org.eclipse.kura.security.keystore

Interface KeystoreService

@ProviderType
public interface KeystoreService

Provides a list of APIs useful to manage and abstract key objects and certificates

Since:

2.2

Method Summary

Modifier and Type	Method and Description
void	addCRL(java.security.cert.X509CRL crl) Add a X509CRL to the CRLs list.
void	createKeyPair(java.lang.String alias, java.lang.String algorithm, java.security.spec.AlgorithmParameterSpec algorithmParameter, java.lang.String signatureAlgorithm, java.lang.String attributes) Creates and persists a new keypair in the managed keystore using the specified alias.
void	createKeyPair(java.lang.String alias, java.lang.String algorithm, java.security.spec.AlgorithmParameterSpec algorithmParameter, java.lang.String signatureAlgorithm, java.lang.String attributes, java.security.SecureRandom secureRandom) Creates and persists a new keypair in the managed keystore using the specified alias.
void	createKeyPair(java.lang.String alias, java.lang.String algorithm, int keySize, java.lang.String signatureAlgorithm, java.lang.String attributes) Creates and persists a new keypair in the managed keystore using the specified alias.
void	createKeyPair(java.lang.String alias, java.lang.String algorithm, int keySize, java.lang.String signatureAlgorithm, java.lang.String attributes, java.security.SecureRandom secureRandom) Creates and persists a new keypair in the managed keystore using the specified alias.
void	deleteEntry(java.lang.String alias) Deletes the entry identified by the specified alias, if it exists.
java.util.List<java.lang.String>	getAliases() Returns the list of all the aliases corresponding to the keystore service managed objects
java.util.Collection<java.security.cert.CRL>	getCRLs() Returns a list of the current cached CRLs.
java.security.cert.CertStore	getCRLStore() Returns a CertStore containing the cached CRLs.
java.lang.String	getCSR(java.security.KeyPair keyPair, javax.security.auth.x500.X500Principal principal, java.lang.String signerAlg) Creates and returns a CSR for the given keypair based on the provided principal and signer algorithm selected.
java.lang.String	getCSR(java.lang.String alias, javax.security.auth.x500.X500Principal principal, java.lang.String signerAlg) Creates and returns a CSR for the given keypair based on the provided principal and signer algorithm selected.
java.util.Map<java.lang.String,java.security.KeyStore.Entry>	getEntries() Returns the map representing the entries associated with the corresponding aliases in the keystore
java.security.KeyStore.Entry	getEntry(java.lang.String alias) Returns the entry object specified by the provided alias
java.util.List<javax.net.ssl.KeyManager>	getKeyManagers(java.lang.String algorithm) Returns one key manager for each type of key material.
java.security.KeyStore	getKeyStore() Returns the managed KeyStore
void	setEntry(java.lang.String alias, java.security.KeyStore.Entry entry) Stores the specified entry with the defined alias to the managed keystore

Method Detail

getKeyStore

java.security.KeyStore getKeyStore()
                            throws KuraException

Returns the managed KeyStore

Returns:

Throws:

KuraException - when the keystore does not exist or cannot be loaded

getEntry

java.security.KeyStore.Entry getEntry(java.lang.String alias)
                               throws KuraException

Returns the entry object specified by the provided alias

Parameters:

alias -

Returns:

Throws:

KuraException

java.lang.IllegalArgumentException - if the specified alias is null

setEntry

void setEntry(java.lang.String alias,
              java.security.KeyStore.Entry entry)
       throws KuraException

Stores the specified entry with the defined alias to the managed keystore

Parameters:

alias -

entry -

Throws:

KuraException - if the entry could not be set or the keystore could not be persisted

java.lang.IllegalArgumentException - if one of the arguments is null

getEntries

java.util.Map<java.lang.String,java.security.KeyStore.Entry> getEntries()
                                                                 throws KuraException

Returns the map representing the entries associated with the corresponding aliases in the keystore

Returns:

Throws:

KuraException - if the entries could not be retrieved

deleteEntry

void deleteEntry(java.lang.String alias)
          throws KuraException

Deletes the entry identified by the specified alias, if it exists.

Parameters:

alias -

Throws:

KuraException - if the entry could not be deleted or the managed keystore could not be persisted after the change

java.lang.IllegalArgumentException - if the specified alias is null

getKeyManagers

java.util.List<javax.net.ssl.KeyManager> getKeyManagers(java.lang.String algorithm)
                                                 throws KuraException

Returns one key manager for each type of key material.

Parameters:

algorithm -

Returns:

a list of key manager

Throws:

KuraException - if the provided algorithm is not supported or does not exist or if the associated keystore cannot be accessed

java.lang.IllegalArgumentException - if the algorithm is null

createKeyPair

void createKeyPair(java.lang.String alias,
                   java.lang.String algorithm,
                   int keySize,
                   java.lang.String signatureAlgorithm,
                   java.lang.String attributes)
            throws KuraException

Creates and persists a new keypair in the managed keystore using the specified alias.

