org.forgerock.openam.utils

Class AMKeyProvider

java.lang.Object

org.forgerock.openam.utils.AMKeyProvider

All Implemented Interfaces:

KeyProvider

public class AMKeyProvider
extends Object
implements KeyProvider

Implementation of a KeyProvider interface for retrieving X509 Certificates and private keys from the user data store.

Constructor Summary

Constructors

Constructor and Description
AMKeyProvider() Constructor.
AMKeyProvider(boolean alreadyResolved, String keyStoreFile, String keyStorePass, String keyStoreType, String privateKeyPass) Constructor.
AMKeyProvider(KeyStoreConfig kc) Create a new instance of AMKeyProvider from a KeyStoreConfiguration object.
AMKeyProvider(String keyStoreFilePropName, String keyStorePassFilePropName, String keyStoreTypePropName, String privateKeyPassFilePropName) Constructor.

Method Summary

Modifier and Type	Method and Description
boolean	containsKey(String alias) Whether the key alias exists in the keystore.
static String	decodePassword(String password) Decodes the given password and returns it.
Certificate	getCertificate(PublicKey publicKey) Return Certificate for the specified PublicKey.
Certificate	getCertificate(String certAlias) Get the Certificate named certAlias.
String	getCertificateAlias(Certificate cert) Get the alias name of the first keystore entry whose certificate matches the given certificate.
KeyPair	getKeyPair(String certAlias) Return KeyPair containing PublicKey and PrivateKey for the specified certAlias.
String	getKeyPasswordFilePath() Get the .keypass path.
KeyStore	getKeyStore() Get the keystore.
String	getKeystoreFilePath() Gets the Keystore File path.
char[]	getKeystorePass() Gets the Keystore password.
String	getKeystorePasswordFilePath() Get the storepass path.
String	getKeystoreType() Gets the Keystore type.
PrivateKey	getPrivateKey(String certAlias) Return java.security.PrivateKey for the specified certAlias.
PrivateKey	getPrivateKey(String certAlias, String encryptedKeyPass) Return the PrivateKey for the specified certAlias and encrypted private key password.
String	getPrivateKeyPass() Get the private key password.
PublicKey	getPublicKey(String keyAlias) Return java.security.PublicKey for the specified keyAlias.
String	getSecret(String alias) Retrieve store secret (usually a password).
SecretKey	getSecretKey(String certAlias) Retrieves the secret key for the given certificate alias.
X509Certificate	getX509Certificate(String certAlias) Return java.security.cert.X509Certificate for the specified certAlias.
protected String	readPasswordFile(String filePath) Read a keystore password file (example: .storepass / .keypass ).
void	setCertificateEntry(String certAlias, Certificate cert) Set the Certificate with name certAlias in the keystore.
void	setKey(String storepass, String keypass) Set the key to access key store database.
void	setLogger(Debug logger) Sets the debug logger.
void	setSecretKeyEntry(String alias, String password) Store a secret (typically a password) in the keystore The secret is protected with the same password as the keystore itself.
void	store() Store the keystore changes.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AMKeyProvider

public AMKeyProvider()

Constructor.

AMKeyProvider

public AMKeyProvider(KeyStoreConfig kc)
              throws KeyStoreException,
                     IOException

Create a new instance of AMKeyProvider from a KeyStoreConfiguration object.

Parameters:

kc - The KeyStore configuration

Throws:

KeyStoreException - if the keystore could not be opened or initialized

IOException - If the storepass or keypass files could not be opened

AMKeyProvider

public AMKeyProvider(String keyStoreFilePropName,
                     String keyStorePassFilePropName,
                     String keyStoreTypePropName,
                     String privateKeyPassFilePropName)

Constructor.

Parameters:

keyStoreFilePropName - The key store file property name.

keyStorePassFilePropName - The key store password property name.

keyStoreTypePropName - The key store type property name.

privateKeyPassFilePropName - The key store private key password property name.

AMKeyProvider

public AMKeyProvider(boolean alreadyResolved,
                     String keyStoreFile,
                     String keyStorePass,
                     String keyStoreType,
                     String privateKeyPass)

Constructor. Already resolved is simply to give a different signature

Parameters:

alreadyResolved - true if already resolved.

keyStoreFile - The key store file.

keyStorePass - The key store password.

keyStoreType - The key store type.

privateKeyPass - The key store private key password.

Method Detail

readPasswordFile

protected String readPasswordFile(String filePath)

Read a keystore password file (example: .storepass / .keypass ).

Parameters:

filePath - Path to the password file

Returns:

The password in clear text, or null if an IOException occurs.

decodePassword

public static String decodePassword(String password)

Decodes the given password and returns it. If decoding fails simply returns the same password parameter.

Parameters:

password - The password that requires decoding.

Returns:

The decoded password or the same password parameter if the decoding failed.

setLogger

public void setLogger(Debug logger)

Sets the debug logger.

Parameters:

logger - The debug logger.

setKey

public void setKey(String storepass,
                   String keypass)

Set the key to access key store database. This method will only need to be called once if the key could not be obtained by other means.

Specified by:

setKey in interface KeyProvider

Parameters:

storepass - password for the key store

keypass - password for the certificate

getX509Certificate

public X509Certificate getX509Certificate(String certAlias)

Return java.security.cert.X509Certificate for the specified certAlias.

