You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by jb...@apache.org on 2006/07/31 23:04:17 UTC
svn commit: r427268 - in /geronimo/branches/1.1:
applications/console-standard/src/java/org/apache/geronimo/console/keystores/
applications/console-standard/src/webapp/WEB-INF/view/keystore/
modules/management/src/java/org/apache/geronimo/management/ge...
Author: jbohn
Date: Mon Jul 31 14:04:16 2006
New Revision: 427268
URL: http://svn.apache.org/viewvc?rev=427268&view=rev
Log:
GERONIMO-2218 fix broken and missing function in the keystore portlet
Added:
geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/CertificateDetailsHandler.java
geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/DeleteEntryHandler.java
geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/GenerateCSRHandler.java
geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ImportCAReplyHandler.java
geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/certificateDetails.jsp (with props)
geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/generateCSR.jsp (with props)
geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/importCAReply.jsp (with props)
Modified:
geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/BaseKeystoreHandler.java
geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ConfirmCertificateHandler.java
geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/KeystoresPortlet.java
geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeyHandler.java
geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UploadCertificateHandler.java
geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/uploadCertificate.jsp
geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/viewKeystore.jsp
geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java
geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java
Modified: geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/BaseKeystoreHandler.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/BaseKeystoreHandler.java?rev=427268&r1=427267&r2=427268&view=diff
==============================================================================
--- geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/BaseKeystoreHandler.java (original)
+++ geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/BaseKeystoreHandler.java Mon Jul 31 14:04:16 2006
@@ -16,24 +16,28 @@
*/
package org.apache.geronimo.console.keystores;
-import java.io.FileInputStream;
+import java.io.ByteArrayInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.io.Serializable;
+import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
+
import javax.portlet.ActionResponse;
import javax.portlet.PortletRequest;
import javax.portlet.PortletSession;
+
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.geronimo.console.MultiPageAbstractHandler;
import org.apache.geronimo.console.MultiPageModel;
import org.apache.geronimo.management.geronimo.KeystoreInstance;
+import org.apache.geronimo.management.geronimo.KeystoreIsLocked;
import org.apache.geronimo.util.CertificateUtil;
/**
@@ -56,6 +60,11 @@
protected static final String CONFIRM_CERTIFICATE = "confirmCertificate";
protected static final String CONFIGURE_KEY = "configureKey";
protected static final String CONFIRM_KEY = "confirmKey";
+ protected static final String CERTIFICATE_DETAILS = "certificateDetails";
+ protected static final String GENERATE_CSR = "generateCSR";
+ protected static final String IMPORT_CA_REPLY = "importCAReply";
+ protected static final String DELETE_ENTRY = "deleteEntry";
+
protected BaseKeystoreHandler(String mode, String viewName) {
super(mode, viewName);
@@ -75,6 +84,7 @@
private String[] certificates;
private String[] keys;
private Map fingerprints;
+ private Map keyPasswords;
public KeystoreInstance getInstance() {
return instance;
@@ -90,6 +100,7 @@
certificates = null;
keys = null;
fingerprints = null;
+ keyPasswords = null;
}
}
@@ -137,7 +148,9 @@
}
public boolean importTrustCert(String fileName, String alias) throws FileNotFoundException, CertificateException {
- InputStream is = new FileInputStream(fileName);
+ // Uploading certificate using a disk file fails on Windows. Certificate text is used instead.
