Module de.cuioss.java.tools

Package de.cuioss.tools.net.ssl

Class KeyStoreProvider

java.lang.Object

de.cuioss.tools.net.ssl.KeyStoreProvider

All Implemented Interfaces:

Serializable

public class KeyStoreProvider
extends Object
implements Serializable

Provides instances of KeyStore defined by either given file / storePassword combination or one or more KeyMaterialHolder containing key-material as a byte-array.

Some words on the String-representation of passwords

No it is not (much) more secure to store them in a char[] because of not being part of the string-pool:

• If an attacker is on your machine debugging the string-pool you are doomed anyway.
• In most frameworks / user-land code there are some places where input / configuration data is represented as String on the way to the more secure "give me a char[]" parts. So it is usually in the String pool anyway.

So: In theory the statements made by the Java Cryptography Architecture guide ("...") are correct but in our scenarios they will increase security only a small amount and introduce potential bugs and will therefore be ignored for this keyStoreType.

It is more important to avoid accidental printing on logs and such, what is handled by this keyStoreType.

Therefore, this class uses String-based handling of credentials, for simplification and provide shortcuts for creating char[], see getStorePasswordAsCharArray() and getKeyPasswordAsCharArray()

Author:

Oliver Wolff, Nikola Marijan

See Also:

• Serialized Form

Constructor Summary

Constructors

Constructor	Description
KeyStoreProvider()

Method Summary

Modifier and Type	Method	Description
char[]	getKeyOrStorePassword()	In case of accessing data on the KeyStore sometimes it is needed to access the defined key-password.
char[]	getKeyPasswordAsCharArray()
char[]	getStorePasswordAsCharArray()
Optional<KeyStore>	resolveKeyStore()	Instantiates a KeyStore according to the given parameter.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

KeyStoreProvider

public KeyStoreProvider()

Method Details

resolveKeyStore

public Optional<KeyStore> resolveKeyStore()

Instantiates a KeyStore according to the given parameter. In case of #getKeys() and #getLocation() being present the KeyStore will only be created from the #getKeys(). The file will be ignored.

Returns:

an Optional on a KeyStore created from the configured parameter. In case of #getKeys and #getLocation() being null / empty it will return Optional.empty()

Throws:

IllegalStateException - in case the location-file is not null but not readable or of the key-store creation did fail.

getStorePasswordAsCharArray

public char[] getStorePasswordAsCharArray()

Returns:

NPE-safe char-array representation of #getStorePassword(). If storePassword is null or empty it returns an empty char[], never null

getKeyPasswordAsCharArray

public char[] getKeyPasswordAsCharArray()

Returns:

NPE-safe char-array representation of #getKeyPassword(). If keyPassword is null or empty it returns an empty char[], never null

getKeyOrStorePassword

public char[] getKeyOrStorePassword()

In case of accessing data on the KeyStore sometimes it is needed to access the defined key-password. If not present the api needs the store-password instead. This is method is a convenience method for dealing with that case.

Returns:

the keyPassword, if set or the store-password otherwise