From ee70762fc47a451e625b9cc0de8e61dc43c2a0d3 Mon Sep 17 00:00:00 2001 From: vinnie Date: Wed, 9 Oct 2013 10:48:44 +0100 Subject: [PATCH] 8008171: Refactor KeyStore.DomainLoadStoreParameter as a standalone class Reviewed-by: mullan, weijun --- .../security/DomainLoadStoreParameter.java | 171 ++++++++++++++++++ src/share/classes/java/security/KeyStore.java | 142 --------------- .../sun/security/provider/DomainKeyStore.java | 25 ++- .../security/provider/KeyStore/DKSTest.java | 20 +- 4 files changed, 190 insertions(+), 168 deletions(-) create mode 100644 src/share/classes/java/security/DomainLoadStoreParameter.java diff --git a/src/share/classes/java/security/DomainLoadStoreParameter.java b/src/share/classes/java/security/DomainLoadStoreParameter.java new file mode 100644 index 000000000..bc9697597 --- /dev/null +++ b/src/share/classes/java/security/DomainLoadStoreParameter.java @@ -0,0 +1,171 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package java.security; + +import java.net.URI; +import java.util.*; +import static java.security.KeyStore.*; + +/** + * Configuration data that specifies the keystores in a keystore domain. + * A keystore domain is a collection of keystores that are presented as a + * single logical keystore. The configuration data is used during + * {@code KeyStore} + * {@link KeyStore#load(KeyStore.LoadStoreParameter) load} and + * {@link KeyStore#store(KeyStore.LoadStoreParameter) store} operations. + *

+ * The following syntax is supported for configuration data: + *

{@code
+ *     domain  [ ...] {
+ *         keystore  [ ...] ;
+ *         ...
+ *     };
+ *     ...
+ * }
+ * where {@code domainName} and {@code keystoreName} are identifiers + * and {@code property} is a key/value pairing. The key and value are + * separated by an 'equals' symbol and the value is enclosed in double + * quotes. A property value may be either a printable string or a binary + * string of colon-separated pairs of hexadecimal digits. Multi-valued + * properties are represented as a comma-separated list of values, + * enclosed in square brackets. + * See {@link Arrays#toString(java.lang.Object[])}. + *

+ * To ensure that keystore entries are uniquely identified, each + * entry's alias is prefixed by its {@code keystoreName} followed + * by the entry name separator and each {@code keystoreName} must be + * unique within its domain. Entry name prefixes are omitted when + * storing a keystore. + *

+ * Properties are context-sensitive: properties that apply to + * all the keystores in a domain are located in the domain clause, + * and properties that apply only to a specific keystore are located + * in that keystore's clause. + * Unless otherwise specified, a property in a keystore clause overrides + * a property of the same name in the domain clause. All property names + * are case-insensitive. The following properties are supported: + *

+ *
{@code keystoreType=""}
+ *
The keystore type.
+ *
{@code keystoreURI=""}
+ *
The keystore location.
+ *
{@code keystoreProviderName=""}
+ *
The name of the keystore's JCE provider.
+ *
{@code keystorePasswordEnv=""}
+ *
The environment variable that stores a keystore password. + * Alternatively, passwords may be supplied to the constructor + * method in a {@code Map}.
+ *
{@code entryNameSeparator=""}
+ *
The separator between a keystore name prefix and an entry name. + * When specified, it applies to all the entries in a domain. + * Its default value is a space.
+ *
+ *

+ * For example, configuration data for a simple keystore domain + * comprising three keystores is shown below: + *

