You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by am...@apache.org on 2006/03/27 19:43:25 UTC

svn commit: r389206 [2/2] - in /geronimo/trunk: applications/console-standard/src/java/org/apache/geronimo/console/keystores/ applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ applications/console-standard/src/webapp/WEB-IN...

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreInstance.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreInstance.java?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreInstance.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreInstance.java Mon Mar 27 09:43:21 2006
@@ -16,7 +16,12 @@
  */
 package org.apache.geronimo.security.keystore;
 
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
 import java.security.cert.Certificate;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.KeyStoreException;
 
 /**
  * Management interface for dealing with a specific Keystore
@@ -71,6 +76,19 @@
     public boolean unlockPrivateKey(String alias, char[] password) throws KeystoreIsLocked;
 
     /**
+     * Gets the aliases for all the private keys that are currently unlocked.
+     * This only works if the keystore is unlocked.
+     */
+    public String[] getUnlockedKeys() throws KeystoreIsLocked;
+
+    /**
+     * Checks whether this keystore can be used as a trust store (e.g. has at
+     * least one trust certificate).  This only works if the keystore is
+     * unlocked.
+     */
+    public boolean isTrustStore() throws KeystoreIsLocked;
+
+    /**
      * Clears any saved password for the specified private key, meaning this
      * key cannot be used for a socket factory by other server components.
      * You can still query and update it by passing the password to other
@@ -130,4 +148,22 @@
     public boolean generateKeyPair(String alias, char[] storePassword, char[] keyPassword, String keyAlgorithm, int keySize,
                                    String signatureAlgorithm, int validity, String commonName, String orgUnit,
                                    String organization, String locality, String state, String country);
+
+
+    /**
+     * Gets a KeyManager for a key in this Keystore.  This only works if both
+     * the keystore and the private key in question have been unlocked,
+     * allowing other components in the server to access them.
+     * @param algorithm The SSL algorithm to use for this key manager
+     * @param alias     The alias of the key to use in the keystore
+     */
+    public KeyManager[] getKeyManager(String algorithm, String alias) throws NoSuchAlgorithmException,
+            UnrecoverableKeyException, KeyStoreException, KeystoreIsLocked;
+
+    /**
+     * Gets a TrustManager for this keystore.  This only works if the keystore
+     * has been unlocked, allowing other components in the server to access it.
+     * @param algorithm The SSL algorithm to use for this trust manager
+     */
+    public TrustManager[] getTrustManager(String algorithm) throws KeyStoreException, NoSuchAlgorithmException, KeystoreIsLocked;
 }

Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreManager.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreManager.java?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreManager.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreManager.java Mon Mar 27 09:43:21 2006
@@ -16,7 +16,12 @@
  */
 package org.apache.geronimo.security.keystore;
 
-import javax.net.ServerSocketFactory;
+import javax.net.ssl.SSLServerSocketFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.KeyStoreException;
+import java.security.KeyManagementException;
+import java.security.NoSuchProviderException;
 
 /**
  * Management interface for working with keystores.  Mostly this is used to
@@ -41,6 +46,9 @@
     /**
      * Gets a ServerSocketFactory using one Keystore to access the private key
      * and another to provide the list of trusted certificate authorities.
+     * @param provider The SSL provider to use, or null for the default
+     * @param protocol The SSL protocol to use
+     * @param algorithm The SSL algorithm to use
      * @param keyStore The key keystore name as provided by listKeystores.  The
      *                 KeystoreInstance for this keystore must be unlocked.
      * @param keyAlias The name of the private key in the keystore.  The
@@ -56,8 +64,9 @@
      *                     keystore cannot be used because it has not been
      *                     unlocked.
      */
-    public ServerSocketFactory createSSLFactory(String keyStore, String keyAlias, String trustStore)
-            throws KeystoreIsLocked, KeyIsLocked;
+    public SSLServerSocketFactory createSSLFactory(String provider, String protocol, String algorithm,
+                                                   String keyStore, String keyAlias, String trustStore, ClassLoader loader)
+            throws KeystoreIsLocked, KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException, NoSuchProviderException;
 
     /**
      * Creates a new, empty keystore.  The name should be a valid file name
@@ -67,4 +76,18 @@
      * @param password The password to use to protect the new keystore
      */
     public KeystoreInstance createKeystore(String name, char[] password);
+
+    /**
+     * Gets the aliases for any keystores that are available to be used as
+     * private key keystores for an SSL factory.  This means the keystore is
+     * unlocked and contains at least one private key that's unlocked.
+     */
+    public String[] getUnlockedKeyStores();
+
+    /**
+     * Gets the aliases for any keystores that are available to be used as
+     * trusted certificate keystores for an SSL factory.  This means the
+     * keystore is unlocked and contains at least one trust certificate.
+     */
+    public String[] getUnlockedTrustStores();
 }