Package org.apache.nifi.security.util

Class KeyStoreUtils

java.lang.Object
org.apache.nifi.security.util.KeyStoreUtils
public class KeyStoreUtils extends Object

  • Field Details

  • Constructor Details

    • KeyStoreUtils

      public KeyStoreUtils()

  • Method Details

    • getKeyStore

      public static KeyStore getKeyStore(String keyStoreType) throws KeyStoreException
      Returns an empty KeyStore backed by the appropriate provider
      Parameters:
      keyStoreType - the keyStoreType
      Returns:
      an empty KeyStore
      Throws:
      KeyStoreException - if a KeyStore of the given type cannot be instantiated

    • getSecretKeyStore

      public static KeyStore getSecretKeyStore(String keystoreTypeName) throws KeyStoreException
      Returns an empty KeyStore for Secret Keys backed by the appropriate provider
      Parameters:
      keystoreTypeName - Keystore Type Name
      Returns:
      an empty KeyStore
      Throws:
      KeyStoreException - if a KeyStore of the given type cannot be instantiated

    • loadKeyStore

      public static KeyStore loadKeyStore(String keystorePath, char[] keystorePassword, String keystoreType) throws TlsException
      Returns a loaded KeyStore given the provided configuration values.
      Parameters:
      keystorePath - the file path to the keystore
      keystorePassword - the keystore password
      keystoreType - the keystore type
      Returns:
      the loaded keystore
      Throws:
      TlsException - if there is a problem loading the keystore

    • loadSecretKeyStore

      public static KeyStore loadSecretKeyStore(String keystorePath, char[] keystorePassword, String keystoreTypeName) throws TlsException
      Load KeyStore containing Secret Key entries using configured Security Provider
      Parameters:
      keystorePath - File path to KeyStore
      keystorePassword - Password for loading KeyStore
      keystoreTypeName - Keystore Type Name
      Returns:
      KeyStore loaded using specified configuration
      Throws:
      TlsException - Thrown when unable to load KeyStore or unsupported Keystore Type

    • createTlsConfigAndNewKeystoreTruststore

      public static TlsConfiguration createTlsConfigAndNewKeystoreTruststore(TlsConfiguration tlsConfiguration, int certDurationDays, String[] dnsSubjectAlternativeNames) throws IOException, GeneralSecurityException
      Creates a temporary Keystore and Truststore and returns it wrapped in a new TLS configuration with the given values.
      Parameters:
      tlsConfiguration - a TlsConfiguration
      certDurationDays - The number of days the cert should be valid
      dnsSubjectAlternativeNames - An optional array of dnsName SANs
      Returns:
      a TlsConfiguration
      Throws:
      IOException
      GeneralSecurityException

    • getKeyManagerFactoryFromKeyStore

      public static KeyManagerFactory getKeyManagerFactoryFromKeyStore(KeyStore keyStore, char[] keystorePassword, char[] keyPassword) throws TlsException
      Returns the KeyManagerFactory from the provided KeyStore object, initialized with the key or keystore password.
      Parameters:
      keyStore - the loaded keystore
      keystorePassword - the keystore password
      keyPassword - the key password
      Returns:
      the key manager factory
      Throws:
      TlsException - if there is a problem initializing or reading from the keystore

    • loadKeyManagerFactory

      public static KeyManagerFactory loadKeyManagerFactory(TlsConfiguration tlsConfiguration) throws TlsException
      Returns the initialized KeyManagerFactory.
      Parameters:
      tlsConfiguration - the TLS configuration
      Returns:
      the initialized key manager factory
      Throws:
      TlsException - if there is a problem initializing or reading from the keystore

    • loadKeyManagerFactory

      public static KeyManagerFactory loadKeyManagerFactory(String keystorePath, String keystorePassword, String keyPassword, String keystoreType) throws TlsException
      Returns the initialized KeyManagerFactory.
      Parameters:
      keystorePath - the file path to the keystore
      keystorePassword - the keystore password
      keyPassword - the key password
      keystoreType - the keystore type
      Returns:
      the initialized key manager factory
      Throws:
      TlsException - if there is a problem initializing or reading from the keystore

    • loadTrustStore

      public static KeyStore loadTrustStore(String truststorePath, char[] truststorePassword, String truststoreType) throws TlsException
      Returns a loaded KeyStore (acting as a truststore) given the provided configuration values.
      Parameters:
      truststorePath - the file path to the truststore
      truststorePassword - the truststore password
      truststoreType - the truststore type
      Returns:
      the loaded truststore
      Throws:
      TlsException - if there is a problem loading the truststore

    • getTrustManagerFactoryFromTrustStore

      public static TrustManagerFactory getTrustManagerFactoryFromTrustStore(KeyStore trustStore) throws TlsException
      Returns the TrustManagerFactory from the provided KeyStore object, initialized.
      Parameters:
      trustStore - the loaded truststore
      Returns:
      the trust manager factory
      Throws:
      TlsException - if there is a problem initializing or reading from the truststore

