Return-Path: Delivered-To: apmail-geronimo-scm-archive@www.apache.org Received: (qmail 70923 invoked from network); 27 Mar 2006 17:43:54 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 27 Mar 2006 17:43:54 -0000 Received: (qmail 25506 invoked by uid 500); 27 Mar 2006 17:43:53 -0000 Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org Received: (qmail 25478 invoked by uid 500); 27 Mar 2006 17:43:53 -0000 Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list scm@geronimo.apache.org Received: (qmail 25465 invoked by uid 99); 27 Mar 2006 17:43:53 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Mar 2006 09:43:53 -0800 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.29) with SMTP; Mon, 27 Mar 2006 09:43:52 -0800 Received: (qmail 70875 invoked by uid 65534); 27 Mar 2006 17:43:32 -0000 Message-ID: <20060327174332.70873.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r389206 [2/2] - in /geronimo/trunk: applications/console-standard/src/java/org/apache/geronimo/console/keystores/ applications/console-standard/src/java/org/apache/geronimo/console/webmanager/ applications/console-standard/src/webapp/WEB-IN... Date: Mon, 27 Mar 2006 17:43:25 -0000 To: scm@geronimo.apache.org From: ammulder@apache.org X-Mailer: svnmailer-1.0.7 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreInstance.java URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreInstance.java?rev=389206&r1=389205&r2=389206&view=diff ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreInstance.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreInstance.java Mon Mar 27 09:43:21 2006 @@ -16,7 +16,12 @@ */ package org.apache.geronimo.security.keystore; +import javax.net.ssl.KeyManager; +import javax.net.ssl.TrustManager; import java.security.cert.Certificate; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.KeyStoreException; /** * Management interface for dealing with a specific Keystore @@ -71,6 +76,19 @@ public boolean unlockPrivateKey(String alias, char[] password) throws KeystoreIsLocked; /** + * Gets the aliases for all the private keys that are currently unlocked. + * This only works if the keystore is unlocked. + */ + public String[] getUnlockedKeys() throws KeystoreIsLocked; + + /** + * Checks whether this keystore can be used as a trust store (e.g. has at + * least one trust certificate). This only works if the keystore is + * unlocked. + */ + public boolean isTrustStore() throws KeystoreIsLocked; + + /** * Clears any saved password for the specified private key, meaning this * key cannot be used for a socket factory by other server components. * You can still query and update it by passing the password to other @@ -130,4 +148,22 @@ public boolean generateKeyPair(String alias, char[] storePassword, char[] keyPassword, String keyAlgorithm, int keySize, String signatureAlgorithm, int validity, String commonName, String orgUnit, String organization, String locality, String state, String country); + + + /** + * Gets a KeyManager for a key in this Keystore. This only works if both + * the keystore and the private key in question have been unlocked, + * allowing other components in the server to access them. + * @param algorithm The SSL algorithm to use for this key manager + * @param alias The alias of the key to use in the keystore + */ + public KeyManager[] getKeyManager(String algorithm, String alias) throws NoSuchAlgorithmException, + UnrecoverableKeyException, KeyStoreException, KeystoreIsLocked; + + /** + * Gets a TrustManager for this keystore. This only works if the keystore + * has been unlocked, allowing other components in the server to access it. + * @param algorithm The SSL algorithm to use for this trust manager + */ + public TrustManager[] getTrustManager(String algorithm) throws KeyStoreException, NoSuchAlgorithmException, KeystoreIsLocked; } Modified: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreManager.java URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreManager.java?rev=389206&r1=389205&r2=389206&view=diff ============================================================================== --- geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreManager.java (original) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/keystore/KeystoreManager.java Mon Mar 27 09:43:21 2006 @@ -16,7 +16,12 @@ */ package org.apache.geronimo.security.keystore; -import javax.net.ServerSocketFactory; +import javax.net.ssl.SSLServerSocketFactory; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.KeyStoreException; +import java.security.KeyManagementException; +import java.security.NoSuchProviderException; /** * Management interface for working with keystores. Mostly this is used to @@ -41,6 +46,9 @@ /** * Gets a ServerSocketFactory using one Keystore to access the private key * and another to provide the list of trusted certificate authorities. + * @param provider The SSL provider to use, or null for the default + * @param protocol The SSL protocol to use + * @param algorithm The SSL algorithm to use * @param keyStore The key keystore name as provided by listKeystores. The * KeystoreInstance for this keystore must be unlocked. * @param keyAlias The name of the private key in the keystore. The @@ -56,8 +64,9 @@ * keystore cannot be used because it has not been * unlocked. */ - public ServerSocketFactory createSSLFactory(String keyStore, String keyAlias, String trustStore) - throws KeystoreIsLocked, KeyIsLocked; + public SSLServerSocketFactory createSSLFactory(String provider, String protocol, String algorithm, + String keyStore, String keyAlias, String trustStore, ClassLoader loader) + throws KeystoreIsLocked, KeyIsLocked, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException, NoSuchProviderException; /** * Creates a new, empty keystore. The name should be a valid file name @@ -67,4 +76,18 @@ * @param password The password to use to protect the new keystore */ public KeystoreInstance createKeystore(String name, char[] password); + + /** + * Gets the aliases for any keystores that are available to be used as + * private key keystores for an SSL factory. This means the keystore is + * unlocked and contains at least one private key that's unlocked. + */ + public String[] getUnlockedKeyStores(); + + /** + * Gets the aliases for any keystores that are available to be used as + * trusted certificate keystores for an SSL factory. This means the + * keystore is unlocked and contains at least one trust certificate. + */ + public String[] getUnlockedTrustStores(); }