public interface KeyStoreService
KeyManager
instances for accessing private keys and the system-wide TrustManager
for validating
signatures and certificates.Modifier and Type | Method and Description |
---|---|
void |
addKeyStoreKeyEntry(ResourceResolver resolver,
String userId,
String alias,
Key key,
Certificate[] chain)
Adds a private key entry with a certificate chain to the key store owned by the user with the user id equal to
userId . |
void |
addKeyStoreKeyPair(ResourceResolver resolver,
String userId,
KeyPair keyPair,
String alias)
Saves a
KeyPair in the KeyStore owned by the user whose user id is userId , under the specified alias. |
void |
changeKeyStorePassword(ResourceResolver resolver,
String userId,
char[] currentPassword,
char[] newPassword)
Changes the password used to protect a user's key store.
|
void |
changeTrustStorePassword(ResourceResolver resolver,
char[] currentPassword,
char[] newPassword)
Changes the password used to protect the global trust store.
|
KeyStore |
createKeyStore(ResourceResolver resolver,
char[] password)
Creates and returns a raw
KeyStore for the user identified by the resolver . |
KeyStore |
createKeyStore(ResourceResolver resolver,
String userId,
char[] password)
Creates and returns a raw
KeyStore for the user whose user id is userId . |
KeyStore |
createTrustStore(ResourceResolver resolver,
char[] password)
Creates and returns the global trust store.
|
KeyManager |
getKeyManager(ResourceResolver resolver)
Returns the private
KeyManager of the user identified by the given ResourceResolver . |
KeyStore |
getKeyStore(ResourceResolver resolver)
Returns the raw
KeyStore owned by the user identified by the ResourceResolver . |
KeyStore |
getKeyStore(ResourceResolver resolver,
String userId)
Returns the raw
KeyStore owned by the user whose user id is userId . |
KeyStore.Entry |
getKeyStoreEntry(ResourceResolver resolver,
String userId,
String alias)
Retrieves a protected entry from the key store owned by the user with the user id equal to
userId for entries stored using
the key store's password
(see com.adobe.granite.keystore.KeyStoreService#addKeyStoreKeyEntry(org.apache.sling.api.resource.ResourceResolver,
String, String, java.security.Key, java.security.cert.Certificate[]) . |
KeyPair |
getKeyStoreKeyPair(ResourceResolver resolver,
String userId,
String alias)
Retrieve a
KeyPair from the KeyStore owned by the user whose user id is userId , stored under the specified
alias. |
TrustManager |
getTrustManager(ResourceResolver resolver)
Returns the system wide
TrustManager . |
KeyStore |
getTrustStore(ResourceResolver resolver)
Returns the global trust store if it's accessible to the user identified by the
ResourceResolver . |
boolean |
keyStoreExists(ResourceResolver resolver,
String userId)
Checks if a key store was created for the user whose user id is
userId . |
boolean |
trustStoreExists(ResourceResolver resolver)
Checks if the global trust store was created.
|
KeyManager getKeyManager(ResourceResolver resolver) throws SlingIOException, SecurityException, IllegalArgumentException, KeyStoreNotInitialisedException
KeyManager
of the user identified by the given ResourceResolver
.resolver
- a resolver identifying the user whose KeyStore
is used for building the KeyManager
null
SlingIOException
- if an error occurs instantiating the KeyManager
with data from persistenceSecurityException
- if the underlying key store cannot be instantiated due to security errorsIllegalArgumentException
- if any of the parameters are nullKeyStoreNotInitialisedException
- if the key store has not been created
(see #createKeyStore(org.apache.sling.api.resource.ResourceResolver, char[])
)KeyStore getKeyStore(ResourceResolver resolver) throws SlingIOException, SecurityException, IllegalArgumentException, KeyStoreNotInitialisedException
KeyStore
owned by the user identified by the ResourceResolver
. This key store allows managing the
keys in the store.
The load
and store
methods of the returned KeyStore
instance always throw a KeyStoreException
because the actual storage is managed by the KeyStoreService
service behind the scenes.
