Package org.forgerock.audit.secure
Class KeyStoreSecureStorage
java.lang.Object
org.forgerock.audit.secure.KeyStoreSecureStorage
- All Implemented Interfaces:
SecureStorage
Implementation of a secure storage using a keystore.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringThe current key used to calculate the HEADER_HMAC.static final StringThe last signature inserted into the file.static final StringThe initial key used to calculate the HEADER_HMAC.static final StringThe alias to lookup the private/public signature key into the keystore.static final StringThe HMAC algorithm to use.static final StringThe name of the Java Cryptography Extension KeyStore (JCEKS) type.static final StringThe algorithm to use for signing and verifying. -
Constructor Summary
ConstructorsConstructorDescriptionKeyStoreSecureStorage(KeyStoreHandler keyStoreHandler, PrivateKey privateKey) Creates the storage with a keystore handler, initialized to verify only.KeyStoreSecureStorage(KeyStoreHandler keyStoreHandler, PublicKey publicKey) Creates the storage with a keystore handler, initialized to verify only.KeyStoreSecureStorage(KeyStoreHandler keyStoreHandler, PublicKey publicKey, PrivateKey privateKey) Creates the storage with a keystore handler, initialized to verify only. -
Method Summary
Modifier and TypeMethodDescriptionReturns the password used to access the storage.Reads the current key.Reads the initial key.voidsetKeyStoreHandler(KeyStoreHandler keyStoreHandler) Set the key store handler.byte[]sign(byte[] signedData) Signs the provided data.booleanverify(byte[] signedData, byte[] signature) Verifies that signed data corresponds to signature.voidwriteCurrentKey(SecretKey key) Writes the current key.voidWrites the current signature key.voidwriteInitialKey(SecretKey key) Writes the initial key.
-
Field Details
-
ENTRY_INITIAL_KEY
The initial key used to calculate the HEADER_HMAC.- See Also:
-
ENTRY_SIGNATURE
The alias to lookup the private/public signature key into the keystore.- See Also:
-
ENTRY_CURRENT_SIGNATURE
The last signature inserted into the file.- See Also:
-
ENTRY_CURRENT_KEY
The current key used to calculate the HEADER_HMAC.- See Also:
-
SIGNATURE_ALGORITHM
The algorithm to use for signing and verifying.- See Also:
-
HMAC_ALGORITHM
The HMAC algorithm to use.- See Also:
-
JCEKS_KEYSTORE_TYPE
The name of the Java Cryptography Extension KeyStore (JCEKS) type.- See Also:
-
-
Constructor Details
-
KeyStoreSecureStorage
Creates the storage with a keystore handler, initialized to verify only.- Parameters:
keyStoreHandler- Handler of a keystore.privateKey- The private key used to initialize the signer
-
KeyStoreSecureStorage
Creates the storage with a keystore handler, initialized to verify only.- Parameters:
keyStoreHandler- Handler of a keystore.publicKey- The public key used to initialize the verifier
-
KeyStoreSecureStorage
public KeyStoreSecureStorage(KeyStoreHandler keyStoreHandler, PublicKey publicKey, PrivateKey privateKey) Creates the storage with a keystore handler, initialized to verify only.- Parameters:
keyStoreHandler- Handler of a keystore.publicKey- The public key used to initialize the verifierprivateKey- The private key used to initialize the signer
-
-
Method Details
-
setKeyStoreHandler
Set the key store handler.- Parameters:
keyStoreHandler- The handler.
-
getPassword
Description copied from interface:SecureStorageReturns the password used to access the storage.- Specified by:
getPasswordin interfaceSecureStorage- Returns:
- the password
-
readCurrentKey
Description copied from interface:SecureStorageReads the current key.- Specified by:
readCurrentKeyin interfaceSecureStorage- Returns:
- the current key
- Throws:
SecureStorageException- If an errors occurs.
-
readInitialKey
Description copied from interface:SecureStorageReads the initial key.- Specified by:
readInitialKeyin interfaceSecureStorage- Returns:
- the initial key
- Throws:
SecureStorageException- If an errors occurs.
-
writeCurrentSignatureKey
Description copied from interface:SecureStorageWrites the current signature key.- Specified by:
writeCurrentSignatureKeyin interfaceSecureStorage- Parameters:
key- The secret key- Throws:
SecureStorageException- If an errors occurs.
-
writeCurrentKey
Description copied from interface:SecureStorageWrites the current key.- Specified by:
writeCurrentKeyin interfaceSecureStorage- Parameters:
key- the current key- Throws:
SecureStorageException- If an errors occurs.
-
writeInitialKey
Description copied from interface:SecureStorageWrites the initial key.- Specified by:
writeInitialKeyin interfaceSecureStorage- Parameters:
key- the initial key- Throws:
SecureStorageException- If an errors occurs.
-
sign
Description copied from interface:SecureStorageSigns the provided data.- Specified by:
signin interfaceSecureStorage- Parameters:
signedData- The data to sign.- Returns:
- the signed data
- Throws:
SecureStorageException- If an error occured during signing process.
-
verify
Description copied from interface:SecureStorageVerifies that signed data corresponds to signature.- Specified by:
verifyin interfaceSecureStorage- Parameters:
signedData- the data to verifysignature- the signature- Returns:
trueif data corresponds,falseotherwise- Throws:
SecureStorageException- If an error occured during the verification process.
-