PKIReader.java

/**
 * Copyright (c) 2009 - 2012 Red Hat, Inc.
 *
 * This software is licensed to you under the GNU General Public License,
 * version 2 (GPLv2). There is NO WARRANTY for this software, express or
 * implied, including the implied warranties of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
 * along with this software; if not, see
 * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
 *
 * Red Hat trademarks are not licensed under GPLv2. No permission is
 * granted to use or replicate Red Hat trademarks that are incorporated
 * in this software or its documentation.
 */
package org.candlepin.pki;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Set;

/**
 * A generic mechanism for reading CA certificates from an underlying datastore.
 */
public interface PKIReader {

    /**
     * Supplies the CA's {@link X509Certificate}.
     *
     * @return a new Cert
     * @throws IOException if a file can't be read or is not found
     * @throws CertificateException  if there is an error from the underlying cert factory
     */
    X509Certificate getCACert() throws IOException, CertificateException;

    Set<X509Certificate> getUpstreamCACerts()  throws IOException, CertificateException;

    /**
     * Supplies the CA's {@link PrivateKey}.
     *
     * @return a new PrivateKey
     * @throws IOException if a file can't be read or is not found
     * @throws GeneralSecurityException if something violated policy
     */
    PrivateKey getCaKey() throws IOException, GeneralSecurityException;

}