The ResourceResolver
has to be open as long as write operations are performed with the KeyStore
.resolver
- a resolver identifying the user for which the KeyStore
will be obtainednull
SlingIOException
- if an error occurs loading the KeyStore
data from persistenceSecurityException
- if the key store cannot be instantiated due to security errorsIllegalArgumentException
- if any of the parameters are nullKeyStoreNotInitialisedException
- if the key store has not been created
(see #createKeyStore(org.apache.sling.api.resource.ResourceResolver, char[])
)KeyStore getKeyStore(ResourceResolver resolver, String userId) throws SlingIOException, SecurityException, IllegalArgumentException, KeyStoreNotInitialisedException
KeyStore
owned by the user whose user id is userId
. The given resource resolver must have the proper
access rights in order to access the given user's key store. This key store allows managing the keys in the store.
The load
and store
methods of the returned KeyStore
instance always throw a KeyStoreException
because the actual storage is managed by the KeyStoreService
service behind the scenes.
The ResourceResolver
has to be open as long as write operations are performed with the KeyStore
.resolver
- the resource resolver to use for accessing the key store owned by the user given as parameteruserId
- the ID of the user who owns the returned key storenull
is never returned.SlingIOException
- if an error occurs loading the KeyStore
data from persistenceSecurityException
- if the key store cannot be instantiated due to security errorsIllegalArgumentException
- if any of the parameters are nullKeyStoreNotInitialisedException
- if the key store has not been created
(see #createKeyStore(org.apache.sling.api.resource.ResourceResolver, char[])
)TrustManager getTrustManager(ResourceResolver resolver) throws SlingIOException, SecurityException, KeyStoreNotInitialisedException
TrustManager
.resolver
- a resolver identifying a user allowed to access the TrustManager
null
SlingIOException
- if an error occurs instantiating the TrustManager
with data from persistenceSecurityException
- if the ResourceResolver
is not allowed to access the global trust storeIllegalArgumentException
- if the resolver
is null
KeyStoreNotInitialisedException
- if the trust store has not been created
(see #createTrustStore(org.apache.sling.api.resource.ResourceResolver, char[])
)KeyStore getTrustStore(ResourceResolver resolver) throws SlingIOException, SecurityException, IllegalArgumentException, KeyStoreNotInitialisedException
ResourceResolver
. This key store allows
managing the keys in the store.
The load
and store
methods of the returned KeyStore
instance always throw a KeyStoreException
because the actual storage is managed by the KeyStoreService
service behind the scenes.
The ResourceResolver
has to be open as long as write operations are performed with the KeyStore
.resolver
- a resolver identifying a user allowed to access the global trust storeSlingIOException
- if an error occurs loading the KeyStore
data from persistenceSecurityException
- if the ResourceResolver
is not allowed access to the global trust store or if the
store cannot be instantiated due to security errorsIllegalArgumentException
- if any of the parameters are nullKeyStoreNotInitialisedException
- if the trust store has not been created
(see #createTrustStore(org.apache.sling.api.resource.ResourceResolver, char[])
)void changeKeyStorePassword(ResourceResolver resolver, String userId, char[] currentPassword, char[] newPassword) throws SlingIOException, SecurityException, KeyStoreNotInitialisedException
Arrays.fill(char[], char)
).resolver
- a resource resolver to use for accessing the key store owned by the user given as parameteruserId
- the ID of the user who owns the key storecurrentPassword
- the key store's current password; please make sure to clean this array after calling this method for security
purposesnewPassword
- the key store's new password; please make sure to clean this array after calling this method for security
purposesSlingIOException
- if an error occurs loading the KeyStore
data from persistenceSecurityException
- if the currentPassword
doesn't match the key store's password or if the key store
cannot be instantiated due to security errorsKeyStoreNotInitialisedException
- if the key store has not been created
(see #createKeyStore(org.apache.sling.api.resource.ResourceResolver, char[])
)void changeTrustStorePassword(ResourceResolver resolver, char[] currentPassword, char[] newPassword) throws SlingIOException, SecurityException, KeyStoreNotInitialisedException
