Package org.kiwiproject.security
Class KiwiSecurity
- java.lang.Object
-
- org.kiwiproject.security.KiwiSecurity
-
public class KiwiSecurity extends Object
Static utilities to create various security objects, such asSSLContext,KeyStore,KeyManager, andTrustManager.WARNING: This is a low-level utility class. As such, many of its methods have a large number of arguments. This is simply a byproduct of the many different objects that are required by the JDK classes to create objects such as
SSLContext. It is intended that this class will be used by other, higher-level, utilities at higher levels of abstraction.
-
-
Constructor Summary
Constructors Constructor Description KiwiSecurity()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static SSLContextcreateSslContext(String keyStorePath, String keyStorePassword, String trustStorePath, String trustStorePassword, String protocol)Create a newSSLContextinstance for the given paths, passwords, and protocol, assuming that the key and trust store types areKeyStoreType.JKS.static SSLContextcreateSslContext(String keyStorePath, String keyStorePassword, String keyStoreType, String trustStorePath, String trustStorePassword, String trustStoreType, String protocol)Create a newSSLContextinstance for the given paths, passwords, key and trust store types, and protocol.static SSLContextcreateSslContext(String keyStorePath, String keyStorePassword, String keyStoreType, String keyManagerAlgorithm, String trustStorePath, String trustStorePassword, String trustStoreType, String trustManagerAlgorithm, String protocol)Create a newSSLContextinstance for the given paths, passwords, key and trust store types, key and trust manager algorithms, and protocol.static SSLContextcreateSslContext(String keyStorePath, String keyStorePassword, String keyStoreType, String trustStorePath, String trustStorePassword, String trustStoreType, SSLContextProtocol protocol)Create a newSSLContextinstance for the given paths, passwords, and protocol, assuming that the key and trust store types areKeyStoreType.JKS.static SSLContextcreateSslContext(String keyStorePath, String keyStorePassword, String trustStorePath, String trustStorePassword, SSLContextProtocol protocol)Create a newSSLContextinstance for the given paths, passwords, and protocol, assuming that the key and trust store types areKeyStoreType.JKS.static KeyManager[]getKeyManagers(KeyStore keyStore, String keyStorePassword)Get the key managers for the givenKeyStoreand key store password using the default algorithm.static KeyManager[]getKeyManagers(KeyStore keyStore, String keyStorePassword, String algorithm)Get the key managers for the givenKeyStore, key store password, and algorithm.static Optional<KeyStore>getKeyStore(String keyStoreType, String path, String password)Return anOptionalcontaining aKeyStorefor the givenKeyStoreType, path, and password, or an emptyOptionalif the arguments are (both) null.static Optional<KeyStore>getKeyStore(KeyStoreType keyStoreType, String path, String password)Return anOptionalcontaining aKeyStorefor the givenKeyStoreType, path, and password, or an emptyOptionalif the arguments are (both) null.static TrustManager[]getTrustManagers(KeyStore trustStore)Get the trust managers for the given trust store using the default algorithm.static TrustManager[]getTrustManagers(KeyStore trustStore, String algorithm)Get the trust managers for the given trust store and algorithm.
