001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
013: * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
014: * License for the specific language governing permissions and limitations under
015: * the License.
016: */
017:
018: package org.apache.harmony.tools.keytool;
019:
020: import java.io.File;
021: import java.io.FileNotFoundException;
022: import java.io.IOException;
023: import java.security.KeyStore;
024: import java.security.KeyStoreException;
025: import java.security.NoSuchAlgorithmException;
026: import java.security.NoSuchProviderException;
027: import java.security.cert.CertificateException;
028:
029: import org.apache.harmony.tools.toolutils.KeyStoreLoaderSaver;
030:
031: /**
032: * The class encapsulates paramaters for Keytool most of which are usually given
033: * in command line.
034: */
035: public class KeytoolParameters {
036: /**
037: * Default location of the keystore. Used when the value is not supplied by
038: * the user.
039: */
040: public static final String defaultKeystorePath = System
041: .getProperty("user.home")
042: + File.separator + ".keystore";
043:
044: // Default location of cacerts file
045: private static final String defaultCacertsPath = System
046: .getProperty("java.home")
047: + File.separator
048: + "lib"
049: + File.separator
050: + "security"
051: + File.separator + "cacerts";
052:
053: // Default password for cacerts keystore
054: private static final char[] defaultCacertsPass = { 'c', 'h', 'a',
055: 'n', 'g', 'e', 'i', 't' };
056:
057: // the keystore to work with
058: private KeyStore keyStore;
059:
060: // shows should the keystore be saved or not;
061: private boolean needSaveKS;
062:
063: // path to the keystore or certstore depending on a command.
064: private String storePath;
065:
066: // type of the store. Default type is set in java.security file.
067: private String storeType = KeyStore.getDefaultType();
068:
069: // the name of the provider to use if specific provider is not given
070: private String provider;
071:
072: // the name of the provider to work with certificates
073: private String certProvider;
074:
075: // the name of the provider to work with keys
076: private String keyProvider;
077:
078: // the name of the provider to work with message digests
079: private String mdProvider;
080:
081: // the name of the provider to work with signatures
082: private String sigProvider;
083:
084: // the name of the provider to work with keystore
085: private String ksProvider;
086:
087: // the name of the provider to work with keystore to convert to
088: private String convKsProvider;
089:
090: // alias to access an entry in keystore
091: private String alias;
092:
093: // algorithm name to get instance of KeyPairGenerator, KeyFactory, etc.
094: private String keyAlg;
095:
096: // digital signature algorithm
097: private String sigAlg;
098:
099: // X.500 Distinguished Name to generate a certificate
100: private String dName;
101:
102: // name of the file to import/export certificates
103: private String fileName;
104:
105: // alias to access the issuer's certificate (certificate which a newly
106: // generated certificate can be signed with)
107: private String issuerAlias;
108:
109: // file with CRLs
110: private String crlFile;
111:
112: // used in keyclone. Shows the destination alias to copy key pair to
113: private String destAlias;
114:
115: // password to access the store
116: private char[] storePass;
117:
118: // password to access the key entry
119: private char[] keyPass;
120:
121: // new password to change the old one to
122: private char[] newPasswd;
123:
124: // password to access the issuer's certificate (see issuerAlias)
125: private char[] issuerPass;
126:
127: // size of the key to generate
128: private int keySize = 1024;
129:
130: // validity period of the generated certificate in days from the current
131: // moment
132: private int validity = 90;
133:
134: // X.509 protocol version to use when generating a certificate
135: private int X509version = 3;
136:
137: // certificate serial number
138: private int certSerialNr;
139:
140: // should the unspecified parameters be prompted for or not
141: private boolean noPrompt;
142:
143: // used in import. Should the certificates from cacerts file be considered
144: // for the chain of trust or not
145: private boolean trustCACerts;
146:
147: // should the certificate be printed or exported in printable or binary
148: // format
149: private boolean rfc;
150:
151: // should the keytool print the detailed information on the operation or not
152: private boolean verbose;
153:
154: // should a secret key or a key pair be generated
155: private boolean isSecretKey;
156:
157: // should the generated certificate ba a CA certificate or not
158: private boolean isCA;
159:
160: // path to the keystore to convert the current keystore to
161: private String convertedKeyStorePath;
162:
163: // type of the keystore to convert the current keystore to
164: private String convertedKeyStoreType;
165:
166: // password to the keystore to convert the current keystore to
167: private char[] convertedKeyStorePass;
168:
169: // should the key entries be converted or not
170: private boolean convertKeyEntries;
171:
172: // location of cacerts file
173: private String cacertsPath;
174:
175: // password for cacerts keystore
176: private char[] cacertsPass;
177:
178: // cacerts keystore containing the certificates from root
179: // certificate authorities (usually self-signed)
180: private KeyStore cacerts;
181:
182: // topic to print help on
183: private String helpTopic;
184:
185: // command to perform
186: private Command command = Command.HELP;
187:
188: /**
189: * The method sets the fields to default values. If there is not a default
190: * value the field is set to null.
