oracle.security.jps.service.keystore

Interface KeyStoreService

All Superinterfaces:

JpsPersistable, OpssServiceInstance, ServiceInstance

public interface KeyStoreService
extends OpssServiceInstance

A KeyStoreService is a PKI based keystore service interface

Nested Class Summary

Nested Classes

Modifier and Type	Interface and Description
static class	KeyStoreService.KEYSTORE_ATTRIBUTE

Nested classes/interfaces inherited from interface oracle.security.opss.service.OpssServiceInstance

OpssServiceInstance.State

Nested classes/interfaces inherited from interface oracle.security.jps.service.JpsPersistable

JpsPersistable.Mode

Method Summary

Modifier and Type	Method and Description
void	createKeyStore(java.lang.String stripeName, java.lang.String keystoreName, java.security.KeyStore.ProtectionParameter protParam, KeyStoreProperties props) This method creates a key store using the given keystore name, within the stripe name.
void	deleteKeyStore(java.lang.String stripeName, java.lang.String keystoreName, java.security.KeyStore.ProtectionParameter protParam) This method deletes an existing keystore.
void	deleteVirtualKeyStore(java.lang.String virtualUri) This method removes a virtual key store URI that was set to aggregate multiple keystores.
java.security.KeyStore	getAggregateTrustStore(java.lang.String kssUri1, char[] ks1Password, java.lang.String kssUri2, char[] ks2Password) This method gets a handle to a given keystore in KSS that has a combined list of trusted certs from two trust stores
java.security.KeyStore	getAggregateTrustStore(java.lang.String stripeName1, java.lang.String keystoreName1, char[] ks1Password, java.lang.String stripeName2, java.lang.String keystoreName2, char[] ks2Password) This method gets a handle to a keystore in KSS that has a combined list of trusted certs from two trust stores
java.security.KeyStore	getDomainTrustStore() This method gets a handle to the domain level trust store stored in FKS.
java.security.KeyStore	getKeyStore(java.lang.String kssUri, java.security.KeyStore.ProtectionParameter protParam) This method gets a handle to a given keystore stored in KSS.
java.security.KeyStore	getKeyStore(java.lang.String stripeName, java.lang.String keystoreName, java.security.KeyStore.ProtectionParameter protParam) This method gets a handle to a given keystore stored in FKS.
java.lang.Object	getKeyStoreAttribute(java.lang.String kssUri, KeyStoreService.KEYSTORE_ATTRIBUTE attr) This method returns the specific attribute of a given key store within a stripe
java.lang.Object	getKeyStoreAttribute(java.lang.String stripeName, java.lang.String keystoreName, KeyStoreService.KEYSTORE_ATTRIBUTE attr) This method returns the specific attribute of a given key store within a stripe
java.util.Map<java.lang.String,java.lang.String>	getProperties() Returns the configured properties for this instance
java.lang.String[]	listKeyStores(java.lang.String stripeName) This method lists all the keystores within the given stripe.
void	setVirtualKeyStore(java.lang.String virtualUri, java.util.HashMap<java.lang.String,char[]> sourceURIMap) This method sets a virtual key store URI to aggregate multiple keystores.

Methods inherited from interface oracle.security.opss.service.OpssServiceInstance

getState

Methods inherited from interface oracle.security.jps.service.ServiceInstance

accept, getName, getServiceProvider

Methods inherited from interface oracle.security.jps.service.JpsPersistable

persist, refresh

Method Detail

getProperties

java.util.Map<java.lang.String,java.lang.String> getProperties()

Returns the configured properties for this instance

Returns:

The properties

createKeyStore

void createKeyStore(java.lang.String stripeName,
                    java.lang.String keystoreName,
                    java.security.KeyStore.ProtectionParameter protParam,
                    KeyStoreProperties props)
             throws KeyStoreServiceException,
                    java.security.AccessControlException

This method creates a key store using the given keystore name, within the stripe name. The stripe name typically represents the name of the component or application using the key store. The keystore name must be unique within a given stripe. The keystore could be protected by a password specified by protParam. Additional keystore properties can be specified using props, like if the keystore is created within an HSM (not supported in this version), or if its protected by permissions only. Note that setting the permissions only flag to false does not mean permission check is disabled. It only means that password protection is also used.

Parameters:

stripeName - Name of the stripe within which keystore is created

keystoreName - name of the keystore. Must be unique within this stripe

protParam - Protection parameter for this keystore. Usually a password.

props - Additional keystore properties. eg. if permission protected is set to false, the keystore is also protected by password. The HSM property is ignored.

