Class KiwiSecurity
- java.lang.Object
-
- org.kiwiproject.security.KiwiSecurity
-
public class KiwiSecurity extends Object
Static utilities to create various security objects, such asSSLContext
,KeyStore
,KeyManager
, andTrustManager
.WARNING: This is a low-level utility class. As such, many of its methods have a large number of arguments. This is simply a byproduct of the many different objects that are required by the JDK classes to create objects such as
SSLContext
. It is intended that this class will be used by other, higher-level, utilities at higher levels of abstraction.
-
-
Constructor Summary
Constructors Constructor Description KiwiSecurity()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static SSLContext
createSslContext(String keyStorePath, String keyStorePassword, String trustStorePath, String trustStorePassword, String protocol)
Create a newSSLContext
instance for the given paths, passwords, and protocol, assuming that the key and trust store types areKeyStoreType.JKS
.static SSLContext
createSslContext(String keyStorePath, String keyStorePassword, String keyStoreType, String trustStorePath, String trustStorePassword, String trustStoreType, String protocol)
Create a newSSLContext
instance for the given paths, passwords, key and trust store types, and protocol.static SSLContext
createSslContext(String keyStorePath, String keyStorePassword, String keyStoreType, String keyManagerAlgorithm, String trustStorePath, String trustStorePassword, String trustStoreType, String trustManagerAlgorithm, String protocol)
Create a newSSLContext
instance for the given paths, passwords, key and trust store types, key and trust manager algorithms, and protocol.static SSLContext
createSslContext(String keyStorePath, String keyStorePassword, String keyStoreType, String trustStorePath, String trustStorePassword, String trustStoreType, SSLContextProtocol protocol)
Create a newSSLContext
instance for the given paths, passwords, and protocol, assuming that the key and trust store types areKeyStoreType.JKS
.static SSLContext
createSslContext(String keyStorePath, String keyStorePassword, String trustStorePath, String trustStorePassword, SSLContextProtocol protocol)
Create a newSSLContext
instance for the given paths, passwords, and protocol, assuming that the key and trust store types areKeyStoreType.JKS
.static KeyManager[]
getKeyManagers(KeyStore keyStore, String keyStorePassword)
Get the key managers for the givenKeyStore
and key store password using the default algorithm.static KeyManager[]
getKeyManagers(KeyStore keyStore, String keyStorePassword, String algorithm)
Get the key managers for the givenKeyStore
, key store password, and algorithm.static Optional<KeyStore>
getKeyStore(String keyStoreType, String path, String password)
Return anOptional
containing aKeyStore
for the givenKeyStoreType
, path, and password, or an emptyOptional
if the arguments are (both) null.static Optional<KeyStore>
getKeyStore(KeyStoreType keyStoreType, String path, String password)
Return anOptional
containing aKeyStore
for the givenKeyStoreType
, path, and password, or an emptyOptional
if the arguments are (both) null.static TrustManager[]
getTrustManagers(KeyStore trustStore)
Get the trust managers for the given trust store using the default algorithm.static TrustManager[]
getTrustManagers(KeyStore trustStore, String algorithm)
Get the trust managers for the given trust store and algorithm.