+ *
+ * domain app1 {
+ *     keystore app1-truststore
+ *         keystoreURI="file:///app1/etc/truststore.jks";
+ *
+ *     keystore system-truststore
+ *         keystoreURI="${java.home}/lib/security/cacerts";
+ *
+ *     keystore app1-keystore
+ *         keystoreType="PKCS12"
+ *         keystoreURI="file:///app1/etc/keystore.p12";
+ * };
+ *
+ * 
+ * @since 1.8 + */ +public final class DomainLoadStoreParameter implements LoadStoreParameter { + + private final URI configuration; + private final Map protectionParams; + + /** + * Constructs a DomainLoadStoreParameter for a keystore domain with + * the parameters used to protect keystore data. + * + * @param configuration identifier for the domain configuration data. + * The name of the target domain should be specified in the + * {@code java.net.URI} fragment component when it is necessary + * to distinguish between several domain configurations at the + * same location. + * + * @param protectionParams the map from keystore name to the parameter + * used to protect keystore data. + * A {@code java.util.Collections.EMPTY_MAP} should be used + * when protection parameters are not required or when they have + * been specified by properties in the domain configuration data. + * It is cloned to prevent subsequent modification. + * + * @exception NullPointerException if {@code configuration} or + * {@code protectionParams} is {@code null} + */ + public DomainLoadStoreParameter(URI configuration, + Map protectionParams) { + if (configuration == null || protectionParams == null) { + throw new NullPointerException("invalid null input"); + } + this.configuration = configuration; + this.protectionParams = + Collections.unmodifiableMap(new HashMap<>(protectionParams)); + } + + /** + * Gets the identifier for the domain configuration data. + * + * @return the identifier for the configuration data + */ + public URI getConfiguration() { + return configuration; + } + + /** + * Gets the keystore protection parameters for keystores in this + * domain. + * + * @return an unmodifiable map of keystore names to protection + * parameters + */ + public Map getProtectionParams() { + return protectionParams; + } + + /** + * Gets the keystore protection parameters for this domain. + * Keystore domains do not support a protection parameter. + * + * @return always returns {@code null} + */ + @Override + public KeyStore.ProtectionParameter getProtectionParameter() { + return null; + } +} diff --git a/src/share/classes/java/security/KeyStore.java b/src/share/classes/java/security/KeyStore.java index 187683baa..e769bb158 100644 --- a/src/share/classes/java/security/KeyStore.java +++ b/src/share/classes/java/security/KeyStore.java @@ -218,148 +218,6 @@ public class KeyStore { public ProtectionParameter getProtectionParameter(); } - /** - * Configuration data that specifies the keystores in a keystore domain. - * A keystore domain is a collection of keystores that are presented as a - * single logical keystore. The configuration data is used during - * {@code KeyStore} - * {@link #load(KeyStore.LoadStoreParameter) load} and - * {@link #store(KeyStore.LoadStoreParameter) store} operations. - *

- * The following syntax is supported for configuration data: - *

{@code
-     *     domain  [ ...] {
-     *         keystore  [ ...] ;
-     *         ...
-     *     };
-     *     ...
-     * }
- * where {@code domainName} and {@code keystoreName} are identifiers - * and {@code property} is a key/value pairing. The key and value are - * separated by an 'equals' symbol and the value is enclosed in double - * quotes. A property value may be either a printable string or a binary - * string of colon-separated pairs of hexadecimal digits. Multi-valued - * properties are represented as a comma-separated list of values, - * enclosed in square brackets. - * See {@link Arrays#toString(java.lang.Object[])}. - *

- * To ensure that keystore entries are uniquely identified, each - * entry's alias is prefixed by its {@code keystoreName} followed - * by the entry name separator and each {@code keystoreName} must be - * unique within its domain. Entry name prefixes are omitted when - * storing a keystore. - *

- * Properties are context-sensitive: properties that apply to - * all the keystores in a domain are located in the domain clause, - * and properties that apply only to a specific keystore are located - * in that keystore's clause. - * Unless otherwise specified, a property in a keystore clause overrides - * a property of the same name in the domain clause. All property names - * are case-insensitive. The following properties are supported: - *

- *
{@code keystoreType=""}
- *
The keystore type.
- *
{@code keystoreURI=""}
- *
The keystore location.
- *
{@code keystoreProviderName=""}
- *
The name of the keystore's JCE provider.
- *
{@code keystorePasswordEnv=""}
- *
The environment variable that stores a keystore password. - * Alternatively, passwords may be supplied to the constructor - * method in a {@code Map}.
- *
{@code entryNameSeparator=""}
- *
The separator between a keystore name prefix and an entry name. - * When specified, it applies to all the entries in a domain. - * Its default value is a space.
- *
- *

- * For example, configuration data for a simple keystore domain - * comprising three keystores is shown below: - *

