Class TrustStore
java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
net.shibboleth.idp.installer.plugin.impl.TrustStore
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent
Code to handle (load, update, check) the trust store for an individual plugin.
a thin shim on BC.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic final classAn opaque handle around aPGPSignature. -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate PathThe key store backup.private StringExplicit path to trust store.private PathWhere the IdP is installed.private org.bouncycastle.openpgp.PGPPublicKeyRingCollectionKeyRing.private final org.slf4j.Loggerlogger.private StringThe plugin this is the trust store for.private PathThe key store. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbooleancheckSignature(InputStream input, TrustStore.Signature signature) Run a signature check over the streams.booleancontains(TrustStore.Signature signature) Does the key that made this signature exist in our keyrings?protected voidCreate an empty store and save to new location.protected voidvoidimportKeyFromStream(TrustStore.Signature sigForKey, InputStream keyStream, Predicate<String> accept) Load up the provided store and if the key is found and the Predicate allows it add it to the store which we will then save.protected voidLoad the store from its designated location.private static org.bouncycastle.openpgp.PGPPublicKeyRingCollectionReturn a store loaded from the supplied stream.voidSave the store to its designated location.voidSave the store to its designated location.voidsetIdpHome(Path what) Set IdPHome.voidsetPluginId(String what) Set the pluginId.voidsetTrustStore(String what) Set explicitTrustStore.static TrustStore.SignaturesignatureOf(InputStream stream) Provide an opaque signature object from an input stream.Methods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent
checkComponentActive, checkSetterPreconditions, destroy, doDestroy, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitialized
-
Field Details
-
log
@Nonnull private final org.slf4j.Logger loglogger. -
idpHome
Where the IdP is installed. -
explicitTrustStore
Explicit path to trust store. -
pluginId
The plugin this is the trust store for. -
store
The key store. -
backup
The key store backup. -
keyRings
KeyRing.
-
-
Constructor Details
-
TrustStore
public TrustStore()
-
-
Method Details
-
setPluginId
Set the pluginId.- Parameters:
what- to set.
-
setIdpHome
Set IdPHome.- Parameters:
what- The idpHome to set.
-
setTrustStore
Set explicitTrustStore.- Parameters:
what- The value to set.
-
loadStoreFrom
private static org.bouncycastle.openpgp.PGPPublicKeyRingCollection loadStoreFrom(@Nonnull InputStream in) throws IOException Return a store loaded from the supplied stream.- Parameters:
in- the stream- Returns:
- a suitable store
- Throws:
IOException- fromFiles.newInputStream(Path, java.nio.file.OpenOption...)and fromPGPPublicKeyRingCollection(InputStream, org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator)
-
loadStore
Load the store from its designated location.- Throws:
IOException- fromFiles.newInputStream(Path, java.nio.file.OpenOption...)and fromPGPPublicKeyRingCollection(InputStream, org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator)
-
createNewStore
Create an empty store and save to new location.- Throws:
IOException- fromsaveStore()and in the unlikely event thatPGPPublicKeyRingCollection(java.util.Collection)has problems.
-
saveStore
Save the store to its designated location.- Throws:
IOException- fromFiles.newOutputStream(Path, java.nio.file.OpenOption...)and fromPGPPublicKeyRingCollection.encode(OutputStream)
-
saveStoreInternal
Save the store to its designated location.- Throws:
IOException- fromFiles.newOutputStream(Path, java.nio.file.OpenOption...)and fromPGPPublicKeyRingCollection.encode(OutputStream)
-
importKeyFromStream
public void importKeyFromStream(TrustStore.Signature sigForKey, @Nonnull InputStream keyStream, @Nonnull Predicate<String> accept) throws IOException Load up the provided store and if the key is found and the Predicate allows it add it to the store which we will then save.- Parameters:
sigForKey- the signature we are looking for a key for.keyStream- where to load the key fromaccept- whether we actually want to install this key- Throws:
IOException- if the load or save fails
-
signatureOf
@Nonnull public static TrustStore.Signature signatureOf(@Nonnull InputStream stream) throws IOException Provide an opaque signature object from an input stream.- Parameters:
stream- what to read.- Returns:
- the Signature.
- Throws:
IOException- if there is a problem reading the file of it it doesn't represent a signature
-
contains
Does the key that made this signature exist in our keyrings?- Parameters:
signature- what to ask about- Returns:
- whether it is there
-
checkSignature
public boolean checkSignature(@Nonnull InputStream input, @Nonnull TrustStore.Signature signature) throws IOException Run a signature check over the streams.- Parameters:
input- what to checksignature- what to check with- Returns:
- whether it passed or not
- Throws:
IOException- if we get an error reading the stream
-
doInitialize
- Overrides:
doInitializein classAbstractInitializableComponent- Throws:
ComponentInitializationException
-