public interface KeyStoreService
KeyManager
instances for accessing private keys and the system-wide TrustManager
for validating
signatures and certificates.Modifier and Type | Field and Description |
---|---|
static java.lang.String |
NAME
Name of the KeyStoreService service
|
Modifier and Type | Method and Description |
---|---|
void |
addKeyStoreKeyEntry(ResourceResolver resolver,
java.lang.String userId,
java.lang.String alias,
java.security.Key key,
java.security.cert.Certificate[] chain)
Adds a private key entry with a certificate chain to the key store owned by the user with the user id equal to
userId . |
void |
addKeyStoreKeyPair(ResourceResolver resolver,
java.lang.String userId,
java.security.KeyPair keyPair,
java.lang.String alias)
Saves a
KeyPair in the KeyStore owned by the user whose user id is userId , under the specified alias. |
void |
changeKeyStorePassword(ResourceResolver resolver,
java.lang.String userId,
char[] currentPassword,
char[] newPassword)
Changes the password used to protect a user's key store.
|
void |
changeTrustStorePassword(ResourceResolver resolver,
char[] currentPassword,
char[] newPassword)
Changes the password used to protect the global trust store.
|
java.security.KeyStore |
createKeyStore(ResourceResolver resolver,
char[] password)
Creates and returns a raw
KeyStore for the user identified by the resolver . |
java.security.KeyStore |
createKeyStore(ResourceResolver resolver,
java.lang.String userId,
char[] password)
Creates and returns a raw
KeyStore for the user whose user id is userId . |
java.security.KeyStore |
createTrustStore(ResourceResolver resolver,
char[] password)
Creates and returns the global trust store.
|
javax.net.ssl.KeyManager |
getKeyManager(ResourceResolver resolver)
Returns the private
KeyManager of the user identified by the given ResourceResolver . |
java.security.KeyStore |
getKeyStore(ResourceResolver resolver)
Returns the raw
KeyStore owned by the user identified by the ResourceResolver . |
java.security.KeyStore |
getKeyStore(ResourceResolver resolver,
java.lang.String userId)
Returns the raw
KeyStore owned by the user whose user id is userId . |
java.security.KeyStore.Entry |
getKeyStoreEntry(ResourceResolver resolver,
java.lang.String userId,
java.lang.String alias)
Retrieves a protected entry from the key store owned by the user with the user id equal to
userId for entries stored using
the key store's password
(see addKeyStoreKeyEntry(org.apache.sling.api.resource.ResourceResolver,
String, String, java.security.Key, java.security.cert.Certificate[]) . |
java.security.KeyPair |
getKeyStoreKeyPair(ResourceResolver resolver,
java.lang.String userId,
java.lang.String alias)
Retrieve a
KeyPair from the KeyStore owned by the user whose user id is userId , stored under the specified
alias. |
javax.net.ssl.TrustManager |
getTrustManager(ResourceResolver resolver)
Returns the system wide
TrustManager . |
java.security.KeyStore |
getTrustStore(ResourceResolver resolver)
Returns the global trust store if it's accessible to the user identified by the
ResourceResolver . |
boolean |
keyStoreExists(ResourceResolver resolver,
java.lang.String userId)
Checks if a key store was created for the user whose user id is
userId . |
boolean |
trustStoreExists(ResourceResolver resolver)
Checks if the global trust store was created.
|
static final java.lang.String NAME
javax.net.ssl.KeyManager getKeyManager(ResourceResolver resolver) throws SlingIOException, java.lang.SecurityException, java.lang.IllegalArgumentException, KeyStoreNotInitialisedException
KeyManager
of the user identified by the given ResourceResolver
.resolver
- a resolver identifying the user whose KeyStore
is used for building the KeyManager
null
SlingIOException
- if an error occurs instantiating the KeyManager
with data from persistencejava.lang.SecurityException
- if the underlying key store cannot be instantiated due to security errorsjava.lang.IllegalArgumentException
- if any of the parameters are nullKeyStoreNotInitialisedException
- if the key store has not been created
(see createKeyStore(org.apache.sling.api.resource.ResourceResolver, char[])
)java.security.KeyStore getKeyStore(ResourceResolver resolver) throws SlingIOException, java.lang.SecurityException, java.lang.IllegalArgumentException, KeyStoreNotInitialisedException
Returns the raw KeyStore
owned by the user identified by the ResourceResolver
. This key store allows managing the
keys in the store.