-     *
-     * domain app1 {
-     *     keystore app1-truststore
-     *         keystoreURI="file:///app1/etc/truststore.jks"
-     *
-     *     keystore system-truststore
-     *         keystoreURI="${java.home}/lib/security/cacerts"
-     *
-     *     keystore app1-keystore
-     *         keystoreType="PKCS12"
-     *         keystoreURI="file:///app1/etc/keystore.p12"
-     * };
-     *
-     * 
- * @since 1.8 - */ - public static final class DomainLoadStoreParameter - implements LoadStoreParameter { - - private final URI configuration; - private final Map protectionParams; - - /** - * Constructs a DomainLoadStoreParameter for a keystore domain with - * the parameters used to protect keystore data. - * - * @param configuration identifier for the domain configuration data. - * The name of the target domain should be specified in the - * {@code java.net.URI} fragment component when it is necessary - * to distinguish between several domain configurations at the - * same location. - * - * @param protectionParams the map from keystore name to the parameter - * used to protect keystore data. - * A {@code java.util.Collections.EMPTY_MAP} should be used - * when protection parameters are not required or when they have - * been specified by properties in the domain configuration data. - * It is cloned to prevent subsequent modification. - * - * @exception NullPointerException if {@code configuration} or - * {@code protectionParams} is {@code null} - */ - public DomainLoadStoreParameter(URI configuration, - Map protectionParams) { - if (configuration == null || protectionParams == null) { - throw new NullPointerException("invalid null input"); - } - this.configuration = configuration; - this.protectionParams = - Collections.unmodifiableMap(new HashMap<>(protectionParams)); - } - - /** - * Gets the identifier for the domain configuration data. - * - * @return the identifier for the configuration data - */ - public URI getConfiguration() { - return configuration; - } - - /** - * Gets the keystore protection parameters for keystores in this - * domain. - * - * @return an unmodifiable map of keystore names to protection - * parameters - */ - public Map getProtectionParams() { - return protectionParams; - } - - /** - * Gets the keystore protection parameters for this domain. - * Keystore domains do not support a protection parameter. - * - * @return always returns {@code null} - */ - @Override - public KeyStore.ProtectionParameter getProtectionParameter() { - return null; - } - } - /** * A marker interface for keystore protection parameters. * diff --git a/src/share/classes/sun/security/provider/DomainKeyStore.java b/src/share/classes/sun/security/provider/DomainKeyStore.java index ae0dbfb06..9c4072abc 100644 --- a/src/share/classes/sun/security/provider/DomainKeyStore.java +++ b/src/share/classes/sun/security/provider/DomainKeyStore.java @@ -41,7 +41,7 @@ import sun.security.util.PolicyUtil; * This class provides the domain keystore type identified as "DKS". * DKS presents a collection of separate keystores as a single logical keystore. * The collection of keystores is specified in a domain configuration file which - * is passed to DKS in a {@link KeyStore.DomainLoadStoreParameter}. + * is passed to DKS in a {@link DomainLoadStoreParameter}. *