+ //InputStream is = new FileInputStream(fileName);
+ InputStream is = new ByteArrayInputStream(fileName.getBytes());
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Collection certs = cf.generateCertificates(is);
X509Certificate cert = (X509Certificate) certs.iterator().next();
@@ -180,5 +193,62 @@
}
return result;
}
+
+ public Certificate getCertificate(String alias) {
+ return instance.getCertificate(alias, password);
+ }
+
+ public void unlockPrivateKey(String alias, char[] keyPassword) throws KeystoreIsLocked {
+ if(keyPasswords == null) {
+ keyPasswords = new HashMap();
+ }
+
+ if(instance.unlockPrivateKey(alias, keyPassword)) {
+ keyPasswords.put(alias, keyPassword);
+ }
+ }
+
+ public void deleteEntry(String alias) {
+ for(int i = 0; i < keys.length; ++i) {
+ if(keys[i].equals(alias)) {
+ String[] temp = new String[keys.length-1];
+ for(int j = 0; j < i-1; ++j) {
+ temp[j] = keys[j];
+ }
+ for(int j = i+1; j < keys.length; ++j) {
+ temp[j-1] = keys[j];
+ }
+ keys = temp;
+ break;
+ }
+ }
+
+ for(int i = 0; i < certificates.length; ++i) {
+ if(certificates[i].equals(alias)) {
+ String[] temp = new String[certificates.length-1];
+ for(int j = 0; j < i-1; ++j) {
+ temp[j] = certificates[j];
+ }
+ for(int j = i+1; j < certificates.length; ++j) {
+ temp[j-1] = certificates[j];
+ }
+ certificates = temp;
+ }
+ }
+ instance.deleteEntry(alias);
+ if(keyPasswords != null)
+ keyPasswords.remove(alias);
+ if(fingerprints != null)
+ fingerprints.remove(alias);
+ }
+
+ public void importPKCS7Certificate(String alias, String pkcs7cert) {
+ try {
+ instance.importPKCS7Certificate(alias, pkcs7cert);
+ fingerprints.put(alias, CertificateUtil.generateFingerprint(instance.getCertificate(alias, password), "MD5"));
+ } catch (Exception e) {
+ log.error("Error importing CA reply", e);
+ }
+ }
}
}
Added: geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/CertificateDetailsHandler.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/CertificateDetailsHandler.java?rev=427268&view=auto
==============================================================================
--- geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/CertificateDetailsHandler.java (added)
+++ geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/CertificateDetailsHandler.java Mon Jul 31 14:04:16 2006
@@ -0,0 +1,77 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.console.keystores;
+
+import org.apache.geronimo.console.MultiPageModel;
+import javax.portlet.ActionRequest;
+import javax.portlet.ActionResponse;
+import javax.portlet.PortletException;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+import java.io.IOException;
+import java.security.cert.Certificate;
+
+/**
+ * Handler for displaying Trusted Certificate or Private Key Certificate details
+ *
+ * @version $Rev: 409817 $ $Date: 2006-05-27 13:26:38 +0530 (Sat, 27 May 2006) $
+ */
+public class CertificateDetailsHandler extends BaseKeystoreHandler {
+ public CertificateDetailsHandler() {
+ super(CERTIFICATE_DETAILS, "/WEB-INF/view/keystore/certificateDetails.jsp");
+ }
+
+ public String actionBeforeView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {
+ String id = request.getParameter("id");
+ String alias = request.getParameter("alias");
+ response.setRenderParameter("id", id);
+ response.setRenderParameter("alias", alias);
+ return getMode();
+ }
+
+ public void renderView(RenderRequest request, RenderResponse response, MultiPageModel model) throws PortletException, IOException {
+ String id = request.getParameter("id");
+ String alias = request.getParameter("alias");
+ if(alias == null && request.getParameterMap().containsKey("alias")) {
+ // Happens with an alias ""
+ alias = "";
+ }
+ KeystoreData data = ((KeystoreData) request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + id));
+ Certificate cert = data.getCertificate(alias);
+ String type = "Trusted Certificate";
+ boolean keyLocked = true;
+ String[] keys = data.getKeys();
+ for(int i = 0; i < keys.length; ++i) {
+ if(keys[i].equals(alias)) {
+ type = "Private Key";
+ keyLocked = data.getInstance().isKeyLocked(alias);
+ }
+ }
+ request.setAttribute("id", id);
+ request.setAttribute("alias", alias);
+ request.setAttribute("type", type);
+ request.setAttribute("keyLocked", new Boolean(keyLocked));
+ // TODO: Handle certificate chain
+ request.setAttribute("certs", new Certificate[] {cert});
+ }
+
+ public String actionAfterView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {
+ String id = request.getParameter("id");
+ response.setRenderParameter("id", id);
+ return VIEW_KEYSTORE+BEFORE_ACTION;
+ }
+}
Modified: geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ConfirmCertificateHandler.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ConfirmCertificateHandler.java?rev=427268&r1=427267&r2=427268&view=diff
==============================================================================
--- geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ConfirmCertificateHandler.java (original)
+++ geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ConfirmCertificateHandler.java Mon Jul 31 14:04:16 2006
@@ -26,6 +26,8 @@
import javax.portlet.PortletException;
import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
+
+import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -56,9 +58,14 @@
SimpleDateFormat sdf = new SimpleDateFormat("MM/dd/yyyy");
request.setAttribute("id", request.getParameter("id"));
request.setAttribute("alias", request.getParameter("alias"));
+ /* // Uploading certificate using a disk file fails on Windows. Certificate text is used instead.