191: */
192: void setDefault() {
193: keyStore = null;
194: needSaveKS = false;
195: storePath = null;
196: storeType = KeyStore.getDefaultType();
197: provider = null;
198: certProvider = null;
199: keyProvider = null;
200: mdProvider = null;
201: sigProvider = null;
202: ksProvider = null;
203: convKsProvider = null;
204: helpTopic = null;
205: storePass = null;
206: alias = null;
207: keyAlg = null;
208: keySize = 1024;
209: sigAlg = null;
210: dName = null;
211: keyPass = null;
212: newPasswd = null;
213: validity = 90;
214: fileName = null;
215: noPrompt = false;
216: trustCACerts = false;
217: rfc = false;
218: verbose = false;
219: isSecretKey = false;
220: issuerAlias = null;
221: issuerPass = null;
222: X509version = 3;
223: certSerialNr = 0;
224: isCA = false;
225: convertedKeyStorePath = null;
226: convertedKeyStoreType = null;
227: convertedKeyStorePass = null;
228: convertKeyEntries = false;
229: cacertsPath = null;
230: cacertsPass = null;
231: cacerts = null;
232: crlFile = null;
233: command = Command.HELP;
234: }
235:
236: // getters and setters down here.
237: /**
238: * @return Returns the keystore to work with.
239: * @throws IOException
240: * @throws NoSuchProviderException
241: * @throws KeyStoreException
242: * @throws FileNotFoundException
243: * @throws CertificateException
244: * @throws NoSuchAlgorithmException
245: */
246: KeyStore getKeyStore() throws NoSuchAlgorithmException,
247: CertificateException, FileNotFoundException,
248: KeyStoreException, NoSuchProviderException, IOException {
249: if (keyStore == null) {
250: KeytoolKSLoaderSaver.loadStore(this );
251: }
252: return keyStore;
253: }
254:
255: /**
256: * @param keyStore
257: * The KeyStore to set as keystore worked with.
258: */
259: void setKeyStore(KeyStore keyStore) {
260: this .keyStore = keyStore;
261: }
262:
263: /**
264: * @return Returns true if keystore is to be saved, false - otherwise.
265: */
266: public boolean isNeedSaveKS() {
267: return needSaveKS;
268: }
269:
270: /**
271: * @param needSaveKS -
272: * if true keystore is to be saved, if false - it is not.
273: */
274: public void setNeedSaveKS(boolean needSaveKS) {
275: this .needSaveKS = needSaveKS;
276: }
277:
278: /**
279: * @return Returns the alias used to access the keystore entry.
280: */
281: String getAlias() {
282: return alias;
283: }
284:
285: /**
286: * @param alias
287: * The alias to access the keystore entry.
