Package org.alfresco.encryption
Class AlfrescoKeyStoreImpl
- java.lang.Object
-
- org.alfresco.encryption.AlfrescoKeyStoreImpl
-
- All Implemented Interfaces:
AlfrescoKeyStore
public class AlfrescoKeyStoreImpl extends java.lang.Object implements AlfrescoKeyStore
This wraps a Java Keystore and caches the encryption keys. It manages the loading and caching of the encryption keys and their registration with and validation against the encryption key registry.- Since:
- 4.0
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
AlfrescoKeyStoreImpl.KeyInfoManager
static class
AlfrescoKeyStoreImpl.KeyInformation
-
Field Summary
Fields Modifier and Type Field Description protected KeyMap
backupKeys
protected KeyStoreParameters
backupKeyStoreParameters
protected EncryptionKeysRegistry
encryptionKeysRegistry
protected KeyResourceLoader
keyResourceLoader
protected KeyMap
keys
protected KeyStoreParameters
keyStoreParameters
protected java.util.concurrent.locks.ReentrantReadWriteLock.ReadLock
readLock
protected boolean
validateKeyChanges
protected java.util.concurrent.locks.ReentrantReadWriteLock.WriteLock
writeLock
-
Fields inherited from interface org.alfresco.encryption.AlfrescoKeyStore
KEY_KEYSTORE_PASSWORD
-
-
Constructor Summary
Constructors Constructor Description AlfrescoKeyStoreImpl()
AlfrescoKeyStoreImpl(KeyStoreParameters keyStoreParameters, KeyResourceLoader keyResourceLoader)
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description void
backup()
Backup the keystore to the backup location.boolean
backupExists()
protected KeyMap
cacheKeys(java.security.KeyStore ks, AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager)
void
create()
Create the key store if it doesn't exist.protected void
createKey(java.lang.String keyAlias)
javax.net.ssl.KeyManager[]
createKeyManagers()
Create an array of key managers from keys in the key store.protected void
createKeyStore(KeyStoreParameters keyStoreParameters, KeyMap keys)
javax.net.ssl.TrustManager[]
createTrustManagers()
Create an array of trust managers from certificates in the key store.boolean
exists()
Does the underlying key store exist?java.security.Key
getBackupKey(java.lang.String keyAlias)
Return the backup key with the given key alias.KeyStoreParameters
getBackupKeyStoreParameters()
The backup key store parameters.java.security.Key
getKey(java.lang.String keyAlias)
Return the key with the given key alias.java.util.Set<java.lang.String>
getKeyAliases()
Return all key aliases in the key store.protected AlfrescoKeyStoreImpl.KeyInfoManager
getKeyInfoManager(java.lang.String metadataFileLocation)
Deprecated.protected AlfrescoKeyStoreImpl.KeyInfoManager
getKeyInfoManager(KeyStoreParameters keyStoreParameters)
KeyResourceLoader
getKeyResourceLoader()
protected java.io.OutputStream
getKeyStoreOutStream()
KeyStoreParameters
getKeyStoreParameters()
The key store parameters.protected java.io.InputStream
getKeyStoreStream(java.lang.String location)
long
getKeyTimestamp(java.lang.String keyAlias)
Return the timestamp (in ms) of when the key was last loaded from the keystore on disk.java.lang.String
getName()
The name of the keystore.protected java.security.Key
