KeystoreManager (admin-server-management 3.1.2 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.sun.enterprise.admin.servermgmt
Class KeystoreManager

java.lang.Object
  com.sun.enterprise.admin.servermgmt.KeystoreManager

Direct Known Subclasses:: MasterPasswordFileManager, NodeKeystoreManager

public class KeystoreManager
extends Object
extends Object

Author:: kebbs

Nested Class Summary
`protected static class`	`KeystoreManager.KeytoolExecutor`

Field Summary
`protected PEFileLayout`	`_fileLayout`
`static String`	`CERTIFICATE_ALIAS`
`static String`	`DEFAULT_MASTER_PASSWORD`
`static String`	`INSTANCE_SECURE_ADMIN_ALIAS`

Constructor Summary
`KeystoreManager()` Creates a new instance of RepositoryManager

Method Summary
`protected void`	`changeKeystorePassword(String oldPassword, String newPassword, File keystore)` Changes the keystore password
`protected void`	`changeS1ASAliasPassword(RepositoryConfig config, String storePassword, String oldKeyPassword, String newKeyPassword)` Changes the key password for the default cert whose alias is s1as.
`protected void`	`changeSSLCertificateDatabasePassword(RepositoryConfig config, String oldPassword, String newPassword)` Changes the password of the keystore, truststore and the key password of the s1as alias.
`protected void`	`chmod(String args, File file)`
`protected void`	`createKeyStore(RepositoryConfig config, String masterPassword)` Create the default SSL key store using keytool to generate a self signed certificate.
`protected void`	`createSSLCertificateDatabase(RepositoryConfig config, String masterPassword)` Creates the SSL certificate database.
`protected void`	`createTrustStore(RepositoryConfig config, String masterPassword)` Create the default SSL trust store.
`protected static String`	`getCertificateDN(RepositoryConfig cfg, String CNSuffix)`
`static String`	`getDASCertDN(RepositoryConfig cfg)`
`protected PEFileLayout`	`getFileLayout(RepositoryConfig config)`
`static String`	`getInstanceCertDN(RepositoryConfig cfg)`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

CERTIFICATE_ALIAS

public static final String CERTIFICATE_ALIAS

See Also:: Constant Field Values

INSTANCE_SECURE_ADMIN_ALIAS

public static final String INSTANCE_SECURE_ADMIN_ALIAS

See Also:: Constant Field Values

DEFAULT_MASTER_PASSWORD

public static final String DEFAULT_MASTER_PASSWORD

See Also:: Constant Field Values

_fileLayout

protected PEFileLayout _fileLayout

Constructor Detail

KeystoreManager

public KeystoreManager()

Creates a new instance of RepositoryManager

Method Detail

getCertificateDN

protected static String getCertificateDN(RepositoryConfig cfg,
                                         String CNSuffix)

getFileLayout

protected PEFileLayout getFileLayout(RepositoryConfig config)

createSSLCertificateDatabase

protected void createSSLCertificateDatabase(RepositoryConfig config,
                                            String masterPassword)

Creates the SSL certificate database. In the case of PE this is a keystore.jks and a truststore.jks. In the case of SE/EE, this will be overridden to create the NSS certificate database.

Parameters:: config -; masterPassword -
Throws:: RepositoryException

createKeyStore

protected void createKeyStore(RepositoryConfig config,
                              String masterPassword)
                       throws RepositoryException

Create the default SSL key store using keytool to generate a self signed certificate.

Parameters:: config -; masterPassword -
Throws:: RepositoryException

createTrustStore

protected void createTrustStore(RepositoryConfig config,
                                String masterPassword)
                         throws RepositoryException

Create the default SSL trust store. We take throws template cacerts.jks, change its password to the master password, and then add in the self signed s1as and instance certificate created earlier. All this is done my exec'ing keytool

Parameters:: config -; masterPassword -
Throws:: RepositoryException

changeKeystorePassword

protected void changeKeystorePassword(String oldPassword,
                                      String newPassword,
                                      File keystore)
                               throws RepositoryException

Changes the keystore password

Parameters:: oldPassword - the old keystore password; newPassword - the new keystore password; keystore - the keystore whose password is to be changed.
Throws:: RepositoryException

changeS1ASAliasPassword

protected void changeS1ASAliasPassword(RepositoryConfig config,
                                       String storePassword,
                                       String oldKeyPassword,
                                       String newKeyPassword)
                                throws RepositoryException

Changes the key password for the default cert whose alias is s1as. The assumption here is that the keystore password is not the same as the key password. This is due to the fact that the keystore password should first be changed followed next by the key password. The end result is that the keystore and s1as key both have the same passwords. This function will tolerate deletion of the s1as alias, but it will not tolerate changing the s1as key from something other than the database password.

Parameters:: config -; storePassword - the keystore password; oldKeyPassword - the old password for the s1as alias; newKeyPassword - the new password for the s1as alias
Throws:: RepositoryException

changeSSLCertificateDatabasePassword

protected void changeSSLCertificateDatabasePassword(RepositoryConfig config,
                                                    String oldPassword,
                                                    String newPassword)
                                             throws RepositoryException

Changes the password of the keystore, truststore and the key password of the s1as alias. It is expected that the key / truststores may not exist. This is due to the fact that the user may have deleted them and wishes to set up their own key/truststore

Parameters:: config -; storePassword -; oldKeyPassword -; newKeyPassword -
Throws:: RepositoryException

chmod

protected void chmod(String args,
                     File file)
              throws IOException

Throws:: IOException

getDASCertDN

public static String getDASCertDN(RepositoryConfig cfg)

getInstanceCertDN

public static String getInstanceCertDN(RepositoryConfig cfg)