-
-
-
Method Detail
-
createSslContext
public static SSLContext createSslContext(@Nullable String keyStorePath, @Nullable String keyStorePassword, String trustStorePath, String trustStorePassword, SSLContextProtocol protocol)
Create a newSSLContextinstance for the given paths, passwords, and protocol, assuming that the key and trust store types areKeyStoreType.JKS. Uses the default key and trust manager algorithms as defined byKeyManagerFactoryandTrustManagerFactory.If only the trust store is needed, supply
nullvalues for thekeyStorePathandkeyStorePassword.- Parameters:
keyStorePath- path to the key storekeyStorePassword- password of the key storetrustStorePath- path to the trust storetrustStorePassword- password of the trust storeprotocol- the protocol to use- Returns:
- a new
SSLContextinstance - Throws:
SSLContextException- if unable to create theSSLContext- See Also:
KeyStore,KeyManager,TrustManager,SSLContextProtocol,KeyManagerFactory.getDefaultAlgorithm(),TrustManagerFactory.getDefaultAlgorithm()
-
createSslContext
public static SSLContext createSslContext(@Nullable String keyStorePath, @Nullable String keyStorePassword, String trustStorePath, String trustStorePassword, String protocol)
Create a newSSLContextinstance for the given paths, passwords, and protocol, assuming that the key and trust store types areKeyStoreType.JKS. Uses the default key and trust manager algorithms as defined byKeyManagerFactoryandTrustManagerFactory.If only the trust store is needed, supply
nullvalues for thekeyStorePathandkeyStorePassword.- Parameters:
keyStorePath- path to the key storekeyStorePassword- password of the key storetrustStorePath- path to the trust storetrustStorePassword- password of the trust storeprotocol- the protocol to use- Returns:
- a new
SSLContextinstance - Throws:
SSLContextException- if unable to create theSSLContext- See Also:
KeyStore,KeyManager,TrustManager,SSLContextProtocol,KeyManagerFactory.getDefaultAlgorithm(),TrustManagerFactory.getDefaultAlgorithm()
-
createSslContext
public static SSLContext createSslContext(@Nullable String keyStorePath, @Nullable String keyStorePassword, String keyStoreType, String trustStorePath, String trustStorePassword, String trustStoreType, SSLContextProtocol protocol)
Create a newSSLContextinstance for the given paths, passwords, and protocol, assuming that the key and trust store types areKeyStoreType.JKS. Uses the default key and trust manager algorithms as defined byKeyManagerFactoryandTrustManagerFactory. The key and trust store types should be one of the algorithms defined inKeyStoreType.If only the trust store is needed, supply
nullvalues for thekeyStorePathandkeyStorePassword.WARNING: While public, this is very low-level and not generally intended for client code to call directly. We recommend using
createSslContext(String, String, String, String, SSLContextProtocol)orcreateSslContext(String, String, String, String, String). Kiwi also provides higher-level constructs in theorg.kiwiproject.securitypackage.- Parameters:
keyStorePath- path to the key storekeyStorePassword- password of the key storekeyStoreType- the key store typetrustStorePath- path to the trust storetrustStorePassword- password of the trust storetrustStoreType- the trust store typeprotocol- the protocol to use- Returns:
- a new
SSLContextinstance - Throws:
SSLContextException- if unable to create theSSLContext- See Also:
KeyStore,KeyManager,KeyManagerFactory.getDefaultAlgorithm(),TrustManager,TrustManagerFactory.getDefaultAlgorithm(),SSLContextProtocol,KeyStoreType
-
createSslContext
public static SSLContext createSslContext(@Nullable String keyStorePath, @Nullable String keyStorePassword, String keyStoreType, String trustStorePath, String trustStorePassword, String trustStoreType, String protocol)
Create a newSSLContextinstance for the given paths, passwords, key and trust store types, and protocol. Uses the default key and trust manager algorithms as defined byKeyManagerFactoryandTrustManagerFactory. The key and trust store types should be one of the algorithms defined inKeyStoreType.If only the trust store is needed, supply
nullvalues for thekeyStorePathandkeyStorePassword.WARNING: While public, this is very low-level and not generally intended for client code to call directly. We recommend using
createSslContext(String, String, String, String, SSLContextProtocol)orcreateSslContext(String, String, String, String, String). Kiwi also provides higher-level constructs in theorg.kiwiproject.securitypackage.- Parameters:
keyStorePath- path to the key storekeyStorePassword- password of the key storekeyStoreType- the key store typetrustStorePath- path to the trust storetrustStorePassword- password of the trust storetrustStoreType- the trust store typeprotocol- the protocol to use- Returns:
