Package org.alfresco.encryption
Class AlfrescoKeyStoreImpl
java.lang.Object
org.alfresco.encryption.AlfrescoKeyStoreImpl
- All Implemented Interfaces:
AlfrescoKeyStore
This wraps a Java Keystore and caches the encryption keys. It manages the loading and caching of the encryption keys
and their registration with and validation against the encryption key registry.
- Since:
- 4.0
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic class
static class
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected KeyMap
protected KeyStoreParameters
protected EncryptionKeysRegistry
protected KeyResourceLoader
protected KeyMap
protected KeyStoreParameters
protected final ReentrantReadWriteLock.ReadLock
protected boolean
protected final ReentrantReadWriteLock.WriteLock
Fields inherited from interface org.alfresco.encryption.AlfrescoKeyStore
KEY_KEYSTORE_PASSWORD
-
Constructor Summary
ConstructorsConstructorDescriptionAlfrescoKeyStoreImpl
(KeyStoreParameters keyStoreParameters, KeyResourceLoader keyResourceLoader) -
Method Summary
Modifier and TypeMethodDescriptionvoid
backup()
Backup the keystore to the backup location.boolean
protected KeyMap
cacheKeys
(KeyStore ks, AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager) void
create()
Create the key store if it doesn't exist.protected void
Create an array of key managers from keys in the key store.protected void
createKeyStore
(KeyStoreParameters keyStoreParameters, KeyMap keys) Create an array of trust managers from certificates in the key store.boolean
exists()
Does the underlying key store exist?getBackupKey
(String keyAlias) Return the backup key with the given key alias.The backup key store parameters.Return the key with the given key alias.Return all key aliases in the key store.protected AlfrescoKeyStoreImpl.KeyInfoManager
getKeyInfoManager
(String metadataFileLocation) Deprecated.protected AlfrescoKeyStoreImpl.KeyInfoManager
getKeyInfoManager
(KeyStoreParameters keyStoreParameters) protected OutputStream
The key store parameters.protected InputStream
getKeyStoreStream
(String location) long
getKeyTimestamp
(String keyAlias) Return the timestamp (in ms) of when the key was last loaded from the keystore on disk.getName()
The name of the keystore.protected Key
getSecretKey
(AlfrescoKeyStoreImpl.KeyInformation keyInformation) void
init()
protected KeyStore
initialiseKeyStore
(String type, String provider) protected boolean
keyStoreExists
(String location) protected KeyStore
loadKeyStore
(KeyStoreParameters keyStoreParameters, AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager) void
reload()
Reload the keys from the key store.void
setBackupKeyStoreParameters
(KeyStoreParameters backupKeyStoreParameters) void
setEncryptionKeysRegistry
(EncryptionKeysRegistry encryptionKeysRegistry) void
setKeyResourceLoader
(KeyResourceLoader keyResourceLoader) void
setKeyStoreParameters
(KeyStoreParameters keyStoreParameters) void
setKeysToValidate
(Set<String> keysToValidate) void
setValidateKeyChanges
(boolean validateKeyChanges) void
Check that the keys in the key store are valid i.e.protected void
validateKeys
(KeyMap keys, KeyMap backupKeys)
-
Field Details
-
keyStoreParameters
-
backupKeyStoreParameters
-
keyResourceLoader
-
encryptionKeysRegistry
-
keys
-
backupKeys
-
writeLock
-
readLock
-
validateKeyChanges
protected boolean validateKeyChanges
-
-
Constructor Details
-
AlfrescoKeyStoreImpl
public AlfrescoKeyStoreImpl() -
AlfrescoKeyStoreImpl
public AlfrescoKeyStoreImpl(KeyStoreParameters keyStoreParameters, KeyResourceLoader keyResourceLoader)
-
-
Method Details
-
init
public void init() -
setEncryptionKeysRegistry
-
setValidateKeyChanges
public void setValidateKeyChanges(boolean validateKeyChanges) -
setKeysToValidate
-
setKeyStoreParameters
-
setBackupKeyStoreParameters
-
setKeyResourceLoader
-
getKeyStoreParameters
Description copied from interface:AlfrescoKeyStore
The key store parameters.- Specified by:
getKeyStoreParameters
in interfaceAlfrescoKeyStore
- Returns:
- KeyStoreParameters
-
getBackupKeyStoreParameters
Description copied from interface:AlfrescoKeyStore
The backup key store parameters.- Specified by:
getBackupKeyStoreParameters
in interfaceAlfrescoKeyStore
- Returns:
- * @return
-
getKeyResourceLoader
-
getName
The name of the keystore.- Specified by:
getName
in interfaceAlfrescoKeyStore
- Returns:
- the name of the keystore.