Parameters:

alias -

algorithm -

keySize -

signatureAlgorithm -

attributes -

Throws:

KuraException - if the keypair cannot be created or the keypair cannot be added to the managed keystore

java.lang.IllegalArgumentException - if one of the arguments is null or empty

createKeyPair

void createKeyPair(java.lang.String alias,
                   java.lang.String algorithm,
                   int keySize,
                   java.lang.String signatureAlgorithm,
                   java.lang.String attributes,
                   java.security.SecureRandom secureRandom)
            throws KuraException

Creates and persists a new keypair in the managed keystore using the specified alias.

Parameters:

alias -

algorithm -

keySize -

signatureAlgorithm -

attributes -

secureRandom -

Throws:

KuraException - if the keypair cannot be created or the keypair cannot be added to the managed keystore

java.lang.IllegalArgumentException - if one of the arguments is null or empty

createKeyPair

void createKeyPair(java.lang.String alias,
                   java.lang.String algorithm,
                   java.security.spec.AlgorithmParameterSpec algorithmParameter,
                   java.lang.String signatureAlgorithm,
                   java.lang.String attributes,
                   java.security.SecureRandom secureRandom)
            throws KuraException

Creates and persists a new keypair in the managed keystore using the specified alias.

Parameters:

alias - a string that will be used to identify the certificate in a key store.

algorithm - a string indicating the algorithm used to generate the keypair.

algorithmParameter - a set of algorithm parameters passed to the keypair generator.

signatureAlgorithm - a string indicating the signature algorithm used to sign the certificate containing the generated keypair.

attributes - a string representing the X.500 Distinguished Name to include in the generated certificate.

secureRandom - the RNG (Random Number Generator) to use in the keypair generator.

Throws:

KuraException - if the keypair cannot be created or the keypair cannot be added to the managed keystore

java.lang.IllegalArgumentException - if one of the arguments is null or empty

Since:

2.4

createKeyPair

void createKeyPair(java.lang.String alias,
                   java.lang.String algorithm,
                   java.security.spec.AlgorithmParameterSpec algorithmParameter,
                   java.lang.String signatureAlgorithm,
                   java.lang.String attributes)
            throws KuraException

Creates and persists a new keypair in the managed keystore using the specified alias.

Parameters:

alias - a string that will be used to identify the certificate in a key store.

algorithm - a string indicating the algorithm used to generate the keypair.

algorithmParameter - a set of algorithm parameters passed to the keypair generator.

signatureAlgorithm - a string indicating the signature algorithm used to sign the certificate containing the generated keypair.

attributes - a string representing the X.500 Distinguished Name to include in the generated certificate.

Throws:

KuraException - if the keypair cannot be created or the keypair cannot be added to the managed keystore

java.lang.IllegalArgumentException - if one of the arguments is null or empty

Since:

2.4

getCSR

java.lang.String getCSR(java.security.KeyPair keyPair,
                        javax.security.auth.x500.X500Principal principal,
                        java.lang.String signerAlg)
                 throws KuraException

Creates and returns a CSR for the given keypair based on the provided principal and signer algorithm selected.

Parameters:

keyPair - a keypair holding the private and public key.

principal - an X500Name containing the subject associated with the request we are building.

signerAlg - a String representing the signer algorithm used to sign the certificate signing request.

Returns:

the Certificate Signing Request in PEM format.

Throws:

KuraException - if the CSR cannot be computed or if it cannot be encoded

java.lang.IllegalArgumentException - if one of the arguments is null or empty

getCSR

java.lang.String getCSR(java.lang.String alias,
                        javax.security.auth.x500.X500Principal principal,
                        java.lang.String signerAlg)
                 throws KuraException

Creates and returns a CSR for the given keypair based on the provided principal and signer algorithm selected.

Parameters:

alias - a string that will be used to identify the entity in the keystore holding the private and public keys.

principal - an X500Name containing the subject associated with the request we are building.

signerAlg - a String representing the signer algorithm used to sign the certificate signing request.

Returns:

the Certificate Signing Request in PEM format.

Throws:

KuraException - if the alias does not correspond to a managed entry of the keystore, it refers to an entry that cannot be used to obtain a CSR or the CSR cannot be computed or encoded

java.lang.IllegalArgumentException - if one of the arguments is null or empty

getAliases

java.util.List<java.lang.String> getAliases()
                                     throws KuraException

Returns the list of all the aliases corresponding to the keystore service managed objects

Returns:

Throws:

KuraException - if the list of aliases cannot be retrieved

getCRLs

java.util.Collection<java.security.cert.CRL> getCRLs()
                                              throws KuraException

Returns a list of the current cached CRLs.

Returns:

a list of the current cached CRLs.

Throws:

KuraException - if the list cannot be retrieved

getCRLStore

java.security.cert.CertStore getCRLStore()
                                  throws KuraException

Returns a CertStore containing the cached CRLs.

Returns:

a CertStore containing the cached CRLs.

Throws:

KuraException - if the CertStore cannot be created.

addCRL

void addCRL(java.security.cert.X509CRL crl)
     throws KuraException

Add a X509CRL to the CRLs list.

Parameters:

crl - a X509CRL to be stored

Throws:

KuraException - if the X509CRL cannot be added.

Since:

2.4