- All Implemented Interfaces:
public class KeyStoreResourceLoader extends Object implements ResourceLoader
A ResourceLoader returning a KeyStore or Certificate. Supports the following URL fragments parameter:
- alias keystore alias
- certificate serial number
- X.500 common name
- X.500 distinguished name
- password (for entry) - will defer to callback
- password - password (for store) - will defer to password then to callback
Method SummaryModifier and TypeMethodDescription
(KeyStore keystore, String alias, String password, Map<String, String> params)Create a self-signed entry in the keystore based on the supplied parameters.
(KeyStore keystore, URL2 uri)Create a self-signed entry in the KeyStore based on the supplied "magic" URL.
static final KeyStore
(ResourceFlavorDescriptor descriptor, Resource resource, URL2Connection con)Attempt to load a Resource from the specified URL2Connection.
static voidGiven a Reader containing one or more PEM-encoded certificates, private keys etc, load them into the supplied KeyStore
(ResourceFlavorDescriptor descriptor)Return true if this ResourceLoader could load a descriptor of the specified type.
toStringpublic String toString()
supportspublic boolean supports
(ResourceFlavorDescriptor descriptor)Description copied from interface:
ResourceLoaderReturn true if this ResourceLoader could load a descriptor of the specified type. The resourceClass, outputClass and mediaType of the descriptor should be checked as appropriate. The MediaType in particular will not be a wildcard for normal use; it may be a wildcard if we're being called from
- Specified by:
name- the keystore name, eg "nss.crt"
- the KeyStore, or null if none is found with that name
loadpublic ResourceFlavor load
(ResourceFlavorDescriptor descriptor, Resource resource, URL2Connection con) throws ExceptionDescription copied from interface:
ResourceLoaderAttempt to load a Resource from the specified URL2Connection. If the ResourceLoader applies (it should test the resource mediatype and class) then it should load the resource from the URL. If the URI has a fragment and the loaded resource to ALL fragments, it should change the URI to have no fragment. Likewise if any aspect of the MediaType does not apply (i.e. the encoding) then it should remove it, so the Resource describes the widest possible URI and MediaType that would match this object. Finally, on success this method should set the Object on the resource, or throw an exception on failure. The supplied "con" will have an InputStream that is mark-capable already. If the stream is a gzip or brotli compresed stream, decompression will already be applied. The mediatype wil be set on "d". Returning null from this object is considered an error condition - if that happens we shouldn't have got here, and the only reason we did was because "supports" for the same descriptor returned true.
- Specified by:
descriptor- the descriptor of what type of flavor we want.
resource- the Resource we're populating
con- the URLConnection to load the resource from
- the new Flavor, or null if it doesn't apply.
createSelfSignedCertificatepublic static String createSelfSignedCertificate
(KeyStore keystore, URL2 uri) throws GeneralSecurityExceptionCreate a self-signed entry in the KeyStore based on the supplied "magic" URL. The URL must begin with "about:identity", and the optional fragment parameters describe the properties for the keypair - any X500 fields plus algorithm, curve, provider, days, keylength. Return the alias by which the key is stored in the keystore (with an empty password), or null if this URL doesn't match the required pattern (in which case nothing is done). If keystore is null, this method returns the string that would have been added to it, or null if it doens't match.
createSelfSignedCertificatepublic static void createSelfSignedCertificate
(KeyStore keystore, String alias, String password, Map<String, String> params)throws GeneralSecurityExceptionCreate a self-signed entry in the keystore based on the supplied parameters. Params may include any X500 fields, plus algorithm eg "SHA256withRSA" or "SHA256withECDSA" curve, eg "secp256r1" provider, eg "BC" days, eg "365" keylength eg "2048"
loadPEMpublic static void loadPEM
(KeyStore keystore, Reader reader, String alias, Provider provider) throws IOException, CertificateException, KeyStoreExceptionGiven a Reader containing one or more PEM-encoded certificates, private keys etc, load them into the supplied KeyStore