The load
and store
methods of the returned KeyStore
instance always throw a KeyStoreException
because the actual storage is managed by the KeyStoreService
service behind the scenes.
The ResourceResolver
has to be open as long as write operations are performed with the KeyStore
.
resolver
- a resolver identifying the user for which the KeyStore
will be obtainednull
SlingIOException
- if an error occurs loading the KeyStore
data from persistencejava.lang.SecurityException
- if the key store cannot be instantiated due to security errorsjava.lang.IllegalArgumentException
- if any of the parameters are nullKeyStoreNotInitialisedException
- if the key store has not been created
(see createKeyStore(org.apache.sling.api.resource.ResourceResolver, char[])
)java.security.KeyStore getKeyStore(ResourceResolver resolver, java.lang.String userId) throws SlingIOException, java.lang.SecurityException, java.lang.IllegalArgumentException, KeyStoreNotInitialisedException
Returns the raw KeyStore
owned by the user whose user id is userId
. The given resource resolver must have the proper
access rights in order to access the given user's key store. This key store allows managing the keys in the store.
The load
and store
methods of the returned KeyStore
instance always throw a KeyStoreException
because the actual storage is managed by the KeyStoreService
service behind the scenes.
The ResourceResolver
has to be open as long as write operations are performed with the KeyStore
.
resolver
- the resource resolver to use for accessing the key store owned by the user given as parameteruserId
- the ID of the user who owns the returned key storenull
is never returned.SlingIOException
- if an error occurs loading the KeyStore
data from persistencejava.lang.SecurityException
- if the key store cannot be instantiated due to security errorsjava.lang.IllegalArgumentException
- if any of the parameters are nullKeyStoreNotInitialisedException
- if the key store has not been created
(see createKeyStore(org.apache.sling.api.resource.ResourceResolver, char[])
)javax.net.ssl.TrustManager getTrustManager(ResourceResolver resolver) throws SlingIOException, java.lang.SecurityException, KeyStoreNotInitialisedException
TrustManager
.resolver
- a resolver identifying a user allowed to access the TrustManager
null
SlingIOException
- if an error occurs instantiating the TrustManager
with data from persistencejava.lang.SecurityException
- if the ResourceResolver
is not allowed to access the global trust storejava.lang.IllegalArgumentException
- if the resolver
is null
KeyStoreNotInitialisedException
- if the trust store has not been created
(see createTrustStore(org.apache.sling.api.resource.ResourceResolver, char[])
)java.security.KeyStore getTrustStore(ResourceResolver resolver) throws SlingIOException, java.lang.SecurityException, java.lang.IllegalArgumentException, KeyStoreNotInitialisedException
Returns the global trust store if it's accessible to the user identified by the ResourceResolver
. This key store allows
managing the keys in the store.
The load
and store
methods of the returned KeyStore
instance always throw a KeyStoreException
because the actual storage is managed by the KeyStoreService
service behind the scenes.
The ResourceResolver
has to be open as long as write operations are performed with the KeyStore
.