String certFile = request.getParameter("certificate");
request.setAttribute("certificate", certFile);
InputStream is = new FileInputStream(certFile);
+ */
+ String certificate = request.getParameter("certificate");
+ request.setAttribute("certificate", certificate);
+ InputStream is = new ByteArrayInputStream(certificate.getBytes());
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Collection certificates = cf.generateCertificates(is);
Added: geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/DeleteEntryHandler.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/DeleteEntryHandler.java?rev=427268&view=auto
==============================================================================
--- geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/DeleteEntryHandler.java (added)
+++ geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/DeleteEntryHandler.java Mon Jul 31 14:04:16 2006
@@ -0,0 +1,62 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.console.keystores;
+
+import org.apache.geronimo.console.MultiPageModel;
+
+import javax.portlet.ActionRequest;
+import javax.portlet.ActionResponse;
+import javax.portlet.PortletException;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+import java.io.IOException;
+
+/**
+ * Handler for deleting a trusted certificate or private key from keystore
+ *
+ * @version $Rev: 409817 $ $Date: 2006-05-27 13:26:38 +0530 (Sat, 27 May 2006) $
+ */
+public class DeleteEntryHandler extends BaseKeystoreHandler {
+ public DeleteEntryHandler() {
+ super(DELETE_ENTRY, "/WEB-INF/view/keystore/viewKeystore.jsp");
+ }
+
+ public String actionBeforeView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {
+ String id = request.getParameter("id");
+ String alias = request.getParameter("alias");
+ if(id != null) {
+ response.setRenderParameter("id", id);
+ if(alias != null) {
+ KeystoreData data = (KeystoreData) request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + id);
+ data.deleteEntry(alias);
+ }
+ } // else we hope this is after a failure and the actionAfterView took care of it below!
+ return getMode();
+ }
+
+ public void renderView(RenderRequest request, RenderResponse response, MultiPageModel model) throws PortletException, IOException {
+ String id = request.getParameter("id");
+ request.setAttribute("id", id);
+ request.setAttribute("keystore", request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + id));
+ }
+
+ public String actionAfterView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {
+ String id = request.getParameter("id");
+ response.setRenderParameter("id", id);
+ return VIEW_KEYSTORE+BEFORE_ACTION;
+ }
+}
Added: geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/GenerateCSRHandler.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/GenerateCSRHandler.java?rev=427268&view=auto
==============================================================================
--- geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/GenerateCSRHandler.java (added)
+++ geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/GenerateCSRHandler.java Mon Jul 31 14:04:16 2006
@@ -0,0 +1,64 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.console.keystores;
+
+import org.apache.geronimo.console.MultiPageModel;
+import org.apache.geronimo.management.geronimo.KeystoreInstance;
+
+import javax.portlet.ActionRequest;
+import javax.portlet.ActionResponse;
+import javax.portlet.PortletException;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+import java.io.IOException;
+
+/**
+ * Handler for generating a Certificate Signing Request (CSR)
+ *
+ * @version $Rev: 409817 $ $Date: 2006-05-27 13:26:38 +0530 (Sat, 27 May 2006) $
+ */
+public class GenerateCSRHandler extends BaseKeystoreHandler {
+ public GenerateCSRHandler() {
+ super(GENERATE_CSR, "/WEB-INF/view/keystore/generateCSR.jsp");
+ }
+
+ public String actionBeforeView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {
+ String id = request.getParameter("id");
+ String alias = request.getParameter("alias");
+ response.setRenderParameter("id", id);
+ response.setRenderParameter("alias", alias);
+ return getMode();
+ }
+ public void renderView(RenderRequest request, RenderResponse response, MultiPageModel model) throws PortletException, IOException {
+ String id = request.getParameter("id");
+ String alias = request.getParameter("alias");
+ request.setAttribute("id", id);
+ request.setAttribute("alias", alias);
+ KeystoreData data = ((KeystoreData) request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + id));
+ KeystoreInstance keystoreInstance = data.getInstance();
+ String csr = keystoreInstance.generateCSR(alias);
+ request.setAttribute("csr", csr);
+ }
+
+ public String actionAfterView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {
+ String id = request.getParameter("id");
+ String alias = request.getParameter("alias");
+ response.setRenderParameter("id", id);
+ response.setRenderParameter("alias", alias);
+ return CERTIFICATE_DETAILS+BEFORE_ACTION;
+ }
+}
