stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8008171: Refactor KeyStore.DomainLoadStoreParameter as a standalone class

Browse Source 
Reviewed-by: mullan, weijun
This commit is contained in:
Vinnie Ryan 2013-10-09 10:48:44 +01:00
parent 508933e418
commit f36ff9e467
4 changed files with 190 additions and 168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

171
jdk/src/share/classes/java/security/DomainLoadStoreParameter.java Normal file
View File

@ -0,0 +1,171 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security;
import java.net.URI;
import java.util.*;
import static java.security.KeyStore.*;
/**
* Configuration data that specifies the keystores in a keystore domain.
* A keystore domain is a collection of keystores that are presented as a
* single logical keystore. The configuration data is used during
* {@code KeyStore}
* {@link KeyStore#load(KeyStore.LoadStoreParameter) load} and
* {@link KeyStore#store(KeyStore.LoadStoreParameter) store} operations.
* <p>
* The following syntax is supported for configuration data:
* <pre>{@code
* domain <domainName> [<property> ...] {
* keystore <keystoreName> [<property> ...] ;
* ...
* };
* ...
* }</pre>
* where {@code domainName} and {@code keystoreName} are identifiers
* and {@code property} is a key/value pairing. The key and value are
* separated by an 'equals' symbol and the value is enclosed in double
* quotes. A property value may be either a printable string or a binary
* string of colon-separated pairs of hexadecimal digits. Multi-valued
* properties are represented as a comma-separated list of values,
* enclosed in square brackets.
* See {@link Arrays#toString(java.lang.Object[])}.
* <p>
* To ensure that keystore entries are uniquely identified, each
* entry's alias is prefixed by its {@code keystoreName} followed
* by the entry name separator and each {@code keystoreName} must be
* unique within its domain. Entry name prefixes are omitted when
* storing a keystore.
* <p>
* Properties are context-sensitive: properties that apply to
* all the keystores in a domain are located in the domain clause,
* and properties that apply only to a specific keystore are located
* in that keystore's clause.
* Unless otherwise specified, a property in a keystore clause overrides
* a property of the same name in the domain clause. All property names
* are case-insensitive. The following properties are supported:
* <dl>
* <dt> {@code keystoreType="<type>"} </dt>
* <dd> The keystore type. </dd>
* <dt> {@code keystoreURI="<url>"} </dt>
* <dd> The keystore location. </dd>
* <dt> {@code keystoreProviderName="<name>"} </dt>
* <dd> The name of the keystore's JCE provider. </dd>
* <dt> {@code keystorePasswordEnv="<environment-variable>"} </dt>
* <dd> The environment variable that stores a keystore password.