288: */
289: public void setAlias(String alias) {
290: this .alias = alias;
291: }
292:
293: /**
294: * @return Returns the alias to access the issuer's certificate (certificate
295: * which a newly generated certificate can be signed with)
296: */
297: String getIssuerAlias() {
298: return issuerAlias;
299: }
300:
301: /**
302: * @param issuerAlias
303: * The alias to access the issuer's certificate (certificate
304: * which a newly generated certificate can be signed with)
305: */
306: public void setIssuerAlias(String issuerAlias) {
307: this .issuerAlias = issuerAlias;
308: }
309:
310: /**
311: * @return Returns path to a file with CRLs.
312: */
313: String getCrlFile() {
314: return crlFile;
315: }
316:
317: /**
318: * @param crlFile
319: * path to a file with CRLs.
320: */
321: public void setCrlFile(String crlStore) {
322: this .crlFile = crlStore;
323: }
324:
325: /**
326: * @return Returns the destination alias to copy key pair to
327: */
328: String getDestAlias() {
329: return destAlias;
330: }
331:
332: /**
333: * @param destAlias
334: * The destination alias to copy key pair to
335: */
336: public void setDestAlias(String destAlias) {
337: this .destAlias = destAlias;
338: }
339:
340: /**
341: * @return Returns the certificate serial number
342: */
343: int getCertSerialNr() {
344: return certSerialNr;
345: }
346:
347: /**
348: * @param certSerialNr
349: * The certificate serial number
350: */
351: public void setCertSerialNr(int certSerialNr) {
352: this .certSerialNr = certSerialNr;
353: }
354:
355: /**
356: * @return Returns the command to perform
357: */
358: Command getCommand() {
359: return command;
360: }
361:
362: /**
363: * @param command
364: * The command to perform
365: */
366: public void setCommand(Command command) {
367: this .command = command;
368: }
369:
370: /**
371: * @return Returns the X.500 Distinguished Name to generate a certificate
372: */
373: String getDName() {
374: return dName;
375: }
376:
377: /**
378: * @param name
379: * The X.500 Distinguished Name to generate a certificate
380: */
381: public void setDName(String name) {
382: dName = name;
383: }
384:
385: /**
386: * @return Returns the name of the file to import/export certificates
387: */
388: String getFileName() {
389: return fileName;
390: }
391:
392: /**
393: * @param fileName
394: * The name of the file to import/export certificates
395: */
396: public void setFileName(String fileName) {
397: this .fileName = fileName;
398: }
399:
400: /**
401: * @return Returns the algorithm name to get instance of KeyPairGenerator,
402: * KeyFactory, etc.
403: */
404: String getKeyAlg() {
405: return keyAlg;
406: }
407:
408: /**
409: * @param keyAlg
410: * algorithm name to get instance of KeyPairGenerator,
411: * KeyFactory, etc.
