Package org.alfresco.encryption
Class AlfrescoKeyStoreImpl
- java.lang.Object
-
- org.alfresco.encryption.AlfrescoKeyStoreImpl
-
- All Implemented Interfaces:
AlfrescoKeyStore
public class AlfrescoKeyStoreImpl extends Object implements AlfrescoKeyStore
This wraps a Java Keystore and caches the encryption keys. It manages the loading and caching of the encryption keys and their registration with and validation against the encryption key registry.- Since:
- 4.0
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classAlfrescoKeyStoreImpl.KeyInfoManagerstatic classAlfrescoKeyStoreImpl.KeyInformation
-
Field Summary
Fields Modifier and Type Field Description protected KeyMapbackupKeysprotected KeyStoreParametersbackupKeyStoreParametersprotected EncryptionKeysRegistryencryptionKeysRegistryprotected KeyResourceLoaderkeyResourceLoaderprotected KeyMapkeysprotected KeyStoreParameterskeyStoreParametersprotected ReentrantReadWriteLock.ReadLockreadLockprotected booleanvalidateKeyChangesprotected ReentrantReadWriteLock.WriteLockwriteLock-
Fields inherited from interface org.alfresco.encryption.AlfrescoKeyStore
KEY_KEYSTORE_PASSWORD
-
-
Constructor Summary
Constructors Constructor Description AlfrescoKeyStoreImpl()AlfrescoKeyStoreImpl(KeyStoreParameters keyStoreParameters, KeyResourceLoader keyResourceLoader)
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description voidbackup()Backup the keystore to the backup location.booleanbackupExists()protected KeyMapcacheKeys(KeyStore ks, AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager)voidcreate()Create the key store if it doesn't exist.protected voidcreateKey(String keyAlias)KeyManager[]createKeyManagers()Create an array of key managers from keys in the key store.protected voidcreateKeyStore(KeyStoreParameters keyStoreParameters, KeyMap keys)TrustManager[]createTrustManagers()Create an array of trust managers from certificates in the key store.booleanexists()Does the underlying key store exist?KeygetBackupKey(String keyAlias)Return the backup key with the given key alias.KeyStoreParametersgetBackupKeyStoreParameters()The backup key store parameters.KeygetKey(String keyAlias)Return the key with the given key alias.Set<String>getKeyAliases()Return all key aliases in the key store.protected AlfrescoKeyStoreImpl.KeyInfoManagergetKeyInfoManager(String metadataFileLocation)Deprecated.protected AlfrescoKeyStoreImpl.KeyInfoManagergetKeyInfoManager(KeyStoreParameters keyStoreParameters)KeyResourceLoadergetKeyResourceLoader()protected OutputStreamgetKeyStoreOutStream()KeyStoreParametersgetKeyStoreParameters()The key store parameters.protected InputStreamgetKeyStoreStream(String location)longgetKeyTimestamp(String keyAlias)Return the timestamp (in ms) of when the key was last loaded from the keystore on disk.StringgetName()The name of the keystore.protected KeygetSecretKey(AlfrescoKeyStoreImpl.KeyInformation keyInformation)voidinit()protected KeyStoreinitialiseKeyStore(String type, String provider)protected booleankeyStoreExists(String location)protected KeyStoreloadKeyStore(KeyStoreParameters keyStoreParameters, AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager)voidreload()Reload the keys from the key store.voidsetBackupKeyStoreParameters(KeyStoreParameters backupKeyStoreParameters)voidsetEncryptionKeysRegistry(EncryptionKeysRegistry encryptionKeysRegistry)voidsetKeyResourceLoader(KeyResourceLoader keyResourceLoader)voidsetKeyStoreParameters(KeyStoreParameters keyStoreParameters)voidsetKeysToValidate(Set<String> keysToValidate)voidsetValidateKeyChanges(boolean validateKeyChanges)voidvalidateKeys()Check that the keys in the key store are valid i.e.protected voidvalidateKeys(KeyMap keys, KeyMap backupKeys)
-
-
-
Field Detail
-
keyStoreParameters
protected KeyStoreParameters keyStoreParameters
-
backupKeyStoreParameters
protected KeyStoreParameters backupKeyStoreParameters
-
keyResourceLoader
protected KeyResourceLoader keyResourceLoader
-
encryptionKeysRegistry
protected EncryptionKeysRegistry encryptionKeysRegistry
-
keys
protected KeyMap keys
-
backupKeys
protected KeyMap backupKeys
-
writeLock
protected final ReentrantReadWriteLock.WriteLock writeLock
-
readLock
protected final ReentrantReadWriteLock.ReadLock readLock
-
validateKeyChanges
protected boolean validateKeyChanges
-
-
Constructor Detail
-
AlfrescoKeyStoreImpl
public AlfrescoKeyStoreImpl()
-
AlfrescoKeyStoreImpl
public AlfrescoKeyStoreImpl(KeyStoreParameters keyStoreParameters, KeyResourceLoader keyResourceLoader)
-
-
Method Detail
-
init
public void init()
-
setEncryptionKeysRegistry
public void setEncryptionKeysRegistry(EncryptionKeysRegistry encryptionKeysRegistry)
-
setValidateKeyChanges
public void setValidateKeyChanges(boolean validateKeyChanges)
-
setKeyStoreParameters
public void setKeyStoreParameters(KeyStoreParameters keyStoreParameters)
-
setBackupKeyStoreParameters
public void setBackupKeyStoreParameters(KeyStoreParameters backupKeyStoreParameters)
-
setKeyResourceLoader
public void setKeyResourceLoader(KeyResourceLoader keyResourceLoader)
-
getKeyStoreParameters
public KeyStoreParameters getKeyStoreParameters()
Description copied from interface:AlfrescoKeyStoreThe key store parameters.- Specified by:
getKeyStoreParametersin interfaceAlfrescoKeyStore- Returns:
- KeyStoreParameters
-
getBackupKeyStoreParameters
public KeyStoreParameters getBackupKeyStoreParameters()
Description copied from interface:AlfrescoKeyStoreThe backup key store parameters.- Specified by:
getBackupKeyStoreParametersin interfaceAlfrescoKeyStore- Returns:
- * @return
-
getKeyResourceLoader
public KeyResourceLoader getKeyResourceLoader()
-
getName
public String getName()
The name of the keystore.- Specified by:
getNamein interfaceAlfrescoKeyStore- Returns:
- the name of the keystore.
