org.alfresco.encryption
Class AlfrescoKeyStoreImpl

java.lang.Object
  extended by org.alfresco.encryption.AlfrescoKeyStoreImpl
All Implemented Interfaces:
AlfrescoKeyStore

public class AlfrescoKeyStoreImpl
extends java.lang.Object
implements AlfrescoKeyStore

This wraps a Java Keystore and caches the encryption keys. It manages the loading and caching of the encryption keys and their registration with and validation against the encryption key registry.

Since:
4.0

Nested Class Summary
static class AlfrescoKeyStoreImpl.KeyInfoManager
           
static class AlfrescoKeyStoreImpl.KeyInformation
           
 
Field Summary
protected  KeyMap backupKeys
           
protected  KeyStoreParameters backupKeyStoreParameters
           
protected  EncryptionKeysRegistry encryptionKeysRegistry
           
protected  KeyResourceLoader keyResourceLoader
           
protected  KeyMap keys
           
protected  KeyStoreParameters keyStoreParameters
           
protected  java.util.concurrent.locks.ReentrantReadWriteLock.ReadLock readLock
           
protected  boolean validateKeyChanges
           
protected  java.util.concurrent.locks.ReentrantReadWriteLock.WriteLock writeLock
           
 
Fields inherited from interface org.alfresco.encryption.AlfrescoKeyStore
KEY_KEYSTORE_PASSWORD
 
Constructor Summary
AlfrescoKeyStoreImpl()
           
AlfrescoKeyStoreImpl(KeyStoreParameters keyStoreParameters, KeyResourceLoader keyResourceLoader)
           
 
Method Summary
 void backup()
          Backup the keystore to the backup location.
 boolean backupExists()
           
protected  KeyMap cacheKeys(java.security.KeyStore ks, AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager)
           
 void create()
          Create the key store if it doesn't exist.
protected  void createKey(java.lang.String keyAlias)
           
 javax.net.ssl.KeyManager[] createKeyManagers()
          Create an array of key managers from keys in the key store.
protected  void createKeyStore(KeyStoreParameters keyStoreParameters, KeyMap keys)
           
 javax.net.ssl.TrustManager[] createTrustManagers()
          Create an array of trust managers from certificates in the key store.
 boolean exists()
          Does the underlying key store exist?
 java.security.Key getBackupKey(java.lang.String keyAlias)
          Return the backup key with the given key alias.
 KeyStoreParameters getBackupKeyStoreParameters()
          The backup key store parameters.
 java.security.Key getKey(java.lang.String keyAlias)
          Return the key with the given key alias.
 java.util.Set getKeyAliases()
          Return all key aliases in the key store.
protected  AlfrescoKeyStoreImpl.KeyInfoManager getKeyInfoManager(java.lang.String metadataFileLocation)
           
protected  java.lang.String getKeyMetaDataFileLocation()
           
 KeyResourceLoader getKeyResourceLoader()
           
 KeyStoreParameters getKeyStoreParameters()
          The key store parameters.
protected  java.io.InputStream getKeyStoreStream(java.lang.String location)
           
 long getKeyTimestamp(java.lang.String keyAlias)
          Return the timestamp (in ms) of when the key was last loaded from the keystore on disk.
 java.lang.String getName()
          The name of the keystore.
protected  java.security.Key getSecretKey(AlfrescoKeyStoreImpl.KeyInformation keyInformation)
           
 void init()
           
protected  java.security.KeyStore initialiseKeyStore(java.lang.String type, java.lang.String provider)
           
protected  boolean keyStoreExists(java.lang.String location)
           
protected  java.security.KeyStore loadKeyStore(KeyStoreParameters keyStoreParameters, AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager)
           
 void reload()
          Reload the keys from the key store.
 void setBackupKeyStoreParameters(KeyStoreParameters backupKeyStoreParameters)
           
 void setEncryptionKeysRegistry(EncryptionKeysRegistry encryptionKeysRegistry)
           
 void setKeyResourceLoader(KeyResourceLoader keyResourceLoader)
           
 void setKeyStoreParameters(KeyStoreParameters keyStoreParameters)
           
 void setValidateKeyChanges(boolean validateKeyChanges)
           
 void validateKeys()
          Check that the keys in the key store are valid i.e.
protected  void validateKeys(KeyMap keys, KeyMap backupKeys)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

keyStoreParameters

protected KeyStoreParameters keyStoreParameters

backupKeyStoreParameters

protected KeyStoreParameters backupKeyStoreParameters

keyResourceLoader

protected KeyResourceLoader keyResourceLoader

encryptionKeysRegistry

protected EncryptionKeysRegistry encryptionKeysRegistry

keys

protected KeyMap keys

backupKeys

protected KeyMap backupKeys

writeLock

protected final java.util.concurrent.locks.ReentrantReadWriteLock.WriteLock writeLock

readLock

protected final java.util.concurrent.locks.ReentrantReadWriteLock.ReadLock readLock

validateKeyChanges

protected boolean validateKeyChanges
Constructor Detail

AlfrescoKeyStoreImpl

public AlfrescoKeyStoreImpl()

AlfrescoKeyStoreImpl

public AlfrescoKeyStoreImpl(KeyStoreParameters keyStoreParameters,
                            KeyResourceLoader keyResourceLoader)
Method Detail

init

public void init()

setEncryptionKeysRegistry

public void setEncryptionKeysRegistry(EncryptionKeysRegistry encryptionKeysRegistry)

setValidateKeyChanges

public void setValidateKeyChanges(boolean validateKeyChanges)

setKeyStoreParameters

public void setKeyStoreParameters(KeyStoreParameters keyStoreParameters)

setBackupKeyStoreParameters

public void setBackupKeyStoreParameters(KeyStoreParameters backupKeyStoreParameters)

setKeyResourceLoader

public void setKeyResourceLoader(KeyResourceLoader keyResourceLoader)

getKeyStoreParameters

public KeyStoreParameters getKeyStoreParameters()
Description copied from interface: AlfrescoKeyStore
The key store parameters.