412: */
413: public void setKeyAlg(String keyAlg) {
414: this .keyAlg = keyAlg;
415: }
416:
417: /**
418: * @return Returns the password to access the key entry
419: */
420: char[] getKeyPass() {
421: return keyPass;
422: }
423:
424: /**
425: * @param keyPass
426: * password to access the key entry
427: */
428: public void setKeyPass(char[] keyPass) {
429: this .keyPass = keyPass;
430: }
431:
432: /**
433: * @return Returns the size of the key to generate
434: */
435: int getKeySize() {
436: return keySize;
437: }
438:
439: /**
440: * @param keySize
441: * The size of the key to generate
442: */
443: public void setKeySize(int keySize) {
444: this .keySize = keySize;
445: }
446:
447: /**
448: * @return Returns the new password to change the old one to
449: */
450: char[] getNewPasswd() {
451: return newPasswd;
452: }
453:
454: /**
455: * @param newPasswd
456: * The new password to change the old one to
457: */
458: public void setNewPasswd(char[] newPasswd) {
459: this .newPasswd = newPasswd;
460: }
461:
462: /**
463: * @return password to access the issuer's certificate (certificate which a
464: * newly generated certificate can be signed with)
465: */
466: char[] getIssuerPass() {
467: return issuerPass;
468: }
469:
470: /**
471: * @param issuerPass
472: * password to access the issuer's certificate (certificate which
473: * a newly generated certificate can be signed with)
474: */
475: public void setIssuerPass(char[] issuerPass) {
476: this .issuerPass = issuerPass;
477: }
478:
479: /**
480: * @return Returns true if unspecified parameters should be prompted for,
481: * false - otherwise
482: */
483: boolean isNoPrompt() {
484: return noPrompt;
485: }
486:
487: /**
488: * @param noPrompt
489: * Set true if unspecified parameters should be prompted for,
490: * false if not
491: */
492: public void setNoPrompt(boolean noPrompt) {
493: this .noPrompt = noPrompt;
494: }
495:
496: /**
497: * @return Returns the name of the provider to use if specific provider is
498: * not given
499: */
500: String getProvider() {
501: return provider;
502: }
503:
504: /**
505: * @param provider
506: * the name of the provider to use if specific provider is not
507: * given
508: */
509: public void setProvider(String provider) {
510: this .provider = provider;
511: }
512:
513: /**
514: * @return the name of the provider to work with certificates
515: */
516: String getCertProvider() {
517: return certProvider;
518: }
519:
520: /**
521: * @param certProvider
522: * the name of the provider to work with certificates
523: */
524: public void setCertProvider(String certProvider) {
525: this .certProvider = certProvider;
526: }
527:
528: /**
529: * @return the name of the provider to work with keystore to convert the
530: * main keystore to
531: */
532: String getConvKsProvider() {
533: return convKsProvider;
534: }
535:
536: /**
537: * @param convKsProvider
538: * the name of the provider to work with keystore to convert the
539: * main keystore to
540: */
541: public void setConvKsProvider(String convKsProvider) {
542: this .convKsProvider = convKsProvider;
543: }
544:
545: /**
546: * @return the name of the provider to work with keys
547: */
548: String getKeyProvider() {
549: return keyProvider;
550: }
551:
552: /**
553: * @param keyProvider
554: * the name of the provider to work with keys
555: */
556: public void setKeyProvider(String keyProvider) {
557: this .keyProvider = keyProvider;
558: }
559:
560: /**
561: * @return the name of the provider to work with keystore
562: */
563: String getKsProvider() {
564: return ksProvider;
565: }
566:
567: /**
568: * @param ksProvider
569: * the name of the provider to work with keystore
570: */
571: public void setKsProvider(String ksProvider) {
572: this .ksProvider = ksProvider;
573: }
574:
575: /**
576: * @return the name of the provider to work with message digests
577: */
578: String getMdProvider() {
579: return mdProvider;
580: }
581:
582: /**
583: * @param mdProvider
584: * the name of the provider to work with message digests
585: */
586: public void setMdProvider(String mdProvider) {
587: this .mdProvider = mdProvider;
588: }
589:
590: /**
591: * @return the name of the provider to work with signatures
592: */
593: String getSigProvider() {
594: return sigProvider;
595: }
596:
597: /**
598: * @param sigProvider
599: * the name of the provider to work with signatures
600: */
601: public void setSigProvider(String sigProvider) {
602: this .sigProvider = sigProvider;
603: }
604:
605: /**
606: * @return Returns true if the certificate should be printed or exported in
607: * printable format, false - if in binary format
608: */
609: boolean isRfc() {
610: return rfc;
611: }
612:
613: /**
614: * @param rfc
615: * set true if the certificate should be printed or exported in
616: * printable format, false - if in binary format
617: */
618: public void setRfc(boolean rfc) {
619: this .rfc = rfc;
620: }
621:
622: /**
623: * @return Returns true if a secret key should be generated, false - if a
624: * key pair.
