You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by am...@apache.org on 2006/03/27 19:43:25 UTC
svn commit: r389206 [2/2] - in /geronimo/trunk:
applications/console-standard/src/java/org/apache/geronimo/console/keystores/
applications/console-standard/src/java/org/apache/geronimo/console/webmanager/
applications/console-standard/src/webapp/WEB-IN...
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreInstance.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreInstance.java?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreInstance.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreInstance.java Mon Mar 27 09:43:21 2006
@@ -16,7 +16,12 @@
*/
package org.apache.geronimo.security.keystore;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
import java.security.cert.Certificate;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.KeyStoreException;
/**
* Management interface for dealing with a specific Keystore
@@ -71,6 +76,19 @@
public boolean unlockPrivateKey(String alias, char[] password) throws KeystoreIsLocked;
/**
+ * Gets the aliases for all the private keys that are currently unlocked.
+ * This only works if the keystore is unlocked.
+ */
+ public String[] getUnlockedKeys() throws KeystoreIsLocked;
+
+ /**
+ * Checks whether this keystore can be used as a trust store (e.g. has at
+ * least one trust certificate). This only works if the keystore is
+ * unlocked.
+ */
+ public boolean isTrustStore() throws KeystoreIsLocked;
+
+ /**
* Clears any saved password for the specified private key, meaning this
* key cannot be used for a socket factory by other server components.
* You can still query and update it by passing the password to other
@@ -130,4 +148,22 @@
public boolean generateKeyPair(String alias, char[] storePassword, char[] keyPassword, String keyAlgorithm, int keySize,
String signatureAlgorithm, int validity, String commonName, String orgUnit,
String organization, String locality, String state, String country);
+
+
+ /**
+ * Gets a KeyManager for a key in this Keystore. This only works if both
+ * the keystore and the private key in question have been unlocked,
+ * allowing other components in the server to access them.
+ * @param algorithm The SSL algorithm to use for this key manager
+ * @param alias The alias of the key to use in the keystore
+ */
+ public KeyManager[] getKeyManager(String algorithm, String alias) throws NoSuchAlgorithmException,
+ UnrecoverableKeyException, KeyStoreException, KeystoreIsLocked;
+
+ /**
+ * Gets a TrustManager for this keystore. This only works if the keystore
+ * has been unlocked, allowing other components in the server to access it.
+ * @param algorithm The SSL algorithm to use for this trust manager
+ */
+ public TrustManager[] getTrustManager(String algorithm) throws KeyStoreException, NoSuchAlgorithmException, KeystoreIsLocked;
}
Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreManager.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreManager.java?rev=389206&r1=389205&r2=389206&view=diff
==============================================================================
--- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreManager.java (original)
+++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreManager.java Mon Mar 27 09:43:21 2006
@@ -16,7 +16,12 @@
*/
package org.apache.geronimo.security.keystore;
-import javax.net.ServerSocketFactory;
+import javax.net.ssl.SSLServerSocketFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.KeyStoreException;
+import java.security.KeyManagementException;
+import java.security.NoSuchProviderException;
/**
* Management interface for working with keystores. Mostly this is used to
@@ -41,6 +46,9 @@
/**
* Gets a ServerSocketFactory using one Keystore to access the private key
* and another to provide the list of trusted certificate authorities.
+ * @param provider The SSL provider to use, or null for the default
+ * @param protocol The SSL protocol to use
+ * @param algorithm The SSL algorithm to use
* @param keyStore The key keystore name as provided by listKeystores. The
* KeystoreInstance for this keystore must be unlocked.
* @param keyAlias The name of the private key in the keystore. The
@@ -56,8 +64,9 @@
* keystore cannot be used because it has not been
* unlocked.
*/
- public ServerSocketFactory createSSLFactory(String keyStore, String keyAlias, String trustStore)
- throws KeystoreIsLocked, KeyIsLocked;
+ public SSLServerSocketFactory createSSLFactory(String provider, String protocol, String algorithm,
+ String keyStore, String keyAlias, String trustStore, ClassLoader loader)
+ throws KeystoreIsLocked, KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException, NoSuchProviderException;
/**
* Creates a new, empty keystore. The name should be a valid file name
@@ -67,4 +76,18 @@
* @param password The password to use to protect the new keystore
*/
public KeystoreInstance createKeystore(String name, char[] password);
+
+ /**
+ * Gets the aliases for any keystores that are available to be used as
+ * private key keystores for an SSL factory. This means the keystore is
+ * unlocked and contains at least one private key that's unlocked.
+ */
+ public String[] getUnlockedKeyStores();
+
+ /**
+ * Gets the aliases for any keystores that are available to be used as
+ * trusted certificate keystores for an SSL factory. This means the
+ * keystore is unlocked and contains at least one trust certificate.
+ */
+ public String[] getUnlockedTrustStores();
}