Specified by:
getKeyStoreParameters in interface AlfrescoKeyStore
Returns:

getBackupKeyStoreParameters

public KeyStoreParameters getBackupKeyStoreParameters()
Description copied from interface: AlfrescoKeyStore
The backup key store parameters.

Specified by:
getBackupKeyStoreParameters in interface AlfrescoKeyStore
Returns:

getKeyResourceLoader

public KeyResourceLoader getKeyResourceLoader()

getName

public java.lang.String getName()
The name of the keystore.

Specified by:
getName in interface AlfrescoKeyStore
Returns:
the name of the keystore.

validateKeys

public void validateKeys()
                  throws InvalidKeystoreException,
                         MissingKeyException
Check that the keys in the key store are valid i.e. that they match those registered.

Specified by:
validateKeys in interface AlfrescoKeyStore
Throws:
InvalidKeystoreException
MissingKeyException

exists

public boolean exists()
Does the underlying key store exist?

Specified by:
exists in interface AlfrescoKeyStore
Returns:
true if it exists, false otherwise

reload

public void reload()
            throws InvalidKeystoreException,
                   MissingKeyException
Reload the keys from the key store.

Specified by:
reload in interface AlfrescoKeyStore
Throws:
InvalidKeystoreException
MissingKeyException

getKeyAliases

public java.util.Set getKeyAliases()
Return all key aliases in the key store.

Specified by:
getKeyAliases in interface AlfrescoKeyStore
Returns:

backup

public void backup()
Backup the keystore to the backup location. Write the keys to the backup keystore.

Specified by:
backup in interface AlfrescoKeyStore

create

public void create()
Create the key store if it doesn't exist. A key for each key alias will be written to the keystore on disk, either from the cached keys or, if not present, a key will be generated.

Specified by:
create in interface AlfrescoKeyStore

getKey

public java.security.Key getKey(java.lang.String keyAlias)
Return the key with the given key alias.

Specified by:
getKey in interface AlfrescoKeyStore
Returns:

getKeyTimestamp

public long getKeyTimestamp(java.lang.String keyAlias)
Return the timestamp (in ms) of when the key was last loaded from the keystore on disk.

Specified by:
getKeyTimestamp in interface AlfrescoKeyStore
Returns:

getBackupKey

public java.security.Key getBackupKey(java.lang.String keyAlias)
Return the backup key with the given key alias.

Specified by:
getBackupKey in interface AlfrescoKeyStore
Returns:

createKeyManagers

public javax.net.ssl.KeyManager[] createKeyManagers()
Create an array of key managers from keys in the key store.

Specified by:
createKeyManagers in interface AlfrescoKeyStore
Returns:

createTrustManagers

public javax.net.ssl.TrustManager[] createTrustManagers()
Create an array of trust managers from certificates in the key store.

Specified by:
createTrustManagers in interface AlfrescoKeyStore
Returns:

getKeyMetaDataFileLocation

protected java.lang.String getKeyMetaDataFileLocation()

getKeyStoreStream

protected java.io.InputStream getKeyStoreStream(java.lang.String location)
                                         throws java.io.FileNotFoundException
Throws:
java.io.FileNotFoundException

getKeyInfoManager

protected AlfrescoKeyStoreImpl.KeyInfoManager getKeyInfoManager(java.lang.String metadataFileLocation)
                                                         throws java.io.FileNotFoundException,
                                                                java.io.IOException
Throws:
java.io.FileNotFoundException
java.io.IOException

cacheKeys

protected KeyMap cacheKeys(java.security.KeyStore ks,
                           AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager)
                    throws java.security.UnrecoverableKeyException,
                           java.security.KeyStoreException,
                           java.security.NoSuchAlgorithmException
Throws:
java.security.UnrecoverableKeyException
java.security.KeyStoreException
java.security.NoSuchAlgorithmException

initialiseKeyStore

protected java.security.KeyStore initialiseKeyStore(java.lang.String type,
                                                    java.lang.String provider)

loadKeyStore

protected java.security.KeyStore loadKeyStore(KeyStoreParameters keyStoreParameters,
                                              AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager)

createKey

protected void createKey(java.lang.String keyAlias)

createKeyStore

protected void createKeyStore(KeyStoreParameters keyStoreParameters,
                              KeyMap keys)

getSecretKey

protected java.security.Key getSecretKey(AlfrescoKeyStoreImpl.KeyInformation keyInformation)
                                  throws java.security.NoSuchAlgorithmException,
                                         java.security.InvalidKeyException,
                                         java.security.spec.InvalidKeySpecException
Throws:
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.spec.InvalidKeySpecException

backupExists

public boolean backupExists()

keyStoreExists

protected boolean keyStoreExists(java.lang.String location)

validateKeys

protected void validateKeys(KeyMap keys,
                            KeyMap backupKeys)
                     throws InvalidKeystoreException,
                            MissingKeyException
Throws:
InvalidKeystoreException
MissingKeyException


Copyright © 2005 - 2010 Alfresco Software, Inc. All Rights Reserved.