Package org.apache.nifi.security.util
Class KeyStoreUtils
java.lang.Object
org.apache.nifi.security.util.KeyStoreUtils
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final String
private static final org.bouncycastle.jce.provider.BouncyCastleProvider
private static final String
private static final X500Principal
private static final String
private static final String
private static final String
private static final Map
<KeystoreType, String> private static final String
private static final org.slf4j.Logger
private static final int
private static final String
private static final String
private static final String
private static final String
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate static X509Certificate
createKeyStoreAndGetX509Certificate
(String alias, String keyStorePassword, String keyPassword, String keyStorePath, KeystoreType keyStoreType, int certDurationDays, String[] dnsSubjectAlternativeNames) Loads the Keystore and returns a X509 Certificate with the given values.static TlsConfiguration
createTlsConfigAndNewKeystoreTruststore
(TlsConfiguration tlsConfiguration, int certDurationDays, String[] dnsSubjectAlternativeNames) Creates a temporary Keystore and Truststore and returns it wrapped in a new TLS configuration with the given values.private static void
createTrustStore
(X509Certificate cert, String alias, String password, String path, KeystoreType truststoreType) Loads the Truststore with the given values.private static String
Generates a random Hex-encoded password.private static Path
generateTempKeystorePath
(KeystoreType keystoreType) Generates a temporary keystore file and returns the path.private static Path
generateTempTruststorePath
(KeystoreType truststoreType) Generates a temporary truststore file and returns the path.static KeyManagerFactory
getKeyManagerFactoryFromKeyStore
(KeyStore keyStore, char[] keystorePassword, char[] keyPassword) Returns theKeyManagerFactory
from the providedKeyStore
object, initialized with the key or keystore password.static KeyStore
getKeyStore
(String keyStoreType) Returns an empty KeyStore backed by the appropriate providerprivate static String
getKeystoreExtension
(KeystoreType keystoreType) Returns the Keystore extension given the Keystore type.private static KeystoreType
getKeystoreType
(String keystoreTypeName) static KeystoreType
getKeystoreTypeFromExtension
(String keystorePath) Get Keystore Type based on file extension defaults to returning PKCS12static KeyStore
getSecretKeyStore
(String keystoreTypeName) Returns an empty KeyStore for Secret Keys backed by the appropriate providerstatic TrustManagerFactory
getTrustManagerFactoryFromTrustStore
(KeyStore trustStore) Returns theTrustManagerFactory
from the providedKeyStore
object, initialized.static boolean
isKeyPasswordCorrect
(URL keystore, KeystoreType keystoreType, char[] password, char[] keyPassword) Returns true if the given keystore can be loaded using the given keystore type and password and the default (first) alias can be retrieved with the key-specific password.static boolean
isSecretKeyEntrySupported
(KeystoreType keystoreType) Is Secret Key Entry supported for specified Keystore Typestatic boolean
isStoreValid
(URL keystore, KeystoreType keystoreType, char[] password) Returns true if the given keystore can be loaded using the given keystore type and password.private static KeyStore
loadEmptyKeyStore
(KeystoreType keyStoreType) Loads and returns an empty Keystore backed by the appropriate provider.static KeyManagerFactory
loadKeyManagerFactory
(String keystorePath, String keystorePassword, String keyPassword, String keystoreType) Returns the initializedKeyManagerFactory
.static KeyManagerFactory
loadKeyManagerFactory
(TlsConfiguration tlsConfiguration) Returns the initializedKeyManagerFactory
.static KeyStore
loadKeyStore
(String keystorePath, char[] keystorePassword, String keystoreType) Returns a loadedKeyStore
given the provided configuration values.static KeyStore
loadSecretKeyStore
(String keystorePath, char[] keystorePassword, String keystoreTypeName) LoadKeyStore
containing Secret Key entries using configured Security Providerstatic TrustManagerFactory
loadTrustManagerFactory
(String truststorePath, String truststorePassword, String truststoreType) Returns the initializedTrustManagerFactory
.static TrustManagerFactory
loadTrustManagerFactory
(TlsConfiguration tlsConfiguration) Returns the initializedTrustManagerFactory
.static KeyStore
loadTrustStore
(String truststorePath, char[] truststorePassword, String truststoreType) Returns a loadedKeyStore
(acting as a truststore) given the provided configuration values.
