// CkJavaKeyStore.h: interface for the CkJavaKeyStore class. // ////////////////////////////////////////////////////////////////////// // This header is generated for Chilkat 11.3.0 #define _CkVersion 11.3.0 #ifndef _CkJavaKeyStore_H #define _CkJavaKeyStore_H #include "chilkatDefs.h" #include "CkString.h" #include "CkMultiByteBase.h" class CkPfx; class CkCert; class CkCertChain; class CkPrivateKey; class CkBinData; class CkByteData; class CkJsonObject; class CkStringBuilder; class CkPem; class CkXmlCertVault; #if !defined(__sun__) && !defined(__sun) #pragma pack (push, 8) #endif #undef Copy // CLASS: CkJavaKeyStore class CK_VISIBLE_PUBLIC CkJavaKeyStore : public CkMultiByteBase { private: // Don't allow assignment or copying these objects. CkJavaKeyStore(const CkJavaKeyStore &); CkJavaKeyStore &operator=(const CkJavaKeyStore &); public: CkJavaKeyStore(void); virtual ~CkJavaKeyStore(void); static CkJavaKeyStore *createNew(void); static CkJavaKeyStore *createNew2(int progLang); void CK_VISIBLE_PRIVATE inject(void *impl); // May be called when finished with the object to free/dispose of any // internal resources held by the object. void dispose(void); // BEGIN PUBLIC INTERFACE // ---------------------- // Properties // ---------------------- // The number of private keys contained within the keystore. Each private key has // an alias and certificate chain associated with it. int get_NumPrivateKeys(void); // The number of secret keys (such as AES keys) contained within the keystore. Each // secret key can have an alias associated with it. int get_NumSecretKeys(void); // The number of trusted certificates contained within the keystore. Each // certificate has an alias (identifying string) associated with it. int get_NumTrustedCerts(void); // If true, then adding a private key to the JKS only succeeds if the certificate // chain can be completed to the root certificate. A root certificate is either a // trusted CA root or a self-signed certificate. If false, then incomplete // certificate chains are allowed. The default value is true. bool get_RequireCompleteChain(void); // If true, then adding a private key to the JKS only succeeds if the certificate // chain can be completed to the root certificate. A root certificate is either a // trusted CA root or a self-signed certificate. If false, then incomplete // certificate chains are allowed. The default value is true. void put_RequireCompleteChain(bool newVal); // If true, then the keystore's keyed digest is required to pass validation // (password required) for any of the load methods (such as LoadFile, LoadBinary, // or LoadEncoded). If false, then a keystore may be loaded into memory without // password validation (if a null or empty string is passed to the load method). // The default value of this property is true. bool get_VerifyKeyedDigest(void); // If true, then the keystore's keyed digest is required to pass validation // (password required) for any of the load methods (such as LoadFile, LoadBinary, // or LoadEncoded). If false, then a keystore may be loaded into memory without // password validation (if a null or empty string is passed to the load method). // The default value of this property is true. void put_VerifyKeyedDigest(bool newVal); // ---------------------- // Methods // ---------------------- // Adds the contents of a PFX or PKCS #12 (.p12) to the Java keystore object. One // JKS entry per private key found in the PKCS12 is added. The certs found within // the PCKS12 are used to build the certificate chains for each private key. (A // typical PFX file contains a single private key along with its associated // certificate, and the certificates in the chain of authentication to the root CA // cert.) // // This method does not add trusted certificate entries to the JKS. // // The specified alias is applied to the 1st private key found. If the alias is // empty, then the alias is obtained from the cert/PFX in the following order of // preference: // 1. Certificate's subject common name // 2. Certificate's subject email address // 3. Certificate's friendly name found in the PKCS9 attributes of the PKCS12 // 4. Certificate's serial number // // If multiple private keys are found in the PKCS12, then all but the first will // automaticallly be assigned aliases using the preference just described. // // The UseCertVault method may be called to provide additional certificates for the // automatic construction of the certificate chains. If the RequireCompleteChain // property is set to true, then this method will fail if any certificate chain // is not completed to the root. The TrustedRoots class may be used to provide a // source for obtaining trusted CA roots if these are not already present within // the PKCS12. // bool AddPfx(CkPfx &pfx, const char *alias, const char *password); // Adds a private key entry to the JKS. Both the private key and certificate chain // are obtained from the certificate object that is passed in the 1st argument. // // If the alias is empty, then the alias is automatically chosen based on the // certificate's information, in the following order of preference: // 1. Certificate's subject common name // 2. Certificate's subject email address // 3. Certificate's serial number // // The UseCertVault method may be called to