Class TrustStore
java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
net.shibboleth.idp.installer.plugin.impl.TrustStore
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent
@NotThreadSafe public final class TrustStore extends AbstractInitializableComponent
Code to handle (load, update, check) the trust store for an individual plugin.
a thin shim on BC.
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classTrustStore.SignatureAn opaque handle around aPGPSignature. -
Field Summary
Fields Modifier and Type Field Description private PathbackupThe key store backup.private StringexplicitTrustStoreExplicit path to trust store.private PathidpHomeWhere the IdP is installed.private org.bouncycastle.openpgp.PGPPublicKeyRingCollectionkeyRingsKeyRing.private org.slf4j.Loggerloglogger.private StringpluginIdThe plugin this is the trust store for.private PathstoreThe key store. -
Constructor Summary
Constructors Constructor Description TrustStore() -
Method Summary
Modifier and Type Method Description booleancheckSignature(InputStream input, TrustStore.Signature signature)Run a signature check over the streams.booleancontains(TrustStore.Signature signature)Does the key that made this signature exist in our keyrings?protected voidcreateNewStore()Create an empty store and save to new location.protected voiddoInitialize()voidimportKeyFromStream(TrustStore.Signature sigForKey, InputStream keyStream, Predicate<String> accept)Load up the provided store and if the key is found and the Predicate allows it add it to the store which we will then save.protected voidloadStore()Load the store from its designated location.private static org.bouncycastle.openpgp.PGPPublicKeyRingCollectionloadStoreFrom(InputStream in)Return a store loaded from the supplied stream.voidsaveStore()Save the store to its designated location.voidsaveStoreInternal()Save the store to its designated location.voidsetIdpHome(Path what)Set IdPHome.voidsetPluginId(String what)Set the pluginId.voidsetTrustStore(String what)Set explicitTrustStore.static TrustStore.SignaturesignatureOf(InputStream stream)Provide an opaque signature object from an input stream.Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized
-
Field Details
-
log
@Nonnull private final org.slf4j.Logger loglogger. -
idpHome
Where the IdP is installed. -
explicitTrustStore
Explicit path to trust store. -
pluginId
The plugin this is the trust store for. -
store
The key store. -
backup
The key store backup. -
keyRings
KeyRing.
-
-
Constructor Details
-
TrustStore
public TrustStore()
-
-
Method Details
-
setPluginId
Set the pluginId.- Parameters:
what- to set.
-
setIdpHome
Set IdPHome.- Parameters:
what- The idpHome to set.
-
setTrustStore
Set explicitTrustStore.- Parameters:
what- The value to set.
-
loadStoreFrom
private static org.bouncycastle.openpgp.PGPPublicKeyRingCollection loadStoreFrom(InputStream in) throws IOExceptionReturn a store loaded from the supplied stream.- Parameters:
in- the stream- Returns:
- a suitable store
- Throws:
IOException- fromFiles.newInputStream(Path, java.nio.file.OpenOption...)and fromPGPPublicKeyRingCollection(InputStream, org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator)
-
loadStore
Load the store from its designated location.- Throws:
IOException- fromFiles.newInputStream(Path, java.nio.file.OpenOption...)and fromPGPPublicKeyRingCollection(InputStream, org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator)
-
createNewStore
Create an empty store and save to new location.- Throws:
IOException- fromsaveStore()and in the unlikely event thatPGPPublicKeyRingCollection(java.util.Collection)has problems.
-
saveStore
Save the store to its designated location.- Throws:
IOException- fromFiles.newOutputStream(Path, java.nio.file.OpenOption...)and fromPGPPublicKeyRingCollection.encode(OutputStream)
-
saveStoreInternal
Save the store to its designated location.- Throws:
IOException- fromFiles.newOutputStream(Path, java.nio.file.OpenOption...)and fromPGPPublicKeyRingCollection.encode(OutputStream)
-
importKeyFromStream
public void importKeyFromStream(TrustStore.Signature sigForKey, InputStream keyStream, Predicate<String> accept) throws IOExceptionLoad up the provided store and if the key is found and the Predicate allows it add it to the store which we will then save.- Parameters:
sigForKey- the signature we are looking for a key for.keyStream- where to load the key fromaccept- whether we actually want to install this key- Throws:
IOException- if the load or save fails
-
signatureOf
Provide an opaque signature object from an input stream.- Parameters:
stream- what to read.- Returns:
- the Signature.
- Throws:
IOException- if there is a problem reading the file of it it doesn't represent a signature
-
contains
Does the key that made this signature exist in our keyrings?- Parameters:
signature- what to ask about- Returns:
- whether it is there
-
checkSignature
public boolean checkSignature(InputStream input, TrustStore.Signature signature) throws IOExceptionRun a signature check over the streams.- Parameters:
input- what to checksignature- what to check with- Returns:
- whether it passed or not
- Throws:
IOException- if we get an error reading the stream
-
doInitialize
- Overrides:
doInitializein classAbstractInitializableComponent- Throws:
ComponentInitializationException
-