Class BasicKeystoreKeyStrategy
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- net.shibboleth.utilities.java.support.security.impl.BasicKeystoreKeyStrategy
-
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,DataSealerKeyStrategy
public class BasicKeystoreKeyStrategy extends AbstractInitializableComponent implements DataSealerKeyStrategy
Implements a strategy for access to versioned symmetric keys using a keystore, and a standalone file for tracking the latest key version, to compensate for the lack of extensible attribute support in the pre-Java 8 KeyStore API.The separate resource must be a Java properties file containing a
CURRENT_VERSION_PROPproperty pointing to the latest key version.
-
-
Field Summary
Fields Modifier and Type Field Description static StringCURRENT_VERSION_PROPName of property representing current key version.private StringcurrentAliasCurrent key alias loaded.private SecretKeydefaultKeyCurrent default key loaded.private TimerinternalTaskTimerTimer used to schedule update tasks if no external one set.private StringkeyAliasKeystore base alias for encryption keys.private StringkeyPasswordPassword for encryption key(s).private StringkeystorePasswordPassword for keystore.private ResourcekeystoreResourceKeystore resource.private StringkeystoreTypeType of keystore to use for access to keys.private ResourcekeyVersionResourceVersion resource.private org.slf4j.LoggerlogClass logger.private DurationupdateIntervalTime between key update checks.private TimerTaskupdateTaskTask that checks for updated key version.private TimerupdateTaskTimerTimer used to schedule update tasks.
-
Constructor Summary
Constructors Constructor Description BasicKeystoreKeyStrategy()Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voiddoDestroy()Performs component specific destruction logic.voiddoInitialize()Performs the initialization of the component.Pair<String,SecretKey>getDefaultKey()Get the default/current key to use for new operations, returned along with an identifier for it.SecretKeygetKey(String name)Get a specifically named key.voidsetKeyAlias(String alias)Set the encryption key alias base name.voidsetKeyPassword(String password)Set the encryption key password.voidsetKeystorePassword(String password)Set the keystore password.voidsetKeystoreResource(Resource resource)Set the keystore resource.voidsetKeystoreType(String type)Set the keystore type.voidsetKeyVersionResource(Resource resource)Set the key version resource.voidsetUpdateInterval(Duration interval)Set the time between key update checks.voidsetUpdateTaskTimer(Timer timer)Set the timer used to schedule update tasks.private voidupdateDefaultKey()Update the loaded copy of the default key based on the current key version if it's out of date (loading key version from scratch if need be).-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, initialize, isDestroyed, isInitialized
-
-
-
-
Field Detail
-
CURRENT_VERSION_PROP
@Nonnull @NotEmpty public static final String CURRENT_VERSION_PROP
Name of property representing current key version.- See Also:
- Constant Field Values
-
log
@Nonnull private org.slf4j.Logger log
Class logger.
-
keystoreType
@NonnullAfterInit private String keystoreType
Type of keystore to use for access to keys.
-
keystoreResource
@NonnullAfterInit private Resource keystoreResource
Keystore resource.
-
keyVersionResource
@NonnullAfterInit private Resource keyVersionResource
Version resource.
-
keystorePassword
@NonnullAfterInit private String keystorePassword
Password for keystore.
-
keyAlias
@NonnullAfterInit private String keyAlias
Keystore base alias for encryption keys.
-
keyPassword
@NonnullAfterInit private String keyPassword
Password for encryption key(s).
-
currentAlias
@NonnullAfterInit private String currentAlias
Current key alias loaded.
-
defaultKey
@NonnullAfterInit private SecretKey defaultKey
Current default key loaded.
-
updateInterval
@Nonnull private Duration updateInterval
Time between key update checks. Default value: (PT15M).
-
updateTaskTimer
private Timer updateTaskTimer
Timer used to schedule update tasks.
-
internalTaskTimer
private Timer internalTaskTimer
Timer used to schedule update tasks if no external one set.
-
updateTask
private TimerTask updateTask
Task that checks for updated key version.
-
-
Method Detail
-
setKeystoreType
public void setKeystoreType(@Nonnull @NotEmpty String type)
Set the keystore type.- Parameters:
type- the keystore type
-
setKeystoreResource
public void setKeystoreResource(@Nonnull @NotEmpty Resource resource)
Set the keystore resource.- Parameters:
resource- the keystore resource
-
setKeyVersionResource
public void setKeyVersionResource(@Nonnull @NotEmpty Resource resource)
Set the key version resource.- Parameters:
resource- the key version resource
-
setKeystorePassword
public void setKeystorePassword(@Nullable String password)Set the keystore password.- Parameters:
password- the keystore password
-
setKeyAlias
public void setKeyAlias(@Nonnull @NotEmpty String alias)
Set the encryption key alias base name.- Parameters:
alias- the encryption key alias base
-
setKeyPassword
public void setKeyPassword(@Nullable String password)Set the encryption key password.- Parameters:
password- the encryption key password
-
setUpdateInterval
public void setUpdateInterval(@Nonnull Duration interval)Set the time between key update checks. A value of 0 indicates that no updates will be performed. This setting cannot be changed after the service has been initialized.- Parameters:
interval- time between key update checks
-
setUpdateTaskTimer
public void setUpdateTaskTimer(@Nullable Timer timer)Set the timer used to schedule update tasks. This setting cannot be changed after the service has been initialized.- Parameters:
timer- timer used to schedule update tasks
-
doInitialize
public void doInitialize() throws ComponentInitializationExceptionPerforms the initialization of the component. This method is executed within the lock on the object being initialized. The default implementation of this method is a no-op.- Overrides:
doInitializein classAbstractInitializableComponent- Throws:
ComponentInitializationException- thrown if there is a problem initializing the component
-
doDestroy
protected void doDestroy()
Performs component specific destruction logic. This method is executed within the lock on the object being destroyed. The default implementation of this method is a no-op.- Overrides:
doDestroyin classAbstractInitializableComponent
-
getDefaultKey
@Nonnull public Pair<String,SecretKey> getDefaultKey() throws KeyException
Get the default/current key to use for new operations, returned along with an identifier for it.- Specified by:
getDefaultKeyin interfaceDataSealerKeyStrategy- Returns:
- the key
- Throws:
KeyException- if the key cannot be returned
-
getKey
@Nonnull public SecretKey getKey(@Nonnull @NotEmpty String name) throws KeyException
Get a specifically named key.- Specified by:
getKeyin interfaceDataSealerKeyStrategy- Parameters:
name- name of the key to retrieve- Returns:
- the key
- Throws:
KeyException- if the key cannot be returned, does not exist, etc.
-
updateDefaultKey
private void updateDefaultKey() throws KeyExceptionUpdate the loaded copy of the default key based on the current key version if it's out of date (loading key version from scratch if need be).- Throws:
KeyException- if the key cannot be updated
-
-