstance

listPrivateKeys

public String[] listPrivateKeys(char[] storePassword)
                         throws KeystoreException
Description copied from interface: KeystoreInstance
Gets the aliases of all private key entries in the keystore

Specified by:
listPrivateKeys in interface KeystoreInstance
Parameters:
storePassword - Used to open the keystore. If null, the internal password will be used and may
Throws:
KeystoreIsLocked - if a null password was provided and the keystore is locked, or if a bad password was provided
KeystoreException

unlockPrivateKey

public void unlockPrivateKey(String alias,
                             char[] storePassword,
                             char[] password)
                      throws KeystoreException
Description copied from interface: KeystoreInstance
Saves a password to access a private key. This means that if the keystore is also unlocked, any server component can create an SSL socket factory using this private key. Note that the keystore must be unlocked before this can be called.

Specified by:
unlockPrivateKey in interface KeystoreInstance
Throws:
KeystoreException

getUnlockedKeys

public String[] getUnlockedKeys(char[] storePassword)
                         throws KeystoreException
Description copied from interface: KeystoreInstance
Gets the aliases for all the private keys that are currently unlocked. This only works if the keystore is unlocked.

Specified by:
getUnlockedKeys in interface KeystoreInstance
Throws:
KeystoreException

isTrustStore

public boolean isTrustStore(char[] storePassword)
                     throws KeystoreException
Description copied from interface: KeystoreInstance
Checks whether this keystore can be used as a trust store (e.g. has at least one trust certificate). This only works if the keystore is unlocked.

Specified by:
isTrustStore in interface KeystoreInstance
Throws:
KeystoreException

lockPrivateKey

public void lockPrivateKey(String alias,
                           char[] storePassword)
                    throws KeystoreException
Description copied from interface: KeystoreInstance
Clears any saved password for the specified private key, meaning this key cannot be used for a socket factory by other server components. You can still query and update it by passing the password to other functions,

Specified by:
lockPrivateKey in interface KeystoreInstance
storePassword - The password used to access the keystore. Must be non-null.
Throws:
KeystoreIsLocked
KeystoreException

setKeyPasswords

public void setKeyPasswords(String passwords)

isKeyLocked

public boolean isKeyLocked(String alias)
Checks whether the specified private key is locked, which is to say, available for other components to use to generate socket factories. Does not check whether the unlock password is actually correct.

Specified by:
isKeyLocked in interface KeystoreInstance

listTrustCertificates

public String[] listTrustCertificates(char[] storePassword)
                               throws KeystoreException
Description copied from interface: KeystoreInstance
Gets the aliases of all trusted certificate entries in the keystore.

Specified by:
listTrustCertificates in interface KeystoreInstance
Parameters:
storePassword - Used to open the keystore or null to use the internal password.
Throws:
KeystoreIsLocked - if the keystore coul not be unlocked
KeystoreException

importTrustCertificate

public void importTrustCertificate(Certificate cert,
                                   String alias,
                                   char[] storePassword)
                            throws KeystoreException
Description copied from interface: KeystoreInstance
Adds a certificate to this keystore as a trusted certificate.

Specified by:
importTrustCertificate in interface KeystoreInstance
Parameters:
cert - The certificate to add
alias - The alias to list the certificate under
storePassword - Used to open the keystore. Must be non null
Throws:
KeystoreException

generateKeyPair

public void generateKeyPair(String alias,
                            char[] storePassword,
                            char[] keyPassword,
                            String keyAlgorithm,
                            int keySize,
                            String signatureAlgorithm,
                            int validity,
                            String commonName,
                            String orgUnit,
                            String organization,
                            String locality,
                            String state,
                            String country)
                     throws KeystoreException
Description copied from interface: KeystoreInstance
Generates a new private key and certificate pair in this keystore.

Specified by:
generateKeyPair in interface KeystoreInstance
Parameters:
alias - The alias to store the new key pair under
storePassword - The password used to access the keystore
keyPassword - The password to use to protect the new key
keyAlgorithm - The algorithm used for the key (e.g. RSA)
keySize - The number of bits in the key (e.g. 1024)
signatureAlgorithm - The algorithm used to sign the key (e.g. MD5withRSA)
validity - The number of days the certificate should be valid for
commonName - The CN portion of the identity on the certificate
orgUnit - The OU portion of the identity on the certificate
organization - The O portion of the identity on the certificate
locality - The L portion of the identity on the certificate
state - The ST portion of the identity on the certificate
country - The C portion of the identity on the certificate
Throws:
KeystoreException

generateCSR

public String generateCSR(String alias,
                          char[] storePassword)
                   throws KeystoreException
Specified by:
generateCSR in interface KeystoreInstance
Throws:
KeystoreException

importPKCS7Certificate

public void importPKCS7Certificate(String alias,
                                   String certbuf,
                                   char[] storePassword)
                            throws KeystoreException
Specified by:
importPKCS7Certificate in interface KeystoreInstance
Throws:
KeystoreException

deleteEntry

public void deleteEntry(String alias,
                        char[] storePassword)
                 throws KeystoreException
Description copied from interface: KeystoreInstance
Deletes a key from this Keystore.