-
validateKeys
public void validateKeys() throws InvalidKeystoreException, MissingKeyExceptionCheck that the keys in the key store are valid i.e. that they match those registered.- Specified by:
validateKeysin interfaceAlfrescoKeyStore- Throws:
InvalidKeystoreExceptionMissingKeyException
-
exists
public boolean exists()
Does the underlying key store exist?- Specified by:
existsin interfaceAlfrescoKeyStore- Returns:
- true if it exists, false otherwise
-
reload
public void reload() throws InvalidKeystoreException, MissingKeyExceptionReload the keys from the key store.- Specified by:
reloadin interfaceAlfrescoKeyStore- Throws:
InvalidKeystoreExceptionMissingKeyException
-
getKeyAliases
public Set<String> getKeyAliases()
Return all key aliases in the key store.- Specified by:
getKeyAliasesin interfaceAlfrescoKeyStore- Returns:
- Set
-
backup
public void backup()
Backup the keystore to the backup location. Write the keys to the backup keystore.- Specified by:
backupin interfaceAlfrescoKeyStore
-
create
public void create()
Create the key store if it doesn't exist. A key for each key alias will be written to the keystore on disk, either from the cached keys or, if not present, a key will be generated.- Specified by:
createin interfaceAlfrescoKeyStore
-
getKey
public Key getKey(String keyAlias)
Return the key with the given key alias.- Specified by:
getKeyin interfaceAlfrescoKeyStore- Parameters:
keyAlias- String- Returns:
- Key
-
getKeyTimestamp
public long getKeyTimestamp(String keyAlias)
Return the timestamp (in ms) of when the key was last loaded from the keystore on disk.- Specified by:
getKeyTimestampin interfaceAlfrescoKeyStore- Parameters:
keyAlias- String- Returns:
- long
-
getBackupKey
public Key getBackupKey(String keyAlias)
Return the backup key with the given key alias.- Specified by:
getBackupKeyin interfaceAlfrescoKeyStore- Parameters:
keyAlias- String- Returns:
- Key
-
createKeyManagers
public KeyManager[] createKeyManagers()
Create an array of key managers from keys in the key store.- Specified by:
createKeyManagersin interfaceAlfrescoKeyStore- Returns:
- KeyManager[]
-
createTrustManagers
public TrustManager[] createTrustManagers()
Create an array of trust managers from certificates in the key store.- Specified by:
createTrustManagersin interfaceAlfrescoKeyStore- Returns:
- TrustManager[]
-
getKeyStoreStream
protected InputStream getKeyStoreStream(String location) throws FileNotFoundException
- Throws:
FileNotFoundException
-
getKeyStoreOutStream
protected OutputStream getKeyStoreOutStream() throws FileNotFoundException
- Throws:
FileNotFoundException
-
getKeyInfoManager
protected AlfrescoKeyStoreImpl.KeyInfoManager getKeyInfoManager(KeyStoreParameters keyStoreParameters) throws IOException
- Throws:
IOException
-
getKeyInfoManager
@Deprecated protected AlfrescoKeyStoreImpl.KeyInfoManager getKeyInfoManager(String metadataFileLocation) throws IOException
Deprecated.- Throws:
IOException
-
cacheKeys
protected KeyMap cacheKeys(KeyStore ks, AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException
-
loadKeyStore
protected KeyStore loadKeyStore(KeyStoreParameters keyStoreParameters, AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager)
-
createKey
protected void createKey(String keyAlias)
-
createKeyStore
protected void createKeyStore(KeyStoreParameters keyStoreParameters, KeyMap keys)
-
getSecretKey
protected Key getSecretKey(AlfrescoKeyStoreImpl.KeyInformation keyInformation) throws AlfrescoRuntimeException, NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException
-
backupExists
public boolean backupExists()
-
keyStoreExists
protected boolean keyStoreExists(String location)
-
validateKeys
protected void validateKeys(KeyMap keys, KeyMap backupKeys) throws InvalidKeystoreException, MissingKeyException
-
-