Module org.glassfish.main.jdke
Package org.glassfish.main.jdke.security

Class KeyTool

java.lang.Object
org.glassfish.main.jdke.security.KeyTool
public class KeyTool extends Object
Java adapter to call the keytool command. Will be deprecated once JDK would support that in Java.
See Also:

  • Constructor Details

    • KeyTool

      public KeyTool(File keyStore, char[] password)
      Creates a new instance of KeyTool managing the keystore file. The file may not exist yet. The type is detected automatically from the file extension.
      Parameters:
      keyStore - the file representing the keystore
      password - keystore and key password, must have at least 6 characters

    • KeyTool

      public KeyTool(File keyStore, String keyStoreType, char[] password)
      Creates a new instance of KeyTool managing the keystore file. The file may not exist yet.
      Parameters:
      keyStore - the file representing the keystore
      keyStoreType - the type of the keystore, e.g. "PKCS12", "JKS"
      password - keystore and key password, must have at least 6 characters

  • Method Details

    • loadKeyStore

      public KeyStore loadKeyStore() throws IOException
      Loads the key store from the file.
      Returns:
      KeyStore
      Throws:
      IOException

    • generateKeyPair

      public void generateKeyPair(String alias, String dn, String keyAlgorithm, int certValidity) throws IOException
      Generates a key pair in a new keystore.
      Parameters:
      alias - certificate alias (self-signed certificate)
      dn - distinguished name, e.g. "CN=localhost, OU=Development, O=Example, L=City, ST=State, C=Country"
      keyAlgorithm - the key algorithm, e.g. "RSA", "DSA", "EC"
      certValidity - the validity of the certificate in days, must be positive
      Throws:
      IOException

    • copyCertificate

      public void copyCertificate(String alias, File destKeyStore) throws IOException
      Copies a certificate from the key store to another key store. The destination key store will be created if it does not exist. The destination key store will use the same password as the source key store.
      Parameters:
      alias - the alias of the certificate to copy
      destKeyStore - the destination key store file
      Throws:
      IOException - if an error occurs during the process

    • copyCertificate

      public void copyCertificate(String alias, File destKeyStoreFile, char[] destKeyStorePassword) throws IOException
      Copies a certificate from the key store to another key store. The destination key store of the same type will be created if it does not exist.
      Parameters:
      alias - the alias of the certificate to copy
      destKeyStoreFile - the destination key store file
      destKeyStorePassword - the password for the destination key store
      Throws:
      IOException - if an error occurs during the process

    • exportCertificate

      public void exportCertificate(String alias, File outputFile) throws IOException
      Exports a certificate from the key store to a file.
      Parameters:
      alias - the alias of the certificate to export
      outputFile - the file to write the certificate to. It must not exist yet.
      Throws:
      IOException - if an error occurs during the process

    • changeKeyStorePassword

      public void changeKeyStorePassword(char[] newPassword) throws IOException
      Changes the key store password and remembers it. Changes also passwords of all keys in the key store which use the same password.
      Parameters:
      newPassword - the new key store password
      Throws:
      IOException

    • changeKeyPassword

      public void changeKeyPassword(String alias, char[] oldPassword, char[] newPassword) throws IOException
      Changes the key password

      WARNING: This is not required for the PKCS12 key store type, as it changes passwords of keys together with the key store password.

      Parameters:
      alias - the alias of the key whose password should be changed
      oldPassword - the current key entry password
      newPassword - the new key entry password
      Throws:
      IOException

    • createEmptyKeyStore

      public static KeyTool createEmptyKeyStore(File file, char[] password) throws IOException
      Creates an empty key store file with the specified password. The type is detected from the file extension.
      Parameters:
      file -
      password -
      Returns:
      KeyTool suitable to manage the newly created key store
      Throws:
      IOException

    • createEmptyKeyStore

      public static KeyTool createEmptyKeyStore(File file, String keyStoreType, char[] password) throws IOException
      Creates an empty key store file with the specified type and password.
      Parameters:
      file -
      keyStoreType -
      password -
      Returns:
      KeyTool suitable to manage the newly created key store
      Throws:
      IOException