getSecretKey(AlfrescoKeyStoreImpl.KeyInformation keyInformation)
void
init()
protected java.security.KeyStore
initialiseKeyStore(java.lang.String type, java.lang.String provider)
protected boolean
keyStoreExists(java.lang.String location)
protected java.security.KeyStore
loadKeyStore(KeyStoreParameters keyStoreParameters, AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager)
void
reload()
Reload the keys from the key store.void
setBackupKeyStoreParameters(KeyStoreParameters backupKeyStoreParameters)
void
setEncryptionKeysRegistry(EncryptionKeysRegistry encryptionKeysRegistry)
void
setKeyResourceLoader(KeyResourceLoader keyResourceLoader)
void
setKeyStoreParameters(KeyStoreParameters keyStoreParameters)
void
setKeysToValidate(java.util.Set<java.lang.String> keysToValidate)
void
setValidateKeyChanges(boolean validateKeyChanges)
void
validateKeys()
Check that the keys in the key store are valid i.e.protected void
validateKeys(KeyMap keys, KeyMap backupKeys)
-
-
-
Field Detail
-
keyStoreParameters
protected KeyStoreParameters keyStoreParameters
-
backupKeyStoreParameters
protected KeyStoreParameters backupKeyStoreParameters
-
keyResourceLoader
protected KeyResourceLoader keyResourceLoader
-
encryptionKeysRegistry
protected EncryptionKeysRegistry encryptionKeysRegistry
-
keys
protected KeyMap keys
-
backupKeys
protected KeyMap backupKeys
-
writeLock
protected final java.util.concurrent.locks.ReentrantReadWriteLock.WriteLock writeLock
-
readLock
protected final java.util.concurrent.locks.ReentrantReadWriteLock.ReadLock readLock
-
validateKeyChanges
protected boolean validateKeyChanges
-
-
Constructor Detail
-
AlfrescoKeyStoreImpl
public AlfrescoKeyStoreImpl()
-
AlfrescoKeyStoreImpl
public AlfrescoKeyStoreImpl(KeyStoreParameters keyStoreParameters, KeyResourceLoader keyResourceLoader)
-
-
Method Detail
-
init
public void init()
-
setEncryptionKeysRegistry
public void setEncryptionKeysRegistry(EncryptionKeysRegistry encryptionKeysRegistry)
-
setValidateKeyChanges
public void setValidateKeyChanges(boolean validateKeyChanges)
-
setKeysToValidate
public void setKeysToValidate(java.util.Set<java.lang.String> keysToValidate)
-
setKeyStoreParameters
public void setKeyStoreParameters(KeyStoreParameters keyStoreParameters)
-
setBackupKeyStoreParameters
public void setBackupKeyStoreParameters(KeyStoreParameters backupKeyStoreParameters)
-
setKeyResourceLoader
public void setKeyResourceLoader(KeyResourceLoader keyResourceLoader)
-
getKeyStoreParameters
public KeyStoreParameters getKeyStoreParameters()
Description copied from interface:AlfrescoKeyStore
The key store parameters.- Specified by:
getKeyStoreParameters
in interfaceAlfrescoKeyStore
- Returns:
- KeyStoreParameters
-
getBackupKeyStoreParameters
public KeyStoreParameters getBackupKeyStoreParameters()
Description copied from interface:AlfrescoKeyStore
The backup key store parameters.- Specified by:
getBackupKeyStoreParameters
in interfaceAlfrescoKeyStore
- Returns:
- * @return
-
getKeyResourceLoader
public KeyResourceLoader getKeyResourceLoader()
-
getName
public java.lang.String getName()
The name of the keystore.- Specified by:
getName
in interfaceAlfrescoKeyStore
- Returns:
- the name of the keystore.