* Alternatively, passwords may be supplied to the constructor
* method in a {@code Map<String, ProtectionParameter>}. </dd>
* <dt> {@code entryNameSeparator="<separator>"} </dt>
* <dd> The separator between a keystore name prefix and an entry name.
* When specified, it applies to all the entries in a domain.
* Its default value is a space. </dd>
* </dl>
* <p>
* For example, configuration data for a simple keystore domain
* comprising three keystores is shown below:
* <pre>
*
* domain app1 {
* keystore app1-truststore
* keystoreURI="file:///app1/etc/truststore.jks";
*
* keystore system-truststore
* keystoreURI="${java.home}/lib/security/cacerts";
*
* keystore app1-keystore
* keystoreType="PKCS12"
* keystoreURI="file:///app1/etc/keystore.p12";
* };
*
* </pre>
* @since 1.8
*/
public final class DomainLoadStoreParameter implements LoadStoreParameter {
private final URI configuration;
private final Map<String,ProtectionParameter> protectionParams;
/**
* Constructs a DomainLoadStoreParameter for a keystore domain with
* the parameters used to protect keystore data.
*
* @param configuration identifier for the domain configuration data.
* The name of the target domain should be specified in the
* {@code java.net.URI} fragment component when it is necessary
* to distinguish between several domain configurations at the
* same location.
*
* @param protectionParams the map from keystore name to the parameter
* used to protect keystore data.
* A {@code java.util.Collections.EMPTY_MAP} should be used
* when protection parameters are not required or when they have
* been specified by properties in the domain configuration data.
* It is cloned to prevent subsequent modification.
*
* @exception NullPointerException if {@code configuration} or
* {@code protectionParams} is {@code null}
*/
public DomainLoadStoreParameter(URI configuration,
Map<String,ProtectionParameter> protectionParams) {
if (configuration == null || protectionParams == null) {
throw new NullPointerException("invalid null input");
}
this.configuration = configuration;
this.protectionParams =
Collections.unmodifiableMap(new HashMap<>(protectionParams));
}
/**
* Gets the identifier for the domain configuration data.
*
* @return the identifier for the configuration data
*/
public URI getConfiguration() {
return configuration;
}
/**
* Gets the keystore protection parameters for keystores in this
* domain.
*
* @return an unmodifiable map of keystore names to protection
* parameters
*/
public Map<String,ProtectionParameter> getProtectionParams() {
return protectionParams;
}
/**
* Gets the keystore protection parameters for this domain.
* Keystore domains do not support a protection parameter.
*
* @return always returns {@code null}
*/
@Override
public KeyStore.ProtectionParameter getProtectionParameter() {
return null;
}
}