Added: geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ImportCAReplyHandler.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ImportCAReplyHandler.java?rev=427268&view=auto
==============================================================================
--- geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ImportCAReplyHandler.java (added)
+++ geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/ImportCAReplyHandler.java Mon Jul 31 14:04:16 2006
@@ -0,0 +1,65 @@
+/**
+ *
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geronimo.console.keystores;
+
+import java.io.IOException;
+
+import javax.portlet.ActionRequest;
+import javax.portlet.ActionResponse;
+import javax.portlet.PortletException;
+import javax.portlet.RenderRequest;
+import javax.portlet.RenderResponse;
+
+import org.apache.geronimo.console.MultiPageModel;
+
+/**
+ * Handler for importing a certficate issued by a CA
+ *
+ * @version $Rev: 409817 $ $Date: 2006-05-27 13:26:38 +0530 (Sat, 27 May 2006) $
+ */
+public class ImportCAReplyHandler extends BaseKeystoreHandler {
+ public ImportCAReplyHandler() {
+ super(IMPORT_CA_REPLY, "/WEB-INF/view/keystore/importCAReply.jsp");
+ }
+
+ public String actionBeforeView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {
+ String id = request.getParameter("id");
+ String alias = request.getParameter("alias");
+ response.setRenderParameter("id", id);
+ response.setRenderParameter("alias", alias);
+ return getMode();
+ }
+ public void renderView(RenderRequest request, RenderResponse response, MultiPageModel model) throws PortletException, IOException {
+ String id = request.getParameter("id");
+ String alias = request.getParameter("alias");
+ request.setAttribute("id", id);
+ request.setAttribute("alias", alias);
+ }
+
+ public String actionAfterView(ActionRequest request, ActionResponse response, MultiPageModel model) throws PortletException, IOException {
+ String id = request.getParameter("id");
+ String alias = request.getParameter("alias");
+ response.setRenderParameter("id", id);
+ response.setRenderParameter("alias", alias);
+ if("Cancel".equals(request.getParameter("submit")))
+ return CERTIFICATE_DETAILS+BEFORE_ACTION;
+ String pkcs7cert = request.getParameter("pkcs7cert");
+ KeystoreData data = ((KeystoreData) request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + id));
+ data.importPKCS7Certificate(alias, pkcs7cert);
+ return CERTIFICATE_DETAILS+BEFORE_ACTION;
+ }
+}
Modified: geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/KeystoresPortlet.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/KeystoresPortlet.java?rev=427268&r1=427267&r2=427268&view=diff
==============================================================================
--- geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/KeystoresPortlet.java (original)
+++ geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/KeystoresPortlet.java Mon Jul 31 14:04:16 2006
@@ -43,6 +43,10 @@
addHelper(new LockEditKeystoreHandler(), config);
addHelper(new LockKeystoreHandler(), config);
addHelper(new UnlockKeyHandler(), config);
+ addHelper(new CertificateDetailsHandler(), config);
+ addHelper(new GenerateCSRHandler(), config);
+ addHelper(new ImportCAReplyHandler(), config);
+ addHelper(new DeleteEntryHandler(), config);
}
protected String getModelJSPVariableName() {
Modified: geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeyHandler.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeyHandler.java?rev=427268&r1=427267&r2=427268&view=diff
==============================================================================
--- geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeyHandler.java (original)
+++ geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UnlockKeyHandler.java Mon Jul 31 14:04:16 2006
@@ -57,7 +57,8 @@
}
KeystoreData data = ((KeystoreData) request.getPortletSession(true).getAttribute(KEYSTORE_DATA_PREFIX + keystore));
try {
- data.getInstance().unlockPrivateKey(alias, keyPassword.toCharArray());
+ //data.getInstance().unlockPrivateKey(alias, keyPassword.toCharArray());
+ data.unlockPrivateKey(alias, keyPassword.toCharArray());
} catch (KeystoreIsLocked e) {
throw new PortletException("Invalid password for keystore", e);
}
Modified: geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UploadCertificateHandler.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UploadCertificateHandler.java?rev=427268&r1=427267&r2=427268&view=diff
==============================================================================
--- geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UploadCertificateHandler.java (original)
+++ geronimo/branches/1.1/applications/console-standard/src/java/org/apache/geronimo/console/keystores/UploadCertificateHandler.java Mon Jul 31 14:04:16 2006
@@ -58,6 +58,7 @@
if(alias == null) {
return getMode()+BEFORE_ACTION; //todo: some kind of error message
}
+ /* // Uploading certificate using a disk file fails on Windows. Certificate text is used instead.
