public interface KeystoreProxy
The KeystoreProxy class is used to manage Partner Certificates and Private Keys stored in a Java Keystore.
Any sun keystore provider can be used, provided that it is added as a provider before any concrete implementations are initialised. The default SUN keystore implementation JKS (or JCEKS in JDK1.4) is provided as part of the JRE
In additional to the standard types the following are also supported :
Constants.KEYSTORE_ALIAS
) to be associated with the file. Additionally, the proxy is
implicitly readonly, regardless of where the physical file is held.
Example usage
String url = "file://localhost/path/to/keystore?keyStoreType=JKS"
char[] ksPw = "myPassword".toCharArray();
KeystoreLocation kloc = KeystoreFactory.getDefault().create(url, ksPw);
KeystoreProxy ksm = KeystoreFactory.getDefault().create(kloc);
ksm.load();
PrivateKey key = ksm.getPrivateKey("myAlias", "myPassword".toCharArray());
KeystoreLocation k2 = KeystoreFactory.getDefault().create(u2);
KeystoreProxy ksm2 = KeystoreFactory.getDefault().create(k2);
ksm2.importPrivateKey("myAlias", "myKeyPassword".toCharArray()
"myPFXfile", myPFXpassword.toCharArray());
ksm2.setCertificate("partnerA", partnerCert);
ksm2.commit();
KeystoreFactory
,
KeystoreLocation
Modifier and Type | Method and Description |
---|---|
default void |
commit()
Save the contents of the keystore to file.
|
boolean |
containsAlias(java.lang.String alias)
Checks if the given alias exists in this keystore.
|
java.security.cert.Certificate |
getCertificate(java.lang.String alias)
Return the certificate specified by the given alias.
|
java.security.cert.Certificate[] |
getCertificateChain(java.lang.String alias)
Return the certificate specified by the given alias.
|
java.security.KeyStore |
getKeystore()
Return the underyling keystore object for manual querying.
|
java.security.PrivateKey |
getPrivateKey(java.lang.String alias,
char[] keyPassword)
Method to extract a Partner's Private Key from their Keystore entry and
return a PrivateKey object to the caller.
|
default void |
importCertificateChain(java.lang.String alias,
char[] keyPassword,
java.io.File f)
Import a certificate chain from a file, giving it the assigned alias.
|
default void |
importCertificateChain(java.lang.String alias,
char[] keyPassword,
java.io.InputStream in)
Import a certificate chain from a file, giving it the assigned alias.
|
default void |
importCertificateChain(java.lang.String alias,
char[] keyPassword,
java.lang.String file)
Import a certificate chain from a file, giving it the assigned alias.
|
default void |
importPrivateKey(java.lang.String alias,
char[] keyPassword,
java.io.File file,
char[] filePassword)
Import a private key from a File, and assign it to the given alias.
|
default void |
importPrivateKey(java.lang.String alias,
char[] keyPassword,
java.io.InputStream in,
char[] filePassword)
Import a private key from an inputstream, and assign it to the given alias.
|
default void |
importPrivateKey(java.lang.String alias,
char[] keyPassword,
java.lang.String file,
char[] filePassword)
Import a private key from a File, and assign it to the given alias.
|
void |
load()
Load the keystore.
|
default void |
setCertificate(java.lang.String alias,
java.security.cert.Certificate cert)
Assign the given certificate to the given alias.
|
default void |
setCertificate(java.lang.String alias,
java.io.File file)
Assign the given File (contaning a certificate) to the given alias.
|
default void |
setCertificate(java.lang.String alias,
java.io.InputStream in)
Assign the given InputStream (contaning a certificate) to the given alias.
|
default void |
setCertificate(java.lang.String alias,
java.lang.String filename)
Assign the given file (contaning a certificate) to the given alias.
|
void |
setKeystoreLocation(KeystoreLocation k)
Set the internal KeystoreLocation object to be used.
|
default void |
setPrivateKey(java.lang.String alias,
java.security.PrivateKey privKey,
char[] keyPassword,
java.security.cert.Certificate[] certChain)
Assigns the given key to the given alias, protecting it with the given password.
|
static KeystoreException |
wrapException(java.lang.Throwable orig) |
void setKeystoreLocation(KeystoreLocation k) throws AdaptrisSecurityException
Based on this information, a new KeyStore object is created, and initialised.