142
jdk/src/share/classes/java/security/KeyStore.java
View File

@ -218,148 +218,6 @@ public class KeyStore {
public ProtectionParameter getProtectionParameter(); public ProtectionParameter getProtectionParameter();
} }
/**
* Configuration data that specifies the keystores in a keystore domain.
* A keystore domain is a collection of keystores that are presented as a
* single logical keystore. The configuration data is used during
* {@code KeyStore}
* {@link #load(KeyStore.LoadStoreParameter) load} and
* {@link #store(KeyStore.LoadStoreParameter) store} operations.
* <p>
* The following syntax is supported for configuration data:
* <pre>{@code
* domain <domainName> [<property> ...] {
* keystore <keystoreName> [<property> ...] ;
* ...
* };
* ...
* }</pre>
* where {@code domainName} and {@code keystoreName} are identifiers
* and {@code property} is a key/value pairing. The key and value are
* separated by an 'equals' symbol and the value is enclosed in double
* quotes. A property value may be either a printable string or a binary
* string of colon-separated pairs of hexadecimal digits. Multi-valued
* properties are represented as a comma-separated list of values,
* enclosed in square brackets.
* See {@link Arrays#toString(java.lang.Object[])}.
* <p>
* To ensure that keystore entries are uniquely identified, each
* entry's alias is prefixed by its {@code keystoreName} followed
* by the entry name separator and each {@code keystoreName} must be
* unique within its domain. Entry name prefixes are omitted when
* storing a keystore.
* <p>
* Properties are context-sensitive: properties that apply to
* all the keystores in a domain are located in the domain clause,
* and properties that apply only to a specific keystore are located
* in that keystore's clause.
* Unless otherwise specified, a property in a keystore clause overrides
* a property of the same name in the domain clause. All property names
* are case-insensitive. The following properties are supported:
* <dl>
* <dt> {@code keystoreType="<type>"} </dt>
* <dd> The keystore type. </dd>
* <dt> {@code keystoreURI="<url>"} </dt>
* <dd> The keystore location. </dd>
* <dt> {@code keystoreProviderName="<name>"} </dt>
* <dd> The name of the keystore's JCE provider. </dd>
* <dt> {@code keystorePasswordEnv="<environment-variable>"} </dt>
* <dd> The environment variable that stores a keystore password.
* Alternatively, passwords may be supplied to the constructor
* method in a {@code Map<String, ProtectionParameter>}. </dd>
* <dt> {@code entryNameSeparator="<separator>"} </dt>
* <dd> The separator between a keystore name prefix and an entry name.
* When specified, it applies to all the entries in a domain.
* Its default value is a space. </dd>
* </dl>
* <p>
* For example, configuration data for a simple keystore domain
* comprising three keystores is shown below:
* <pre>
*
* domain app1 {
* keystore app1-truststore
* keystoreURI="file:///app1/etc/truststore.jks"
*
* keystore system-truststore
* keystoreURI="${java.home}/lib/security/cacerts"
*
* keystore app1-keystore
* keystoreType="PKCS12"
* keystoreURI="file:///app1/etc/keystore.p12"
* };
*
* </pre>
* @since 1.8
*/
public static final class DomainLoadStoreParameter
implements LoadStoreParameter {
private final URI configuration;
private final Map<String,ProtectionParameter> protectionParams;
/**
* Constructs a DomainLoadStoreParameter for a keystore domain with
* the parameters used to protect keystore data.
*
* @param configuration identifier for the domain configuration data.
* The name of the target domain should be specified in the
* {@code java.net.URI} fragment component when it is necessary
* to distinguish between several domain configurations at the
* same location.
*
* @param protectionParams the map from keystore name to the parameter
* used to protect keystore data.
* A {@code java.util.Collections.EMPTY_MAP} should be used
* when protection parameters are not required or when they have
* been specified by properties in the domain configuration data.
* It is cloned to prevent subsequent modification.
*
* @exception NullPointerException if {@code configuration} or
* {@code protectionParams} is {@code null}
*/
public DomainLoadStoreParameter(URI configuration,
Map<String,ProtectionParameter> protectionParams) {
if (configuration == null || protectionParams == null) {
throw new NullPointerException("invalid null input");
}
this.configuration = configuration;
this.protectionParams =
Collections.unmodifiableMap(new HashMap<>(protectionParams));
}
/**
* Gets the identifier for the domain configuration data.
*
* @return the identifier for the configuration data
*/
public URI getConfiguration() {
return configuration;
}
/**
* Gets the keystore protection parameters for keystores in this
* domain.
*
* @return an unmodifiable map of keystore names to protection
* parameters
*/
public Map<String,ProtectionParameter> getProtectionParams() {
return protectionParams;
}
/**
* Gets the keystore protection parameters for this domain.
* Keystore domains do not support a protection parameter.
*
* @return always returns {@code null}
*/
@Override
public KeyStore.ProtectionParameter getProtectionParameter() {
return null;
}
}
/** /**
* A marker interface for keystore protection parameters. * A marker interface for keystore protection parameters.
* *

