org.forgerock.opendj.security

Class KeyManagers

java.lang.Object

org.forgerock.opendj.security.KeyManagers

public final class KeyManagers
extends Object

This class contains methods for creating common types of key manager.

Field Summary

Fields

Modifier and Type	Field and Description
static String	JCEKS JCEKS keystore type.
static String	JKS JKS keystore type.
static String	PKCS11 PKCS11 keystore type.
static String	PKCS12 PKCS12 keystore type.

Method Summary

Modifier and Type	Method and Description
static boolean	isPkcs11(String keyStorePath) Returns true if the PKCS#11 keystore type can be associated to the provided keystore path.
static KeyStore	jvmDefaultKeyStore() Returns the JVM default keystore.
static KeyStore	loadKeyStore(String keyStorePath, char[] password, String keyStoreType, String provider) Loads and then returns a new key store object created with the provided path, password, type and provider.
static X509KeyManager	useJvmDefaultKeyManager() Creates a new X509KeyManager which will use the JVM's default keystore for retrieving certificates.
static X509KeyManager	useKeyStoreFile(String file) Creates a new X509KeyManager which will use the named key store file for retrieving certificates.
static X509KeyManager	useKeyStoreFile(String file, char[] password, String format) Creates a new X509KeyManager which will use the named key store file for retrieving certificates.
static X509KeyManager	useKeyStoreFile(String keyStoreFile, char[] password, String format, String provider) Creates a new X509KeyManager which will use the named key store file for retrieving certificates.
static X509KeyManager	usePkcs11Token(char[] password) Creates a new X509KeyManager which will use a PKCS#11 token for retrieving certificates.
static X509KeyManager	useSingleCertificate(String alias, X509KeyManager keyManager) Returns a new X509KeyManager which selects the named certificate from the provided X509KeyManager.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PKCS12

public static final String PKCS12

PKCS12 keystore type.

See Also:

Constant Field Values

JCEKS

public static final String JCEKS

JCEKS keystore type.

See Also:

Constant Field Values

JKS

public static final String JKS

JKS keystore type.

See Also:

Constant Field Values

PKCS11

public static final String PKCS11

PKCS11 keystore type.

See Also:

Constant Field Values

Method Detail

useKeyStoreFile

public static X509KeyManager useKeyStoreFile(String file)
                                      throws GeneralSecurityException,
                                             IOException

Creates a new X509KeyManager which will use the named key store file for retrieving certificates. It will use the default key store format for the JVM (e.g. JKS) and will not use a password to open the key store.

Parameters:

file - The key store file name.

Returns:

A new X509KeyManager which will use the named key store file for retrieving certificates.

Throws:

GeneralSecurityException - If the key store could not be loaded, perhaps due to incorrect format, or missing algorithms.

IOException - If the key store file could not be found or could not be read.

NullPointerException - If file was null.

useKeyStoreFile

public static X509KeyManager useKeyStoreFile(String file,
                                             char[] password,
                                             String format)
                                      throws GeneralSecurityException,
                                             IOException

Creates a new X509KeyManager which will use the named key store file for retrieving certificates. It will use the provided key store format and password.

Parameters:

file - The key store file name.

password - The key store password, which may be null.

format - The key store format, which may be null to indicate that the default key store format for the JVM (e.g. JKS) should be used.

Returns:

A new X509KeyManager which will use the named key store file for retrieving certificates.

Throws:

GeneralSecurityException - If the key store could not be loaded, perhaps due to incorrect format, or missing algorithms.

IOException - If the key store file could not be found or could not be read.

NullPointerException - If file was null.

useKeyStoreFile

public static X509KeyManager useKeyStoreFile(String keyStoreFile,
                                             char[] password,
                                             String format,
                                             String provider)
                                      throws GeneralSecurityException,
                                             IOException

Creates a new X509KeyManager which will use the named key store file for retrieving certificates. It will use the provided key store format and password.

