Package org.globus.gsi.stores
Class PEMKeyStore
java.lang.Object
java.security.KeyStoreSpi
org.globus.gsi.stores.PEMKeyStore
This class provides a KeyStore implementation that supports trusted
certificates stored in PEM format and proxy certificates stored in PEM
format. It reads trusted certificates from multiple directories and a proxy
certificate from a file.
- Since:
- 1.0
- Version:
- ${version}
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate CredentialWrapper
createCertKeyCredential
(String s, X509Credential credential) private CredentialWrapper
createProxyCredential
(String s, X509Credential credential) Get an enumertion of all of the aliases in this keystore.boolean
Does the specified alias exist in this keystore?void
Delete a security object from this keystore.Get the certificate referenced by the supplied alias.engineGetCertificateAlias
(Certificate certificate) Get the alias associated with the supplied certificate.Get the certificateChain for the key referenced by the alias.Get the creation date for the object referenced by the alias.engineGetKey
(String s, char[] chars) Get the key referenced by the specified alias.boolean
Does the supplied alias refer to a certificate in this keystore?boolean
Does the supplied alias refer to a key in this key store.void
engineLoad
(InputStream inputStream, char[] chars) Load the keystore from the supplied input stream.void
engineLoad
(KeyStore.LoadStoreParameter loadStoreParameter) Load the keystore based on parameters in the LoadStoreParameter.void
engineSetCertificateEntry
(String alias, Certificate certificate) Add a certificate to the keystore.void
engineSetKeyEntry
(String s, byte[] bytes, Certificate[] certificates) currently unsupported.void
engineSetKeyEntry
(String s, Key key, char[] chars, Certificate[] certificates) Add a new private key to the keystore.int
Get the number of security objects stored in this keystore.void
engineStore
(OutputStream outputStream, char[] chars) Persist the security material in this keystore.private ResourceTrustAnchor
getCertificateEntry
(String alias) private CredentialWrapper
getKeyEntry
(String alias) private void
initialize
(String defaultDirectoryString, String directoryListString, String proxyFilename, String certFilename, String keyFilename) Initialize resources from filename, proxyfile nameprivate void
loadCertificateKey
(String userCertFilename, String userKeyFilename) private void
loadDirectories
(String directoryList) private void
loadProxyCertificate
(String proxyFilename) void
void
setProxyDelegate
(ResourceSecurityWrapperStore<ResourceProxyCredential, X509Credential> proxyDelegate) private void
storeWrapper
(CredentialWrapper wrapper) Methods inherited from class java.security.KeyStoreSpi
engineEntryInstanceOf, engineGetAttributes, engineGetEntry, engineProbe, engineSetEntry, engineStore
-
Field Details
-
DEFAULT_DIRECTORY_KEY
- See Also:
-
DIRECTORY_LIST_KEY
- See Also:
-
CERTIFICATE_FILENAME
- See Also:
-
KEY_FILENAME
- See Also:
-
PROXY_FILENAME
- See Also:
-
logger
private static org.apache.commons.logging.Log logger -
aliasObjectMap
-
certFilenameMap
-
defaultDirectory
-
caDelegate
-
proxyDelegate
-
inMemoryOnly
private boolean inMemoryOnly
-
-
Constructor Details
-
PEMKeyStore
public PEMKeyStore()
-
-
Method Details
-
setCACertStore
public void setCACertStore(ResourceSecurityWrapperStore<ResourceTrustAnchor, TrustAnchor> caCertStore) -
setProxyDelegate
public void setProxyDelegate(ResourceSecurityWrapperStore<ResourceProxyCredential, X509Credential> proxyDelegate) -
getKeyEntry
-
getCertificateEntry
-
engineGetKey
public Key engineGetKey(String s, char[] chars) throws NoSuchAlgorithmException, UnrecoverableKeyException Get the key referenced by the specified alias.- Specified by:
engineGetKey
in classKeyStoreSpi
- Parameters:
s
- The key's alias.chars
- The key's password.- Returns:
- The key reference by the alias or null.
- Throws:
NoSuchAlgorithmException
- If the key is encoded with an invalid algorithm.UnrecoverableKeyException
- If the key can not be retrieved.
-
engineIsKeyEntry
Does the supplied alias refer to a key in this key store.- Specified by:
engineIsKeyEntry
in classKeyStoreSpi
- Parameters:
s
- The alias.- Returns:
- True if the alias refers to a key.
-
engineStore
public void engineStore(OutputStream outputStream, char[] chars) throws IOException, NoSuchAlgorithmException, CertificateException Persist the security material in this keystore. If the object has a path associated with it, the object will be persisted to that path. Otherwise it will be stored in the default certificate directory. As a result, the parameters of this method are ignored.- Specified by:
engineStore
in classKeyStoreSpi
- Parameters:
outputStream
- This parameter is ignored.chars
- This parameter is ignored.- Throws:
IOException
NoSuchAlgorithmException
CertificateException
-
engineGetCreationDate
Get the creation date for the object referenced by the alias.- Specified by:
engineGetCreationDate
in classKeyStoreSpi
- Parameters:
s
- The alias of the security object.- Returns:
- The creation date of the security object.