Throws:

KeyStoreServiceException - if invalid stripe/keystore name or invalid password is passed.

java.security.AccessControlException

deleteKeyStore

void deleteKeyStore(java.lang.String stripeName,
                    java.lang.String keystoreName,
                    java.security.KeyStore.ProtectionParameter protParam)
             throws KeyStoreServiceException,
                    java.security.AccessControlException

This method deletes an existing keystore.

Parameters:

stripeName - Name of the stripe within which keystore is deleted

keystoreName - Name of the keystore to be deleted

protParam - Protection parameter for this keystore to be used for verification. Usually a password. This parameter is ignored if the keystore is only permission protected

Throws:

KeyStoreServiceException - if invalid stripe/keystore name is passed, if protParam is incorrect, if keystore does not exist.

java.security.AccessControlException

listKeyStores

java.lang.String[] listKeyStores(java.lang.String stripeName)
                          throws KeyStoreServiceException,
                                 java.security.AccessControlException

This method lists all the keystores within the given stripe. If a wild card value "*" is specified for stripe name, then all the keystores within all the stripes are listed.

Parameters:

stripeName - name of the stripe whose keystores need to be listed. Use "*" as wildcard to specify all stripes

Returns:

names of the keystores within this stripe. If a definite stripe name is given, only the keystore names are returned. If a wildcard value is given, then the keystore names are returned as <stripe>/<keystore>

Throws:

KeyStoreServiceException - if invalid or non-existent stripe is passed.

java.security.AccessControlException

getDomainTrustStore

java.security.KeyStore getDomainTrustStore()
                                    throws KeyStoreServiceException,
                                           java.security.AccessControlException

This method gets a handle to the domain level trust store stored in FKS. The returned type is java.security.KeyStore so standard JDK APIs can be used by callers to access the keys and certificates from this key store.

Returns:

the domain level trust store

Throws:

KeyStoreServiceException - if domain trust store does not exist in the Farm Key Store.

java.security.AccessControlException

getKeyStore

java.security.KeyStore getKeyStore(java.lang.String stripeName,
                                   java.lang.String keystoreName,
                                   java.security.KeyStore.ProtectionParameter protParam)
                            throws KeyStoreServiceException,
                                   java.security.AccessControlException

This method gets a handle to a given keystore stored in FKS. The stripe name and keystore name indicate the keystore to be loaded and the protection parameter (password) is used for acess check.

Parameters:

stripeName - Name of the stripe

keystoreName - Name of the keystore to be loaded

protParam - Protection parameter for this keystore (usually a password). This parameter is ignored for keystore that is only permission protected

Returns:

the keystore object

Throws:

KeyStoreServiceException - if invalid stripe/keystore name is passed, if invalid protParam is passed, if the keystore does not exist.

java.security.AccessControlException

getKeyStore

java.security.KeyStore getKeyStore(java.lang.String kssUri,
                                   java.security.KeyStore.ProtectionParameter protParam)
                            throws KeyStoreServiceException,
                                   java.security.AccessControlException

This method gets a handle to a given keystore stored in KSS. The KSS URI indicates the keystore to be loaded and the protection parameter (password) is used for access check.

Parameters:

kssUri - KSS URI indicating the stripe and key store to be loaded. The URI format is "kss://<stripe>/<keystore>" kss://system/trust - valid URI kss:/system/trust - invalid URI kss://systemtrust - invalid URI

protParam - Protection parameter for this keystore (usually a password). This parameter is ignored for keystore that is only permission protected

Returns:

the keystore object

Throws:

KeyStoreServiceException - if invalid kss URI is passed, if invalid protParam is passed, if the keystore does not exist.

java.security.AccessControlException

getKeyStoreAttribute

java.lang.Object getKeyStoreAttribute(java.lang.String stripeName,
                                      java.lang.String keystoreName,
                                      KeyStoreService.KEYSTORE_ATTRIBUTE attr)
                               throws KeyStoreServiceException,
                                      java.security.AccessControlException

This method returns the specific attribute of a given key store within a stripe

Parameters:

stripeName - Name of the stripe

keystoreName - Name of the keystore

attr - Keystore attribute to be returned

Returns:

Value of the key store attribute. For modification time, an object of type java.util.Date is returned. For hsm protected or permission protected, a Boolean is returned.