625: */
626: boolean isSecretKey() {
627: return isSecretKey;
628: }
629:
630: /**
631: * @param isSecretKey
632: * set true if a secret key should be generated, false - if a key
633: * pair.
634: */
635: public void setSecretKey(boolean secretKey) {
636: this .isSecretKey = secretKey;
637: }
638:
639: /**
640: * @return true if the generated certificate should be a CA certificate,
641: * false - otherwise
642: */
643: boolean isCA() {
644: return isCA;
645: }
646:
647: /**
648: * @param isCA
649: * set true if the generated certificate should be a CA
650: * certificate, false - otherwise
651: */
652: public void setCA(boolean isCA) {
653: this .isCA = isCA;
654: }
655:
656: /**
657: * @return Returns the digital signature algorithm
658: */
659: String getSigAlg() {
660: return sigAlg;
661: }
662:
663: /**
664: * @param sigAlg
665: * The digital signature algorithm to set.
666: */
667: public void setSigAlg(String sigAlg) {
668: this .sigAlg = sigAlg;
669: }
670:
671: /**
672: * @return Returns the password to access the store
673: */
674: char[] getStorePass() {
675: return storePass;
676: }
677:
678: /**
679: * @param storePass
680: * The password to access the store
681: */
682: public void setStorePass(char[] storePass) {
683: this .storePass = storePass;
684: }
685:
686: /**
687: * @return Returns the type of the store
688: */
689: String getStoreType() {
690: return storeType;
691: }
692:
693: /**
694: * @param storeType
695: * The type of the store to set.
696: */
697: public void setStoreType(String storeType) {
698: this .storeType = storeType;
699: }
700:
701: /**
702: * @return Returns true if the certificates from cacerts file should be
703: * considered for the chain of trust, false - if not
704: */
705: boolean isTrustCACerts() {
706: return trustCACerts;
707: }
708:
709: /**
710: * @param trustCACerts
711: * set true if the certificates from cacerts file should be
712: * considered for the chain of trust, false - if not.
713: */
714: public void setTrustCACerts(boolean trustCACerts) {
715: this .trustCACerts = trustCACerts;
716: }
717:
718: /**
719: * @return Returns the validity period of the generated certificate in days
720: * from the current moment
721: */
722: int getValidity() {
723: return validity;
724: }
725:
726: /**
727: * @param validity
728: * The validity period of the generated certificate in days from
729: * the current moment
730: */
731: public void setValidity(int validity) {
732: this .validity = validity;
733: }
734:
735: /**
736: * @return Returns true if the keytool should print the detailed information
737: * on the operation, false - if not
738: */
739: boolean isVerbose() {
740: return verbose;
741: }
742:
743: /**
744: * @param verbose
745: * set true if the keytool should print the detailed information
746: * on the operation, false - if not
747: */
748: public void setVerbose(boolean verbose) {
749: this .verbose = verbose;
750: }
751:
752: /**
753: * @return Returns the X.509 protocol version to use when generating a
754: * certificate
755: */
756: int getX509version() {
757: return X509version;
758: }
759:
760: /**
761: * @param x509version
762: * The X.509 protocol version to use when generating a
763: * certificate
764: */
765: public void setX509version(int x509version) {
766: X509version = x509version;
767: }
768:
769: /**
770: * @return Returns path to the keystore or certstore depending on a command.
771: */
772: String getStorePath() {
773: return storePath;
774: }
775:
776: /**
777: * @param storePath
778: * The path to the keystore or certstore (depending on a
779: * command).