-
engineGetCertificateAlias
Get the alias associated with the supplied certificate.- Specified by:
engineGetCertificateAlias
in classKeyStoreSpi
- Parameters:
certificate
- The certificate to query- Returns:
- The certificate's alias or null if the certificate is not present in this keystore.
-
engineGetCertificateChain
Get the certificateChain for the key referenced by the alias.- Specified by:
engineGetCertificateChain
in classKeyStoreSpi
- Parameters:
s
- The key alias.- Returns:
- The key's certificate chain or a 0 length array if the key is not in the keystore.
-
engineGetCertificate
Get the certificate referenced by the supplied alias.- Specified by:
engineGetCertificate
in classKeyStoreSpi
- Parameters:
s
- The alias.- Returns:
- The Certificate or null if the alias does not exist in the keyStore.
-
engineLoad
public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, NoSuchAlgorithmException, CertificateException Load the keystore based on parameters in the LoadStoreParameter. The parameter object must be an instance of FileBasedKeyStoreParameters.- Overrides:
engineLoad
in classKeyStoreSpi
- Parameters:
loadStoreParameter
- The parameters to load.- Throws:
IOException
NoSuchAlgorithmException
CertificateException
-
engineLoad
public void engineLoad(InputStream inputStream, char[] chars) throws IOException, NoSuchAlgorithmException, CertificateException Load the keystore from the supplied input stream. Unlike many other implementations of keystore (most notably the default JKS implementation), the input stream does not hold the keystore objects. Instead, it must be a properties file defining the locations of the keystore objects. The password is not used.- Specified by:
engineLoad
in classKeyStoreSpi
- Parameters:
inputStream
- An input stream to the properties file.chars
- The password is not used.- Throws:
IOException
NoSuchAlgorithmException
CertificateException
-
initialize
private void initialize(String defaultDirectoryString, String directoryListString, String proxyFilename, String certFilename, String keyFilename) throws IOException, CertificateException Initialize resources from filename, proxyfile name- Parameters:
defaultDirectoryString
- Name of the default directory name as: "file: directory name"directoryListString
-proxyFilename
-certFilename
-keyFilename
-- Throws:
IOException
CertificateException
-
loadProxyCertificate
- Throws:
ResourceStoreException
-
loadCertificateKey
private void loadCertificateKey(String userCertFilename, String userKeyFilename) throws CredentialException, ResourceStoreException -
loadDirectories
- Throws:
CertificateException
-
engineDeleteEntry
Delete a security object from this keystore.- Specified by:
engineDeleteEntry
in classKeyStoreSpi
- Parameters:
s
- The alias of the object to delete.- Throws:
KeyStoreException
-
engineAliases
Get an enumertion of all of the aliases in this keystore.- Specified by:
engineAliases
in classKeyStoreSpi
- Returns:
- An enumeration of the aliases in this keystore.
-
engineSetKeyEntry
public void engineSetKeyEntry(String s, Key key, char[] chars, Certificate[] certificates) throws KeyStoreException Add a new private key to the keystore.- Specified by:
engineSetKeyEntry
in classKeyStoreSpi
- Parameters:
s
- The alias for the object.key
- The private key.chars
- The password.certificates
- The key's certificate chain.- Throws:
KeyStoreException
-
createProxyCredential
private CredentialWrapper createProxyCredential(String s, X509Credential credential) throws KeyStoreException - Throws:
KeyStoreException
-
createCertKeyCredential
private CredentialWrapper createCertKeyCredential(String s, X509Credential credential) throws KeyStoreException - Throws:
KeyStoreException
-
storeWrapper
- Throws:
KeyStoreException
-
engineSetKeyEntry
public void engineSetKeyEntry(String s, byte[] bytes, Certificate[] certificates) throws KeyStoreException currently unsupported.- Specified by:
engineSetKeyEntry
in classKeyStoreSpi
- Parameters:
s
- The key's aliasbytes
- The encoded private key.certificates
- The key's certificate chain.- Throws:
KeyStoreException
-
engineContainsAlias
Does the specified alias exist in this keystore?- Specified by:
engineContainsAlias
in classKeyStoreSpi
- Parameters:
s
- The alias.- Returns:
- True if the alias refers to a security object in the keystore.
-
engineSize
public int engineSize()Get the number of security objects stored in this keystore.- Specified by:
engineSize
in classKeyStoreSpi
- Returns:
- The number of security objects.
-
engineIsCertificateEntry
Does the supplied alias refer to a certificate in this keystore?- Specified by:
engineIsCertificateEntry
in classKeyStoreSpi
- Parameters:
s
- The alias.- Returns:
- True if this store contains a certificate with the specified alias.
-
engineSetCertificateEntry
public void engineSetCertificateEntry(String alias, Certificate certificate) throws KeyStoreException Add a certificate to the keystore.- Specified by:
engineSetCertificateEntry
in classKeyStoreSpi
- Parameters:
alias
- The certificate alias.certificate
- The certificate to store.- Throws:
KeyStoreException
-