-
Field Details
-
logger
private static final org.slf4j.Logger logger -
BOUNCY_CASTLE_PROVIDER
private static final org.bouncycastle.jce.provider.BouncyCastleProvider BOUNCY_CASTLE_PROVIDER -
JKS_EXT
- See Also:
-
PKCS12_EXT
- See Also:
-
BCFKS_EXT
- See Also:
-
KEY_ALIAS
- See Also:
-
CERT_ALIAS
- See Also:
-
CERT_DN
-
KEY_ALGORITHM
- See Also:
-
PASSWORD_LENGTH
private static final int PASSWORD_LENGTH- See Also:
-
TEST_KEYSTORE_PREFIX
- See Also:
-
TEST_TRUSTSTORE_PREFIX
- See Also:
-
KEYSTORE_ERROR_MSG
- See Also:
-
TRUSTSTORE_ERROR_MSG
- See Also:
-
KEY_STORE_EXTENSIONS
-
-
Constructor Details
-
KeyStoreUtils
public KeyStoreUtils()
-
-
Method Details
-
getKeyStore
Returns an empty KeyStore backed by the appropriate provider- Parameters:
keyStoreType
- the keyStoreType- Returns:
- an empty KeyStore
- Throws:
KeyStoreException
- if a KeyStore of the given type cannot be instantiated
-
getSecretKeyStore
Returns an empty KeyStore for Secret Keys backed by the appropriate provider- Parameters:
keystoreTypeName
- Keystore Type Name- Returns:
- an empty KeyStore
- Throws:
KeyStoreException
- if a KeyStore of the given type cannot be instantiated
-
loadKeyStore
public static KeyStore loadKeyStore(String keystorePath, char[] keystorePassword, String keystoreType) throws TlsException Returns a loadedKeyStore
given the provided configuration values.- Parameters:
keystorePath
- the file path to the keystorekeystorePassword
- the keystore passwordkeystoreType
- the keystore type- Returns:
- the loaded keystore
- Throws:
TlsException
- if there is a problem loading the keystore
-
loadSecretKeyStore
public static KeyStore loadSecretKeyStore(String keystorePath, char[] keystorePassword, String keystoreTypeName) throws TlsException LoadKeyStore
containing Secret Key entries using configured Security Provider- Parameters:
keystorePath
- File path to KeyStorekeystorePassword
- Password for loading KeyStorekeystoreTypeName
- Keystore Type Name- Returns:
- KeyStore loaded using specified configuration
- Throws:
TlsException
- Thrown when unable to load KeyStore or unsupported Keystore Type
-
createTlsConfigAndNewKeystoreTruststore
public static TlsConfiguration createTlsConfigAndNewKeystoreTruststore(TlsConfiguration tlsConfiguration, int certDurationDays, String[] dnsSubjectAlternativeNames) throws IOException, GeneralSecurityException Creates a temporary Keystore and Truststore and returns it wrapped in a new TLS configuration with the given values.- Parameters:
tlsConfiguration
- aTlsConfiguration
certDurationDays
- The number of days the cert should be validdnsSubjectAlternativeNames
- An optional array of dnsName SANs- Returns:
- a
TlsConfiguration
- Throws:
IOException
GeneralSecurityException
-
getKeyManagerFactoryFromKeyStore
public static KeyManagerFactory getKeyManagerFactoryFromKeyStore(KeyStore keyStore, char[] keystorePassword, char[] keyPassword) throws TlsException Returns theKeyManagerFactory
from the providedKeyStore
object, initialized with the key or keystore password.- Parameters:
keyStore
- the loaded keystorekeystorePassword
- the keystore passwordkeyPassword
- the key password- Returns:
- the key manager factory
- Throws:
TlsException
- if there is a problem initializing or reading from the keystore
-
loadKeyManagerFactory
public static KeyManagerFactory loadKeyManagerFactory(TlsConfiguration tlsConfiguration) throws TlsException Returns the initializedKeyManagerFactory
.- Parameters:
tlsConfiguration
- the TLS configuration- Returns:
- the initialized key manager factory
- Throws:
TlsException
- if there is a problem initializing or reading from the keystore
-
loadKeyManagerFactory
public static KeyManagerFactory loadKeyManagerFactory(String keystorePath, String keystorePassword, String keyPassword, String keystoreType) throws TlsException Returns the initializedKeyManagerFactory
.- Parameters:
keystorePath
- the file path to the keystorekeystorePassword
- the keystore passwordkeyPassword
- the key passwordkeystoreType
- the keystore type- Returns:
- the initialized key manager factory
- Throws:
TlsException
- if there is a problem initializing or reading from the keystore
-
loadTrustStore
public static KeyStore loadTrustStore(String truststorePath, char[] truststorePassword, String truststoreType) throws TlsException Returns a loadedKeyStore
(acting as a truststore) given the provided configuration values.- Parameters:
truststorePath
- the file path to the truststoretruststorePassword
- the truststore passwordtruststoreType
- the truststore type- Returns:
- the loaded truststore
- Throws:
TlsException
- if there is a problem loading the truststore
-
getTrustManagerFactoryFromTrustStore
public static TrustManagerFactory getTrustManagerFactoryFromTrustStore(KeyStore trustStore) throws TlsException Returns theTrustManagerFactory