25
jdk/src/share/classes/sun/security/provider/DomainKeyStore.java
View File

@ -41,7 +41,7 @@ import sun.security.util.PolicyUtil;
* This class provides the domain keystore type identified as "DKS". * This class provides the domain keystore type identified as "DKS".
* DKS presents a collection of separate keystores as a single logical keystore. * DKS presents a collection of separate keystores as a single logical keystore.
* The collection of keystores is specified in a domain configuration file which * The collection of keystores is specified in a domain configuration file which
* is passed to DKS in a {@link KeyStore.DomainLoadStoreParameter}. * is passed to DKS in a {@link DomainLoadStoreParameter}.
* <p> * <p>
* The following properties are supported: * The following properties are supported:
* <dl> * <dl>
@ -622,17 +622,16 @@ abstract class DomainKeyStore extends KeyStoreSpi {
} }
throw new UnsupportedOperationException( throw new UnsupportedOperationException(
"This keystore must be stored using a " + "This keystore must be stored using a DomainLoadStoreParameter");
"KeyStore.DomainLoadStoreParameter");
} }
@Override @Override
public void engineStore(KeyStore.LoadStoreParameter param) public void engineStore(KeyStore.LoadStoreParameter param)
throws IOException, NoSuchAlgorithmException, CertificateException throws IOException, NoSuchAlgorithmException, CertificateException
{ {
if (param instanceof KeyStore.DomainLoadStoreParameter) { if (param instanceof DomainLoadStoreParameter) {
KeyStore.DomainLoadStoreParameter domainParameter = DomainLoadStoreParameter domainParameter =
(KeyStore.DomainLoadStoreParameter) param; (DomainLoadStoreParameter) param;
List<KeyStoreBuilderComponents> builders = getBuilders( List<KeyStoreBuilderComponents> builders = getBuilders(
domainParameter.getConfiguration(), domainParameter.getConfiguration(),
domainParameter.getProtectionParams()); domainParameter.getProtectionParams());
@ -645,7 +644,7 @@ abstract class DomainKeyStore extends KeyStoreSpi {
if (!(pp instanceof KeyStore.PasswordProtection)) { if (!(pp instanceof KeyStore.PasswordProtection)) {
throw new KeyStoreException( throw new KeyStoreException(
new IllegalArgumentException("ProtectionParameter" + new IllegalArgumentException("ProtectionParameter" +
" must be a KeyStore.PasswordPartection")); " must be a KeyStore.PasswordProtection"));
} }
char[] password = char[] password =
((KeyStore.PasswordProtection) builder.protection) ((KeyStore.PasswordProtection) builder.protection)
@ -663,7 +662,7 @@ abstract class DomainKeyStore extends KeyStoreSpi {
} else { } else {
throw new UnsupportedOperationException( throw new UnsupportedOperationException(
"This keystore must be stored using a " + "This keystore must be stored using a " +
"KeyStore.DomainLoadStoreParameter"); "DomainLoadStoreParameter");
} }
} }
@ -710,7 +709,7 @@ abstract class DomainKeyStore extends KeyStoreSpi {
} catch (Exception e) { } catch (Exception e) {
throw new UnsupportedOperationException( throw new UnsupportedOperationException(
"This keystore must be loaded using a " + "This keystore must be loaded using a " +
"KeyStore.DomainLoadStoreParameter"); "DomainLoadStoreParameter");
} }
} }
@ -718,9 +717,9 @@ abstract class DomainKeyStore extends KeyStoreSpi {
public void engineLoad(KeyStore.LoadStoreParameter param) public void engineLoad(KeyStore.LoadStoreParameter param)
throws IOException, NoSuchAlgorithmException, CertificateException throws IOException, NoSuchAlgorithmException, CertificateException
{ {
if (param instanceof KeyStore.DomainLoadStoreParameter) { if (param instanceof DomainLoadStoreParameter) {
KeyStore.DomainLoadStoreParameter domainParameter = DomainLoadStoreParameter domainParameter =
(KeyStore.DomainLoadStoreParameter) param; (DomainLoadStoreParameter) param;
List<KeyStoreBuilderComponents> builders = getBuilders( List<KeyStoreBuilderComponents> builders = getBuilders(
domainParameter.getConfiguration(), domainParameter.getConfiguration(),
domainParameter.getProtectionParams()); domainParameter.getProtectionParams());
@ -748,7 +747,7 @@ abstract class DomainKeyStore extends KeyStoreSpi {
} else { } else {
throw new UnsupportedOperationException( throw new UnsupportedOperationException(
"This keystore must be loaded using a " + "This keystore must be loaded using a " +
"KeyStore.DomainLoadStoreParameter"); "DomainLoadStoreParameter");
} }
} }