k
- the KeystoreProxy objectAdaptrisSecurityException
- wrapping the underlying exceptionKeystoreLocation
void load() throws AdaptrisSecurityException, java.io.IOException
Load the keystore ready for operations upon it
AdaptrisSecurityException
- if there was an error reading the
contents of the keystorejava.io.IOException
- if the keystore is not founddefault void commit() throws AdaptrisSecurityException, java.io.IOException
AdaptrisSecurityException
- if an error was encountered writing to
the keystorejava.io.IOException
- if the file could not be written toKeystoreLocation.isWriteable()
java.security.PrivateKey getPrivateKey(java.lang.String alias, char[] keyPassword) throws AdaptrisSecurityException
alias
- the alias in the keystorekeyPassword
- the associated passwordAdaptrisSecurityException
- for any errorjava.security.cert.Certificate getCertificate(java.lang.String alias) throws AdaptrisSecurityException
alias
- the alias of the CertificateAdaptrisSecurityException
- for any errorjava.security.cert.Certificate[] getCertificateChain(java.lang.String alias) throws AdaptrisSecurityException
alias
- the alias of the Certificate ChainAdaptrisSecurityException
- for any errordefault void setCertificate(java.lang.String alias, java.security.cert.Certificate cert) throws AdaptrisSecurityException
alias
- the alias of the Certificatecert
- the CertificateAdaptrisSecurityException
- for any errorAdaptrisSecurityException
and performs no other action.default void setCertificate(java.lang.String alias, java.io.InputStream in) throws AdaptrisSecurityException
The InputStream is expected to contain a PEM or DER encoded certificate
alias
- the alias of the Certificatein
- the InputStream containing the certificateAdaptrisSecurityException
- for any errorsetCertificate(String, Certificate)
AdaptrisSecurityException
and performs no other action.default void setCertificate(java.lang.String alias, java.io.File file) throws AdaptrisSecurityException
The File is expected to contain a PEM or DER encoded certificate
alias
- the alias of the Certificatefile
- the file containing the certificateAdaptrisSecurityException
- for any errorsetCertificate(String, InputStream)
AdaptrisSecurityException
and performs no other action.default void setCertificate(java.lang.String alias, java.lang.String filename) throws AdaptrisSecurityException
The File is expected to contain a PEM or DER encoded certificate
alias
- the alias of the Certificatefilename
- the file containing the certificateAdaptrisSecurityException
- for any errorsetCertificate(String, File)
AdaptrisSecurityException
and performs no other action.default void setPrivateKey(java.lang.String alias, java.security.PrivateKey privKey, char[] keyPassword, java.security.cert.Certificate[] certChain) throws AdaptrisSecurityException
If the given alias already exists, the keystore information associated with it is overridden by the given key (and possibly certificate chain).
alias
- the alias of the CertificateprivKey
- the PrivateKeykeyPassword
- the password to protect the private keycertChain
- the certificate chainAdaptrisSecurityException
- for any errorAdaptrisSecurityException
and performs no other action.default void importPrivateKey(java.lang.String alias, char[] keyPassword, java.io.InputStream in, char[] filePassword) throws AdaptrisSecurityException
The key is protected by the given key password; The inputstream is expected to contain a KEYSTORE_PKCS12 object exported from Netscape Navigator / Internet Explorer
alias
- the alias of the CertificatekeyPassword
- the password to protect the private keyin
- InputStream containing the KEYSTORE_PKCS12 objectfilePassword
- The password protecting the KEYSTORE_PKCS12AdaptrisSecurityException
- for any errorsetPrivateKey(String, PrivateKey, char[], Certificate[])
AdaptrisSecurityException
and performs no other action.default void importPrivateKey(java.lang.String alias, char[] keyPassword, java.io.File file, char[] filePassword) throws AdaptrisSecurityException
The key is protected by the given key password; The File is expected to contain a KEYSTORE_PKCS12 object exported from Netscape Navigator / Internet Explorer
alias
- the alias of the CertificatekeyPassword
- the password to protect the private keyfile
- the File containing the KEYSTORE_PKCS12 objectfilePassword
- The password protecting the KEYSTORE_PKCS12AdaptrisSecurityException
- for any errorimportPrivateKey(String, char[], InputStream, char[])
AdaptrisSecurityException
and performs no other action.default void importPrivateKey(java.lang.String alias, char[] keyPassword, java.lang.String file, char[] filePassword) throws AdaptrisSecurityException
The key is protected by the given key password; The File is expected to contain a KEYSTORE_PKCS12 object exported from Netscape Navigator / Internet Explorer
alias
- the alias of the CertificatekeyPassword
- the password to protect the private keyfile
- the File containing the KEYSTORE_PKCS12 objectfilePassword
- The password protecting the KEYSTORE_PKCS12AdaptrisSecurityException
- for any errorimportPrivateKey(String, char[], File, char[])
AdaptrisSecurityException
and performs no other action.default void importCertificateChain(java.lang.String alias, char[] keyPassword, java.lang.String file) throws AdaptrisSecurityException
Certificate Chains are only appropriate for keystore keyEntry
types.
This assumes that a keyEntry
with the alias alias
has already been created, and the secret key
associated with this keyEntry
is protected by keyPassword
keyPassword
- the password to access the private keyalias
- the alias to be assignedfile
- the Certificate Chain file to be importedAdaptrisSecurityException
- for any errorimportCertificateChain(String, char[], File)
AdaptrisSecurityException
and performs no other action.default void importCertificateChain(java.lang.String alias, char[] keyPassword, java.io.File f) throws AdaptrisSecurityException
Certificate Chains are only appropriate for keystore keyEntry
types.
This assumes that a keyEntry
with the alias alias
has already been created, and the secret key
associated with this keyEntry
is protected by keyPassword
keyPassword
- the password to access the private keyalias
- the alias to be assignedf
- the Certificate Chain file to be importedAdaptrisSecurityException
- for any errorimportCertificateChain(String, char[], InputStream)
AdaptrisSecurityException
and performs no other action.default void importCertificateChain(java.lang.String alias, char[] keyPassword, java.io.InputStream in) throws AdaptrisSecurityException
This deals with certificate chains as used by Netscape Navigator and Microsoft Internet Explorer; Certificate Chains are only
appropriate for keystore keyEntry
types. This assumes that a keyEntry
with the alias
alias
has already been created, and the secret key associated with this keyEntry
is protected by
keyPassword
AdaptrisSecurityException
and performs no other action.keyPassword
- the password to access the private keyalias
- the alias to be assignedin
- the Certificate Chain file to be importedAdaptrisSecurityException
- for any errorsetPrivateKey(String, PrivateKey, char[], Certificate[])
boolean containsAlias(java.lang.String alias) throws AdaptrisSecurityException
alias
- the alias to check ofAdaptrisSecurityException
- for any errorjava.security.KeyStore getKeystore()
KeyStore
static KeystoreException wrapException(java.lang.Throwable orig)