resolver
- a resolver identifying a user allowed to access the global trust storeSlingIOException
- if an error occurs loading the KeyStore
data from persistencejava.lang.SecurityException
- if the ResourceResolver
is not allowed access to the global trust store or if the
store cannot be instantiated due to security errorsjava.lang.IllegalArgumentException
- if any of the parameters are nullKeyStoreNotInitialisedException
- if the trust store has not been created
(see createTrustStore(org.apache.sling.api.resource.ResourceResolver, char[])
)void changeKeyStorePassword(ResourceResolver resolver, java.lang.String userId, char[] currentPassword, char[] newPassword) throws SlingIOException, java.lang.SecurityException, KeyStoreNotInitialisedException
Arrays.fill(char[], char)
).resolver
- a resource resolver to use for accessing the key store owned by the user given as parameteruserId
- the ID of the user who owns the key storecurrentPassword
- the key store's current password; please make sure to clean this array after calling this method for security
purposesnewPassword
- the key store's new password; please make sure to clean this array after calling this method for security
purposesSlingIOException
- if an error occurs loading the KeyStore
data from persistencejava.lang.SecurityException
- if the currentPassword
doesn't match the key store's password or if the key store
cannot be instantiated due to security errorsKeyStoreNotInitialisedException
- if the key store has not been created
(see createKeyStore(org.apache.sling.api.resource.ResourceResolver, char[])
)void changeTrustStorePassword(ResourceResolver resolver, char[] currentPassword, char[] newPassword) throws SlingIOException, java.lang.SecurityException, KeyStoreNotInitialisedException
Arrays.fill(char[], char)
).resolver
- a resource resolver with write access to the trust storecurrentPassword
- the trust store's current password; please make sure to clean this array after calling this method for
security purposesnewPassword
- the trust store's new password; please make sure to clean this array after calling this method for security
purposesSlingIOException
- if an error occurs loading the trust store data from persistencejava.lang.SecurityException
- if the currentPassword
doesn't match the key store's password or if the passed
resolver doesn't have enough rights to modify the trust storeKeyStoreNotInitialisedException
- if the trust store has not been created
(see createTrustStore(org.apache.sling.api.resource.ResourceResolver, char[])
)void addKeyStoreKeyPair(ResourceResolver resolver, java.lang.String userId, java.security.KeyPair keyPair, java.lang.String alias) throws SlingIOException, java.lang.SecurityException, KeyStoreNotInitialisedException
KeyPair
in the KeyStore
owned by the user whose user id is userId
, under the specified alias. The
given resource resolver must have the proper access rights in order to access the given user's key store. If an entry already exists
for the specified alias, it is overridden.resolver
- the resource resolver to use for accessing the key store owned by the user given as parameteruserId
- the id of the user who owns the key storekeyPair
- the KeyPair
to savealias
- save the KeyPair
under this aliasSlingIOException
- if an error occurs loading the KeyStore
data from persistencejava.lang.SecurityException
- if the key store cannot be instantiated due to security errorsjava.lang.IllegalArgumentException
- if any of the parameters are nullKeyStoreNotInitialisedException
- if the key store has not been created
(see createKeyStore(org.apache.sling.api.resource.ResourceResolver, char[])
)java.security.KeyPair getKeyStoreKeyPair(ResourceResolver resolver, java.lang.String userId, java.lang.String alias) throws SlingIOException, java.lang.SecurityException, KeyStoreNotInitialisedException
KeyPair
from the KeyStore
owned by the user whose user id is userId
, stored under the specified
alias. The given resource resolver must have the proper access rights in order to access the given user's key store.resolver
- the resource resolver to use for accessing the key store owned by the user given as parameteruserId
- the id of the user who owns the key storealias
- retrieve the KeyPair
stored under this aliasKeyPair
or null
if no KeyPair
was stored with the given alias.SlingIOException
- if an error occurs loading the KeyStore
data from persistencejava.lang.SecurityException
- if the key store cannot be instantiated due to security errorsjava.lang.IllegalArgumentException
- if any of the parameters are nullKeyStoreNotInitialisedException
- if the key store has not been created
(see createKeyStore(org.apache.sling.api.resource.ResourceResolver, char[])
)java.security.KeyStore createKeyStore(ResourceResolver resolver, java.lang.String userId, char[] password) throws SlingIOException, java.lang.SecurityException, java.lang.IllegalArgumentException
Creates and returns a raw KeyStore
for the user whose user id is userId
. For security reasons the password char
array parameter should be cleaned after successfully calling this method (see Arrays.fill(char[], char)
).
The load
and store
methods of the returned KeyStore
instance always throw a KeyStoreException
because the actual storage is managed by the KeyStoreService
service behind the scenes.
The ResourceResolver
has to be open as long as write operations are performed with the KeyStore
. Also, it must have
the proper access rights in order to create the given user's key store.
SlingIOException
.resolver
- a resolver that will be used to create the KeyStore
userId
- the user for which the KeyStore
will be createdpassword
- the password used for protecting the returned KeyStore
; please make sure to clean this array
after calling this method for security purposesuserId
; this method does not return null
SlingIOException
- if an error occurs storing the KeyStore
data to the persistence layerjava.lang.SecurityException
- if the key store cannot be instantiated due to security errorsjava.lang.IllegalArgumentException
- if any of the parameters are nulljava.security.KeyStore createKeyStore(ResourceResolver resolver, char[] password) throws SlingIOException, java.lang.SecurityException, java.lang.IllegalArgumentException
Creates and returns a raw KeyStore
for the user identified by the resolver
. For security reasons the password char
array parameter should be cleaned after successfully calling this method (see Arrays.fill(char[], char)
).