Parameters:

keyStoreFile - The key store file name.

password - The key store password, which may be null.

format - The key store format, which may be null to indicate that the default key store format for the JVM (e.g. JKS) should be used.

provider - The key store provider, which may be null to indicate that the default key store provider for the JVM should be used.

Returns:

A new X509KeyManager which will use the named key store file for retrieving certificates.

Throws:

GeneralSecurityException - If the key store could not be loaded, perhaps due to incorrect format, or missing algorithms.

IOException - If the key store file could not be found or could not be read.

NullPointerException - If file was null.

usePkcs11Token

public static X509KeyManager usePkcs11Token(char[] password)
                                     throws GeneralSecurityException,
                                            IOException

Creates a new X509KeyManager which will use a PKCS#11 token for retrieving certificates.

Parameters:

password - The password to use for accessing the PKCS#11 token, which may be null if no password is required.

Returns:

A new X509KeyManager which will use a PKCS#11 token for retrieving certificates.

Throws:

GeneralSecurityException - If the PKCS#11 token could not be accessed, perhaps due to incorrect password, or missing algorithms.

IOException - If the PKCS#11 token could not be found or could not be read.

jvmDefaultKeyStore

public static KeyStore jvmDefaultKeyStore()
                                   throws GeneralSecurityException,
                                          IOException

Returns the JVM default keystore.

Returns:

The JVM default keystore or null if the necessary JVM settings are missing.

Throws:

GeneralSecurityException - If the key store could not be loaded, perhaps due to incorrect format, or missing algorithms.

IOException - If the key store file could not be found or could not be read.

useJvmDefaultKeyManager

public static X509KeyManager useJvmDefaultKeyManager()
                                              throws GeneralSecurityException,
                                                     IOException

Creates a new X509KeyManager which will use the JVM's default keystore for retrieving certificates.

Returns:

A new X509KeyManager which will use the JVM's default keystore for retrieving certificates or null if the necessary JVM settings are missing.

Throws:

GeneralSecurityException - If the key store could not be loaded, perhaps due to incorrect format, or missing algorithms.

IOException - If the key store file could not be found or could not be read.

useSingleCertificate

public static X509KeyManager useSingleCertificate(String alias,
                                                  X509KeyManager keyManager)

Returns a new X509KeyManager which selects the named certificate from the provided X509KeyManager.

Parameters:

alias - The nickname of the certificate that should be selected for operations involving this key manager.

keyManager - The key manager to be filtered.

Returns:

The filtered key manager.

Throws:

NullPointerException - If keyManager or alias was null.

loadKeyStore

public static KeyStore loadKeyStore(String keyStorePath,
                                    char[] password,
                                    String keyStoreType,
                                    String provider)
                             throws GeneralSecurityException,
                                    IOException

Loads and then returns a new key store object created with the provided path, password, type and provider.

Parameters:

keyStorePath - A string representing the path of the key store to create. It can be null, empty or set to NONE if the keystore should be load from an hardware token (associated key store type is PKCS#11).

password - The password to use for loading the key store, might be null if the key store has no password.

keyStoreType - A string representing the type of the key store to load.

provider - A string representing the name of provider to use for loading the key store. Can be null, in such case the most provider from the list of registered security provider will be used.

Returns:

A KeyStore already loaded which can be use for creating an X509KeyManager.

Throws:

GeneralSecurityException - If the key store could not be loaded, perhaps due to incorrect format, or missing algorithms.

IOException - If the key store should be loaded from a file which could not be found or could not be read.

See Also:

KeyStore.getInstance(String), KeyStore.getInstance(String, java.security.Provider)

isPkcs11

public static boolean isPkcs11(String keyStorePath)

Returns true if the PKCS#11 keystore type can be associated to the provided keystore path.

This method considers that the PKCS#11 type can be inferred if either:

• path is null
• path is a blank string
• path is set (case insensitive) to NONE (see documentation)

Parameters:

keyStorePath - The keystore path to test

Returns:

Returns true if the PKCS#11 keystore type can be associated to the provided keystore path