File certFile;
FileItem item = (FileItem) getUploadFiles().get("certificate");
if(item != null) {
@@ -72,8 +73,11 @@
response.setRenderParameter("id", id);
return getMode()+BEFORE_ACTION;
}
+ */
response.setRenderParameter("id", id); // the Keystore
- response.setRenderParameter("certificate", certFile.getAbsolutePath());
+ // Uploading certificate using a disk file fails on Windows. Certificate text is used instead.
+ //response.setRenderParameter("certificate", certFile.getAbsolutePath());
+ response.setRenderParameter("certificate", getUploadFields().getProperty("certificate"));
response.setRenderParameter("alias", alias);
return CONFIRM_CERTIFICATE+BEFORE_ACTION;
Added: geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/certificateDetails.jsp
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/certificateDetails.jsp?rev=427268&view=auto
==============================================================================
--- geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/certificateDetails.jsp (added)
+++ geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/certificateDetails.jsp Mon Jul 31 14:04:16 2006
@@ -0,0 +1,98 @@
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib uri="http://java.sun.com/portlet" prefix="portlet"%>
+<portlet:defineObjects/>
+<table>
+<th>keystore</th>
+<th>alias</th>
+<th>type</th>
+<tr>
+<td>${id}</td>
+<td>${alias}</td>
+<td>${type}</td>
+</tr>
+</table>
+<br/>
+<table cellspacing="5">
+<tr>
+<c:if test="${!(keyLocked)}">
+<td>
+<a href="<portlet:actionURL portletMode="view">
+<portlet:param name="mode" value="generateCSR-before" />
+<portlet:param name="id" value="${id}" />
+<portlet:param name="alias" value="${alias}" /></portlet:actionURL>">
+Generate CSR</a></td>
+<td>
+<a href="<portlet:actionURL portletMode="view">
+<portlet:param name="mode" value="importCAReply-before" />
+<portlet:param name="id" value="${id}" />
+<portlet:param name="alias" value="${alias}" /></portlet:actionURL>">
+Import CA reply</a></td>
+</c:if>
+
+<td>
+<a href="<portlet:actionURL portletMode="view">
+<portlet:param name="mode" value="deleteEntry-before" />
+<portlet:param name="id" value="${id}" />
+<portlet:param name="alias" value="${alias}" /></portlet:actionURL>" onClick="return confirm('Are you sure you want to delete ${alias}?');">
+Delete Entry</a></td>
+
+<td>
+<a href="<portlet:actionURL portletMode="view">
+<portlet:param name="mode" value="certificateDetails-after" />
+<portlet:param name="id" value="${id}" /></portlet:actionURL>">
+Back to keystore</a></td>
+</tr>
+</table>
+<br/>
+
+<c:forEach items="${certs}" var="cert">
+<table>
+<th>Certificate Info</th>
+<tr>
+<td>Version:</td>
+<td><c:out value="${cert.version}"/></td>
+</tr>
+<tr>
+<td>Subject:</td>
+<td><c:out value="${cert.subjectDN.name}"/></td>
+</tr>
+<tr>
+<td>Issuer:</td>
+<td><c:out value="${cert.issuerDN.name}"/></td>
+</tr>
+<tr>
+<td>Serial Number:</td>
+<td><c:out value="${cert.serialNumber}"/></td>
+</tr>
+<tr>
+<td>Valid From:</td>
+<td><c:out value="${cert.notBefore}"/></td>
+</tr>
+<tr>
+<td>Valid To:</td>
+<td><c:out value="${cert.notAfter}"/></td>
+</tr>
+<tr>
+<td>Signature Alg:</td>
+<td><c:out value="${cert.sigAlgName}"/></td>
+</tr>
+<tr>
+<td>Public Key Alg:</td>
+<td><c:out value="${cert.publicKey.algorithm}"/></td>
+</tr>
+<tr>
+<c:forEach items="${cert.criticalExtensionOIDs}" var="extoid">
+<tr>
+<td>critical ext: </td>
+<td><c:out value="${extoid}"/></td>
+</tr>
+</c:forEach>
+<c:forEach items="${cert.nonCriticalExtensionOIDs}" var="extoid">
+<tr>
+<td>non-critical ext: </td>
+<td><c:out value="${extoid}"/></td>
+</tr>
+</c:forEach>
+</table>
+<br/>
+</c:forEach>
\ No newline at end of file
Propchange: geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/certificateDetails.jsp
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/certificateDetails.jsp
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/certificateDetails.jsp
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/generateCSR.jsp
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/generateCSR.jsp?rev=427268&view=auto
==============================================================================
--- geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/generateCSR.jsp (added)