The load
and store
methods of the returned KeyStore
instance always throw a KeyStoreException
because the actual storage is managed by the KeyStoreService
service behind the scenes.
The ResourceResolver
has to be open as long as write operations are performed with the KeyStore
.
Calling this method several times with the same parameters has no effect on an already created key store. However, calling this
method with a different password will throw a SlingIOException
.
resolver
- a resolver identifying the user for which the KeyStore
will be createdpassword
- the password used for protecting the returned KeyStore
; please make sure to clean this array
after calling this method for security purposesnull
SlingIOException
- if an error occurs storing the KeyStore
data to the persistence layerjava.lang.SecurityException
- if the key store cannot be instantiated due to security errorsjava.lang.IllegalArgumentException
- if any of the parameters are nulljava.security.KeyStore createTrustStore(ResourceResolver resolver, char[] password) throws SlingIOException, java.lang.SecurityException, java.lang.IllegalArgumentException
Creates and returns the global trust store. The resolver
provided should have enough access rights in order to successfully
create the trust store. For security reasons the password char array parameter should be cleaned after successfully calling this
method (see Arrays.fill(char[], char)
).
The load
and store
methods of the returned KeyStore
instance always throw a KeyStoreException
because the actual storage is managed by the KeyStoreService
service behind the scenes.
The ResourceResolver
has to be open as long as write operations are performed with the KeyStore
.
Calling this method several times with the same parameters has no effect on an already created trust store. However, calling this
method with a different password will throw a SlingIOException
.
resolver
- a resolver identifying a user allowed to create the global trust storepassword
- the password used for protecting the returned KeyStore
; please make sure to clean this array
after calling this method for security purposesnull
SlingIOException
- if an error occurs storing the KeyStore
data to the persistence layerjava.lang.SecurityException
- if the ResourceResolver
is not allowed access to the global trust store location or if the
store cannot be instantiated due to security errorsjava.lang.IllegalArgumentException
- if any of the parameters are nullboolean keyStoreExists(ResourceResolver resolver, java.lang.String userId)
userId
. The given resource resolver must have the proper
access rights in order to check the existence of the given user's key store.resolver
- the resource resolver to use for checking the existence of a key store for the user whose user id is userId
userId
- the id of the user who owns the checked key storetrue
if the key store exists, false
otherwiseboolean trustStoreExists(ResourceResolver resolver)
resolver
- the resolver used for checking the trust store's existencetrue
if the trust store exists, false
otherwisevoid addKeyStoreKeyEntry(ResourceResolver resolver, java.lang.String userId, java.lang.String alias, java.security.Key key, java.security.cert.Certificate[] chain) throws java.lang.SecurityException, KeyStoreNotInitialisedException
userId
. This
method makes sure the entries are protected with the store's password for ease of use instead of requiring a password for each key.resolver
- a resource resolver to use for accessing the key store owned by the user given as parameteruserId
- the id of the user who owns the key storealias
- the alias under which the key entry will be saved in the key storekey
- the private key that will be added to the key storechain
- the private key's certificate chainjava.lang.SecurityException
- if the underlying key store cannot be instantiated due to security errorsKeyStoreNotInitialisedException
- if the key store has not been created
(see createKeyStore(org.apache.sling.api.resource.ResourceResolver, char[])
)java.security.KeyStore.Entry getKeyStoreEntry(ResourceResolver resolver, java.lang.String userId, java.lang.String alias) throws java.lang.SecurityException, KeyStoreNotInitialisedException
userId
for entries stored using
the key store's password
(see addKeyStoreKeyEntry(org.apache.sling.api.resource.ResourceResolver,
String, String, java.security.Key, java.security.cert.Certificate[])
.resolver
- a resource resolver to use for accessing the key store owned by the user given as parameteruserId
- the id of the user who owns the key storealias
- the alias under which the key entry will be saved in the key storealias
java.lang.SecurityException
- if the underlying key store cannot be instantiated due to security errorsKeyStoreNotInitialisedException
- if the key store has not been created
(see createKeyStore(org.apache.sling.api.resource.ResourceResolver, char[])
)"Copyright © 2010 - 2020 Adobe Systems Incorporated. All Rights Reserved"