-
validateKeys
public void validateKeys() throws InvalidKeystoreException, MissingKeyException
Check that the keys in the key store are valid i.e. that they match those registered.- Specified by:
validateKeys
in interfaceAlfrescoKeyStore
- Throws:
InvalidKeystoreException
MissingKeyException
-
exists
public boolean exists()
Does the underlying key store exist?- Specified by:
exists
in interfaceAlfrescoKeyStore
- Returns:
- true if it exists, false otherwise
-
reload
public void reload() throws InvalidKeystoreException, MissingKeyException
Reload the keys from the key store.- Specified by:
reload
in interfaceAlfrescoKeyStore
- Throws:
InvalidKeystoreException
MissingKeyException
-
getKeyAliases
public java.util.Set<java.lang.String> getKeyAliases()
Return all key aliases in the key store.- Specified by:
getKeyAliases
in interfaceAlfrescoKeyStore
- Returns:
- Set
-
backup
public void backup()
Backup the keystore to the backup location. Write the keys to the backup keystore.- Specified by:
backup
in interfaceAlfrescoKeyStore
-
create
public void create()
Create the key store if it doesn't exist. A key for each key alias will be written to the keystore on disk, either from the cached keys or, if not present, a key will be generated.- Specified by:
create
in interfaceAlfrescoKeyStore
-
getKey
public java.security.Key getKey(java.lang.String keyAlias)
Return the key with the given key alias.- Specified by:
getKey
in interfaceAlfrescoKeyStore
- Parameters:
keyAlias
- String- Returns:
- Key
-
getKeyTimestamp
public long getKeyTimestamp(java.lang.String keyAlias)
Return the timestamp (in ms) of when the key was last loaded from the keystore on disk.- Specified by:
getKeyTimestamp
in interfaceAlfrescoKeyStore
- Parameters:
keyAlias
- String- Returns:
- long
-
getBackupKey
public java.security.Key getBackupKey(java.lang.String keyAlias)
Return the backup key with the given key alias.- Specified by:
getBackupKey
in interfaceAlfrescoKeyStore
- Parameters:
keyAlias
- String- Returns:
- Key
-
createKeyManagers
public javax.net.ssl.KeyManager[] createKeyManagers()
Create an array of key managers from keys in the key store.- Specified by:
createKeyManagers
in interfaceAlfrescoKeyStore
- Returns:
- KeyManager[]
-
createTrustManagers
public javax.net.ssl.TrustManager[] createTrustManagers()
Create an array of trust managers from certificates in the key store.- Specified by:
createTrustManagers
in interfaceAlfrescoKeyStore
- Returns:
- TrustManager[]
-
getKeyStoreStream
protected java.io.InputStream getKeyStoreStream(java.lang.String location) throws java.io.FileNotFoundException
- Throws:
java.io.FileNotFoundException
-
getKeyStoreOutStream
protected java.io.OutputStream getKeyStoreOutStream() throws java.io.FileNotFoundException
- Throws:
java.io.FileNotFoundException
-
getKeyInfoManager
protected AlfrescoKeyStoreImpl.KeyInfoManager getKeyInfoManager(KeyStoreParameters keyStoreParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
getKeyInfoManager
@Deprecated protected AlfrescoKeyStoreImpl.KeyInfoManager getKeyInfoManager(java.lang.String metadataFileLocation) throws java.io.IOException
Deprecated.- Throws:
java.io.IOException
-
cacheKeys
protected KeyMap cacheKeys(java.security.KeyStore ks, AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager) throws java.security.UnrecoverableKeyException, java.security.KeyStoreException, java.security.NoSuchAlgorithmException
- Throws:
java.security.UnrecoverableKeyException
java.security.KeyStoreException
java.security.NoSuchAlgorithmException
-
initialiseKeyStore
protected java.security.KeyStore initialiseKeyStore(java.lang.String type, java.lang.String provider)
-
loadKeyStore
protected java.security.KeyStore loadKeyStore(KeyStoreParameters keyStoreParameters, AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager)
-
createKey
protected void createKey(java.lang.String keyAlias)
-
createKeyStore
protected void createKeyStore(KeyStoreParameters keyStoreParameters, KeyMap keys)
-
getSecretKey
protected java.security.Key getSecretKey(AlfrescoKeyStoreImpl.KeyInformation keyInformation) throws AlfrescoRuntimeException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.spec.InvalidKeySpecException
- Throws:
AlfrescoRuntimeException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.spec.InvalidKeySpecException
-
backupExists
public boolean backupExists()
-
keyStoreExists
protected boolean keyStoreExists(java.lang.String location)
-
validateKeys
protected void validateKeys(KeyMap keys, KeyMap backupKeys) throws InvalidKeystoreException, MissingKeyException
-
-