    • loadTrustManagerFactory

      public static TrustManagerFactory loadTrustManagerFactory(TlsConfiguration tlsConfiguration) throws TlsException
      Returns the initialized TrustManagerFactory.
      Parameters:
      tlsConfiguration - the TLS configuration
      Returns:
      the initialized trust manager factory
      Throws:
      TlsException - if there is a problem initializing or reading from the truststore

    • loadTrustManagerFactory

      public static TrustManagerFactory loadTrustManagerFactory(String truststorePath, String truststorePassword, String truststoreType) throws TlsException
      Returns the initialized TrustManagerFactory.
      Parameters:
      truststorePath - the file path to the truststore
      truststorePassword - the truststore password
      truststoreType - the truststore type
      Returns:
      the initialized trust manager factory
      Throws:
      TlsException - if there is a problem initializing or reading from the truststore

    • isStoreValid

      public static boolean isStoreValid(URL keystore, KeystoreType keystoreType, char[] password)
      Returns true if the given keystore can be loaded using the given keystore type and password. Returns false otherwise.
      Parameters:
      keystore - the keystore to validate
      keystoreType - the type of the keystore
      password - the password to access the keystore
      Returns:
      true if valid; false otherwise

    • isKeyPasswordCorrect

      public static boolean isKeyPasswordCorrect(URL keystore, KeystoreType keystoreType, char[] password, char[] keyPassword)
      Returns true if the given keystore can be loaded using the given keystore type and password and the default (first) alias can be retrieved with the key-specific password. Returns false otherwise.
      Parameters:
      keystore - the keystore to validate
      keystoreType - the type of the keystore
      password - the password to access the keystore
      keyPassword - the password to access the specific key
      Returns:
      true if valid; false otherwise

    • getKeystoreTypeFromExtension

      public static KeystoreType getKeystoreTypeFromExtension(String keystorePath)
      Get Keystore Type based on file extension defaults to returning PKCS12
      Parameters:
      keystorePath - Path to KeyStore
      Returns:
      Keystore Type defaults to PKCS12

    • isSecretKeyEntrySupported

      public static boolean isSecretKeyEntrySupported(KeystoreType keystoreType)
      Is Secret Key Entry supported for specified Keystore Type
      Parameters:
      keystoreType - Keystore Type
      Returns:
      Secret Key Entry supported status

    • createKeyStoreAndGetX509Certificate

      private static X509Certificate createKeyStoreAndGetX509Certificate(String alias, String keyStorePassword, String keyPassword, String keyStorePath, KeystoreType keyStoreType, int certDurationDays, String[] dnsSubjectAlternativeNames) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException
      Loads the Keystore and returns a X509 Certificate with the given values.
      Parameters:
      alias - the certificate alias
      keyStorePassword - the keystore password
      keyPassword - the key password
      keyStorePath - the keystore path
      keyStoreType - the keystore type
      certDurationDays - the duration of the validity of the certificate, in days
      dnsSubjectAlternativeNames - An optional array of dnsName SANs
      Returns:
      a X509Certificate
      Throws:
      IOException
      KeyStoreException
      NoSuchAlgorithmException
      CertificateException

    • createTrustStore

      private static void createTrustStore(X509Certificate cert, String alias, String password, String path, KeystoreType truststoreType) throws KeyStoreException, NoSuchAlgorithmException, CertificateException
      Loads the Truststore with the given values.
      Parameters:
      cert - the certificate
      alias - the certificate alias
      password - the truststore password
      path - the truststore path
      truststoreType - the truststore type
      Throws:
      KeyStoreException
      NoSuchAlgorithmException
      CertificateException

    • generateTempKeystorePath

      private static Path generateTempKeystorePath(KeystoreType keystoreType) throws IOException
      Generates a temporary keystore file and returns the path.
      Parameters:
      keystoreType - the Keystore type
      Returns:
      a Path
      Throws:
      IOException

    • generateTempTruststorePath

      private static Path generateTempTruststorePath(KeystoreType truststoreType) throws IOException
      Generates a temporary truststore file and returns the path.
      Parameters:
      truststoreType - the Truststore type
      Returns:
      a Path
      Throws:
      IOException

    • loadEmptyKeyStore

      private static KeyStore loadEmptyKeyStore(KeystoreType keyStoreType) throws KeyStoreException, CertificateException, NoSuchAlgorithmException
      Loads and returns an empty Keystore backed by the appropriate provider.
      Parameters:
      keyStoreType - the keystore type
      Returns:
      an empty keystore
      Throws:
      KeyStoreException - if a keystore of the given type cannot be instantiated
      CertificateException
      NoSuchAlgorithmException

    • getKeystoreExtension

      private static String getKeystoreExtension(KeystoreType keystoreType)
      Returns the Keystore extension given the Keystore type.
      Parameters:
      keystoreType - the keystore type
      Returns:
      the keystore extension

    • generatePassword

      private static String generatePassword()
      Generates a random Hex-encoded password.
      Returns:
      a password as a Hex-encoded String

    • getKeystoreType

      private static KeystoreType getKeystoreType(String keystoreTypeName)