Package de.adorsys.datasafe.encrypiton.api.keystore

Interface KeyStoreService

public interface KeyStoreService
This class is responsible for creating,serializing keystores as well as reading keys from keystores but works with concrete keystore blob.

  • Method Details

    • createKeyStore

      KeyStore createKeyStore(KeyStoreAuth keyStoreAuth, KeyCreationConfig config)
      Creates keystore.
      Parameters:
      keyStoreAuth - Keys for opening keystore and reading key from it
      config - Keystore will be pre-populated with keys according to it
      Returns:
      Built keystore that is ready to use

    • createKeyStore

      KeyStore createKeyStore(KeyStoreAuth keyStoreAuth, KeyCreationConfig config, Map<KeyID,Optional<SecretKeyEntry>> secretKeys)
      Creates keystore that has additional secret keys in it.
      Parameters:
      keyStoreAuth - Keys for opening keystore and reading key from it
      config - Keystore will be pre-populated with keys according to it
      secretKeys - Secret keys to store in keystore, if value is empty - key will be generated
      Returns:
      Built keystore that is ready to use

    • updateKeyStoreReadKeyPassword

      KeyStore updateKeyStoreReadKeyPassword(KeyStore current, KeyStoreAuth currentCredentials, KeyStoreAuth newCredentials)
      Updates keystore access credentials and returns new keystore with new credentials.
      Parameters:
      current - Original keystore
      currentCredentials - Oriignal keystore credentials
      newCredentials - New credentials to use
      Returns:
      Cloned old keystore that can be opened using new credentials only.

    • getPublicKeys

      List<PublicKeyIDWithPublicKey> getPublicKeys(KeyStoreAccess keyStoreAccess)
      Reads public keys from the keystore.
      Parameters:
      keyStoreAccess - Key to open keystore (only KeyStoreAuth.getReadStorePassword() is used)
      Returns:
      List of public keys within the keystore

    • getPrivateKey

      PrivateKey getPrivateKey(KeyStoreAccess keyStoreAccess, KeyID keyID)
      Reads private key from the keystore.
      Parameters:
      keyStoreAccess - Key to open keystore and read key, (both KeyStoreAuth.getReadStorePassword() and KeyStoreAuth.getReadKeyPassword() are used)
      keyID - Private key ID to read
      Returns:
      Private key associated with given ID

    • getSecretKey

      SecretKeySpec getSecretKey(KeyStoreAccess keyStoreAccess, KeyID keyID)
      Reads secret key from the keystore.
      Parameters:
      keyStoreAccess - Key to open keystore and read key, (both KeyStoreAuth.getReadStorePassword() and KeyStoreAuth.getReadKeyPassword() are used)
      keyID - Secret key ID to read
      Returns:
      Secret key associated with given ID

    • addPasswordBasedSecretKey

      void addPasswordBasedSecretKey(KeyStoreAccess keyStoreAccess, String alias, char[] secretToStore)
      Adds password-like secret key to keystore.
      Parameters:
      keyStoreAccess - Keystore with its access details
      alias - Key alias to add
      secretToStore - Key value to store in keystore (in keyStoreAccess)

    • removeKey

      void removeKey(KeyStoreAccess keyStoreAccess, String alias)
      Removes key that is identified by alias from keystore.
      Parameters:
      keyStoreAccess - Keystore with its access details
      alias - Key alias to remove

    • serialize

      byte[] serialize(KeyStore store, ReadStorePassword password)
      Converts keystore into bytes, they are safe to be store/transferred because of encryption using KeyStoreAuth.getReadStorePassword()
      Parameters:
      store - Keystore that will be serialized
      password - Encrypts byte sequence
      Returns:
      Encrypted serialized keystore

    • deserialize

      KeyStore deserialize(byte[] payload, ReadStorePassword password)
      Reads encrypted keystore from its byte representation - decryption is done using KeyStoreAuth.getReadStorePassword()
      Parameters:
      payload - Bytes to read from
      password - Decrypts byte sequence
      Returns:
      Decrypted keystore