Package org.elasticsearch.common.settings

Class KeyStoreWrapper

java.lang.Object

org.elasticsearch.common.settings.KeyStoreWrapper

All Implemented Interfaces:

java.io.Closeable, java.lang.AutoCloseable, SecureSettings

public class KeyStoreWrapper
extends java.lang.Object
implements SecureSettings

A wrapper around a Java KeyStore which provides supplements the keystore with extra metadata. Loading a keystore has 2 phases. First, call load(Path). Then call decrypt(char[]) with the keystore password, or an empty char array if hasPassword() is false. Loading and decrypting should happen in a single thread. Once decrypted, keys may be read with the wrapper in multiple threads.

Field Summary

Fields

Modifier and Type	Field	Description
static Setting<SecureString>	SEED_SETTING

Method Summary

Modifier and Type	Method	Description
static void	addBootstrapSeed(KeyStoreWrapper wrapper)	Add the bootstrap seed setting, which may be used as a unique, secure, random value by the node
void	close()
static KeyStoreWrapper	create(char[] password)	Constructs a new keystore with the given password.
void	decrypt(char[] password)	Decrypts the underlying java keystore.
java.io.InputStream	getFile(java.lang.String setting)	Return a file setting.
java.util.Set<java.lang.String>	getSettingNames()	Returns the names of all secure settings available.
SecureString	getString(java.lang.String setting)	Return a string setting.
boolean	hasPassword()	Return true iff calling decrypt(char[]) requires a non-empty password.
boolean	isLoaded()	Returns true iff the settings are loaded and retrievable.
static java.nio.file.Path	keystorePath(java.nio.file.Path configDir)	Returns a path representing the ES keystore in the given config dir.
static KeyStoreWrapper	load(java.nio.file.Path configDir)	Loads information about the Elasticsearch keystore from the provided config directory.
void	save(java.nio.file.Path configDir)	Write the keystore to the given config directory.
static void	upgrade(KeyStoreWrapper wrapper, java.nio.file.Path configDir)	Upgrades the format of the keystore, if necessary.
static void	validateSettingName(java.lang.String setting)	Ensure the given setting name is allowed.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SEED_SETTING

public static final Setting<SecureString> SEED_SETTING

Method Detail

keystorePath

public static java.nio.file.Path keystorePath(java.nio.file.Path configDir)

Returns a path representing the ES keystore in the given config dir.

create

public static KeyStoreWrapper create(char[] password)
                              throws java.lang.Exception

Constructs a new keystore with the given password.

Throws:

java.lang.Exception

addBootstrapSeed

public static void addBootstrapSeed(KeyStoreWrapper wrapper)
                             throws java.security.GeneralSecurityException

Add the bootstrap seed setting, which may be used as a unique, secure, random value by the node

Throws:

java.security.GeneralSecurityException

load

public static KeyStoreWrapper load(java.nio.file.Path configDir)
                            throws java.io.IOException

Loads information about the Elasticsearch keystore from the provided config directory. decrypt(char[]) must be called before reading or writing any entries. Returns null if no keystore exists.

Throws:

java.io.IOException

upgrade

public static void upgrade(KeyStoreWrapper wrapper,
                           java.nio.file.Path configDir)
                    throws java.lang.Exception

Upgrades the format of the keystore, if necessary.

Throws:

java.lang.Exception

isLoaded

public boolean isLoaded()

Description copied from interface: SecureSettings

Returns true iff the settings are loaded and retrievable.

Specified by:

isLoaded in interface SecureSettings

hasPassword

public boolean hasPassword()

Return true iff calling decrypt(char[]) requires a non-empty password.

decrypt

public void decrypt(char[] password)
             throws java.security.GeneralSecurityException,
                    java.io.IOException

Decrypts the underlying java keystore. This may only be called once. The provided password will be zeroed out.

Throws:

java.security.GeneralSecurityException

java.io.IOException

save

public void save(java.nio.file.Path configDir)
          throws java.lang.Exception

Write the keystore to the given config directory.

Throws:

java.lang.Exception

getSettingNames

public java.util.Set<java.lang.String> getSettingNames()

Description copied from interface: SecureSettings

Returns the names of all secure settings available.

Specified by:

getSettingNames in interface SecureSettings

getString

public SecureString getString(java.lang.String setting)
                       throws java.security.GeneralSecurityException

Description copied from interface: SecureSettings

Return a string setting. The SecureString should be closed once it is used.

Specified by:

getString in interface SecureSettings

Throws:

java.security.GeneralSecurityException

getFile

public java.io.InputStream getFile(java.lang.String setting)
                            throws java.security.GeneralSecurityException

Description copied from interface: SecureSettings

Return a file setting. The InputStream should be closed once it is used.

Specified by:

getFile in interface SecureSettings

Throws:

java.security.GeneralSecurityException

validateSettingName

public static void validateSettingName(java.lang.String setting)

Ensure the given setting name is allowed.

Throws:

java.lang.IllegalArgumentException - if the setting name is not valid

close

public void close()
           throws java.io.IOException

Specified by:

close in interface java.lang.AutoCloseable

Specified by:

close in interface java.io.Closeable

Specified by:

close in interface SecureSettings

Throws:

java.io.IOException