-
-
-
Method Detail
-
createSslContext
public static SSLContext createSslContext(@Nullable String keyStorePath, @Nullable String keyStorePassword, String trustStorePath, String trustStorePassword, SSLContextProtocol protocol)
Create a newSSLContext
instance for the given paths, passwords, and protocol, assuming that the key and trust store types areKeyStoreType.JKS
. Uses the default key and trust manager algorithms as defined byKeyManagerFactory
andTrustManagerFactory
.If only the trust store is needed, supply
null
values for thekeyStorePath
andkeyStorePassword
.- Parameters:
keyStorePath
- path to the key storekeyStorePassword
- password of the key storetrustStorePath
- path to the trust storetrustStorePassword
- password of the trust storeprotocol
- the protocol to use- Returns:
- a new
SSLContext
instance - Throws:
SSLContextException
- if unable to create theSSLContext
- See Also:
KeyStore
,KeyManager
,TrustManager
,SSLContextProtocol
,KeyManagerFactory.getDefaultAlgorithm()
,TrustManagerFactory.getDefaultAlgorithm()
-
createSslContext
public static SSLContext createSslContext(@Nullable String keyStorePath, @Nullable String keyStorePassword, String trustStorePath, String trustStorePassword, String protocol)
Create a newSSLContext
instance for the given paths, passwords, and protocol, assuming that the key and trust store types areKeyStoreType.JKS
. Uses the default key and trust manager algorithms as defined byKeyManagerFactory
andTrustManagerFactory
.If only the trust store is needed, supply
null
values for thekeyStorePath
andkeyStorePassword
.- Parameters:
keyStorePath
- path to the key storekeyStorePassword
- password of the key storetrustStorePath
- path to the trust storetrustStorePassword
- password of the trust storeprotocol
- the protocol to use- Returns:
- a new
SSLContext
instance - Throws:
SSLContextException
- if unable to create theSSLContext
- See Also:
KeyStore
,KeyManager
,TrustManager
,SSLContextProtocol
,KeyManagerFactory.getDefaultAlgorithm()
,TrustManagerFactory.getDefaultAlgorithm()
-
createSslContext
public static SSLContext createSslContext(@Nullable String keyStorePath, @Nullable String keyStorePassword, String keyStoreType, String trustStorePath, String trustStorePassword, String trustStoreType, SSLContextProtocol protocol)
Create a newSSLContext
instance for the given paths, passwords, and protocol, assuming that the key and trust store types areKeyStoreType.JKS
. Uses the default key and trust manager algorithms as defined byKeyManagerFactory
andTrustManagerFactory
. The key and trust store types should be one of the algorithms defined inKeyStoreType
.If only the trust store is needed, supply
null
values for thekeyStorePath
andkeyStorePassword
.WARNING: While public, this is very low-level and not generally intended for client code to call directly. We recommend using
createSslContext(String, String, String, String, SSLContextProtocol)
orcreateSslContext(String, String, String, String, String)
. Kiwi also provides higher-level constructs in theorg.kiwiproject.security
package.- Parameters:
keyStorePath
- path to the key storekeyStorePassword
- password of the key storekeyStoreType
- the key store typetrustStorePath
- path to the trust storetrustStorePassword
- password of the trust storetrustStoreType
- the trust store typeprotocol
- the protocol to use- Returns:
- a new
SSLContext
instance - Throws:
SSLContextException
- if unable to create theSSLContext
- See Also:
KeyStore
,KeyManager
,KeyManagerFactory.getDefaultAlgorithm()
,TrustManager
,TrustManagerFactory.getDefaultAlgorithm()
,SSLContextProtocol
,KeyStoreType
-
createSslContext
public static SSLContext createSslContext(@Nullable String keyStorePath, @Nullable String keyStorePassword, String keyStoreType, String trustStorePath, String trustStorePassword, String trustStoreType, String protocol)
Create a newSSLContext
instance for the given paths, passwords, key and trust store types, and protocol. Uses the default key and trust manager algorithms as defined byKeyManagerFactory
andTrustManagerFactory
. The key and trust store types should be one of the algorithms defined inKeyStoreType
.If only the trust store is needed, supply
null
values for thekeyStorePath
andkeyStorePassword
.WARNING: While public, this is very low-level and not generally intended for client code to call directly. We recommend using
createSslContext(String, String, String, String, SSLContextProtocol)
orcreateSslContext(String, String, String, String, String)
. Kiwi also provides higher-level constructs in theorg.kiwiproject.security
package.- Parameters:
keyStorePath
- path to the key storekeyStorePassword
- password of the key storekeyStoreType
- the key store typetrustStorePath
- path to the trust storetrustStorePassword
- password of the trust storetrustStoreType