Specified by:
deleteEntry in interface KeystoreInstance
Parameters:
alias - the alias to delete
storePassword - The password used to access the keystore
Throws:
KeystoreException

getKeyManager

public KeyManager[] getKeyManager(String algorithm,
                                  String alias,
                                  char[] storePassword)
                           throws KeystoreException
Description copied from interface: KeystoreInstance
Gets a KeyManager for a key in this Keystore. This only works if both the keystore and the private key in question have been unlocked, allowing other components in the server to access them.

Specified by:
getKeyManager in interface KeystoreInstance
Parameters:
algorithm - The SSL algorithm to use for this key manager
alias - The alias of the key to use in the keystore
storePassword - The password used to access the keystore
Throws:
KeystoreException

getTrustManager

public TrustManager[] getTrustManager(String algorithm,
                                      char[] storePassword)
                               throws KeystoreException
Description copied from interface: KeystoreInstance
Gets a TrustManager for this keystore. This only works if the keystore has been unlocked, allowing other components in the server to access it.

Specified by:
getTrustManager in interface KeystoreInstance
Parameters:
algorithm - The SSL algorithm to use for this trust manager
storePassword - The password used to access the keystore
Throws:
KeystoreException

getPrivateKey

public PrivateKey getPrivateKey(String alias,
                                char[] storePassword,
                                char[] keyPassword)
                         throws KeyNotFoundException,
                                KeystoreException,
                                KeystoreIsLocked
Gets the private key with the specified alias.

Specified by:
getPrivateKey in interface KeystoreInstance
Parameters:
alias - The alias of the private key to be retrieved
storePassword - The password used to access the keystore
keyPassword - The password to use to protect the new key
Returns:
PrivateKey with the alias specified
Throws:
KeyNotFoundException
KeystoreException
KeystoreIsLocked

getCertificate

public Certificate getCertificate(String alias,
                                  char[] storePassword)
                           throws KeystoreIsLocked,
                                  KeyNotFoundException,
                                  KeystoreException
Gets a particular certificate from the keystore. This may be a trust certificate or the certificate corresponding to a particular private key. This only works if the keystore is unlocked.

Specified by:
getCertificate in interface KeystoreInstance
Parameters:
alias - The certificate to look at
storePassword - Used to open the keystore or null to use the internal password.
Throws:
KeyNotFoundException
KeyStoreException
KeystoreException
KeystoreIsLocked

getCertificateAlias

public String getCertificateAlias(Certificate cert,
                                  char[] storePassword)
                           throws KeystoreException
Description copied from interface: KeystoreInstance
Gets the alias corresponding to the given certificate.

Specified by:
getCertificateAlias in interface KeystoreInstance
storePassword - Used to open the keystore or null to use the internal password.
Throws:
KeystoreIsLocked - if the keystore coul not be unlocked
KeystoreException

getCertificateChain

public Certificate[] getCertificateChain(String alias,
                                         char[] storePassword)
                                  throws KeystoreException
Description copied from interface: KeystoreInstance
Gets a particular certificate chain from the keystore.

Specified by:
getCertificateChain in interface KeystoreInstance
Parameters:
alias - The certificate chain to look at
storePassword - Used to open the keystore or null to use the internal password.
Throws:
KeystoreIsLocked - if the keystore coul not be unlocked
KeystoreException

getCertificate

public Certificate getCertificate(String alias)
Gets a particular certificate from the keystore. This may be a trust certificate or the certificate corresponding to a particular private key. This only works if the keystore is unlocked.

Specified by:
getCertificate in interface KeystoreInstance
Parameters:
alias - The certificate to look at

changeKeystorePassword

public void changeKeystorePassword(char[] storePassword,
                                   char[] newPassword)
                            throws KeystoreException
Changes the keystore password.

Specified by:
changeKeystorePassword in interface KeystoreInstance
Parameters:
storePassword - Current password for the keystore
newPassword - New password for the keystore
Throws:
KeystoreException

changeKeyPassword

public void changeKeyPassword(String alias,
                              char[] storePassword,
                              char[] keyPassword,
                              char[] newKeyPassword)
                       throws KeystoreException
Changes the password for a private key entry in the keystore.

Specified by:
changeKeyPassword in interface KeystoreInstance
Parameters:
storePassword - Password for the keystore
keyPassword - Current password for the private key
newKeyPassword - New password for the private key
Throws:
KeystoreException


Copyright © 2003-2008 The Apache Geronimo development community. All Rights Reserved.