@PublicAPI(stability=VOLATILE, mayInstantiate=true, mayExtend=false, mayInvoke=true) public final class CertificateManager extends Object
Modifier and Type | Field and Description |
---|---|
static String |
KEY_STORE_PATH_PKCS11
The key store path value that must be used in conjunction with the PKCS11
key store type.
|
static String |
KEY_STORE_TYPE_JCEKS
The key store type value that should be used for the "JCEKS" key store.
|
static String |
KEY_STORE_TYPE_JKS
The key store type value that should be used for the "JKS" key store.
|
static String |
KEY_STORE_TYPE_PKCS11
The key store type value that should be used for the "PKCS11" key store.
|
static String |
KEY_STORE_TYPE_PKCS12
The key store type value that should be used for the "PKCS12" key store.
|
Constructor and Description |
---|
CertificateManager(String keyStorePath,
String keyStoreType,
char[] keyStorePassword)
Creates a new certificate manager instance with the provided information.
|
CertificateManager(String keyStorePath,
String keyStoreType,
String keyStorePassword)
Creates a new certificate manager instance with the provided information.
|
Modifier and Type | Method and Description |
---|---|
void |
addCertificate(String alias,
File certificateFile)
Adds the provided certificate to the key store.
|
boolean |
aliasInUse(String alias)
Indicates whether the provided alias is in use in the key store.
|
void |
generateSelfSignedCertificate(Platform.KeyType keyType,
String alias,
String subjectDN,
int validity)
Generates a self-signed certificate using the provided information.
|
Certificate |
getCertificate(String alias)
Retrieves the certificate with the specified alias from the key store.
|
String[] |
getCertificateAliases()
Retrieves the aliases of the certificates in the specified key store.
|
boolean |
hasRealAliases()
Returns whether this certificate manager contains 'real' aliases or not.
|
static boolean |
mayUseCertificateManager()
Always return true.
|
void |
removeCertificate(String alias)
Removes the specified certificate from the key store.
|
public static final String KEY_STORE_TYPE_JKS
public static final String KEY_STORE_TYPE_JCEKS
public static final String KEY_STORE_TYPE_PKCS11
public static final String KEY_STORE_TYPE_PKCS12
public static final String KEY_STORE_PATH_PKCS11
public CertificateManager(String keyStorePath, String keyStoreType, String keyStorePassword) throws IllegalArgumentException
keyStorePath
- The path to the key store file, or "NONE" if the key
store type is "PKCS11". For the other key store
types, the file does not need to exist if a new
self-signed certificate or certificate signing
request is to be generated, although the directory
containing the file must exist. The key store file
must exist if import or export operations are to be
performed.keyStoreType
- The key store type to use. It should be one of
KEY_STORE_TYPE_JKS
,
KEY_STORE_TYPE_JCEKS
,
KEY_STORE_TYPE_PKCS11
, or
KEY_STORE_TYPE_PKCS12
.keyStorePassword
- The password required to access the key store.
It may be null
.IllegalArgumentException
- If an argument is invalid or null
.public CertificateManager(String keyStorePath, String keyStoreType, char[] keyStorePassword) throws IllegalArgumentException
keyStorePath
- The path to the key store file, or "NONE" if the key
store type is "PKCS11". For the other key store
types, the file does not need to exist if a new
self-signed certificate or certificate signing
request is to be generated, although the directory
containing the file must exist. The key store file
must exist if import or export operations are to be
performed.keyStoreType
- The key store type to use. It should be one of
KEY_STORE_TYPE_JKS
,
KEY_STORE_TYPE_JCEKS
,
KEY_STORE_TYPE_PKCS11
, or
KEY_STORE_TYPE_PKCS12
.keyStorePassword
- The password required to access the key store.
It may be null
.IllegalArgumentException
- If an argument is invalid or null
.public static boolean mayUseCertificateManager()
public boolean aliasInUse(String alias) throws KeyStoreException
alias
- The alias for which to make the determination. It must not
be null
or empty.true
if the key store exist and already contains a
certificate with the given alias, or false
if not.KeyStoreException
- If a problem occurs while attempting to
interact with the key store.public String[] getCertificateAliases() throws KeyStoreException
null
if the key store does not exist.KeyStoreException
- If a problem occurs while attempting to
interact with the key store.public Certificate getCertificate(String alias) throws KeyStoreException
alias
- The alias of the certificate to retrieve. It must not be
null
or empty.null
if the specified
certificate does not exist.KeyStoreException
- If a problem occurs while interacting with the
key store, or the key store does not exist..public void generateSelfSignedCertificate(Platform.KeyType keyType, String alias, String subjectDN, int validity) throws KeyStoreException, IllegalArgumentException
keyType
- Specifies the key size, key and signature algorithms.alias
- The nickname to use for the certificate in the key
store. For the server certificate, it should generally
be "server-cert". It must not be null
or empty.subjectDN
- The subject DN to use for the certificate. It must not
be null
or empty.validity
- The length of time in days that the certificate should
be valid, starting from the time the certificate is
generated. It must be a positive integer value.KeyStoreException
- If a problem occurs while actually attempting
to generate the certificate in the key store.IllegalArgumentException
- If the validity parameter is not a
positive integer, or the alias is already
in the keystore.public void addCertificate(String alias, File certificateFile) throws KeyStoreException, IllegalArgumentException
alias
- The alias to use for the certificate. It must not
be null
or empty.certificateFile
- The file containing the encoded certificate. It
must not be null
, and the file must exist.KeyStoreException
- If a problem occurs while interacting with the
key store.IllegalArgumentException
- If the certificate file is not valid.public void removeCertificate(String alias) throws KeyStoreException, IllegalArgumentException
alias
- The alias to use for the certificate to remove. It must not
be null
or an empty string, and it must exist in
the key store.KeyStoreException
- If a problem occurs while interacting with the
key store.IllegalArgumentException
- If the alias is in use and cannot be
deleted.public boolean hasRealAliases() throws KeyStoreException
KeyStoreException
- if there is a problem accessing the key store.Copyright © 2010-2017 ForgeRock AS. All Rights Reserved.