- the trust store typeprotocol
- the protocol to use- Returns:
- a new
SSLContext
instance - Throws:
SSLContextException
- if unable to create theSSLContext
- See Also:
KeyStore
,KeyManager
,KeyManagerFactory.getDefaultAlgorithm()
,TrustManager
,TrustManagerFactory.getDefaultAlgorithm()
,SSLContextProtocol
,KeyStoreType
-
createSslContext
public static SSLContext createSslContext(@Nullable String keyStorePath, @Nullable String keyStorePassword, @Nullable String keyStoreType, @Nullable String keyManagerAlgorithm, String trustStorePath, String trustStorePassword, String trustStoreType, String trustManagerAlgorithm, String protocol)
Create a newSSLContext
instance for the given paths, passwords, key and trust store types, key and trust manager algorithms, and protocol. The key and trust store types should be one of the algorithms defined inKeyStoreType
.If only the trust store is needed, supply
null
values for thekeyStorePath
andkeyStorePassword
.WARNING: While public, this is very low-level and not generally intended for client code to call directly. We recommend using
createSslContext(String, String, String, String, SSLContextProtocol)
orcreateSslContext(String, String, String, String, String)
. Kiwi also provides higher-level constructs in theorg.kiwiproject.security
package.- Parameters:
keyStorePath
- path to the key storekeyStorePassword
- password of the key storekeyStoreType
- the key store typekeyManagerAlgorithm
- the key manager algorithmtrustStorePath
- path to the trust storetrustStorePassword
- password of the trust storetrustStoreType
- the trust store typetrustManagerAlgorithm
- the trust manager algorithmprotocol
- the protocol to use- Returns:
- a new
SSLContext
instance - Throws:
SSLContextException
- if unable to create theSSLContext
- See Also:
KeyStore
,KeyManager
,KeyManagerFactory.getInstance(String)
,TrustManager
,TrustManagerFactory.getInstance(String)
,SSLContextProtocol
,KeyStoreType
-
getKeyStore
public static Optional<KeyStore> getKeyStore(KeyStoreType keyStoreType, String path, String password)
Return anOptional
containing aKeyStore
for the givenKeyStoreType
, path, and password, or an emptyOptional
if the arguments are (both) null.- Parameters:
keyStoreType
- the type of key storepath
- the path to the key storepassword
- the key store password- Returns:
- an optional with a
KeyStore
or an empty optional - Throws:
IllegalArgumentException
- if keyStoreType is blankSSLContextException
- if unable to create aKeyStore
- See Also:
KeyStore.getInstance(String)
-
getKeyStore
public static Optional<KeyStore> getKeyStore(String keyStoreType, String path, String password)
Return anOptional
containing aKeyStore
for the givenKeyStoreType
, path, and password, or an emptyOptional
if the arguments are (both) null.- Parameters:
keyStoreType
- the type of key storepath
- the path to the key storepassword
- the key store password- Returns:
- an optional with a
KeyStore
or an empty optional - Throws:
IllegalArgumentException
- if keyStoreType is blankSSLContextException
- if unable to create aKeyStore
- See Also:
KeyStore.getInstance(String)
-
getKeyManagers
public static KeyManager[] getKeyManagers(KeyStore keyStore, String keyStorePassword)
Get the key managers for the givenKeyStore
and key store password using the default algorithm.- Parameters:
keyStore
- the key storekeyStorePassword
- the key store's password- Returns:
- an array of
KeyManager
- Throws:
SSLContextException
- if unable to get theKeyManager
array- See Also:
KeyManagerFactory.getDefaultAlgorithm()
-
getKeyManagers
public static KeyManager[] getKeyManagers(KeyStore keyStore, String keyStorePassword, String algorithm)
Get the key managers for the givenKeyStore
, key store password, and algorithm.- Parameters:
keyStore
- the key storekeyStorePassword
- the key store's passwordalgorithm
- the key manager algorithm- Returns:
- an array of
KeyManager
- Throws:
SSLContextException
- if unable to get theKeyManager
array- See Also:
KeyManagerFactory.getInstance(String)
-
getTrustManagers
public static TrustManager[] getTrustManagers(KeyStore trustStore)
Get the trust managers for the given trust store using the default algorithm.- Parameters:
trustStore
- the trust store- Returns:
- an array of
TrustManager
- Throws:
SSLContextException
- if unable to get theTrustManager
array- See Also:
TrustManagerFactory.getDefaultAlgorithm()
-
getTrustManagers
public static TrustManager[] getTrustManagers(KeyStore trustStore, String algorithm)
Get the trust managers for the given trust store and algorithm.- Parameters:
trustStore
- the trust storealgorithm
- the trust manager algorithm- Returns:
- an array of
TrustManager
- Throws:
SSLContextException
- if unable to get theTrustManager
array- See Also:
TrustManagerFactory.getInstance(String)
-
-