Class KeyStoreResourceLoader

All Implemented Interfaces:

public class KeyStoreResourceLoader extends Object implements ResourceLoader
A ResourceLoader returning a KeyStore or Certificate. Supports the following URL fragments parameter:
keystore alias
certificate serial number
X.500 common name
X.500 distinguished name
password (for entry) - will defer to callback
password - password (for store) - will defer to password then to callback
  • Constructor Details

    • KeyStoreResourceLoader

      public KeyStoreResourceLoader()
  • Method Details

    • toString

      public String toString()
      toString in class Object
    • supports

      public boolean supports(ResourceDescriptor descriptor)
      Description copied from interface: ResourceLoader
      Return true if this ResourceLoader could load a descriptor of the specified type. The resourceClass, outputClass and mediaType of the descriptor should be checked as appropriate. The MediaType in particular will not be a wildcard for normal use; it may be a wildcard if we're being called from ResourceManager.getResourceLoader(org.faceless.publisher.type.MediaType, java.lang.Class<?>).
      Specified by:
      supports in interface ResourceLoader
    • getSystemKeyStore

      public static final KeyStore getSystemKeyStore(String name)
      Return the specified KeyStore from the Jar
      name - the keystore name, eg "nss.crt"
      the KeyStore, or null if none is found with that name
    • load

      public ResourceFlavor load(ResourceDescriptor descriptor, Resource resource, URL2Connection con) throws Exception
      Description copied from interface: ResourceLoader
      Attempt to load a Resource from the specified URL2Connection. If the ResourceLoader applies (it should test the resource mediatype and class) then it should load the resource from the URL. If the URI has a fragment and the loaded resource to ALL fragments, it should change the URI to have no fragment. Likewise if any aspect of the MediaType does not apply (i.e. the encoding) then it should remove it, so the Resource describes the widest possible URI and MediaType that would match this object. Finally, on success this method should set the Object on the resource, or throw an exception on failure. The supplied "con" will have an InputStream that is mark-capable already. If the stream is a gzip or brotli compresed stream, decompression will already be applied. The mediatype wil be set on "d". Returning null from this object is considered an error condition - if that happens we shouldn't have got here, and the only reason we did was because "supports" for the same descriptor returned true.
      Specified by:
      load in interface ResourceLoader
      descriptor - the descriptor of what type of flavor we want.
      resource - the Resource we're populating
      con - the URLConnection to load the resource from
      the new Flavor, or null if it doesn't apply.
    • createSelfSignedCertificate

      public static String createSelfSignedCertificate(KeyStore keystore, URL2 uri) throws GeneralSecurityException
      Create a self-signed entry in the KeyStore based on the supplied "magic" URL. The URL must begin with "about:identity", and the optional fragment parameters describe the properties for the keypair - any X500 fields plus algorithm, curve, provider, days, keylength. Return the alias by which the key is stored in the keystore (with an empty password), or null if this URL doesn't match the required pattern (in which case nothing is done). If keystore is null, this method returns the string that would have been added to it, or null if it doens't match.
    • createSelfSignedCertificate

      public static void createSelfSignedCertificate(KeyStore keystore, String alias, String password, Map<String,String> params) throws GeneralSecurityException
      Create a self-signed entry in the keystore based on the supplied parameters. Params may include any X500 fields, plus algorithm eg "SHA256withRSA" or "SHA256withECDSA" curve, eg "secp256r1" provider, eg "BC" days, eg "365" keylength eg "2048"
    • loadPEM

      public static void loadPEM(KeyStore keystore, Reader reader, String alias, Provider provider) throws IOException, CertificateException, KeyStoreException
      Given a Reader containing one or more PEM-encoded certificates, private keys etc, load them into the supplied KeyStore