Specified by:

getX509Certificate in interface KeyProvider

Parameters:

certAlias - Certificate alias name

Returns:

X509Certificate which matches the certAlias, return null if the certificate could not be found.

getPublicKey

public PublicKey getPublicKey(String keyAlias)

Return java.security.PublicKey for the specified keyAlias.

Specified by:

getPublicKey in interface KeyProvider

Parameters:

keyAlias - Key alias name

Returns:

PublicKey which matches the keyAlias, return null if the PublicKey could not be found.

getPrivateKey

public PrivateKey getPrivateKey(String certAlias)

Return java.security.PrivateKey for the specified certAlias.

Specified by:

getPrivateKey in interface KeyProvider

Parameters:

certAlias - Certificate alias name

Returns:

PrivateKey which matches the certAlias, return null if the private key could not be found.

getSecretKey

public SecretKey getSecretKey(String certAlias)

Description copied from interface: KeyProvider

Retrieves the secret key for the given certificate alias.

Specified by:

getSecretKey in interface KeyProvider

Parameters:

certAlias - the certificate alieas

Returns:

the secret key or returns null if the key does not exist or this key provider does not support secret keys

getPrivateKey

public PrivateKey getPrivateKey(String certAlias,
                                String encryptedKeyPass)

Return the PrivateKey for the specified certAlias and encrypted private key password.

Specified by:

getPrivateKey in interface KeyProvider

Parameters:

certAlias - Certificate alias name

encryptedKeyPass - The encrypted key password to use when getting the private certificate

Returns:

PrivateKey which matches the certAlias, return null if the private key could not be found.

getKeyPair

public KeyPair getKeyPair(String certAlias)

Return KeyPair containing PublicKey and PrivateKey for the specified certAlias.

Parameters:

certAlias - Certificate alias name

Returns:

KeyPair which matches the certAlias, return null if the PrivateKey or PublicKey could not be found.

getCertificateAlias

public String getCertificateAlias(Certificate cert)

Get the alias name of the first keystore entry whose certificate matches the given certificate.

Specified by:

getCertificateAlias in interface KeyProvider

Parameters:

cert - Certificate

Returns:

the (alias) name of the first entry with matching certificate, or null if no such entry exists in this keystore. If the keystore has not been loaded properly, return null as well.

getKeystorePass

public char[] getKeystorePass()

Gets the Keystore password.

Returns:

The Keystore password

getPrivateKeyPass

public String getPrivateKeyPass()

Get the private key password.

Returns:

the private key password

getKeystoreType

public String getKeystoreType()

Gets the Keystore type.

Returns:

The Keystore type.

getKeystoreFilePath

public String getKeystoreFilePath()

Gets the Keystore File path.

Returns:

The Keystore file path.

getKeystorePasswordFilePath

public String getKeystorePasswordFilePath()

Get the storepass path.

Returns:

the file path to .storepass

getKeyPasswordFilePath

public String getKeyPasswordFilePath()

Get the .keypass path. This is the optional per key password, and is usually the same as the storepass.

Returns:

the file path to .keypass

getKeyStore

public KeyStore getKeyStore()

Get the keystore.

Specified by:

getKeyStore in interface KeyProvider

Returns:

the keystore

setCertificateEntry

public void setCertificateEntry(String certAlias,
                                Certificate cert)
                         throws KeyStoreException

Set the Certificate with name certAlias in the keystore.

Parameters:

certAlias - Certificate's name Alias

cert - Certificate

Throws:

KeyStoreException - If an error occurs when setting the certificate entry.

getCertificate

public Certificate getCertificate(String certAlias)

Get the Certificate named certAlias.

Parameters:

certAlias - Certificate's name Alias

Returns:

the Certificate, If the keystore doesn't contain such certAlias, return null.

store

public void store()
           throws IOException,
                  CertificateException,
                  NoSuchAlgorithmException,
                  KeyStoreException

Store the keystore changes.

Throws:

IOException - If an error occurs when saving the keystore.

CertificateException - If an error occurs when saving the keystore.

NoSuchAlgorithmException - If an error occurs when saving the keystore.

KeyStoreException - If an error occurs when saving the keystore.

getCertificate

public Certificate getCertificate(PublicKey publicKey)

Return Certificate for the specified PublicKey.

Specified by:

getCertificate in interface KeyProvider

Parameters:

publicKey - Certificate public key

Returns:

Certificate which matches the PublicKey, return null if the Certificate could not be found.

containsKey

public boolean containsKey(String alias)

Description copied from interface: KeyProvider

Whether the key alias exists in the keystore.

Specified by:

containsKey in interface KeyProvider

Parameters:

alias - the key alias

Returns:

whether the key alias exists

setSecretKeyEntry

public void setSecretKeyEntry(String alias,
                              String password)
                       throws KeyStoreException

Store a secret (typically a password) in the keystore The secret is protected with the same password as the keystore itself. If the alias already exists, the new secret will replace the old one

Parameters:

alias - - the alias to store the password under

password - - password or secret to store

Throws:

KeyStoreException - if the password can not be stored in the keystore

getSecret

public String getSecret(String alias)
                 throws KeyStoreException

Retrieve store secret (usually a password).

Parameters:

alias - the alias of the secret

Returns:

the plain text secret

Throws:

KeyStoreException - if the password can not be read