Class ScriptedKeyStrategy
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- net.shibboleth.utilities.java.support.security.impl.ScriptedKeyStrategy
-
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,DataSealerKeyStrategy
public class ScriptedKeyStrategy extends AbstractInitializableComponent implements DataSealerKeyStrategy
Implements a strategy for access to versioned symmetric keys using scripts.Suitable for integrating with external key services.
-
-
Field Summary
Fields Modifier and Type Field Description private longcacheSizeSize of key cache to maintain.private StringcurrentAliasCurrent key alias loaded.private ObjectcustomObjectCustom object for script.private SecretKeydefaultKeyCurrent default key loaded.private TimerinternalTaskTimerTimer used to schedule update tasks if no external one set.private LinkedHashMap<String,SecretKey>keyCacheCache of keys.private EvaluableScriptkeyScriptScript to obtain keys.private org.slf4j.LoggerlogClass logger.private DurationupdateIntervalTime between key update checks.private TimerTaskupdateTaskTask that checks for updated key version.private TimerupdateTaskTimerTimer used to schedule update tasks.
-
Constructor Summary
Constructors Constructor Description ScriptedKeyStrategy()Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voiddoDestroy()Performs component specific destruction logic.voiddoInitialize()Performs the initialization of the component.Pair<String,SecretKey>getDefaultKey()Get the default/current key to use for new operations, returned along with an identifier for it.SecretKeygetKey(String name)Get a specifically named key.voidsetCacheSize(long size)Set the number of keys to cache.voidsetCustomObject(Object object)Set the custom (externally provided) object.voidsetKeyScript(EvaluableScript script)Set the script to run to access keys.voidsetUpdateInterval(Duration interval)Set the time between key update checks.voidsetUpdateTaskTimer(Timer timer)Set the timer used to schedule update tasks.private voidupdateDefaultKey()Update the loaded copy of the default key based on the current key version if it's out of date (loading key version from scratch if need be).-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, initialize, isDestroyed, isInitialized
-
-
-
-
Field Detail
-
log
@Nonnull private org.slf4j.Logger log
Class logger.
-
keyScript
@NonnullAfterInit private EvaluableScript keyScript
Script to obtain keys.
-
customObject
@Nullable private Object customObject
Custom object for script.
-
currentAlias
@NonnullAfterInit private String currentAlias
Current key alias loaded.
-
defaultKey
@NonnullAfterInit private SecretKey defaultKey
Current default key loaded.
-
keyCache
@Nonnull private final LinkedHashMap<String,SecretKey> keyCache
Cache of keys.
-
updateInterval
@Nonnull private Duration updateInterval
Time between key update checks. Default value: (PT15M).
-
updateTaskTimer
@Nullable private Timer updateTaskTimer
Timer used to schedule update tasks.
-
internalTaskTimer
@Nullable private Timer internalTaskTimer
Timer used to schedule update tasks if no external one set.
-
updateTask
@Nullable private TimerTask updateTask
Task that checks for updated key version.
-
cacheSize
@NonNegative private long cacheSize
Size of key cache to maintain.
-
-
Method Detail
-
setKeyScript
public void setKeyScript(@Nonnull EvaluableScript script)Set the script to run to access keys.- Parameters:
script- script to run
-
setCustomObject
public void setCustomObject(@Nullable Object object)Set the custom (externally provided) object.- Parameters:
object- the custom object
-
setUpdateInterval
public void setUpdateInterval(@Nonnull Duration interval)Set the time between key update checks. A value of 0 indicates that no updates will be performed. This setting cannot be changed after the service has been initialized.- Parameters:
interval- time between key update checks
-
setUpdateTaskTimer
public void setUpdateTaskTimer(@Nullable Timer timer)Set the timer used to schedule update tasks. This setting cannot be changed after the service has been initialized.- Parameters:
timer- timer used to schedule update tasks
-
setCacheSize
public void setCacheSize(@NonNegative long size)
Set the number of keys to cache.Defaults to 30.
- Parameters:
size- size of cache
-
doInitialize
public void doInitialize() throws ComponentInitializationExceptionPerforms the initialization of the component. This method is executed within the lock on the object being initialized. The default implementation of this method is a no-op.- Overrides:
doInitializein classAbstractInitializableComponent- Throws:
ComponentInitializationException- thrown if there is a problem initializing the component
-
doDestroy
protected void doDestroy()
Performs component specific destruction logic. This method is executed within the lock on the object being destroyed. The default implementation of this method is a no-op.- Overrides:
doDestroyin classAbstractInitializableComponent
-
getDefaultKey
@Nonnull public Pair<String,SecretKey> getDefaultKey() throws KeyException
Get the default/current key to use for new operations, returned along with an identifier for it.- Specified by:
getDefaultKeyin interfaceDataSealerKeyStrategy- Returns:
- the key
- Throws:
KeyException- if the key cannot be returned
-
getKey
@Nonnull public SecretKey getKey(@Nonnull @NotEmpty String name) throws KeyException
Get a specifically named key.- Specified by:
getKeyin interfaceDataSealerKeyStrategy- Parameters:
name- name of the key to retrieve- Returns:
- the key
- Throws:
KeyException- if the key cannot be returned, does not exist, etc.
-
updateDefaultKey
private void updateDefaultKey() throws KeyExceptionUpdate the loaded copy of the default key based on the current key version if it's out of date (loading key version from scratch if need be).Also purge cache to limit size.
- Throws:
KeyException- if the key cannot be updated
-
-