org.forgerock.security.keystore

Class KeyStoreConfiguration

java.lang.Object

org.forgerock.security.keystore.KeyStoreConfiguration

public class KeyStoreConfiguration
extends Object

Holds the configuration required for initializing a Keystore. This includes things like the keystore type (JKS, JCEKS), paths to keystore files, the Keystore provider class, etc.

This class is usually de-serialized from json using Jackson. It is immutable once created.

Constructor Summary

Constructors

Constructor and Description
KeyStoreConfiguration(String keyStorePasswordFile, String keyPasswordFile, String keyStoreType, String keyStoreFile, String providerClass, String providerArg, String providerName, Map<String,Object> parameters) Create an Immutable KeyStoreConfiguration that holds keystore configuration parameters.

Method Summary

Modifier and Type	Method and Description
char[]	getKeyPassword(String pathPrefix) Get the key password used to unlock individual key entries.The results in the file being opened and read into memory.
String	getKeyPasswordFile() Get the path to file that holds the password to unlock individual keys.
String	getKeyStoreFile() Get the path to the keystore.
char[]	getKeyStorePassword(String pathPrefix) Get the keystore password.
String	getKeyStorePasswordFile() Get the path to the file that contains the password/pin used to unlock the keystore.
String	getKeyStoreType() Get the keystore type.
Map<String,Object>	getParameters() Get the optional parameter map used to initialize a keystore.
String	getProviderArg() Get the provider generic argument as a string.
String	getProviderClass() Get the provider class name string.
String	getProviderName() The provider string name (LDAP, JKS, etc.).
KeyStore	loadKeyStore(String pathPrefix) Initialize and load the keystore described by this configuration There are a number of possible exceptions that can be generated - they are consolidated to a single KeyStoreException and the underlying exception is wrapped.
KeyStore	loadKeyStore(String pathPrefix, ClassLoader classLoader) Initialize and load the keystore described by this configuration There are a number of possible exceptions that can be generated - they are consolidated to a single KeyStoreException and the underlying exception is wrapped.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeyStoreConfiguration

public KeyStoreConfiguration(String keyStorePasswordFile,
                             String keyPasswordFile,
                             String keyStoreType,
                             String keyStoreFile,
                             String providerClass,
                             String providerArg,
                             String providerName,
                             Map<String,Object> parameters)

Create an Immutable KeyStoreConfiguration that holds keystore configuration parameters. Note that depending on the KeyStoreProvider, some or all of these arguments may be optional, in which case you can pass null.

Creating instances via json de-serialization is the recommended approach.

Parameters:

keyStorePasswordFile - path name of the .storepass file

keyPasswordFile - path name of the .keypass file

keyStoreType - The type of keystore (JKS, JCEKS, etc.)

keyStoreFile - The path name of the keystore file ( keystore.jceks)

providerClass - The name of the KeyStoreProvider class (org.acme.CustomKeystoreProvider)

providerArg - Optional argument used to instantiate a KeyStoreProvider. The interpretation is left to the provider

providerName - The name of the registered keystore provider instance ("LDAP", "JKS", etc.)

parameters - optional key/value map used to create loadstore parameters for keystore initialization

Method Detail

getProviderName

public String getProviderName()

The provider string name (LDAP, JKS, etc.).

Returns:

The provider name as a string

getKeyStorePasswordFile

public String getKeyStorePasswordFile()

Get the path to the file that contains the password/pin used to unlock the keystore.

Returns:

Path to file that holds the password to unlock the keystore

getKeyPasswordFile

public String getKeyPasswordFile()

Get the path to file that holds the password to unlock individual keys. Frequently not used.

Returns:

path to file that contains password to unlock individual key entries

getKeyStoreType

public String getKeyStoreType()

Get the keystore type.

Returns:

the keystore type (JKS, JCEKS , etc. )

getKeyStoreFile

public String getKeyStoreFile()

Get the path to the keystore.

Returns:

The keystore file (example: /tmp/keystore.jceks )

getProviderClass

public String getProviderClass()

Get the provider class name string. This is optional for providers.

Returns:

The provider class

getProviderArg

public String getProviderArg()

Get the provider generic argument as a string. The Java keystore SPI provides a single string argument that the provider interprets as it wishes.

Returns:

optional provider argument

getParameters

public Map<String,Object> getParameters()

Get the optional parameter map used to initialize a keystore. This is for providers that support a LoadStoreParameter argument.

Returns:

parameter map used to configure the keystore.

getKeyStorePassword

public char[] getKeyStorePassword(String pathPrefix)
                           throws IOException

Get the keystore password. This results in the store password file being opened and read into memory.

Parameters:

pathPrefix - The path prefix where files will be opened relative to. This can be null or "" in which case the current directory is assumed. This will not be applied to any files that start with a file separator.

Returns:

The keystore password as a char array

Throws:

IOException - IF the keystore password file can not be opened

getKeyPassword

public char[] getKeyPassword(String pathPrefix)
                      throws IOException

Get the key password used to unlock individual key entries.The results in the file being opened and read into memory.

Parameters:

pathPrefix - The path prefix where files will be opened relative to. This can be null or "" in which case the current directory is assumed. This will not be applied to any files that start with a file separator.

Returns:

The key password as a char array

Throws:

IOException - If the key password file can not be opened

loadKeyStore

public KeyStore loadKeyStore(String pathPrefix)
                      throws KeyStoreException

Initialize and load the keystore described by this configuration There are a number of possible exceptions that can be generated - they are consolidated to a single KeyStoreException and the underlying exception is wrapped. If dynamic classloading is required to load the KeyStoreProvider, the current ClassLoader is used.

Parameters:

pathPrefix - The path prefix where files will be opened relative to. This can be null or "" in which case the current directory is assumed. This will not be applied to any files that start with a file separator.

Returns:

the opened KeyStore

Throws:

KeyStoreException - if the keystore can not be opened or initialized.

loadKeyStore

public KeyStore loadKeyStore(String pathPrefix,
                             ClassLoader classLoader)
                      throws KeyStoreException

Initialize and load the keystore described by this configuration There are a number of possible exceptions that can be generated - they are consolidated to a single KeyStoreException and the underlying exception is wrapped.

Parameters:

pathPrefix - The path prefix where files will be opened relative to. This can be null or "" in which case the current directory is assumed. This will not be applied to any files that start with a file separator.

classLoader - The classloader to use for dynamic classloading of the KeyStore Provider

Returns:

the opened KeyStore

Throws:

KeyStoreException - if the keystore can not be opened or initialized.