Package com.couchbase.lite
Class TLSIdentity
java.lang.Object
com.couchbase.lite.internal.BaseTLSIdentity
com.couchbase.lite.TLSIdentity
- All Implemented Interfaces:
AutoCloseable
public final class TLSIdentity
extends com.couchbase.lite.internal.BaseTLSIdentity
ENTERPRISE EDITION API
TLSIdentity provides the identity information obtained from the given KeyStore, including a private key and X.509 certificate chain. TLSIdentities are backed by the canonical AndroidKeyStore and do not extract private key materials. The TLSIdentity is used by URLEndpointListeners and by Replicator, to set up certificate authenticated TLS communication.
-
Field Summary
Fields inherited from class com.couchbase.lite.internal.BaseTLSIdentity
CERT_ATTRIBUTE_COMMON_NAME, CERT_ATTRIBUTE_COUNTRY, CERT_ATTRIBUTE_EMAIL_ADDRESS, CERT_ATTRIBUTE_GIVEN_NAME, CERT_ATTRIBUTE_HOSTNAME, CERT_ATTRIBUTE_IP_ADDRESS, CERT_ATTRIBUTE_LOCALITY, CERT_ATTRIBUTE_ORGANIZATION, CERT_ATTRIBUTE_ORGANIZATION_UNIT, CERT_ATTRIBUTE_POSTAL_ADDRESS, CERT_ATTRIBUTE_POSTAL_CODE, CERT_ATTRIBUTE_PSEUDONYM, CERT_ATTRIBUTE_REGISTERED_ID, CERT_ATTRIBUTE_STATE_OR_PROVINCE, CERT_ATTRIBUTE_SURNAME, CERT_ATTRIBUTE_URL -
Method Summary
Modifier and TypeMethodDescriptionstatic TLSIdentitycreatedSignedIdentityInsecure(Set<KeyUsage> usage, Map<String, String> attributes, byte[] caKey, byte[] caCertificate, Date expiration, String alias) Create a certificate signed by the provided CA.static TLSIdentityDeprecated.static TLSIdentityCreate self-signed certificate and private key, store them in the canonical keystore, and return a identity backed by the new entry.static voiddeleteIdentity(String alias) Deletes an identity previously created under the given alias.static TLSIdentitygetIdentity(String alias) Get a TLSIdentity backed by the information for the passed alias.Methods inherited from class com.couchbase.lite.internal.BaseTLSIdentity
close, getAlias, getCert, getCerts, getExpiration, getKeyPair, getManager
-
Method Details
-
getIdentity
@Nullable public static TLSIdentity getIdentity(@NonNull String alias) throws CouchbaseLiteException Get a TLSIdentity backed by the information for the passed alias.- Parameters:
alias- the keystore alias for the identities entry.- Returns:
- the identity
- Throws:
CouchbaseLiteException- on failure to get identity
-
createIdentity
@Deprecated @NonNull public static TLSIdentity createIdentity(boolean isServer, @NonNull Map<String, String> attributes, @Nullable Date expiration, @NonNull String alias) throws CouchbaseLiteExceptionDeprecated.UsecreateIdentity(Set, Map, Date, String)instead.Create self-signed certificate and private key, store them in the canonical keystore, and return a identity backed by the new entry. The identity will be stored in the secure storage using the specified alias and can be recovered using that alias, after this method returns.- Parameters:
isServer- true if this is a server certificateattributes- certificate attributesexpiration- expiration datealias- alias used to identify the key/certificate entry, in the keystore- Returns:
- the new identity
- Throws:
CouchbaseLiteException- on failure to get identity
-
createIdentity
@NonNull public static TLSIdentity createIdentity(@NonNull Set<KeyUsage> usage, @NonNull Map<String, String> attributes, @Nullable Date expiration, @NonNull String alias) throws CouchbaseLiteExceptionCreate self-signed certificate and private key, store them in the canonical keystore, and return a identity backed by the new entry. The identity will be stored in the secure storage using the specified alias and can be recovered using that alias, after this method returns.- Parameters:
usage- certificate usage: server or clientattributes- certificate attributesexpiration- expiration datealias- alias used to identify the key/certificate entry, in the keystore- Returns:
- the new identity
- Throws:
CouchbaseLiteException- on failure to get identity
-
createdSignedIdentityInsecure
@NonNull public static TLSIdentity createdSignedIdentityInsecure(@NonNull Set<KeyUsage> usage, @NonNull Map<String, String> attributes, @NonNull byte[] caKey, @NonNull byte[] caCertificate, @Nullable Date expiration, @NonNull String alias) throws CouchbaseLiteExceptionCreate a certificate signed by the provided CA. This is inherently insecure and should only be used in environments that are meant for testing, or environments that are otherwise secured against intruders by other mechanisms. The created identity key will be stored in the secure storage using the specified alias, while the certificate will be stored in a separate KeyStore on the filesystem. Neither the CA certificate nor the CA signing key will be stored anywhere. The identity can be recovered using the provided alias, after this method returns.- Parameters:
usage- certificate usage: server or clientattributes- certificate attributescaKey- The PEM or DER data of the CA signing keycaCertificate- The PEM or DER data of the CA certificateexpiration- expiration datealias- alias used to identify the key/certificate entry, in the keystore- Returns:
- the new identity
- Throws:
CouchbaseLiteException- on failure to create
-
deleteIdentity
Deletes an identity previously created under the given alias. This method must be used to delete an identity created bycreatedSignedIdentityInsecure(Set, Map, byte[], byte[], Date, String).- Parameters:
alias- The alias used to create the TLSIdentity- Throws:
CouchbaseLiteException- if an error occurred loading or using the various key stores in play
-
createIdentity(Set, Map, Date, String)instead.