Package org.forgerock.audit.secure
Class KeyStoreSecureStorage
- java.lang.Object
-
- org.forgerock.audit.secure.KeyStoreSecureStorage
-
- All Implemented Interfaces:
SecureStorage
public class KeyStoreSecureStorage extends Object implements SecureStorage
Implementation of a secure storage using a keystore.
-
-
Field Summary
Fields Modifier and Type Field Description static StringENTRY_CURRENT_KEYThe current key used to calculate the HEADER_HMAC.static StringENTRY_CURRENT_SIGNATUREThe last signature inserted into the file.static StringENTRY_INITIAL_KEYThe initial key used to calculate the HEADER_HMAC.static StringENTRY_SIGNATUREThe alias to lookup the private/public signature key into the keystore.static StringHMAC_ALGORITHMThe HMAC algorithm to use.static StringJCEKS_KEYSTORE_TYPEThe name of the Java Cryptography Extension KeyStore (JCEKS) type.static StringSIGNATURE_ALGORITHMThe algorithm to use for signing and verifying.
-
Constructor Summary
Constructors Constructor Description KeyStoreSecureStorage(KeyStoreHandler keyStoreHandler, PrivateKey privateKey)Creates the storage with a keystore handler, initialized to verify only.KeyStoreSecureStorage(KeyStoreHandler keyStoreHandler, PublicKey publicKey)Creates the storage with a keystore handler, initialized to verify only.KeyStoreSecureStorage(KeyStoreHandler keyStoreHandler, PublicKey publicKey, PrivateKey privateKey)Creates the storage with a keystore handler, initialized to verify only.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description StringgetPassword()Returns the password used to access the storage.SecretKeyreadCurrentKey()Reads the current key.SecretKeyreadInitialKey()Reads the initial key.voidsetKeyStoreHandler(KeyStoreHandler keyStoreHandler)Set the key store handler.byte[]sign(byte[] signedData)Signs the provided data.booleanverify(byte[] signedData, byte[] signature)Verifies that signed data corresponds to signature.voidwriteCurrentKey(SecretKey key)Writes the current key.voidwriteCurrentSignatureKey(SecretKey key)Writes the current signature key.voidwriteInitialKey(SecretKey key)Writes the initial key.
-
-
-
Field Detail
-
ENTRY_INITIAL_KEY
public static final String ENTRY_INITIAL_KEY
The initial key used to calculate the HEADER_HMAC.- See Also:
- Constant Field Values
-
ENTRY_SIGNATURE
public static final String ENTRY_SIGNATURE
The alias to lookup the private/public signature key into the keystore.- See Also:
- Constant Field Values
-
ENTRY_CURRENT_SIGNATURE
public static final String ENTRY_CURRENT_SIGNATURE
The last signature inserted into the file.- See Also:
- Constant Field Values
-
ENTRY_CURRENT_KEY
public static final String ENTRY_CURRENT_KEY
The current key used to calculate the HEADER_HMAC.- See Also:
- Constant Field Values
-
SIGNATURE_ALGORITHM
public static final String SIGNATURE_ALGORITHM
The algorithm to use for signing and verifying.- See Also:
- Constant Field Values
-
HMAC_ALGORITHM
public static final String HMAC_ALGORITHM
The HMAC algorithm to use.- See Also:
- Constant Field Values
-
JCEKS_KEYSTORE_TYPE
public static final String JCEKS_KEYSTORE_TYPE
The name of the Java Cryptography Extension KeyStore (JCEKS) type.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
KeyStoreSecureStorage
public KeyStoreSecureStorage(KeyStoreHandler keyStoreHandler, PrivateKey privateKey)
Creates the storage with a keystore handler, initialized to verify only.- Parameters:
keyStoreHandler- Handler of a keystore.privateKey- The private key used to initialize the signer
-
KeyStoreSecureStorage
public KeyStoreSecureStorage(KeyStoreHandler keyStoreHandler, PublicKey publicKey)
Creates the storage with a keystore handler, initialized to verify only.- Parameters:
keyStoreHandler- Handler of a keystore.publicKey- The public key used to initialize the verifier
-
KeyStoreSecureStorage
public KeyStoreSecureStorage(KeyStoreHandler keyStoreHandler, PublicKey publicKey, PrivateKey privateKey)
Creates the storage with a keystore handler, initialized to verify only.- Parameters:
keyStoreHandler- Handler of a keystore.publicKey- The public key used to initialize the verifierprivateKey- The private key used to initialize the signer
-
-
Method Detail
-
setKeyStoreHandler
public void setKeyStoreHandler(KeyStoreHandler keyStoreHandler)
Set the key store handler.- Parameters:
keyStoreHandler- The handler.
-
getPassword
public String getPassword()
Description copied from interface:SecureStorageReturns the password used to access the storage.- Specified by:
getPasswordin interfaceSecureStorage- Returns:
- the password
-
readCurrentKey
public SecretKey readCurrentKey() throws SecureStorageException
Description copied from interface:SecureStorageReads the current key.- Specified by:
readCurrentKeyin interfaceSecureStorage- Returns:
- the current key
- Throws:
SecureStorageException- If an errors occurs.
-
readInitialKey
public SecretKey readInitialKey() throws SecureStorageException
Description copied from interface:SecureStorageReads the initial key.- Specified by:
readInitialKeyin interfaceSecureStorage- Returns:
- the initial key
- Throws:
SecureStorageException- If an errors occurs.
-
writeCurrentSignatureKey
public void writeCurrentSignatureKey(SecretKey key) throws SecureStorageException
Description copied from interface:SecureStorageWrites the current signature key.- Specified by:
writeCurrentSignatureKeyin interfaceSecureStorage- Parameters:
key- The secret key- Throws:
SecureStorageException- If an errors occurs.
-
writeCurrentKey
public void writeCurrentKey(SecretKey key) throws SecureStorageException
Description copied from interface:SecureStorageWrites the current key.- Specified by:
writeCurrentKeyin interfaceSecureStorage- Parameters:
key- the current key- Throws:
SecureStorageException- If an errors occurs.
-
writeInitialKey
public void writeInitialKey(SecretKey key) throws SecureStorageException
Description copied from interface:SecureStorageWrites the initial key.- Specified by:
writeInitialKeyin interfaceSecureStorage- Parameters:
key- the initial key- Throws:
SecureStorageException- If an errors occurs.
-
sign
public byte[] sign(byte[] signedData) throws SecureStorageExceptionDescription copied from interface:SecureStorageSigns the provided data.- Specified by:
signin interfaceSecureStorage- Parameters:
signedData- The data to sign.- Returns:
- the signed data
- Throws:
SecureStorageException- If an error occured during signing process.
-
verify
public boolean verify(byte[] signedData, byte[] signature) throws SecureStorageExceptionDescription copied from interface:SecureStorageVerifies that signed data corresponds to signature.- Specified by:
verifyin interfaceSecureStorage- Parameters:
signedData- the data to verifysignature- the signature- Returns:
trueif data corresponds,falseotherwise- Throws:
SecureStorageException- If an error occured during the verification process.
-
-