Arrays.fill(char[], char)
).resolver
- a resource resolver with write access to the trust storecurrentPassword
- the trust store's current password; please make sure to clean this array after calling this method for
security purposesnewPassword
- the trust store's new password; please make sure to clean this array after calling this method for security
purposesSlingIOException
- if an error occurs loading the trust store data from persistenceSecurityException
- if the currentPassword
doesn't match the key store's password or if the passed
resolver doesn't have enough rights to modify the trust storeKeyStoreNotInitialisedException
- if the trust store has not been created
(see #createTrustStore(org.apache.sling.api.resource.ResourceResolver, char[])
)void addKeyStoreKeyPair(ResourceResolver resolver, String userId, KeyPair keyPair, String alias) throws SlingIOException, SecurityException, KeyStoreNotInitialisedException
KeyPair
in the KeyStore
owned by the user whose user id is userId
, under the specified alias. The
given resource resolver must have the proper access rights in order to access the given user's key store. If an entry already exists
for the specified alias, it is overridden.resolver
- the resource resolver to use for accessing the key store owned by the user given as parameteruserId
- the id of the user who owns the key storekeyPair
- the KeyPair
to savealias
- save the KeyPair
under this aliasSlingIOException
- if an error occurs loading the KeyStore
data from persistenceSecurityException
- if the key store cannot be instantiated due to security errorsIllegalArgumentException
- if any of the parameters are nullKeyStoreNotInitialisedException
- if the key store has not been created
(see #createKeyStore(org.apache.sling.api.resource.ResourceResolver, char[])
)KeyPair getKeyStoreKeyPair(ResourceResolver resolver, String userId, String alias) throws SlingIOException, SecurityException, KeyStoreNotInitialisedException
KeyPair
from the KeyStore
owned by the user whose user id is userId
, stored under the specified
alias. The given resource resolver must have the proper access rights in order to access the given user's key store.resolver
- the resource resolver to use for accessing the key store owned by the user given as parameteruserId
- the id of the user who owns the key storealias
- retrieve the KeyPair
stored under this aliasKeyPair
or null
if no KeyPair
was stored with the given alias.SlingIOException
- if an error occurs loading the KeyStore
data from persistenceSecurityException
- if the key store cannot be instantiated due to security errorsIllegalArgumentException
- if any of the parameters are nullKeyStoreNotInitialisedException
- if the key store has not been created
(see #createKeyStore(org.apache.sling.api.resource.ResourceResolver, char[])
)KeyStore createKeyStore(ResourceResolver resolver, String userId, char[] password) throws SlingIOException, SecurityException, IllegalArgumentException
KeyStore
for the user whose user id is userId
. For security reasons the password char
array parameter should be cleaned after successfully calling this method (see Arrays.fill(char[], char)
).
The load
and store
methods of the returned KeyStore
instance always throw a KeyStoreException
because the actual storage is managed by the KeyStoreService
service behind the scenes.
The ResourceResolver
has to be open as long as write operations are performed with the KeyStore
. Also, it must have
the proper access rights in order to create the given user's key store.
Calling this method several times with the same parameters has no effect on an already created key store. However, calling this
method with a different password will throw a SlingIOException
.resolver
- a resolver that will be used to create the KeyStore
userId
- the user for which the KeyStore
will be createdpassword
- the password used for protecting the returned KeyStore
; please make sure to clean this array
after calling this method for security purposesuserId
; this method does not return null
SlingIOException
- if an error occurs storing the KeyStore
data to the persistence layerSecurityException
- if the key store cannot be instantiated due to security errorsIllegalArgumentException
- if any of the parameters are nullKeyStore createKeyStore(ResourceResolver resolver, char[] password) throws SlingIOException, SecurityException, IllegalArgumentException
KeyStore
for the user identified by the resolver
. For security reasons the password char
array parameter should be cleaned after successfully calling this method (see Arrays.fill(char[], char)
).