+++ geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/generateCSR.jsp Mon Jul 31 14:04:16 2006
@@ -0,0 +1,24 @@
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib uri="http://java.sun.com/portlet" prefix="portlet"%>
+<portlet:defineObjects/>
+keystore: ${id}<br/>
+alias: ${alias}<br/>
+
+<table>
+<th>PKCS10 Certification Request</th>
+<tr>
+<td>
+<form action=>
+<textarea rows="15" cols="80" readonly>
+${csr}
+</textarea>
+</td>
+</tr>
+<tr>
+<td><a href="<portlet:actionURL portletMode="view">
+<portlet:param name="mode" value="generateCSR-after" />
+<portlet:param name="id" value="${id}" />
+<portlet:param name="alias" value="${alias}" /></portlet:actionURL>">
+Back</a></td>
+</tr>
+</table>
Propchange: geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/generateCSR.jsp
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/generateCSR.jsp
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/generateCSR.jsp
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/importCAReply.jsp
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/importCAReply.jsp?rev=427268&view=auto
==============================================================================
--- geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/importCAReply.jsp (added)
+++ geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/importCAReply.jsp Mon Jul 31 14:04:16 2006
@@ -0,0 +1,28 @@
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib uri="http://java.sun.com/portlet" prefix="portlet"%>
+<portlet:defineObjects/>
+keystore: ${id}<br/>
+alias: ${alias}<br/>
+
+<form method="post"
+action="<portlet:actionURL>
+<portlet:param name="mode" value="importCAReply-after" />
+<portlet:param name="id" value="${id}" />
+<portlet:param name="alias" value="${alias}" /></portlet:actionURL>">
+<table>
+<th>PKCS7 Certificate Reply</th>
+<tr>
+<td>
+<textarea rows="20" cols="80" name="pkcs7cert">
+...paste pkcs7 encoded certificate reply here...
+</textarea>
+</td>
+</tr>
+</table>
+<table>
+<tr>
+<td><input type="submit" name="submit" value="Save"/></td>
+<td><input type="submit" name="submit" value="Cancel"/></td>
+</tr>
+</table>
+</form>
\ No newline at end of file
Propchange: geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/importCAReply.jsp
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/importCAReply.jsp
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/importCAReply.jsp
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/uploadCertificate.jsp
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/uploadCertificate.jsp?rev=427268&r1=427267&r2=427268&view=diff
==============================================================================
--- geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/uploadCertificate.jsp (original)
+++ geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/uploadCertificate.jsp Mon Jul 31 14:04:16 2006
@@ -3,28 +3,49 @@
<%@ taglib uri="http://java.sun.com/portlet" prefix="portlet"%>
<portlet:defineObjects/>
+<script language="JavaScript">
+var <portlet:namespace/>formName = "<portlet:namespace/>KeystoreForm";
+var <portlet:namespace/>requiredFields = new Array("alias");
+function <portlet:namespace/>validateForm(){
+ return textElementsNotEmpty(<portlet:namespace/>formName,<portlet:namespace/>requiredFields);
+}
+</script>
+
+<!-- Uploading certificate using a disk file fails on Windows. Certificate text is used instead.
<p>This screen lets you select a certificate to import into the keystore. Select the
certificate file and specify an alias to store it under in the keystore. The next
step will be to review the certificate before committing it to the keystore.</p>
+-->
+<p>This screen lets you input a certificate to import into the keystore. Paste the content of the
+certificate file in the text area and specify an alias to store it under in the keystore. The next
+step will let you review the certificate before committing it to the keystore.</p>
<form enctype="multipart/form-data" method="POST" name="<portlet:namespace/>KeystoreForm" action="<portlet:actionURL/>">
<input type="hidden" name="id" value="${id}" />
<input type="hidden" name="mode" value="uploadCertificate-after" />
<table border="0">
+ <th align="left"> Trusted Certificate </th>
+<!-- Uploading certificate using a disk file fails on Windows. Certificate text is used instead.
