Package org.faceless.publisher.resource

Class KeyStoreResourceLoader

java.lang.Object

org.faceless.publisher.resource.KeyStoreResourceLoader

All Implemented Interfaces:

ResourceLoader

public class KeyStoreResourceLoader
extends Object
implements ResourceLoader

A ResourceLoader returning a KeyStore or Certificate. Supports the following URL fragments parameter:

alias

keystore alias

serial

certificate serial number

cn

X.500 common name

dn

X.500 distinguished name

password

password (for entry) - will defer to callback

store

password - password (for store) - will defer to password then to callback

Constructor Summary

Constructors

Constructor	Description
KeyStoreResourceLoader()

Method Summary

Modifier and Type	Method	Description
static void	createSelfSignedCertificate(KeyStore keystore, String alias, String password, Map<String,String> params)	Create a self-signed entry in the keystore based on the supplied parameters.
static String	createSelfSignedCertificate(KeyStore keystore, URL2 uri)	Create a self-signed entry in the KeyStore based on the supplied "magic" URL.
static final KeyStore	getSystemKeyStore(String name)	Return the specified KeyStore from the Jar
ResourceFlavor	load(ResourceDescriptor descriptor, Resource resource, URL2Connection con)	Attempt to load a Resource from the specified URL2Connection.
static void	loadPEM(KeyStore keystore, Reader reader, String alias, Provider provider)	Given a Reader containing one or more PEM-encoded certificates, private keys etc, load them into the supplied KeyStore
boolean	supports(ResourceDescriptor descriptor)	Return true if this ResourceLoader could load a descriptor of the specified type.
String	toString()

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.faceless.publisher.resource.ResourceLoader

isTrustRequired

Constructor Details

KeyStoreResourceLoader

public KeyStoreResourceLoader()

Method Details

toString

public String toString()

Overrides:

toString in class Object

supports

public boolean supports(ResourceDescriptor descriptor)

Description copied from interface: ResourceLoader

Return true if this ResourceLoader could load a descriptor of the specified type. The resourceClass, outputClass and mediaType of the descriptor should be checked as appropriate. The MediaType in particular will not be a wildcard for normal use; it may be a wildcard if we're being called from ResourceManager.getResourceLoader(org.faceless.publisher.type.MediaType, java.lang.Class<?>).

Specified by:

supports in interface ResourceLoader

getSystemKeyStore

public static final KeyStore getSystemKeyStore(String name)

Return the specified KeyStore from the Jar

Parameters:

name - the keystore name, eg "nss.crt"

Returns:

the KeyStore, or null if none is found with that name

load

public ResourceFlavor load(ResourceDescriptor descriptor,
 Resource resource,
 URL2Connection con)
                    throws Exception

Description copied from interface: ResourceLoader

Attempt to load a Resource from the specified URL2Connection. If the ResourceLoader applies (it should test the resource mediatype and class) then it should load the resource from the URL. If the URI has a fragment and the loaded resource to ALL fragments, it should change the URI to have no fragment. Likewise if any aspect of the MediaType does not apply (i.e. the encoding) then it should remove it, so the Resource describes the widest possible URI and MediaType that would match this object. Finally, on success this method should set the Object on the resource, or throw an exception on failure. The supplied "con" will have an InputStream that is mark-capable already. If the stream is a gzip or brotli compresed stream, decompression will already be applied. The mediatype wil be set on "d". Returning null from this object is considered an error condition - if that happens we shouldn't have got here, and the only reason we did was because "supports" for the same descriptor returned true.

Specified by:

load in interface ResourceLoader

Parameters:

descriptor - the descriptor of what type of flavor we want.

resource - the Resource we're populating

con - the URLConnection to load the resource from

Returns:

the new Flavor, or null if it doesn't apply.

Throws:

Exception

createSelfSignedCertificate

public static String createSelfSignedCertificate(KeyStore keystore,
 URL2 uri)
                                          throws GeneralSecurityException

Create a self-signed entry in the KeyStore based on the supplied "magic" URL. The URL must begin with "about:identity", and the optional fragment parameters describe the properties for the keypair - any X500 fields plus algorithm, curve, provider, days, keylength. Return the alias by which the key is stored in the keystore (with an empty password), or null if this URL doesn't match the required pattern (in which case nothing is done). If keystore is null, this method returns the string that would have been added to it, or null if it doens't match.

Throws:

GeneralSecurityException

createSelfSignedCertificate

public static void createSelfSignedCertificate(KeyStore keystore,
 String alias,
 String password,
 Map<String,String> params)
                                        throws GeneralSecurityException

Create a self-signed entry in the keystore based on the supplied parameters. Params may include any X500 fields, plus algorithm eg "SHA256withRSA" or "SHA256withECDSA" curve, eg "secp256r1" provider, eg "BC" days, eg "365" keylength eg "2048"

Throws:

GeneralSecurityException

loadPEM

public static void loadPEM(KeyStore keystore,
 Reader reader,
 String alias,
 Provider provider)
                    throws IOException,
CertificateException,
KeyStoreException

Given a Reader containing one or more PEM-encoded certificates, private keys etc, load them into the supplied KeyStore

Throws:

IOException

CertificateException

KeyStoreException