-
validateKeys
Check that the keys in the key store are valid i.e. that they match those registered.- Specified by:
validateKeys
in interfaceAlfrescoKeyStore
- Throws:
InvalidKeystoreException
MissingKeyException
-
exists
public boolean exists()Does the underlying key store exist?- Specified by:
exists
in interfaceAlfrescoKeyStore
- Returns:
- true if it exists, false otherwise
-
reload
Reload the keys from the key store.- Specified by:
reload
in interfaceAlfrescoKeyStore
- Throws:
InvalidKeystoreException
MissingKeyException
-
getKeyAliases
Return all key aliases in the key store.- Specified by:
getKeyAliases
in interfaceAlfrescoKeyStore
- Returns:
- Set
-
backup
public void backup()Backup the keystore to the backup location. Write the keys to the backup keystore.- Specified by:
backup
in interfaceAlfrescoKeyStore
-
create
public void create()Create the key store if it doesn't exist. A key for each key alias will be written to the keystore on disk, either from the cached keys or, if not present, a key will be generated.- Specified by:
create
in interfaceAlfrescoKeyStore
-
getKey
Return the key with the given key alias.- Specified by:
getKey
in interfaceAlfrescoKeyStore
- Parameters:
keyAlias
- String- Returns:
- Key
-
getKeyTimestamp
Return the timestamp (in ms) of when the key was last loaded from the keystore on disk.- Specified by:
getKeyTimestamp
in interfaceAlfrescoKeyStore
- Parameters:
keyAlias
- String- Returns:
- long
-
getBackupKey
Return the backup key with the given key alias.- Specified by:
getBackupKey
in interfaceAlfrescoKeyStore
- Parameters:
keyAlias
- String- Returns:
- Key
-
createKeyManagers
Create an array of key managers from keys in the key store.- Specified by:
createKeyManagers
in interfaceAlfrescoKeyStore
- Returns:
- KeyManager[]
-
createTrustManagers
Create an array of trust managers from certificates in the key store.- Specified by:
createTrustManagers
in interfaceAlfrescoKeyStore
- Returns:
- TrustManager[]
-
getKeyStoreStream
- Throws:
FileNotFoundException
-
getKeyStoreOutStream
- Throws:
FileNotFoundException
-
getKeyInfoManager
protected AlfrescoKeyStoreImpl.KeyInfoManager getKeyInfoManager(KeyStoreParameters keyStoreParameters) throws IOException - Throws:
IOException
-
getKeyInfoManager
@Deprecated protected AlfrescoKeyStoreImpl.KeyInfoManager getKeyInfoManager(String metadataFileLocation) throws IOException Deprecated.- Throws:
IOException
-
cacheKeys
protected KeyMap cacheKeys(KeyStore ks, AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException -
initialiseKeyStore
-
loadKeyStore
protected KeyStore loadKeyStore(KeyStoreParameters keyStoreParameters, AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager) -
createKey
-
createKeyStore
-
getSecretKey
protected Key getSecretKey(AlfrescoKeyStoreImpl.KeyInformation keyInformation) throws AlfrescoRuntimeException, NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException -
backupExists
public boolean backupExists() -
keyStoreExists
-
validateKeys
protected void validateKeys(KeyMap keys, KeyMap backupKeys) throws InvalidKeystoreException, MissingKeyException
-