Throws:

KeyStoreServiceException - if invalid stripe/keystore name is passed, if the keystore does not exist.

java.security.AccessControlException

getKeyStoreAttribute

java.lang.Object getKeyStoreAttribute(java.lang.String kssUri,
                                      KeyStoreService.KEYSTORE_ATTRIBUTE attr)
                               throws KeyStoreServiceException,
                                      java.security.AccessControlException

This method returns the specific attribute of a given key store within a stripe

Parameters:

kssUri - KSS URI indicating the stripe and key store to be loaded. The URI format is "kss://<stripe>/<keystore>" kss://system/trust - valid URI kss:/system/trust - invalid URI kss://systemtrust - invalid URI

attr - Keystore attribute to be returned

Returns:

Value of the key store attribute. For modification time, an object of type java.util.Date is returned. For hsm protected or permission protected, a Boolean is returned.

Throws:

KeyStoreServiceException - if invalid kss URI is passed, if the keystore does not exist.

java.security.AccessControlException

getAggregateTrustStore

java.security.KeyStore getAggregateTrustStore(java.lang.String stripeName1,
                                              java.lang.String keystoreName1,
                                              char[] ks1Password,
                                              java.lang.String stripeName2,
                                              java.lang.String keystoreName2,
                                              char[] ks2Password)
                                       throws KeyStoreServiceException,
                                              java.security.AccessControlException

This method gets a handle to a keystore in KSS that has a combined list of trusted certs from two trust stores

Parameters:

stripeName1 - Name of the stripe

keystoreName1 - Name of the keystore to be loaded

ks1Password - Password for keystoreName1. This parameter is ignored for keystore that is only permission protected

stripeName2 - Name of the stripe

keystoreName1 - Name of the keystore to be loaded

ks2Password - Password for keystoreName2. This parameter is ignored for keystore that is only permission protected

Returns:

the keystore object. The returned keystore object is read only. The object contents cannot be persisted to the security store.

Throws:

KeyStoreServiceException - if invalid stripe/keystore names are passed, if invalid passwords are passed, if the keystores do not exist.

java.security.AccessControlException

getAggregateTrustStore

java.security.KeyStore getAggregateTrustStore(java.lang.String kssUri1,
                                              char[] ks1Password,
                                              java.lang.String kssUri2,
                                              char[] ks2Password)
                                       throws KeyStoreServiceException,
                                              java.security.AccessControlException

This method gets a handle to a given keystore in KSS that has a combined list of trusted certs from two trust stores

Parameters:

kssUri1 - KSS URI indicating the stripe and key store to be loaded. The URI format is "kss://<stripe>/<keystore>" kss://system/trust - valid URI kss:/system/trust - invalid URI kss://systemtrust - invalid URI

ks1Password - Password for the keystore in kssUri1. This parameter is ignored for keystore that is only permission protected

kssUri2 - KSS URI indicating the stripe and key store to be loaded. The URI format is "kss://<stripe>/<keystore>"

ks2Password - Password for the keystore in kssUri2. This parameter is ignored for keystore that is only permission protected

Returns:

the keystore object. The returned keystore object is read only. The object contents cannot be persisted to the security store.

Throws:

KeyStoreServiceException - if invalid kss URI's are passed, if invalid password is passed, if the keystore does not exist.

java.security.AccessControlException

setVirtualKeyStore

void setVirtualKeyStore(java.lang.String virtualUri,
                        java.util.HashMap<java.lang.String,char[]> sourceURIMap)
                 throws KeyStoreServiceException,
                        java.security.AccessControlException

This method sets a virtual key store URI to aggregate multiple keystores. The virtual Keystore URI mapping is not persisted

Parameters:

virtualUri - KSS URI indicating the virtual stripe and key store. The URI format is "kss://<stripe>/<keystore>" kss://system/trust - valid URI kss:/system/trust - invalid URI kss://systemtrust - invalid URI

sourceURIMap - A map of source KSS URI's and the corresponding passwords

Throws:

KeyStoreServiceException - if invalid source kss URI's are passed, if the source keystores does not exist.

java.security.AccessControlException

deleteVirtualKeyStore

void deleteVirtualKeyStore(java.lang.String virtualUri)
                    throws KeyStoreServiceException,
                           java.security.AccessControlException

This method removes a virtual key store URI that was set to aggregate multiple keystores.

Parameters:

virtualUri - KSS URI indicating the virtual stripe and key store. The URI format is "kss://<stripe>/<keystore>" kss://system/trust - valid URI kss:/system/trust - invalid URI kss://systemtrust - invalid URI

Throws:

KeyStoreServiceException - if invalid virtual kss URI is passed, if the virtual URI does not exist.

java.security.AccessControlException