org.alfresco.encryption

Class AlfrescoKeyStoreImpl

java.lang.Object

org.alfresco.encryption.AlfrescoKeyStoreImpl

All Implemented Interfaces:

AlfrescoKeyStore

public class AlfrescoKeyStoreImpl
extends java.lang.Object
implements AlfrescoKeyStore

This wraps a Java Keystore and caches the encryption keys. It manages the loading and caching of the encryption keys and their registration with and validation against the encryption key registry.

Since:

4.0

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AlfrescoKeyStoreImpl.KeyInfoManager
static class	AlfrescoKeyStoreImpl.KeyInformation

Field Summary

Fields

Modifier and Type	Field and Description
protected KeyMap	backupKeys
protected KeyStoreParameters	backupKeyStoreParameters
protected EncryptionKeysRegistry	encryptionKeysRegistry
protected KeyResourceLoader	keyResourceLoader
protected KeyMap	keys
protected KeyStoreParameters	keyStoreParameters
protected java.util.concurrent.locks.ReentrantReadWriteLock.ReadLock	readLock
protected boolean	validateKeyChanges
protected java.util.concurrent.locks.ReentrantReadWriteLock.WriteLock	writeLock

Fields inherited from interface org.alfresco.encryption.AlfrescoKeyStore

KEY_KEYSTORE_PASSWORD

Constructor Summary

Constructors

Constructor and Description
AlfrescoKeyStoreImpl()
AlfrescoKeyStoreImpl(KeyStoreParameters keyStoreParameters, KeyResourceLoader keyResourceLoader)

Method Summary

Methods

Modifier and Type	Method and Description
void	backup() Backup the keystore to the backup location.
boolean	backupExists()
protected KeyMap	cacheKeys(java.security.KeyStore ks, AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager)
void	create() Create the key store if it doesn't exist.
protected void	createKey(java.lang.String keyAlias)
javax.net.ssl.KeyManager[]	createKeyManagers() Create an array of key managers from keys in the key store.
protected void	createKeyStore(KeyStoreParameters keyStoreParameters, KeyMap keys)
javax.net.ssl.TrustManager[]	createTrustManagers() Create an array of trust managers from certificates in the key store.
boolean	exists() Does the underlying key store exist?
java.security.Key	getBackupKey(java.lang.String keyAlias) Return the backup key with the given key alias.
KeyStoreParameters	getBackupKeyStoreParameters() The backup key store parameters.
java.security.Key	getKey(java.lang.String keyAlias) Return the key with the given key alias.
java.util.Set	getKeyAliases() Return all key aliases in the key store.
protected AlfrescoKeyStoreImpl.KeyInfoManager	getKeyInfoManager(java.lang.String metadataFileLocation)
protected java.lang.String	getKeyMetaDataFileLocation()
KeyResourceLoader	getKeyResourceLoader()
KeyStoreParameters	getKeyStoreParameters() The key store parameters.
protected java.io.InputStream	getKeyStoreStream(java.lang.String location)
long	getKeyTimestamp(java.lang.String keyAlias) Return the timestamp (in ms) of when the key was last loaded from the keystore on disk.
java.lang.String	getName() The name of the keystore.
protected java.security.Key	getSecretKey(AlfrescoKeyStoreImpl.KeyInformation keyInformation)
void	init()
protected java.security.KeyStore	initialiseKeyStore(java.lang.String type, java.lang.String provider)
protected boolean	keyStoreExists(java.lang.String location)
protected java.security.KeyStore	loadKeyStore(KeyStoreParameters keyStoreParameters, AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager)
void	reload() Reload the keys from the key store.
void	setBackupKeyStoreParameters(KeyStoreParameters backupKeyStoreParameters)
void	setEncryptionKeysRegistry(EncryptionKeysRegistry encryptionKeysRegistry)
void	setKeyResourceLoader(KeyResourceLoader keyResourceLoader)
void	setKeyStoreParameters(KeyStoreParameters keyStoreParameters)
void	setValidateKeyChanges(boolean validateKeyChanges)
void	validateKeys() Check that the keys in the key store are valid i.e.
protected void	validateKeys(KeyMap keys, KeyMap backupKeys)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

keyStoreParameters

protected KeyStoreParameters keyStoreParameters

backupKeyStoreParameters

protected KeyStoreParameters backupKeyStoreParameters

keyResourceLoader

protected KeyResourceLoader keyResourceLoader

encryptionKeysRegistry

protected EncryptionKeysRegistry encryptionKeysRegistry

keys

protected KeyMap keys

backupKeys

protected KeyMap backupKeys

writeLock

protected final java.util.concurrent.locks.ReentrantReadWriteLock.WriteLock writeLock

readLock

protected final java.util.concurrent.locks.ReentrantReadWriteLock.ReadLock readLock

validateKeyChanges

protected boolean validateKeyChanges

Constructor Detail

AlfrescoKeyStoreImpl

public AlfrescoKeyStoreImpl()

AlfrescoKeyStoreImpl

public AlfrescoKeyStoreImpl(KeyStoreParameters keyStoreParameters,
                    KeyResourceLoader keyResourceLoader)

Method Detail

init

public void init()

setEncryptionKeysRegistry

public void setEncryptionKeysRegistry(EncryptionKeysRegistry encryptionKeysRegistry)

setValidateKeyChanges

public void setValidateKeyChanges(boolean validateKeyChanges)

setKeyStoreParameters

public void setKeyStoreParameters(KeyStoreParameters keyStoreParameters)

setBackupKeyStoreParameters

public void setBackupKeyStoreParameters(KeyStoreParameters backupKeyStoreParameters)

setKeyResourceLoader

public void setKeyResourceLoader(KeyResourceLoader keyResourceLoader)

getKeyStoreParameters

public KeyStoreParameters getKeyStoreParameters()

Description copied from interface: AlfrescoKeyStore

The key store parameters.