780: */
781: public void setStorePath(String storePath) {
782: this .storePath = storePath;
783: }
784:
785: /**
786: * @return password for the keystore to convert the current keystore to
787: */
788: char[] getConvertedKeyStorePass() {
789: return convertedKeyStorePass;
790: }
791:
792: /**
793: * @param convertedKeyStorePass
794: * password for the keystore to convert the current keystore to
795: */
796: public void setConvertedKeyStorePass(char[] convertedKeyStorePass) {
797: this .convertedKeyStorePass = convertedKeyStorePass;
798: }
799:
800: /**
801: * @return path to the keystore to convert the current keystore to
802: */
803: String getConvertedKeyStorePath() {
804: return convertedKeyStorePath;
805: }
806:
807: /**
808: * @param convertedKeyStorePath
809: * path to the keystore to convert the current keystore to
810: */
811: public void setConvertedKeyStorePath(String convertedKeyStorePath) {
812: this .convertedKeyStorePath = convertedKeyStorePath;
813: }
814:
815: /**
816: * @return type of the keystore to convert the current keystore to
817: */
818: String getConvertedKeyStoreType() {
819: return convertedKeyStoreType;
820: }
821:
822: /**
823: * @param convertedKeyStoreType
824: * type of the keystore to convert the current keystore to
825: */
826: public void setConvertedKeyStoreType(String convertedKeyStoreType) {
827: this .convertedKeyStoreType = convertedKeyStoreType;
828: }
829:
830: /**
831: * @return true if key entries should be converted, false - if not
832: */
833: boolean isConvertKeyEntries() {
834: return convertKeyEntries;
835: }
836:
837: /**
838: * @param convertKeyEnties
839: * set true if key entries should be converted, false - if not
840: */
841: public void setConvertKeyEntries(boolean convertKeyEnties) {
842: this .convertKeyEntries = convertKeyEnties;
843: }
844:
845: /**
846: * @return Returns the location of cacerts file, containing the certificates
847: * from root certificate authorities (usually self-signed).
848: */
849: String getCacertsPath() {
850: if (cacertsPath != null) {
851: return cacertsPath;
852: } else {
853: return defaultCacertsPath;
854: }
855: }
856:
857: /**
858: * @param cacertsPath
859: * the location of cacerts file, containing the certificates from
860: * root certificate authorities (usually self-signed).
861: */
862: public void setCacertsPath(String cacertsPath) {
863: this .cacertsPath = cacertsPath;
864: }
865:
866: /**
867: * @return password for cacerts keystore
868: */
869: char[] getCacertsPass() {
870: if (cacertsPass != null) {
871: return cacertsPass;
872: } else {
873: return defaultCacertsPass;
874: }
875: }
876:
877: /**
878: * @param cacertsPass
879: * password for cacerts keystore
880: */
881: public void setCacertsPass(char[] cacertsPass) {
882: this .cacertsPass = cacertsPass;
883: }
884:
885: /**
886: * @return cacerts keystore containing the certificates from root
887: * certificate authorities (usually self-signed)
888: * @throws IOException
889: * @throws NoSuchProviderException
890: * @throws CertificateException
891: * @throws NoSuchAlgorithmException
892: * @throws KeyStoreException
893: * @throws FileNotFoundException
894: */
895: KeyStore getCacerts() throws FileNotFoundException,
896: KeyStoreException, NoSuchAlgorithmException,
897: CertificateException, NoSuchProviderException, IOException {
898: if (cacerts == null) {
899: String keyStoreProv = (ksProvider != null) ? ksProvider
900: : provider;
901: cacerts = KeyStoreLoaderSaver.loadStore(getCacertsPath(),
902: storeType, getCacertsPass(), keyStoreProv);
903: }
904: return cacerts;
905: }
906:
907: /**
908: * @param cacerts
909: * keystore containing the certificates from root certificate
910: * authorities (usually self-signed)
911: */
912: void setCacerts(KeyStore cacerts) {
913: this .cacerts = cacerts;
914: }
915:
916: /**
917: * @return topic to print help on
918: */
919: String getHelpTopic() {
920: return helpTopic;
921: }
922:
923: /**
924: * @param helpTopic
925: * topic to print help on
926: */
927: public void setHelpTopic(String helpTopic) {
928: this.helpTopic = helpTopic;
929: }
930: }
|