de.adorsys.datasafe.encrypiton.api.keystore

Interface KeyStoreService

public interface KeyStoreService

This class is responsible for creating,serializing keystores as well as reading keys from keystores but works with concrete keystore blob.

Method Summary

Modifier and Type	Method and Description
void	addPasswordBasedSecretKey(KeyStoreAccess keyStoreAccess, String alias, char[] secretToStore) Adds password-like secret key to keystore.
KeyStore	createKeyStore(KeyStoreAuth keyStoreAuth, KeyCreationConfig config) Creates keystore.
KeyStore	createKeyStore(KeyStoreAuth keyStoreAuth, KeyCreationConfig config, Map<KeyID,Optional<SecretKeyEntry>> secretKeys) Creates keystore that has additional secret keys in it.
KeyStore	deserialize(byte[] payload, ReadStorePassword password) Reads encrypted keystore from its byte representation - decryption is done using KeyStoreAuth.getReadStorePassword()
PrivateKey	getPrivateKey(KeyStoreAccess keyStoreAccess, KeyID keyID) Reads private key from the keystore.
List<PublicKeyIDWithPublicKey>	getPublicKeys(KeyStoreAccess keyStoreAccess) Reads public keys from the keystore.
SecretKeySpec	getSecretKey(KeyStoreAccess keyStoreAccess, KeyID keyID) Reads secret key from the keystore.
void	removeKey(KeyStoreAccess keyStoreAccess, String alias) Removes key that is identified by alias from keystore.
byte[]	serialize(KeyStore store, ReadStorePassword password) Converts keystore into bytes, they are safe to be store/transferred because of encryption using KeyStoreAuth.getReadStorePassword()
KeyStore	updateKeyStoreReadKeyPassword(KeyStore current, KeyStoreAuth currentCredentials, KeyStoreAuth newCredentials) Updates keystore access credentials and returns new keystore with new credentials.

Method Detail

createKeyStore

KeyStore createKeyStore(KeyStoreAuth keyStoreAuth,
                        KeyCreationConfig config)

Creates keystore.

Parameters:

keyStoreAuth - Keys for opening keystore and reading key from it

config - Keystore will be pre-populated with keys according to it

Returns:

Built keystore that is ready to use

createKeyStore

KeyStore createKeyStore(KeyStoreAuth keyStoreAuth,
                        KeyCreationConfig config,
                        Map<KeyID,Optional<SecretKeyEntry>> secretKeys)

Creates keystore that has additional secret keys in it.

Parameters:

keyStoreAuth - Keys for opening keystore and reading key from it

config - Keystore will be pre-populated with keys according to it

secretKeys - Secret keys to store in keystore, if value is empty - key will be generated

Returns:

Built keystore that is ready to use

updateKeyStoreReadKeyPassword

KeyStore updateKeyStoreReadKeyPassword(KeyStore current,
                                       KeyStoreAuth currentCredentials,
                                       KeyStoreAuth newCredentials)

Updates keystore access credentials and returns new keystore with new credentials.

Parameters:

current - Original keystore

currentCredentials - Oriignal keystore credentials

newCredentials - New credentials to use

Returns:

Cloned old keystore that can be opened using new credentials only.

getPublicKeys

List<PublicKeyIDWithPublicKey> getPublicKeys(KeyStoreAccess keyStoreAccess)

Reads public keys from the keystore.

Parameters:

keyStoreAccess - Key to open keystore (only KeyStoreAuth.getReadStorePassword() is used)

Returns:

List of public keys within the keystore

getPrivateKey

PrivateKey getPrivateKey(KeyStoreAccess keyStoreAccess,
                         KeyID keyID)

Reads private key from the keystore.

Parameters:

keyStoreAccess - Key to open keystore and read key, (both KeyStoreAuth.getReadStorePassword() and KeyStoreAuth.getReadKeyPassword() are used)

keyID - Private key ID to read

Returns:

Private key associated with given ID

getSecretKey

SecretKeySpec getSecretKey(KeyStoreAccess keyStoreAccess,
                           KeyID keyID)

Reads secret key from the keystore.

Parameters:

keyStoreAccess - Key to open keystore and read key, (both KeyStoreAuth.getReadStorePassword() and KeyStoreAuth.getReadKeyPassword() are used)

keyID - Secret key ID to read

Returns:

Secret key associated with given ID

addPasswordBasedSecretKey

void addPasswordBasedSecretKey(KeyStoreAccess keyStoreAccess,
                               String alias,
                               char[] secretToStore)

Adds password-like secret key to keystore.

Parameters:

keyStoreAccess - Keystore with its access details

alias - Key alias to add

secretToStore - Key value to store in keystore (in keyStoreAccess)

removeKey

void removeKey(KeyStoreAccess keyStoreAccess,
               String alias)

Removes key that is identified by alias from keystore.

Parameters:

keyStoreAccess - Keystore with its access details

alias - Key alias to remove

serialize

byte[] serialize(KeyStore store,
                 ReadStorePassword password)

Converts keystore into bytes, they are safe to be store/transferred because of encryption using KeyStoreAuth.getReadStorePassword()

Parameters:

store - Keystore that will be serialized

password - Encrypts byte sequence

Returns:

Encrypted serialized keystore

deserialize

KeyStore deserialize(byte[] payload,
                     ReadStorePassword password)

Reads encrypted keystore from its byte representation - decryption is done using KeyStoreAuth.getReadStorePassword()

Parameters:

payload - Bytes to read from

password - Decrypts byte sequence

Returns:

Decrypted keystore