provide additional certificates for the // automatic construction of the certificate chains. If the RequireCompleteChain // property is set to true, then this method will fail if the certificate chain // is not completed to the root. The TrustedRoots class may be used to provide a // source for obtaining trusted CA roots. // bool AddPrivateKey(CkCert &cert, const char *alias, const char *password); // Adds a secret (symmetric) key entry to the JKS. This adds a symmetric key, which // is simply a number of binary bytes (such as 16 bytes for a 128-bit AES key). The // encodedKeyBytes provides the actual bytes of the symmetric key, in an encoded string form. // The encoding indicates the encoding of encodedKeyBytes (such as base64 , hex , base64url , // etc.) The algorithm describes the symmetric algorithm, such as AES . The alias is the // password used to seal (encrypt) the key bytes. // // Note: The algorithm describes the usage of the encodedKeyBytes. For example, if encodedKeyBytes contains // the 16 bytes of a 128-bit AES key, then algorithm should be set to AES . The actual // encryption algorithm used to seal the key within the JCEKS is // PBEWithMD5AndTripleDES, which is part of the JCEKS specification. // bool AddSecretKey(const char *encodedKeyBytes, const char *encoding, const char *algorithm, const char *alias, const char *password); // Adds a trusted certificate to the Java keystore object. bool AddTrustedCert(CkCert &cert, const char *alias); // Returns in certChain the certificate chain for the Nth private key in the keystore, // where the first private key is at index 0. bool CertChainAt(int index, CkCertChain &certChain); // Returns in certChain the certificate chain for the specified private key alias. bool CertChainOf(const char *alias, bool caseSensitive, CkCertChain &certChain); // Changes the password for a private key. bool ChangePassword(int index, const char *oldPassword, const char *newPassword); // Applications should instead call CertChainOf . // // Returns the certificate chain for the specified private key alias. // // The caller is responsible for deleting the object returned by this method. CkCertChain *FindCertChain(const char *alias, bool caseSensitive); // Applications should instead call PrivateKeyOf . // // Returns the private key associated with the given alias. // // The caller is responsible for deleting the object returned by this method. CkPrivateKey *FindPrivateKey(const char *password, const char *alias, bool caseSensitive); // Applications should instead call TrustedCertOf . // // Finds and returns the trusted certificate with the specified alias. // // The caller is responsible for deleting the object returned by this method. CkCert *FindTrustedCert(const char *alias, bool caseSensitive); // Applications should instead call CertChainAt . // // Returns the certificate chain for the Nth private key in the keystore, where the // first private key is at index 0. // // The caller is responsible for deleting the object returned by this method. CkCertChain *GetCertChain(int index); // Applications should instead call PrivateKeyAt . // // Returns the private key at index N in the keystore, where the first key is // indexed as 0. // // The caller is responsible for deleting the object returned by this method. CkPrivateKey *GetPrivateKey(const char *password, int index); // Returns the Nth private key alias contained within the keystore. The 1st private // key is at index 0. bool GetPrivateKeyAlias(int index, CkString &outStr); // Returns the Nth private key alias contained within the keystore. The 1st private // key is at index 0. const char *getPrivateKeyAlias(int index); // Returns the Nth private key alias contained within the keystore. The 1st private // key is at index 0. const char *privateKeyAlias(int index); // Returns the Nth secret key contained within the keystore. The 1st secret key is // at index 0. The bytes of the secret key are returned in the specified encoding. // (such as hex, base64, base64url, etc.) bool GetSecretKey(const char *password, int index, const char *encoding, CkString &outStr); // Returns the Nth secret key contained within the keystore. The 1st secret key is // at index 0. The bytes of the secret key are returned in the specified encoding. // (such as hex, base64, base64url, etc.) const char *getSecretKey(const char *password, int index, const char *encoding); // Returns the Nth secret key contained within the keystore. The 1st secret key is // at index 0. The bytes of the secret key are returned in the specified encoding. // (such as hex, base64, base64url, etc.) const char *secretKey(const char *password, int index, const char *encoding); // Returns the Nth secret key alias contained within the keystore. The 1st secret // key is at index 0. bool GetSecretKeyAlias(int index, CkString &outStr); // Returns the Nth secret key alias contained within the keystore. The 1st secret // key is at index 0. const char *getSecretKeyAlias(int index); // Returns the Nth secret key alias contained within the keystore. The 1st secret // key is at index 0. const char *secretKeyAlias(int index); // Applications should instead call TrustedCertAt . // // Returns the Nth trusted certificate contained within the keystore. The 1st // certificate is at index 