BasicKeystoreKeyStrategy (java-support 7.1.1 API)

java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - net.shibboleth.utilities.java.support.security.BasicKeystoreKeyStrategy

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, DataSealerKeyStrategy
```
public class BasicKeystoreKeyStrategy
extends AbstractInitializableComponent
implements DataSealerKeyStrategy
```
Implements a strategy for access to versioned symmetric keys using a keystore, and a standalone file for tracking the latest key version, to compensate for the lack of extensible attribute support in the pre-Java 8 KeyStore API.
The separate resource must be a Java properties file containing a CURRENT_VERSION_PROP property pointing to the latest key version.

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`CURRENT_VERSION_PROP` Name of property representing current key version.
`private String`	`currentAlias` Current key alias loaded.
`private SecretKey`	`defaultKey` Current default key loaded.
`private Timer`	`internalTaskTimer` Timer used to schedule update tasks if no external one set.
`private String`	`keyAlias` Keystore base alias for encryption keys.
`private String`	`keyPassword` Password for encryption key(s).
`private String`	`keystorePassword` Password for keystore.
`private Resource`	`keystoreResource` Keystore resource.
`private String`	`keystoreType` Type of keystore to use for access to keys.
`private Resource`	`keyVersionResource` Version resource.
`private Logger`	`log` Class logger.
`private long`	`updateInterval` Number of milliseconds between key update checks.
`private TimerTask`	`updateTask` Task that checks for updated key version.
`private Timer`	`updateTaskTimer` Timer used to schedule update tasks.

Constructor Summary

Constructors
Constructor and Description

BasicKeystoreKeyStrategy()
Constructor.

Constructors
Constructor and Description
`BasicKeystoreKeyStrategy()` Constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`protected void`	`doDestroy()` Performs component specific destruction logic.
`void`	`doInitialize()` Performs the initialization of the component.
`Pair<String,SecretKey>`	`getDefaultKey()` Get the default/current key to use for new operations, returned along with an identifier for it.
`SecretKey`	`getKey(String name)` Get a specifically named key.
`void`	`setKeyAlias(String alias)` Set the encryption key alias base name.
`void`	`setKeyPassword(String password)` Set the encryption key password.
`void`	`setKeystorePassword(String password)` Set the keystore password.
`void`	`setKeystoreResource(Resource resource)` Set the keystore resource.
`void`	`setKeystoreType(String type)` Set the keystore type.
`void`	`setKeyVersionResource(Resource resource)` Set the key version resource.
`void`	`setUpdateInterval(long interval)` Set the number of milliseconds between key update checks.
`void`	`setUpdateTaskTimer(Timer timer)` Set the timer used to schedule update tasks.
`private void`	`updateDefaultKey()` Update the loaded copy of the default key based on the current key version if it's out of date (loading key version from scratch if need be).

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - CURRENT_VERSION_PROP
```
@Nonnull
@NotEmpty
public static final String CURRENT_VERSION_PROP
```
    Name of property representing current key version.
    
    See Also:
    Constant Field Values
  - log
```
@Nonnull
private Logger log
```
    Class logger.
  - keystoreType
```
@NonnullAfterInit
private String keystoreType
```
    Type of keystore to use for access to keys.
  - keystoreResource
```
@NonnullAfterInit
private Resource keystoreResource
```
    Keystore resource.
  - keyVersionResource
```
@NonnullAfterInit
private Resource keyVersionResource
```
    Version resource.
  - keystorePassword
```
@NonnullAfterInit
private String keystorePassword
```
    Password for keystore.
  - keyAlias
```
@NonnullAfterInit
private String keyAlias
```
    Keystore base alias for encryption keys.
  - keyPassword
```
@NonnullAfterInit
private String keyPassword
```
    Password for encryption key(s).
  - currentAlias
```
@NonnullAfterInit
private String currentAlias
```
    Current key alias loaded.
  - defaultKey
```
@NonnullAfterInit
private SecretKey defaultKey
```
    Current default key loaded.
  - updateInterval
```
@Duration
@NonNegative
private long updateInterval
```
    Number of milliseconds between key update checks. Default value: (PT15M).
  - updateTaskTimer
```
private Timer updateTaskTimer
```
    Timer used to schedule update tasks.
  - internalTaskTimer
```
private Timer internalTaskTimer
```
    Timer used to schedule update tasks if no external one set.
  - updateTask
```
private TimerTask updateTask
```
    Task that checks for updated key version.
- Constructor Detail
  - BasicKeystoreKeyStrategy
```
public BasicKeystoreKeyStrategy()
```
    Constructor.
- Method Detail
  - setKeystoreType
```
public void setKeystoreType(@Nonnull@NotEmpty
                   String type)
```
    Set the keystore type.
    