- a new
SSLContextinstance - Throws:
SSLContextException- if unable to create theSSLContext- See Also:
KeyStore,KeyManager,KeyManagerFactory.getDefaultAlgorithm(),TrustManager,TrustManagerFactory.getDefaultAlgorithm(),SSLContextProtocol,KeyStoreType
-
createSslContext
public static SSLContext createSslContext(@Nullable String keyStorePath, @Nullable String keyStorePassword, @Nullable String keyStoreType, @Nullable String keyManagerAlgorithm, String trustStorePath, String trustStorePassword, String trustStoreType, String trustManagerAlgorithm, String protocol)
Create a newSSLContextinstance for the given paths, passwords, key and trust store types, key and trust manager algorithms, and protocol. The key and trust store types should be one of the algorithms defined inKeyStoreType.If only the trust store is needed, supply
nullvalues for thekeyStorePathandkeyStorePassword.WARNING: While public, this is very low-level and not generally intended for client code to call directly. We recommend using
createSslContext(String, String, String, String, SSLContextProtocol)orcreateSslContext(String, String, String, String, String). Kiwi also provides higher-level constructs in theorg.kiwiproject.securitypackage.- Parameters:
keyStorePath- path to the key storekeyStorePassword- password of the key storekeyStoreType- the key store typekeyManagerAlgorithm- the key manager algorithmtrustStorePath- path to the trust storetrustStorePassword- password of the trust storetrustStoreType- the trust store typetrustManagerAlgorithm- the trust manager algorithmprotocol- the protocol to use- Returns:
- a new
SSLContextinstance - Throws:
SSLContextException- if unable to create theSSLContext- See Also:
KeyStore,KeyManager,KeyManagerFactory.getInstance(String),TrustManager,TrustManagerFactory.getInstance(String),SSLContextProtocol,KeyStoreType
-
getKeyStore
public static Optional<KeyStore> getKeyStore(KeyStoreType keyStoreType, String path, String password)
Return anOptionalcontaining aKeyStorefor the givenKeyStoreType, path, and password, or an emptyOptionalif the arguments are (both) null.- Parameters:
keyStoreType- the type of key storepath- the path to the key storepassword- the key store password- Returns:
- an optional with a
KeyStoreor an empty optional - Throws:
IllegalArgumentException- if keyStoreType is blankSSLContextException- if unable to create aKeyStore- See Also:
KeyStore.getInstance(String)
-
getKeyStore
public static Optional<KeyStore> getKeyStore(String keyStoreType, String path, String password)
Return anOptionalcontaining aKeyStorefor the givenKeyStoreType, path, and password, or an emptyOptionalif the arguments are (both) null.- Parameters:
keyStoreType- the type of key storepath- the path to the key storepassword- the key store password- Returns:
- an optional with a
KeyStoreor an empty optional - Throws:
IllegalArgumentException- if keyStoreType is blankSSLContextException- if unable to create aKeyStore- See Also:
KeyStore.getInstance(String)
-
getKeyManagers
public static KeyManager[] getKeyManagers(KeyStore keyStore, String keyStorePassword)
Get the key managers for the givenKeyStoreand key store password using the default algorithm.- Parameters:
keyStore- the key storekeyStorePassword- the key store's password- Returns:
- an array of
KeyManager - Throws:
SSLContextException- if unable to get theKeyManagerarray- See Also:
KeyManagerFactory.getDefaultAlgorithm()
-
getKeyManagers
public static KeyManager[] getKeyManagers(KeyStore keyStore, String keyStorePassword, String algorithm)
Get the key managers for the givenKeyStore, key store password, and algorithm.- Parameters:
keyStore- the key storekeyStorePassword- the key store's passwordalgorithm- the key manager algorithm- Returns:
- an array of
KeyManager - Throws:
SSLContextException- if unable to get theKeyManagerarray- See Also:
KeyManagerFactory.getInstance(String)
-
getTrustManagers
public static TrustManager[] getTrustManagers(KeyStore trustStore)
Get the trust managers for the given trust store using the default algorithm.- Parameters:
trustStore- the trust store- Returns:
- an array of
TrustManager - Throws:
SSLContextException- if unable to get theTrustManagerarray- See Also:
TrustManagerFactory.getDefaultAlgorithm()
-
getTrustManagers
public static TrustManager[] getTrustManagers(KeyStore trustStore, String algorithm)
Get the trust managers for the given trust store and algorithm.- Parameters:
trustStore- the trust storealgorithm- the trust manager algorithm- Returns:
- an array of
TrustManager - Throws:
SSLContextException- if unable to get theTrustManagerarray- See Also:
TrustManagerFactory.getInstance(String)
-
-