0. // // The caller is responsible for deleting the object returned by this method. CkCert *GetTrustedCert(int index); // Returns the Nth trusted certificate alias contained within the keystore. The 1st // certificate is at index 0. bool GetTrustedCertAlias(int index, CkString &outStr); // Returns the Nth trusted certificate alias contained within the keystore. The 1st // certificate is at index 0. const char *getTrustedCertAlias(int index); // Returns the Nth trusted certificate alias contained within the keystore. The 1st // certificate is at index 0. const char *trustedCertAlias(int index); // Loads a Java keystore from the contents of bd. bool LoadBd(const char *password, CkBinData &bd); // Loads a Java keystore from in-memory byte data. bool LoadBinary(const char *password, CkByteData &jksData); // Loads a Java keystore from an encoded string (such as base64, hex, etc.) bool LoadEncoded(const char *password, const char *jksEncData, const char *encoding); // Loads a Java keystore from a file. bool LoadFile(const char *password, const char *path); // Loads the Java KeyStore from a JSON Web Key (JWK) Set. bool LoadJwkSet(const char *password, CkJsonObject &jwkSet); // Returns in privKey the private key at index in the keystore, where the first key is // at index 0. bool PrivateKeyAt(const char *password, int index, CkPrivateKey &privKey); // Returns in privKey the private key associated with the given alias. bool PrivateKeyOf(const char *password, const char *alias, bool caseSensitive, CkPrivateKey &privKey); // Removes the Nth trusted certificate or private key entry from the keystore. The // entryType indicates whether it is a trusted root or private key entry (1 = trusted // certificate entry, 2 = private key entry). The 1st entry is at index 0. bool RemoveEntry(int entryType, int index); // Sets the alias name for a trusted certificate or private key entry. The entryType // indicates whether it is a trusted root or private key entry (1 = trusted // certificate entry, 2 = private key entry). The 1st entry is at index 0. bool SetAlias(int entryType, int index, const char *alias); // Writes the key store to password. The bd is used for the keyed hash of the entire // JKS file. (Each private key within the file may use different passwords, and // these are provided when the private key is added via the AddPrivateKey method.) bool ToBd(const char *password, CkBinData &bd); // Writes the key store to in-memory bytes. The password is used for the keyed hash of // the entire JKS file. (Each private key within the file may use different // passwords, and these are provided when the private key is added via the // AddPrivateKey method.) bool ToBinary(const char *password, CkByteData &outBytes); // Writes the key store to an encoded string. The encoding can be any encoding such as // base64 or hex . The password is used for the keyed hash of the entire JKS file. // (Each private key within the file may use different passwords, and these are // provided when the private key is added via the AddPrivateKey method.) bool ToEncodedString(const char *password, const char *encoding, CkString &outStr); // Writes the key store to an encoded string. The encoding can be any encoding such as // base64 or hex . The password is used for the keyed hash of the entire JKS file. // (Each private key within the file may use different passwords, and these are // provided when the private key is added via the AddPrivateKey method.) const char *toEncodedString(const char *password, const char *encoding); // Writes the key store to a file. The password is used for the keyed hash of the // entire JKS file. (Each private key within the file may use different passwords, // and these are provided when the private key is added via the AddPrivateKey // method.) bool ToFile(const char *password, const char *path); // Returns the private keys in JSON JWK Set format. The JWK identifier (kid) will // be set from the key alias in the store. bool ToJwkSet(const char *password, CkStringBuilder &sbJwkSet); // Applications should instead call ToPemObj . // // Returns the Java KeyStore as a Pem object. // // The caller is responsible for deleting the object returned by this method. CkPem *ToPem(const char *password); // Returns the Java KeyStore as a Pem object in pemObj. bool ToPemObj(const char *password, CkPem &pemObj); // Applications should instead call ToPfxObj . // // Returns the Java KeyStore as a Pfx object. // // The caller is responsible for deleting the object returned by this method. CkPfx *ToPfx(const char *password); // Returns the Java KeyStore as a Pfx object in pfxObj. bool ToPfxObj(const char *password, CkPfx &pfxObj); // Returns the Nth trusted certificate from the keystore in cert, with the 1st // certificate at index 0. bool TrustedCertAt(int index, CkCert &cert); // Finds and returns in cert the trusted certificate with the specified alias. bool TrustedCertOf(const char *alias, bool caseSensitive, CkCert &cert); // Adds an XML certificate vault to the object's internal list of sources to be // searched for certificates for help in building certificate chains to a root // certificate. bool UseCertVault(CkXmlCertVault &vault); // END PUBLIC INTERFACE }; #if !defined(__sun__) && !defined(__sun) #pragma pack (pop) #endif #endif