Package org.jivesoftware.openfire.keystore

Class CertificateStoreManager

java.lang.Object

org.jivesoftware.openfire.container.BasicModule

org.jivesoftware.openfire.keystore.CertificateStoreManager

All Implemented Interfaces:

Module

public class CertificateStoreManager
extends BasicModule

A manager of certificate stores.

Constructor Summary

Constructors

Constructor	Description
CertificateStoreManager()

Method Summary

Modifier and Type	Method	Description
Collection<Path>	backup()	Creates a backup of all files that back any of the certificate stores.
void	destroy()	Destroys the module.
IdentityStore	getIdentityStore(ConnectionType type)
static String	getIdentityStoreBackupDirectory(ConnectionType type)	The location (relative to OPENFIRE_HOME) of the directory that holds backups for identity stores.
CertificateStoreConfiguration	getIdentityStoreConfiguration(ConnectionType type)
static String	getIdentityStoreType(ConnectionType type)	The KeyStore type (jks, jceks, pkcs12, etc) for the identity store for connections of a particular type.
static String	getKeyStoreType(ConnectionType type)	Deprecated. use either getTrustStoreType(ConnectionType) or getIdentityStoreType(ConnectionType)
TrustStore	getTrustStore(ConnectionType type)
static String	getTrustStoreBackupDirectory(ConnectionType type)	The location (relative to OPENFIRE_HOME) of the directory that holds backups for trust stores.
CertificateStoreConfiguration	getTrustStoreConfiguration(ConnectionType type)
static String	getTrustStoreType(ConnectionType type)	The KeyStore type (jks, jceks, pkcs12, etc) for the trust store for connections of a particular type.
void	initialize(XMPPServer server)	Initializes the basic module.
void	replaceIdentityStore(ConnectionType type, CertificateStoreConfiguration configuration, boolean createIfAbsent)
void	replaceTrustStore(ConnectionType type, CertificateStoreConfiguration configuration, boolean createIfAbsent)
boolean	usesDistinctConfigurationForEachType()	Checks if Openfire is configured to use the same set of three keystore files for all connection types (one identity store, and two trust stores - one for client-based connections, and one for server/component-based connections).

Methods inherited from class org.jivesoftware.openfire.container.BasicModule

getName, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CertificateStoreManager

public CertificateStoreManager()

Method Detail

initialize

public void initialize(XMPPServer server)

Description copied from class: BasicModule

Initializes the basic module.

Inheriting classes that choose to override this method MUST call this initialize() method before accessing BasicModule resources.

Specified by:

initialize in interface Module

Overrides:

initialize in class BasicModule

Parameters:

server - the server hosting this module.

destroy

public void destroy()

Description copied from class: BasicModule

Destroys the module.

Does nothing in the basic module.

Specified by:

destroy in interface Module

Overrides:

destroy in class BasicModule

getIdentityStore

public IdentityStore getIdentityStore(ConnectionType type)

getTrustStore

public TrustStore getTrustStore(ConnectionType type)

replaceIdentityStore

public void replaceIdentityStore(ConnectionType type,
                                 CertificateStoreConfiguration configuration,
                                 boolean createIfAbsent)
                          throws CertificateStoreConfigException

Throws:

CertificateStoreConfigException

replaceTrustStore

public void replaceTrustStore(ConnectionType type,
                              CertificateStoreConfiguration configuration,
                              boolean createIfAbsent)
                       throws CertificateStoreConfigException

Throws:

CertificateStoreConfigException

getIdentityStoreConfiguration

public CertificateStoreConfiguration getIdentityStoreConfiguration(ConnectionType type)
                                                            throws IOException

Throws:

IOException

getTrustStoreConfiguration

public CertificateStoreConfiguration getTrustStoreConfiguration(ConnectionType type)
                                                         throws IOException

Throws:

IOException

backup

public Collection<Path> backup()
                        throws IOException

Creates a backup of all files that back any of the certificate stores. Each certificate store can be configured to use a distinct file, as well as use a distinct backup location. In practise, there will be a lot of overlap. This implementation creates a backup (by copying the file) for each unique file/backup-location combination in the collection of all certificate stores.

Returns:

the paths the store was backed up to

Throws:

IOException - if the store could not be backed up

getTrustStoreType

public static String getTrustStoreType(ConnectionType type)

The KeyStore type (jks, jceks, pkcs12, etc) for the trust store for connections of a particular type.

Parameters:

type - the connection type

Returns:

a store type (never null).

See Also:

Java Cryptography Architecture Standard Algorithm Name Documentation

getIdentityStoreType

public static String getIdentityStoreType(ConnectionType type)

The KeyStore type (jks, jceks, pkcs12, etc) for the identity store for connections of a particular type.

Parameters:

type - the connection type

Returns:

a store type (never null).

See Also:

Java Cryptography Architecture Standard Algorithm Name Documentation

getKeyStoreType

@Deprecated
public static String getKeyStoreType(ConnectionType type)

Deprecated.

use either getTrustStoreType(ConnectionType) or getIdentityStoreType(ConnectionType)

The KeyStore type (jks, jceks, pkcs12, etc) for the identity and trust store for connections of a particular type.

Parameters:

type - the connection type

Returns:

a store type (never null).

See Also:

Java Cryptography Architecture Standard Algorithm Name Documentation

getIdentityStoreBackupDirectory

public static String getIdentityStoreBackupDirectory(ConnectionType type)

The location (relative to OPENFIRE_HOME) of the directory that holds backups for identity stores.

Parameters:

type - the connection type

Returns:

a path (never null).

getTrustStoreBackupDirectory

public static String getTrustStoreBackupDirectory(ConnectionType type)

The location (relative to OPENFIRE_HOME) of the directory that holds backups for trust stores.

Parameters:

type - the connection type

Returns:

a path (never null).

usesDistinctConfigurationForEachType

public boolean usesDistinctConfigurationForEachType()
                                             throws IOException

Checks if Openfire is configured to use the same set of three keystore files for all connection types (one identity store, and two trust stores - one for client-based connections, and one for server/component-based connections). This method will return 'false' when running Openfire without changes to its default keystore configuration. If changes are made to use different keystores for at least one connection type, this method returns 'true'.

Returns:

true if Openfire is using different keystores based on the type of connection, false when running with the default store configuration.

Throws:

IOException - if there was an IO error