/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2008-2010 Sun Microsystems, Inc.
* Portions Copyright 2013 ForgeRock AS
*/
/**
* This class provides an interface for generating self-signed certificates and
* certificate signing requests, and for importing, exporting, and deleting
* certificates from a key store. It supports JKS, PKCS11, and PKCS12 key store
* types.
* <BR><BR>
This code uses the Platform class to perform all of the certificate
management.
*/
mayInstantiate=true,
mayExtend=false,
mayInvoke=true)
public final class CertificateManager {
/**
* The key store type value that should be used for the "JKS" key store.
*/
/**
* The key store type value that should be used for the "JCEKS" key store.
*/
/**
* The key store type value that should be used for the "PKCS11" key store.
*/
/**
* The key store type value that should be used for the "PKCS12" key store.
*/
/**
* The key store path value that must be used in conjunction with the PKCS11
* key store type.
*/
//Error message strings.
"certificate request file";
// The parsed key store backing this certificate manager.
// The path to the key store that we should be using.
// The name of the key store type we are using.
private final char[] password;
/**
* Always return true.
*
* @return This always returns true;
*/
public static boolean mayUseCertificateManager() {
return true;
}
/**
* Creates a new certificate manager instance with the provided information.
*
* @param keyStorePath The path to the key store file, or "NONE" if the key
* store type is "PKCS11". For the other key store
* types, the file does not need to exist if a new
* self-signed certificate or certificate signing
* request is to be generated, although the directory
* containing the file must exist. The key store file
* must exist if import or export operations are to be
* performed.
* @param keyStoreType The key store type to use. It should be one of
* {@code KEY_STORE_TYPE_JKS},
* {@code KEY_STORE_TYPE_JCEKS},
* {@code KEY_STORE_TYPE_PKCS11}, or
* {@code KEY_STORE_TYPE_PKCS12}.
* @param keyStorePassword The password required to access the key store.
* It must not be {@code null}.
* @throws IllegalArgumentException If an argument is invalid or {@code null}.
*
*/
throws IllegalArgumentException {
}
if (keyStoreFile.exists()) {
if (! keyStoreFile.isFile()) {
}
} else {
(! keyStoreDirectory.isDirectory())) {
}
}
} else {
}
this.keyStorePath = keyStorePath;
this.keyStoreType = keyStoreType;
this.password =
}
/**
* Indicates whether the provided alias is in use in the key store.
*
* @param alias The alias for which to make the determination. It must not
* be {@code null} or empty.
*
* @return {@code true} if the key store exist and already contains a
* certificate with the given alias, or {@code false} if not.
*
* @throws KeyStoreException If a problem occurs while attempting to
* interact with the key store.
*/
throws KeyStoreException {
return false;
}
/**
* Retrieves the aliases of the certificates in the specified key store.
*
* @return The aliases of the certificates in the specified key store, or
* {@code null} if the key store does not exist.
*
* @throws KeyStoreException If a problem occurs while attempting to
* interact with the key store.
*/
return null;
if (aliasEnumeration == null)
return new String[0];
while (aliasEnumeration.hasMoreElements())
}
/**
* Retrieves the certificate with the specified alias from the key store.
*
* @param alias The alias of the certificate to retrieve. It must not be
* {@code null} or empty.
*
* @return The requested certificate, or {@code null} if the specified
* certificate does not exist.
*
* @throws KeyStoreException If a problem occurs while interacting with the
* key store, or the key store does not exist..
*/
throws KeyStoreException {
}
return cert;
}
/**
* Generates a self-signed certificate using the provided information.
*
* @param alias The nickname to use for the certificate in the key
* store. For the server certificate, it should generally
* be "server-cert". It must not be {@code null} or empty.
* @param subjectDN The subject DN to use for the certificate. It must not
* be {@code null} or empty.
* @param validity The length of time in days that the certificate should
* be valid, starting from the time the certificate is
* generated. It must be a positive integer value.
* @throws KeyStoreException If a problem occurs while actually attempting
* to generate the certificate in the key store.
*@throws IllegalArgumentException If the validity parameter is not a
* positive integer, or the alias is already
* in the keystore.
*/
int validity)
throws KeyStoreException, IllegalArgumentException {
if (validity <= 0) {
}
if (aliasInUse(alias)) {
}
}
/**
* Adds the provided certificate to the key store. This may be used to
* associate an externally-signed certificate with an existing private key
* with the given alias.
*
* @param alias The alias to use for the certificate. It must not
* be {@code null} or empty.
* @param certificateFile The file containing the encoded certificate. It
* must not be {@code null}, and the file must exist.
* @throws KeyStoreException If a problem occurs while interacting with the
* key store.
*
*@throws IllegalArgumentException If the certificate file is not valid.
*/
throws KeyStoreException, IllegalArgumentException {
if ((! certificateFile.exists()) ||
(! certificateFile.isFile())) {
}
}
/**
* Removes the specified certificate from the key store.
*
* @param alias The alias to use for the certificate to remove. It must not
* be {@code null} or an empty string, and it must exist in
* the key store.
*
* @throws KeyStoreException If a problem occurs while interacting with the
* key store.
*@throws IllegalArgumentException If the alias is in use and cannot be
* deleted.
*/
throws KeyStoreException, IllegalArgumentException {
if (!aliasInUse(alias)) {
}
}
/**
* Retrieves a handle to the key store.
*
* @return The handle to the key store, or {@code null} if the key store
* doesn't exist.
*
* @throws KeyStoreException If a problem occurs while trying to open the
* key store.
*/
throws KeyStoreException
{
{
return keyStore;
}
// For JKS and PKCS12 key stores, we should make sure the file exists, and
// we'll need an input stream that we can use to read it. For PKCS11 key
// stores there won't be a file and the input stream should be null.
{
if (! keyStoreFile.exists())
{
return null;
}
try
{
}
catch (final Exception e)
{
}
}
try
{
}
catch (final Exception e)
{
}
finally
{
if (keyStoreInputStream != null)
{
try
{
}
catch (final Throwable t)
{
}
}
}
}
/**
* Returns whether this certificate manager contains 'real' aliases or not.
* For instance, the certificate manager can contain a PKCS12 certificate
* with no alias.
* @return whether this certificate manager contains 'real' aliases or not.
* @throws KeyStoreException if there is a problem accessing the key store.
*/
{
if (realAliases == null)
{
{
}
{
}
else
{
{
}
else
{
}
}
}
return realAliases;
}
}
}
}
}
}