from the providedKeyStore
object, initialized.- Parameters:
trustStore
- the loaded truststore- Returns:
- the trust manager factory
- Throws:
TlsException
- if there is a problem initializing or reading from the truststore
-
loadTrustManagerFactory
public static TrustManagerFactory loadTrustManagerFactory(TlsConfiguration tlsConfiguration) throws TlsException Returns the initializedTrustManagerFactory
.- Parameters:
tlsConfiguration
- the TLS configuration- Returns:
- the initialized trust manager factory
- Throws:
TlsException
- if there is a problem initializing or reading from the truststore
-
loadTrustManagerFactory
public static TrustManagerFactory loadTrustManagerFactory(String truststorePath, String truststorePassword, String truststoreType) throws TlsException Returns the initializedTrustManagerFactory
.- Parameters:
truststorePath
- the file path to the truststoretruststorePassword
- the truststore passwordtruststoreType
- the truststore type- Returns:
- the initialized trust manager factory
- Throws:
TlsException
- if there is a problem initializing or reading from the truststore
-
isStoreValid
Returns true if the given keystore can be loaded using the given keystore type and password. Returns false otherwise.- Parameters:
keystore
- the keystore to validatekeystoreType
- the type of the keystorepassword
- the password to access the keystore- Returns:
- true if valid; false otherwise
-
isKeyPasswordCorrect
public static boolean isKeyPasswordCorrect(URL keystore, KeystoreType keystoreType, char[] password, char[] keyPassword) Returns true if the given keystore can be loaded using the given keystore type and password and the default (first) alias can be retrieved with the key-specific password. Returns false otherwise.- Parameters:
keystore
- the keystore to validatekeystoreType
- the type of the keystorepassword
- the password to access the keystorekeyPassword
- the password to access the specific key- Returns:
- true if valid; false otherwise
-
getKeystoreTypeFromExtension
Get Keystore Type based on file extension defaults to returning PKCS12- Parameters:
keystorePath
- Path to KeyStore- Returns:
- Keystore Type defaults to PKCS12
-
isSecretKeyEntrySupported
Is Secret Key Entry supported for specified Keystore Type- Parameters:
keystoreType
- Keystore Type- Returns:
- Secret Key Entry supported status
-
createKeyStoreAndGetX509Certificate
private static X509Certificate createKeyStoreAndGetX509Certificate(String alias, String keyStorePassword, String keyPassword, String keyStorePath, KeystoreType keyStoreType, int certDurationDays, String[] dnsSubjectAlternativeNames) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException Loads the Keystore and returns a X509 Certificate with the given values.- Parameters:
alias
- the certificate aliaskeyStorePassword
- the keystore passwordkeyPassword
- the key passwordkeyStorePath
- the keystore pathkeyStoreType
- the keystore typecertDurationDays
- the duration of the validity of the certificate, in daysdnsSubjectAlternativeNames
- An optional array of dnsName SANs- Returns:
- a
X509Certificate
- Throws:
IOException
KeyStoreException
NoSuchAlgorithmException
CertificateException
-
createTrustStore
private static void createTrustStore(X509Certificate cert, String alias, String password, String path, KeystoreType truststoreType) throws KeyStoreException, NoSuchAlgorithmException, CertificateException Loads the Truststore with the given values.- Parameters:
cert
- the certificatealias
- the certificate aliaspassword
- the truststore passwordpath
- the truststore pathtruststoreType
- the truststore type- Throws:
KeyStoreException
NoSuchAlgorithmException
CertificateException
-
generateTempKeystorePath
Generates a temporary keystore file and returns the path.- Parameters:
keystoreType
- the Keystore type- Returns:
- a Path
- Throws:
IOException
-
generateTempTruststorePath
Generates a temporary truststore file and returns the path.- Parameters:
truststoreType
- the Truststore type- Returns:
- a Path
- Throws:
IOException
-
loadEmptyKeyStore
private static KeyStore loadEmptyKeyStore(KeystoreType keyStoreType) throws KeyStoreException, CertificateException, NoSuchAlgorithmException Loads and returns an empty Keystore backed by the appropriate provider.- Parameters:
keyStoreType
- the keystore type- Returns:
- an empty keystore
- Throws:
KeyStoreException
- if a keystore of the given type cannot be instantiatedCertificateException
NoSuchAlgorithmException
-
getKeystoreExtension
Returns the Keystore extension given the Keystore type.- Parameters:
keystoreType
- the keystore type- Returns:
- the keystore extension
-
generatePassword
Generates a random Hex-encoded password.- Returns:
- a password as a Hex-encoded String
-
getKeystoreType
-