@PublicAPI(stability=VOLATILE, mayInstantiate=true, mayExtend=false, mayInvoke=true) public final class CertificateManager extends Object
Modifier and Type | Field and Description |
---|---|
static String |
KEY_STORE_PATH_PKCS11
The key store path value that must be used in conjunction with the PKCS11 key store type.
|
static String |
KEY_STORE_TYPE_JCEKS
The key store type value that should be used for the "JCEKS" key store.
|
static String |
KEY_STORE_TYPE_JKS
The key store type value that should be used for the "JKS" key store.
|
static String |
KEY_STORE_TYPE_PKCS11
The key store type value that should be used for the "PKCS11" key store.
|
static String |
KEY_STORE_TYPE_PKCS12
The key store type value that should be used for the "PKCS12" key store.
|
Constructor and Description |
---|
CertificateManager(String keyStorePath,
String keyStoreType,
char[] keyStorePassword)
Creates a new certificate manager instance with the provided information.
|
CertificateManager(String keyStorePath,
String keyStoreType,
String keyStorePassword)
Creates a new certificate manager instance with the provided information.
|
Modifier and Type | Method and Description |
---|---|
void |
addCertificate(String alias,
File certificateFile)
Adds the provided certificate to the key store.
|
boolean |
aliasInUse(String alias)
Indicates whether the provided alias is in use in the key store.
|
void |
generateSelfSignedCertificate(Platform.KeyType keyType,
String alias,
String subjectDN,
int validity)
Generates a self-signed certificate using the provided information.
|
Certificate |
getCertificate(String alias)
Retrieves the certificate with the specified alias from the key store.
|
String[] |
getCertificateAliases()
Retrieves the aliases of the certificates in the specified key store.
|
boolean |
hasRealAliases()
Returns whether this certificate manager contains 'real' aliases or not.
|
static boolean |
mayUseCertificateManager()
Always return true.
|
void |
removeCertificate(String alias)
Removes the specified certificate from the key store.
|
public static final String KEY_STORE_TYPE_JKS
public static final String KEY_STORE_TYPE_JCEKS
public static final String KEY_STORE_TYPE_PKCS11
public static final String KEY_STORE_TYPE_PKCS12
public static final String KEY_STORE_PATH_PKCS11
public CertificateManager(String keyStorePath, String keyStoreType, String keyStorePassword) throws IllegalArgumentException
keyStorePath
- The path to the key store file, or "NONE" if the key store type is "PKCS11". For the other key store
types, the file does not need to exist if a new self-signed certificate or certificate signing request
is to be generated, although the directory containing the file must exist. The key store file must
exist if import or export operations are to be performed.keyStoreType
- The key store type to use. It should be one of KEY_STORE_TYPE_JKS
,
KEY_STORE_TYPE_JCEKS
, KEY_STORE_TYPE_PKCS11
, or KEY_STORE_TYPE_PKCS12
.keyStorePassword
- The password required to access the key store. It may be null
.IllegalArgumentException
- If an argument is invalid or null
.public CertificateManager(String keyStorePath, String keyStoreType, char[] keyStorePassword) throws IllegalArgumentException
keyStorePath
- The path to the key store file, or "NONE" if the key store type is "PKCS11". For the other key store
types, the file does not need to exist if a new self-signed certificate or certificate signing request
is to be generated, although the directory containing the file must exist. The key store file must
exist if import or export operations are to be performed.keyStoreType
- The key store type to use. It should be one of KEY_STORE_TYPE_JKS
,
KEY_STORE_TYPE_JCEKS
, KEY_STORE_TYPE_PKCS11
, or KEY_STORE_TYPE_PKCS12
.keyStorePassword
- The password required to access the key store. It may be null
.IllegalArgumentException
- If an argument is invalid or null
.public static boolean mayUseCertificateManager()
public boolean aliasInUse(String alias) throws KeyStoreException
alias
- The alias for which to make the determination. It must not be null
or empty.true
if the key store exist and already contains a certificate with the given alias, or
false
if not.KeyStoreException
- If a problem occurs while attempting to interact with the key store.public String[] getCertificateAliases() throws KeyStoreException
null
if the key store does not
exist.KeyStoreException
- If a problem occurs while attempting to interact with the key store.public Certificate getCertificate(String alias) throws KeyStoreException
alias
- The alias of the certificate to retrieve. It must not be null
or empty.null
if the specified certificate does not exist.KeyStoreException
- If a problem occurs while interacting with the key store, or the key store does not exist..public void generateSelfSignedCertificate(Platform.KeyType keyType, String alias, String subjectDN, int validity) throws KeyStoreException, IllegalArgumentException
keyType
- Specifies the key size, key and signature algorithms.alias
- The nickname to use for the certificate in the key store. For the server certificate, it should
generally be "server-cert". It must not be null
or empty.subjectDN
- The subject DN to use for the certificate. It must not be null
or empty.validity
- The length of time in days that the certificate should be valid, starting from the time the
certificate is generated. It must be a positive integer value.KeyStoreException
- If a problem occurs while actually attempting to generate the certificate in the key store.IllegalArgumentException
- If the validity parameter is not a positive integer, or the alias is already in the keystore.public void addCertificate(String alias, File certificateFile) throws KeyStoreException, IllegalArgumentException
alias
- The alias to use for the certificate. It must not be null
or empty.certificateFile
- The file containing the encoded certificate. It must not be null
, and the file must exist.KeyStoreException
- If a problem occurs while interacting with the key store.IllegalArgumentException
- If the certificate file is not valid.public void removeCertificate(String alias) throws KeyStoreException, IllegalArgumentException
alias
- The alias to use for the certificate to remove. It must not be null
or an empty string, and it
must exist in the key store.KeyStoreException
- If a problem occurs while interacting with the key store.IllegalArgumentException
- If the alias is in use and cannot be deleted.public boolean hasRealAliases() throws KeyStoreException
KeyStoreException
- if there is a problem accessing the key store.Copyright © 2010–2017 ForgeRock AS. All rights reserved.