    Parameters:
    type - the keystore type
  - setKeystoreResource
```
public void setKeystoreResource(@Nonnull@NotEmpty
                       Resource resource)
```
    Set the keystore resource.
    
    Parameters:
    resource - the keystore resource
  - setKeyVersionResource
```
public void setKeyVersionResource(@Nonnull@NotEmpty
                         Resource resource)
```
    Set the key version resource.
    
    Parameters:
    resource - the key version resource
  - setKeystorePassword
```
public void setKeystorePassword(@Nonnull@NotEmpty
                       String password)
```
    Set the keystore password.
    
    Parameters:
    password - the keystore password
  - setKeyAlias
```
public void setKeyAlias(@Nonnull@NotEmpty
               String alias)
```
    Set the encryption key alias base name.
    
    Parameters:
    alias - the encryption key alias base
  - setKeyPassword
```
public void setKeyPassword(@Nonnull@NotEmpty
                  String password)
```
    Set the encryption key password.
    
    Parameters:
    password - the encryption key password
  - setUpdateInterval
```
public void setUpdateInterval(@Duration@NonNegative
                     long interval)
```
    Set the number of milliseconds between key update checks. A value of 0 indicates that no updates will be performed. This setting cannot be changed after the service has been initialized.
    
    Parameters:
    interval - number of milliseconds between key update checks
  - setUpdateTaskTimer
```
public void setUpdateTaskTimer(@Nullable
                      Timer timer)
```
    Set the timer used to schedule update tasks. This setting cannot be changed after the service has been initialized.
    
    Parameters:
    timer - timer used to schedule update tasks
  - doInitialize
```
public void doInitialize()
                  throws ComponentInitializationException
```
    Performs the initialization of the component. This method is executed within the lock on the object being initialized. The default implementation of this method is a no-op.
    
    Overrides:
    
    doInitialize in class AbstractInitializableComponent
    
    Throws:
    
    ComponentInitializationException - thrown if there is a problem initializing the component
  - doDestroy
```
protected void doDestroy()
```
    Performs component specific destruction logic. This method is executed within the lock on the object being destroyed. The default implementation of this method is a no-op.
    
    Overrides:
    
    doDestroy in class AbstractInitializableComponent
  - getDefaultKey
```
@Nonnull
public Pair<String,SecretKey> getDefaultKey()
                                     throws KeyException
```
    Get the default/current key to use for new operations, returned along with an identifier for it.
    
    Specified by:
    
    getDefaultKey in interface DataSealerKeyStrategy
    
    Returns:
    the key
    
    Throws:
    
    KeyException - if the key cannot be returned
  - getKey
```
@Nonnull
public SecretKey getKey(@Nonnull@NotEmpty
                       String name)
                 throws KeyException
```
    Get a specifically named key.
    
    Specified by:
    
    getKey in interface DataSealerKeyStrategy
    
    Parameters:
    name - name of the key to retrieve
    
    Returns:
    the key
    
    Throws:
    
    KeyException - if the key cannot be returned, does not exist, etc.
  - updateDefaultKey
```
private void updateDefaultKey()
                       throws KeyException
```
    Update the loaded copy of the default key based on the current key version if it's out of date (loading key version from scratch if need be).
    
    Throws:
    
    KeyException - if the key cannot be updated

Class BasicKeystoreKeyStrategy

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Field Detail

CURRENT_VERSION_PROP

log

keystoreType

keystoreResource

keyVersionResource

keystorePassword

keyAlias

keyPassword

currentAlias

defaultKey

updateInterval

updateTaskTimer

internalTaskTimer

updateTask

Constructor Detail

BasicKeystoreKeyStrategy

Method Detail

setKeystoreType

setKeystoreResource

setKeyVersionResource

setKeystorePassword

setKeyAlias

setKeyPassword

setUpdateInterval

setUpdateTaskTimer

doInitialize

doDestroy

getDefaultKey

getKey

updateDefaultKey