<tr>
<th align="right">Certificate file:</th>
<td>
<input type="file" name="certificate" size="40" />
</td>
</tr>
+ -->
+ <tr>
+ <td colspan="2">
+ <textarea rows="15" cols="80" name="certificate">...paste trusted certificate text here...</textarea>
+ </td>
+ </tr>
<tr>
- <th align="right">Alias for certificate:</th>
+ <th align="left">Alias for certificate:</th>
<td>
<input type="text" name="alias" size="20" maxlength="200" />
</td>
</tr>
</table>
- <input type="submit" value="Review Certificate" />
+ <input type="submit" value="Review Certificate" onclick="return <portlet:namespace/>validateForm()"/>
</form>
Modified: geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/viewKeystore.jsp
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/viewKeystore.jsp?rev=427268&r1=427267&r2=427268&view=diff
==============================================================================
--- geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/viewKeystore.jsp (original)
+++ geronimo/branches/1.1/applications/console-standard/src/webapp/WEB-INF/view/keystore/viewKeystore.jsp Mon Jul 31 14:04:16 2006
@@ -6,20 +6,47 @@
<table width="100%">
<tr>
+ <td class="DarkBackground"> </td>
<td class="DarkBackground">Alias</td>
<td class="DarkBackground" align="center">Type</td>
<td class="DarkBackground" align="center">Certificate Fingerprint</td>
</tr>
<c:forEach var="alias" items="${keystore.certificates}">
<tr>
- <td>${alias}</td>
+ <td><a href="<portlet:actionURL portletMode="view">
+ <portlet:param name="mode" value="certificateDetails-before" />
+ <portlet:param name="id" value="${keystore.instance.keystoreName}" />
+ <portlet:param name="alias" value="${alias}" /></portlet:actionURL>">
+ view
+ </a>
+ </td>
+ <td><a href="<portlet:actionURL portletMode="view">
+ <portlet:param name="mode" value="certificateDetails-before" />
+ <portlet:param name="id" value="${keystore.instance.keystoreName}" />
+ <portlet:param name="alias" value="${alias}" /></portlet:actionURL>">
+ ${alias}
+ </a>
+ </td>
<td>Trusted Certificate</td>
<td>${keystore.fingerprints[alias]}</td>
</tr>
</c:forEach>
<c:forEach var="alias" items="${keystore.keys}">
<tr>
- <td>${alias}</td>
+ <td><a href="<portlet:actionURL portletMode="view">
+ <portlet:param name="mode" value="certificateDetails-before" />
+ <portlet:param name="id" value="${keystore.instance.keystoreName}" />
+ <portlet:param name="alias" value="${alias}" /></portlet:actionURL>">
+ view
+ </a>
+ </td>
+ <td><a href="<portlet:actionURL portletMode="view">
+ <portlet:param name="mode" value="certificateDetails-before" />
+ <portlet:param name="id" value="${keystore.instance.keystoreName}" />
+ <portlet:param name="alias" value="${alias}" /></portlet:actionURL>">
+ ${alias}
+ </a>
+ </td>
<td>Private Key</td>
<td>${keystore.fingerprints[alias]}</td>
</tr>
Modified: geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java?rev=427268&r1=427267&r2=427268&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java (original)
+++ geronimo/branches/1.1/modules/management/src/java/org/apache/geronimo/management/geronimo/KeystoreInstance.java Mon Jul 31 14:04:16 2006
@@ -166,4 +166,15 @@
* @param algorithm The SSL algorithm to use for this trust manager
*/
public TrustManager[] getTrustManager(String algorithm) throws KeyStoreException, NoSuchAlgorithmException, KeystoreIsLocked;
+
+ public String generateCSR(String alias);
+
+ public void importPKCS7Certificate(String alias, String certbuf)
+ throws java.security.cert.CertificateException,
+ java.security.NoSuchProviderException,
+ java.security.KeyStoreException,
+ java.security.NoSuchAlgorithmException,
+ java.security.UnrecoverableKeyException, java.io.IOException;
+
+ public void deleteEntry(String alias);
}
Modified: geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java?rev=427268&r1=427267&r2=427268&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java (original)
+++ geronimo/branches/1.1/modules/security/src/java/org/apache/geronimo/security/keystore/FileKeystoreInstance.java Mon Jul 31 14:04:16 2006
@@ -18,6 +18,8 @@
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
@@ -31,14 +33,17 @@
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
@@ -62,6 +67,11 @@
import org.apache.geronimo.management.geronimo.KeystoreInstance;
import org.apache.geronimo.management.geronimo.KeystoreIsLocked;
import org.apache.geronimo.system.serverinfo.ServerInfo;
