Package org.forgerock.secrets.keystore

Class HsmKeyStoreLoader

java.lang.Object

org.forgerock.secrets.keystore.HsmKeyStoreLoader

All Implemented Interfaces:

Function<char[],KeyStore,KeyStoreException>

public final class HsmKeyStoreLoader
extends Object
implements Function<char[],KeyStore,KeyStoreException>

A loader for the KeyStoreSecretStore that knows how to load standard PKCS#11 Hardware Security Module (HSM) providers on our supported platforms. Oracle and IBM JREs are currently supported.

See Also:

• Java PKCS#11 Guide.

Constructor Summary

Constructors

Constructor	Description
HsmKeyStoreLoader(String configFilePath)	Deprecated. use HsmKeyStoreLoader(Provider hsmProvider) instead so that management of the provider can be left to the caller.
HsmKeyStoreLoader(Provider hsmProvider)	Initializes the HSM loader with the given PKCS#11 provider.

Method Summary

Modifier and Type	Method	Description
KeyStore	apply(char[] password)	Applies this function to the input parameter value and returns the result.
static Provider	toPkcs11Provider(String configFilePath)	Creates and configures a new PKCS#11 provider for the given PKCS#11 configuration file.
static Optional<Provider>	toPkcs11Provider(String providerName, String configFilePath)	Creates and configures a new PKCS#11 provider for the given PKCS#11 configuration file and existing provider name.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.forgerock.util.Function

andThen, compose

Constructor Details

HsmKeyStoreLoader

public HsmKeyStoreLoader(Provider hsmProvider)

Initializes the HSM loader with the given PKCS#11 provider.

Parameters:

hsmProvider - the provider object.

HsmKeyStoreLoader

@Deprecated
public HsmKeyStoreLoader(String configFilePath)

Deprecated.

use HsmKeyStoreLoader(Provider hsmProvider) instead so that management of the provider can be left to the caller.

Initializes the HSM loader with a supported PKCS#11 provider for the current platform and the given PKCS#11 configuration file.

Parameters:

configFilePath - the PKCS#11 configuration file path.

See Also:

• Oracle PKCS#11 Configuration Guide.
• IBM PKCS#11 Configuration Guide.

Method Details

apply

public KeyStore apply(char[] password)
               throws KeyStoreException

Description copied from interface: Function

Applies this function to the input parameter value and returns the result.

Specified by:

apply in interface Function<char[],KeyStore,KeyStoreException>

Parameters:

password - The input parameter.

Returns:

The result of applying this function to value.

Throws:

KeyStoreException

toPkcs11Provider

public static Optional<Provider> toPkcs11Provider(String providerName,
 String configFilePath)

Creates and configures a new PKCS#11 provider for the given PKCS#11 configuration file and existing provider name.

Parameters:

providerName - the name of an existing registered provider.

configFilePath - the file path of the PKCS#11 configuration file.

Returns:

an optional of a new unregistered Provider or an empty optional if no existing provider was found with the given name.

toPkcs11Provider

public static Provider toPkcs11Provider(String configFilePath)

Creates and configures a new PKCS#11 provider for the given PKCS#11 configuration file. It will be either an instance of sun.security.pkcs11.SunPKCS11 or com.ibm.crypto.pkcs11impl.provider.IBMPKCS11Impl.

Parameters:

configFilePath - the file path of the PKCS#11 configuration file.

Returns:

a new unregistered Provider.

Throws:

IllegalStateException - if no PKCS#11 provider could be configured.