/** Create LockssKeystore from a config subtree */
LockssKeyStore createLockssKeyStore(Configuration config) {
log.debug2("Creating LockssKeyStore from config: " + config);
String name = config.get(KEYSTORE_PARAM_NAME);
LockssKeyStore lk = new LockssKeyStore(name);
String file = config.get(KEYSTORE_PARAM_FILE);
String resource = config.get(KEYSTORE_PARAM_RESOURCE);
String url = config.get(KEYSTORE_PARAM_URL);
if (!StringUtil.isNullString(file)) {
lk.setLocation(file, LocationType.File);
} else if (!StringUtil.isNullString(resource)) {
lk.setLocation(resource, LocationType.Resource);
} else if (!StringUtil.isNullString(url)) {
lk.setLocation(url, LocationType.Url);
}
lk.setType(config.get(KEYSTORE_PARAM_TYPE, defaultKeyStoreType));
lk.setProvider(config.get(KEYSTORE_PARAM_PROVIDER, defaultKeyStoreProvider));
lk.setPassword(config.get(KEYSTORE_PARAM_PASSWORD));
lk.setKeyPassword(config.get(KEYSTORE_PARAM_KEY_PASSWORD));
lk.setKeyPasswordFile(config.get(KEYSTORE_PARAM_KEY_PASSWORD_FILE));
lk.setMayCreate(config.getBoolean(KEYSTORE_PARAM_CREATE, DEFAULT_CREATE));
return lk;
}
/** Create LockssKeystores from config subtree below {@link #PARAM_KEYSTORE} */
void configureKeyStores(Configuration config) {
Configuration allKs = config.getConfigTree(PARAM_KEYSTORE);
for (Iterator iter = allKs.nodeIterator(); iter.hasNext(); ) {
String id = (String) iter.next();
Configuration oneKs = allKs.getConfigTree(id);
try {
LockssKeyStore lk = createLockssKeyStore(oneKs);
String name = lk.getName();
if (name == null) {
log.error("KeyStore definition missing name: " + oneKs);
continue;
}
LockssKeyStore old = keystoreMap.get(name);
if (old != null && !lk.equals(old)) {
log.warning(
"Keystore "
+ name
+ " redefined. "
+ "New definition may not take effect until daemon restart");
}
log.debug("Adding keystore " + name);
keystoreMap.put(name, lk);
} catch (Exception e) {
log.error("Couldn't create keystore: " + oneKs, e);
}
}
}
/**
* Convenience method to return the TrustManagerFactory from the named LockssKeyStore.
*
* @param name the keystore name
* @param criticalServiceName if non-null, this is a criticial keystore whose unavailability
* should cause the daemon to exit (if org.lockss.keyMgr.exitIfMissingKeystore is true)
*/
public TrustManagerFactory getTrustManagerFactory(String name, String criticalServiceName) {
LockssKeyStore lk = getLockssKeyStore(name, criticalServiceName);
if (lk != null) {
TrustManagerFactory fact = lk.getTrustManagerFactory();
checkFact(fact, name, criticalServiceName, "found but contains no trusted certificates");
return fact;
}
return null;
}
/**
* Convenience method to return the KeyManagerFactory from the named LockssKeyStore.
*
* @param name the keystore name
* @param criticalServiceName if non-null, this is a criticial keystore whose unavailability
* should cause the daemon to exit (if org.lockss.keyMgr.exitIfMissingKeystore is true)
*/
public KeyManagerFactory getKeyManagerFactory(String name, String criticalServiceName) {
LockssKeyStore lk = getLockssKeyStore(name, criticalServiceName);
if (lk != null) {
KeyManagerFactory fact = lk.getKeyManagerFactory();
checkFact(fact, name, criticalServiceName, "found but contains no private keys");
return fact;
}
return null;
}
void loadKeyStores() {
List<LockssKeyStore> lst = new ArrayList<LockssKeyStore>(keystoreMap.values());
for (LockssKeyStore lk : lst) {
try {
lk.load();
} catch (Exception e) {
log.error("Can't load keystore " + lk.getName(), e);
keystoreMap.remove(lk.getName());
}
}
}