+import org.apache.geronimo.util.asn1.ASN1Set;
+import org.apache.geronimo.util.asn1.DEROutputStream;
+import org.apache.geronimo.util.asn1.x509.X509Name;
+import org.apache.geronimo.util.encoders.Base64;
+import org.apache.geronimo.util.jce.PKCS10CertificationRequest;
import org.apache.geronimo.util.jce.X509Principal;
import org.apache.geronimo.util.jce.X509V1CertificateGenerator;
@@ -285,6 +295,135 @@
return false;
}
+
+ public String generateCSR(String alias) {
+ // find certificate by alias
+ X509Certificate cert = null;
+ try {
+ cert = (X509Certificate) keystore.getCertificate(alias);
+ } catch (KeyStoreException e) {
+ log.error("Unable to generate CSR", e);
+ }
+
+ // find private key by alias
+ PrivateKey key = null;
+ try {
+ key = (PrivateKey) keystore.getKey(alias, (char[])keyPasswords.get(alias));
+ } catch (KeyStoreException e) {
+ log.error("Unable to generate CSR", e);
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Unable to generate CSR", e);
+ } catch (UnrecoverableKeyException e) {
+ log.error("Unable to generate CSR", e);
+ }
+
+ // generate csr
+ String csr = null;
+ try {
+ csr = generateCSR(cert, key);
+ } catch (Exception e) {
+ log.error("Unable to generate CSR", e);
+ }
+ return csr;
+ }
+
+ private String generateCSR(X509Certificate cert, PrivateKey signingKey) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, KeyStoreException, IOException {
+ String sigalg = cert.getSigAlgName();
+ X509Name subject = new X509Name(cert.getSubjectDN().toString());
+ PublicKey publicKey = cert.getPublicKey();
+ ASN1Set attributes = null;
+
+ PKCS10CertificationRequest csr = new PKCS10CertificationRequest(sigalg,
+ subject, publicKey, attributes, signingKey);
+
+ if (!csr.verify()) {
+ throw new KeyStoreException("CSR verification failed");
+ }
+
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ DEROutputStream deros = new DEROutputStream(os);
+ deros.writeObject(csr.getDERObject());
+ String b64 = new String(Base64.encode(os.toByteArray()));
+
+ final String BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----";
+ final String END_CERT_REQ = "-----END CERTIFICATE REQUEST-----";
+ final int CERT_REQ_LINE_LENGTH = 70;
+
+ StringBuffer sbuf = new StringBuffer(BEGIN_CERT_REQ).append('\n');
+
+ int idx = 0;
+ while (idx < b64.length()) {
+
+ int len = (idx + CERT_REQ_LINE_LENGTH > b64.length()) ? b64
+ .length()
+ - idx : CERT_REQ_LINE_LENGTH;
+
+ String chunk = b64.substring(idx, idx + len);
+
+ sbuf.append(chunk).append('\n');
+ idx += len;
+ }
+
+ sbuf.append(END_CERT_REQ);
+ return sbuf.toString();
+ }
+
+ public void importPKCS7Certificate(String alias, String certbuf)
+ throws java.security.cert.CertificateException,
+ java.security.NoSuchProviderException,
+ java.security.KeyStoreException,
+ java.security.NoSuchAlgorithmException,
+ java.security.UnrecoverableKeyException, java.io.IOException {
+ InputStream is = null;
+
+ try {
+ is = new ByteArrayInputStream(certbuf.getBytes());
+ importPKCS7Certificate(alias, is);
+ } finally {
+ if (is != null) {
+ try {
+ is.close();
+ } catch (Exception e) {
+ }
+ }
+ }
+ }
+
+ private void importPKCS7Certificate(String alias, InputStream is)
+ throws java.security.cert.CertificateException,
+ java.security.NoSuchProviderException,
+ java.security.KeyStoreException,
+ java.security.NoSuchAlgorithmException,
+ java.security.UnrecoverableKeyException, java.io.IOException {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ Collection certcoll = cf.generateCertificates(is);
+
+ Certificate[] chain = new Certificate[certcoll.size()];
+
+ Iterator iter = certcoll.iterator();
+ for (int i = 0; iter.hasNext(); i++) {
+ chain[i] = (Certificate) iter.next();
+ }
+
+ char[] keyPassword = (char[])keyPasswords.get(alias);
+ keystore.setKeyEntry(alias, keystore.getKey(alias, keyPassword), keyPassword,
+ chain);
+
+ saveKeystore(keystorePassword);
+ }
+
+ public void deleteEntry(String alias) {
+ try {
+ keystore.deleteEntry(alias);
+ privateKeys.remove(alias);
+ trustCerts.remove(alias);
+ keyPasswords.remove(alias);
+ } catch (KeyStoreException e) {
+ log.error("Unable to delete entry:"+alias, e);
+ }
+ saveKeystore(keystorePassword);
+ }
+
public KeyManager[] getKeyManager(String algorithm, String alias) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeystoreIsLocked {
if(isKeystoreLocked()) {
throw new KeystoreIsLocked("Keystore '"+keystoreName+"' is locked; please unlock it in the console.");