Specified by:

getKeyStoreParameters in interface AlfrescoKeyStore

Returns:

getBackupKeyStoreParameters

public KeyStoreParameters getBackupKeyStoreParameters()

Description copied from interface: AlfrescoKeyStore

The backup key store parameters.

Specified by:

getBackupKeyStoreParameters in interface AlfrescoKeyStore

Returns:

getKeyResourceLoader

public KeyResourceLoader getKeyResourceLoader()

getName

public java.lang.String getName()

The name of the keystore.

Specified by:

getName in interface AlfrescoKeyStore

Returns:

the name of the keystore.

validateKeys

public void validateKeys()
                  throws InvalidKeystoreException,
                         MissingKeyException

Check that the keys in the key store are valid i.e. that they match those registered.

Specified by:

validateKeys in interface AlfrescoKeyStore

Throws:

InvalidKeystoreException

MissingKeyException

exists

public boolean exists()

Does the underlying key store exist?

Specified by:

exists in interface AlfrescoKeyStore

Returns:

true if it exists, false otherwise

reload

public void reload()
            throws InvalidKeystoreException,
                   MissingKeyException

Reload the keys from the key store.

Specified by:

reload in interface AlfrescoKeyStore

Throws:

InvalidKeystoreException

MissingKeyException

getKeyAliases

public java.util.Set getKeyAliases()

Return all key aliases in the key store.

Specified by:

getKeyAliases in interface AlfrescoKeyStore

Returns:

backup

public void backup()

Backup the keystore to the backup location. Write the keys to the backup keystore.

Specified by:

backup in interface AlfrescoKeyStore

create

public void create()

Create the key store if it doesn't exist. A key for each key alias will be written to the keystore on disk, either from the cached keys or, if not present, a key will be generated.

Specified by:

create in interface AlfrescoKeyStore

getKey

public java.security.Key getKey(java.lang.String keyAlias)

Return the key with the given key alias.

Specified by:

getKey in interface AlfrescoKeyStore

Returns:

getKeyTimestamp

public long getKeyTimestamp(java.lang.String keyAlias)

Return the timestamp (in ms) of when the key was last loaded from the keystore on disk.

Specified by:

getKeyTimestamp in interface AlfrescoKeyStore

Returns:

getBackupKey

public java.security.Key getBackupKey(java.lang.String keyAlias)

Return the backup key with the given key alias.

Specified by:

getBackupKey in interface AlfrescoKeyStore

Returns:

createKeyManagers

public javax.net.ssl.KeyManager[] createKeyManagers()

Create an array of key managers from keys in the key store.

Specified by:

createKeyManagers in interface AlfrescoKeyStore

Returns:

createTrustManagers

public javax.net.ssl.TrustManager[] createTrustManagers()

Create an array of trust managers from certificates in the key store.

Specified by:

createTrustManagers in interface AlfrescoKeyStore

Returns:

getKeyMetaDataFileLocation

protected java.lang.String getKeyMetaDataFileLocation()

getKeyStoreStream

protected java.io.InputStream getKeyStoreStream(java.lang.String location)
                                         throws java.io.FileNotFoundException

Throws:

java.io.FileNotFoundException

getKeyInfoManager

protected AlfrescoKeyStoreImpl.KeyInfoManager getKeyInfoManager(java.lang.String metadataFileLocation)
                                                         throws java.io.FileNotFoundException,
                                                                java.io.IOException

Throws:

java.io.FileNotFoundException

java.io.IOException

cacheKeys

protected KeyMap cacheKeys(java.security.KeyStore ks,
               AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager)
                    throws java.security.UnrecoverableKeyException,
                           java.security.KeyStoreException,
                           java.security.NoSuchAlgorithmException

Throws:

java.security.UnrecoverableKeyException

java.security.KeyStoreException

java.security.NoSuchAlgorithmException

initialiseKeyStore

protected java.security.KeyStore initialiseKeyStore(java.lang.String type,
                                        java.lang.String provider)

loadKeyStore

protected java.security.KeyStore loadKeyStore(KeyStoreParameters keyStoreParameters,
                                  AlfrescoKeyStoreImpl.KeyInfoManager keyInfoManager)

createKey

protected void createKey(java.lang.String keyAlias)

createKeyStore

protected void createKeyStore(KeyStoreParameters keyStoreParameters,
                  KeyMap keys)

getSecretKey

protected java.security.Key getSecretKey(AlfrescoKeyStoreImpl.KeyInformation keyInformation)
                                  throws java.security.NoSuchAlgorithmException,
                                         java.security.InvalidKeyException,
                                         java.security.spec.InvalidKeySpecException

Throws:

java.security.NoSuchAlgorithmException

java.security.InvalidKeyException

java.security.spec.InvalidKeySpecException

backupExists

public boolean backupExists()

keyStoreExists

protected boolean keyStoreExists(java.lang.String location)

validateKeys

protected void validateKeys(KeyMap keys,
                KeyMap backupKeys)
                     throws InvalidKeystoreException,
                            MissingKeyException

Throws:

InvalidKeystoreException

MissingKeyException