The load
and store
methods of the returned KeyStore
instance always throw a KeyStoreException
because the actual storage is managed by the KeyStoreService
service behind the scenes.
The ResourceResolver
has to be open as long as write operations are performed with the KeyStore
.
Calling this method several times with the same parameters has no effect on an already created key store. However, calling this
method with a different password will throw a SlingIOException
.resolver
- a resolver identifying the user for which the KeyStore
will be createdpassword
- the password used for protecting the returned KeyStore
; please make sure to clean this array
after calling this method for security purposesnull
SlingIOException
- if an error occurs storing the KeyStore
data to the persistence layerSecurityException
- if the key store cannot be instantiated due to security errorsIllegalArgumentException
- if any of the parameters are nullKeyStore createTrustStore(ResourceResolver resolver, char[] password) throws SlingIOException, SecurityException, IllegalArgumentException
resolver
provided should have enough access rights in order to successfully
create the trust store. For security reasons the password char array parameter should be cleaned after successfully calling this
method (see Arrays.fill(char[], char)
).
The load
and store
methods of the returned KeyStore
instance always throw a KeyStoreException
because the actual storage is managed by the KeyStoreService
service behind the scenes.
The ResourceResolver
has to be open as long as write operations are performed with the KeyStore
.
Calling this method several times with the same parameters has no effect on an already created trust store. However, calling this
method with a different password will throw a SlingIOException
.resolver
- a resolver identifying a user allowed to create the global trust storepassword
- the password used for protecting the returned KeyStore
; please make sure to clean this array
after calling this method for security purposesnull
SlingIOException
- if an error occurs storing the KeyStore
data to the persistence layerSecurityException
- if the ResourceResolver
is not allowed access to the global trust store location or if the
store cannot be instantiated due to security errorsIllegalArgumentException
- if any of the parameters are nullboolean keyStoreExists(ResourceResolver resolver, String userId)
userId
. The given resource resolver must have the proper
access rights in order to check the existence of the given user's key store.resolver
- the resource resolver to use for checking the existence of a key store for the user whose user id is userId
userId
- the id of the user who owns the checked key storetrue
if the key store exists, false
otherwiseboolean trustStoreExists(ResourceResolver resolver)
resolver
- the resolver used for checking the trust store's existencetrue
if the trust store exists, false
otherwisevoid addKeyStoreKeyEntry(ResourceResolver resolver, String userId, String alias, Key key, Certificate[] chain) throws SecurityException, KeyStoreNotInitialisedException
userId
. This
method makes sure the entries are protected with the store's password for ease of use instead of requiring a password for each key.resolver
- a resource resolver to use for accessing the key store owned by the user given as parameteruserId
- the id of the user who owns the key storealias
- the alias under which the key entry will be saved in the key storekey
- the private key that will be added to the key storechain
- the private key's certificate chainSecurityException
- if the underlying key store cannot be instantiated due to security errorsKeyStoreNotInitialisedException
- if the key store has not been created
(see #createKeyStore(org.apache.sling.api.resource.ResourceResolver, char[])
)KeyStore.Entry getKeyStoreEntry(ResourceResolver resolver, String userId, String alias) throws SecurityException, KeyStoreNotInitialisedException
userId
for entries stored using
the key store's password
(see com.adobe.granite.keystore.KeyStoreService#addKeyStoreKeyEntry(org.apache.sling.api.resource.ResourceResolver,
String, String, java.security.Key, java.security.cert.Certificate[])
.resolver
- a resource resolver to use for accessing the key store owned by the user given as parameteruserId
- the id of the user who owns the key storealias
- the alias under which the key entry will be saved in the key storealias
SecurityException
- if the underlying key store cannot be instantiated due to security errorsKeyStoreNotInitialisedException
- if the key store has not been created
(see #createKeyStore(org.apache.sling.api.resource.ResourceResolver, char[])
)"Copyright © 2006 - 2015 Adobe Systems Incorporated. All Rights Reserved"