20
jdk/test/sun/security/provider/KeyStore/DKSTest.java
View File

@ -81,8 +81,7 @@ public class DKSTest {
int expected; int expected;
KeyStore keystore = KeyStore.getInstance("DKS"); KeyStore keystore = KeyStore.getInstance("DKS");
// load entries // load entries
keystore.load( keystore.load(new DomainLoadStoreParameter(config, PASSWORDS));
new KeyStore.DomainLoadStoreParameter(config, PASSWORDS));
cacertsCount = expected = keystore.size(); cacertsCount = expected = keystore.size();
System.out.println("\nLoading domain keystore: " + config + "\t[" + System.out.println("\nLoading domain keystore: " + config + "\t[" +
expected + " entries]"); expected + " entries]");
@ -95,8 +94,7 @@ public class DKSTest {
expected = cacertsCount + 1; expected = cacertsCount + 1;
keystore = KeyStore.getInstance("DKS"); keystore = KeyStore.getInstance("DKS");
// load entries // load entries
keystore.load( keystore.load(new DomainLoadStoreParameter(config, PASSWORDS));
new KeyStore.DomainLoadStoreParameter(config, PASSWORDS));
System.out.println("\nLoading domain keystore: " + config + "\t[" + System.out.println("\nLoading domain keystore: " + config + "\t[" +
expected + " entries]"); expected + " entries]");
checkEntries(keystore, expected); checkEntries(keystore, expected);
@ -109,7 +107,7 @@ public class DKSTest {
keystore = KeyStore.getInstance("DKS"); keystore = KeyStore.getInstance("DKS");
// load entries // load entries
keystore.load( keystore.load(
new KeyStore.DomainLoadStoreParameter(config, new DomainLoadStoreParameter(config,
Collections.<String, KeyStore.ProtectionParameter>emptyMap())); Collections.<String, KeyStore.ProtectionParameter>emptyMap()));
System.out.println("\nLoading domain keystore: " + config + "\t[" + System.out.println("\nLoading domain keystore: " + config + "\t[" +
expected + " entries]"); expected + " entries]");
@ -129,8 +127,7 @@ public class DKSTest {
expected = 0; expected = 0;
keystore = KeyStore.getInstance("DKS"); keystore = KeyStore.getInstance("DKS");
// load entries // load entries
keystore.load( keystore.load(new DomainLoadStoreParameter(config, PASSWORDS));
new KeyStore.DomainLoadStoreParameter(config, PASSWORDS));
System.out.println("\nLoading domain keystore: " + config + "\t[" + System.out.println("\nLoading domain keystore: " + config + "\t[" +
expected + " entries]"); expected + " entries]");
checkEntries(keystore, expected); checkEntries(keystore, expected);
@ -142,8 +139,7 @@ public class DKSTest {
expected = 2 + 1 + 1 + 1; expected = 2 + 1 + 1 + 1;
keystore = KeyStore.getInstance("DKS"); keystore = KeyStore.getInstance("DKS");
// load entries // load entries
keystore.load( keystore.load(new DomainLoadStoreParameter(config, PASSWORDS));
new KeyStore.DomainLoadStoreParameter(config, PASSWORDS));
System.out.println("\nLoading domain keystore: " + config + "\t[" + System.out.println("\nLoading domain keystore: " + config + "\t[" +
expected + " entries]"); expected + " entries]");
checkEntries(keystore, expected); checkEntries(keystore, expected);
@ -158,12 +154,10 @@ public class DKSTest {
config = new URI(CONFIG + "#keystores_tmp"); config = new URI(CONFIG + "#keystores_tmp");
System.out.println("Storing domain keystore: " + config + "\t[" + System.out.println("Storing domain keystore: " + config + "\t[" +
expected + " entries]"); expected + " entries]");
keystore.store( keystore.store(new DomainLoadStoreParameter(config, PASSWORDS));
new KeyStore.DomainLoadStoreParameter(config, PASSWORDS));
keystore = KeyStore.getInstance("DKS"); keystore = KeyStore.getInstance("DKS");
// reload entries // reload entries
keystore.load( keystore.load(new DomainLoadStoreParameter(config, PASSWORDS));
new KeyStore.DomainLoadStoreParameter(config, PASSWORDS));
System.out.println("Reloading domain keystore: " + config + "\t[" + System.out.println("Reloading domain keystore: " + config + "\t[" +
expected + " entries]"); expected + " entries]");
checkEntries(keystore, expected); checkEntries(keystore, expected);