org.forgerock.audit.secure

Class KeyStoreSecureStorage

java.lang.Object

org.forgerock.audit.secure.KeyStoreSecureStorage

All Implemented Interfaces:

SecureStorage

public class KeyStoreSecureStorage
extends Object
implements SecureStorage

Implementation of a secure storage using a keystore.

Field Summary

Fields

Modifier and Type	Field and Description
static String	ENTRY_CURRENT_KEY The current key used to calculate the HEADER_HMAC.
static String	ENTRY_CURRENT_SIGNATURE The last signature inserted into the file.
static String	ENTRY_INITIAL_KEY The initial key used to calculate the HEADER_HMAC.
static String	ENTRY_SIGNATURE The alias to lookup the private/public signature key into the keystore.
static String	HMAC_ALGORITHM The HMAC algorithm to use.
static String	JCEKS_KEYSTORE_TYPE The name of the Java Cryptography Extension KeyStore (JCEKS) type.
static String	SIGNATURE_ALGORITHM The algorithm to use for signing and verifying.

Constructor Summary

Constructors

Constructor and Description
KeyStoreSecureStorage(KeyStoreHandler keyStoreHandler, PrivateKey privateKey) Creates the storage with a keystore handler, initialized to verify only.
KeyStoreSecureStorage(KeyStoreHandler keyStoreHandler, PublicKey publicKey) Creates the storage with a keystore handler, initialized to verify only.
KeyStoreSecureStorage(KeyStoreHandler keyStoreHandler, PublicKey publicKey, PrivateKey privateKey) Creates the storage with a keystore handler, initialized to verify only.

Method Summary

Modifier and Type	Method and Description
String	getPassword() Returns the password used to access the storage.
SecretKey	readCurrentKey() Reads the current key.
SecretKey	readInitialKey() Reads the initial key.
void	setKeyStoreHandler(KeyStoreHandler keyStoreHandler) Set the key store handler.
byte[]	sign(byte[] signedData) Signs the provided data.
boolean	verify(byte[] signedData, byte[] signature) Verifies that signed data corresponds to signature.
void	writeCurrentKey(SecretKey key) Writes the current key.
void	writeCurrentSignatureKey(SecretKey key) Writes the current signature key.
void	writeInitialKey(SecretKey key) Writes the initial key.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ENTRY_INITIAL_KEY

public static final String ENTRY_INITIAL_KEY

The initial key used to calculate the HEADER_HMAC.

See Also:

Constant Field Values

ENTRY_SIGNATURE

public static final String ENTRY_SIGNATURE

The alias to lookup the private/public signature key into the keystore.

See Also:

Constant Field Values

ENTRY_CURRENT_SIGNATURE

public static final String ENTRY_CURRENT_SIGNATURE

The last signature inserted into the file.

See Also:

Constant Field Values

ENTRY_CURRENT_KEY

public static final String ENTRY_CURRENT_KEY

The current key used to calculate the HEADER_HMAC.

See Also:

Constant Field Values

SIGNATURE_ALGORITHM

public static final String SIGNATURE_ALGORITHM

The algorithm to use for signing and verifying.

See Also:

Constant Field Values

HMAC_ALGORITHM

public static final String HMAC_ALGORITHM

The HMAC algorithm to use.

See Also:

Constant Field Values

JCEKS_KEYSTORE_TYPE

public static final String JCEKS_KEYSTORE_TYPE

The name of the Java Cryptography Extension KeyStore (JCEKS) type.

See Also:

Constant Field Values

Constructor Detail

KeyStoreSecureStorage

public KeyStoreSecureStorage(KeyStoreHandler keyStoreHandler,
                             PrivateKey privateKey)

Creates the storage with a keystore handler, initialized to verify only.

Parameters:

keyStoreHandler - Handler of a keystore.

privateKey - The private key used to initialize the signer

KeyStoreSecureStorage

public KeyStoreSecureStorage(KeyStoreHandler keyStoreHandler,
                             PublicKey publicKey)

Creates the storage with a keystore handler, initialized to verify only.

Parameters:

keyStoreHandler - Handler of a keystore.

publicKey - The public key used to initialize the verifier

KeyStoreSecureStorage

public KeyStoreSecureStorage(KeyStoreHandler keyStoreHandler,
                             PublicKey publicKey,
                             PrivateKey privateKey)

Creates the storage with a keystore handler, initialized to verify only.

Parameters:

keyStoreHandler - Handler of a keystore.

publicKey - The public key used to initialize the verifier

privateKey - The private key used to initialize the signer

Method Detail

setKeyStoreHandler

public void setKeyStoreHandler(KeyStoreHandler keyStoreHandler)

Set the key store handler.

Parameters:

keyStoreHandler - The handler.

getPassword

public String getPassword()

Description copied from interface: SecureStorage

Returns the password used to access the storage.

Specified by:

getPassword in interface SecureStorage

Returns:

the password

readCurrentKey

public SecretKey readCurrentKey()
                         throws SecureStorageException

Description copied from interface: SecureStorage

Reads the current key.

Specified by:

readCurrentKey in interface SecureStorage

Returns:

the current key

Throws:

SecureStorageException - If an errors occurs.

readInitialKey

public SecretKey readInitialKey()
                         throws SecureStorageException

Description copied from interface: SecureStorage

Reads the initial key.

Specified by:

readInitialKey in interface SecureStorage

Returns:

the initial key

Throws:

SecureStorageException - If an errors occurs.

writeCurrentSignatureKey

public void writeCurrentSignatureKey(SecretKey key)
                              throws SecureStorageException

Description copied from interface: SecureStorage

Writes the current signature key.

Specified by:

writeCurrentSignatureKey in interface SecureStorage

Parameters:

key - The secret key

Throws:

SecureStorageException - If an errors occurs.

writeCurrentKey

public void writeCurrentKey(SecretKey key)
                     throws SecureStorageException

Description copied from interface: SecureStorage

Writes the current key.

Specified by:

writeCurrentKey in interface SecureStorage

Parameters:

key - the current key

Throws:

SecureStorageException - If an errors occurs.

writeInitialKey

public void writeInitialKey(SecretKey key)
                     throws SecureStorageException

Description copied from interface: SecureStorage

Writes the initial key.

Specified by:

writeInitialKey in interface SecureStorage

Parameters:

key - the initial key

Throws:

SecureStorageException - If an errors occurs.

sign

public byte[] sign(byte[] signedData)
            throws SecureStorageException

Description copied from interface: SecureStorage

Signs the provided data.

Specified by:

sign in interface SecureStorage

Parameters:

signedData - The data to sign.

Returns:

the signed data

Throws:

SecureStorageException - If an error occured during signing process.

verify

public boolean verify(byte[] signedData,
                      byte[] signature)
               throws SecureStorageException

Description copied from interface: SecureStorage

Verifies that signed data corresponds to signature.

Specified by:

verify in interface SecureStorage

Parameters:

signedData - the data to verify

signature - the signature

Returns:

true if data corresponds, false otherwise

Throws:

SecureStorageException - If an error occured during the verification process.