* The following properties are supported: *

@@ -622,17 +622,16 @@ abstract class DomainKeyStore extends KeyStoreSpi { } throw new UnsupportedOperationException( - "This keystore must be stored using a " + - "KeyStore.DomainLoadStoreParameter"); + "This keystore must be stored using a DomainLoadStoreParameter"); } @Override public void engineStore(KeyStore.LoadStoreParameter param) throws IOException, NoSuchAlgorithmException, CertificateException { - if (param instanceof KeyStore.DomainLoadStoreParameter) { - KeyStore.DomainLoadStoreParameter domainParameter = - (KeyStore.DomainLoadStoreParameter) param; + if (param instanceof DomainLoadStoreParameter) { + DomainLoadStoreParameter domainParameter = + (DomainLoadStoreParameter) param; List builders = getBuilders( domainParameter.getConfiguration(), domainParameter.getProtectionParams()); @@ -645,7 +644,7 @@ abstract class DomainKeyStore extends KeyStoreSpi { if (!(pp instanceof KeyStore.PasswordProtection)) { throw new KeyStoreException( new IllegalArgumentException("ProtectionParameter" + - " must be a KeyStore.PasswordPartection")); + " must be a KeyStore.PasswordProtection")); } char[] password = ((KeyStore.PasswordProtection) builder.protection) @@ -663,7 +662,7 @@ abstract class DomainKeyStore extends KeyStoreSpi { } else { throw new UnsupportedOperationException( "This keystore must be stored using a " + - "KeyStore.DomainLoadStoreParameter"); + "DomainLoadStoreParameter"); } } @@ -710,7 +709,7 @@ abstract class DomainKeyStore extends KeyStoreSpi { } catch (Exception e) { throw new UnsupportedOperationException( "This keystore must be loaded using a " + - "KeyStore.DomainLoadStoreParameter"); + "DomainLoadStoreParameter"); } } @@ -718,9 +717,9 @@ abstract class DomainKeyStore extends KeyStoreSpi { public void engineLoad(KeyStore.LoadStoreParameter param) throws IOException, NoSuchAlgorithmException, CertificateException { - if (param instanceof KeyStore.DomainLoadStoreParameter) { - KeyStore.DomainLoadStoreParameter domainParameter = - (KeyStore.DomainLoadStoreParameter) param; + if (param instanceof DomainLoadStoreParameter) { + DomainLoadStoreParameter domainParameter = + (DomainLoadStoreParameter) param; List builders = getBuilders( domainParameter.getConfiguration(), domainParameter.getProtectionParams()); @@ -748,7 +747,7 @@ abstract class DomainKeyStore extends KeyStoreSpi { } else { throw new UnsupportedOperationException( "This keystore must be loaded using a " + - "KeyStore.DomainLoadStoreParameter"); + "DomainLoadStoreParameter"); } } diff --git a/test/sun/security/provider/KeyStore/DKSTest.java b/test/sun/security/provider/KeyStore/DKSTest.java index c2b6baf3a..d1c4f18fc 100644 --- a/test/sun/security/provider/KeyStore/DKSTest.java +++ b/test/sun/security/provider/KeyStore/DKSTest.java @@ -81,8 +81,7 @@ public class DKSTest { int expected; KeyStore keystore = KeyStore.getInstance("DKS"); // load entries - keystore.load( - new KeyStore.DomainLoadStoreParameter(config, PASSWORDS)); + keystore.load(new DomainLoadStoreParameter(config, PASSWORDS)); cacertsCount = expected = keystore.size(); System.out.println("\nLoading domain keystore: " + config + "\t[" + expected + " entries]"); @@ -95,8 +94,7 @@ public class DKSTest { expected = cacertsCount + 1; keystore = KeyStore.getInstance("DKS"); // load entries - keystore.load( - new KeyStore.DomainLoadStoreParameter(config, PASSWORDS)); + keystore.load(new DomainLoadStoreParameter(config, PASSWORDS)); System.out.println("\nLoading domain keystore: " + config + "\t[" + expected + " entries]"); checkEntries(keystore, expected); @@ -109,7 +107,7 @@ public class DKSTest { keystore = KeyStore.getInstance("DKS"); // load entries keystore.load( - new KeyStore.DomainLoadStoreParameter(config, + new DomainLoadStoreParameter(config, Collections.emptyMap())); System.out.println("\nLoading domain keystore: " + config + "\t[" + expected + " entries]"); @@ -129,8 +127,7 @@ public class DKSTest { expected = 0; keystore = KeyStore.getInstance("DKS"); // load entries - keystore.load( - new KeyStore.DomainLoadStoreParameter(config, PASSWORDS)); + keystore.load(new DomainLoadStoreParameter(config, PASSWORDS)); System.out.println("\nLoading domain keystore: " + config + "\t[" + expected + " entries]"); checkEntries(keystore, expected); @@ -142,8 +139,7 @@ public class DKSTest { expected = 2 + 1 + 1 + 1; keystore = KeyStore.getInstance("DKS"); // load entries - keystore.load( - new KeyStore.DomainLoadStoreParameter(config, PASSWORDS)); + keystore.load(new DomainLoadStoreParameter(config, PASSWORDS)); System.out.println("\nLoading domain keystore: " + config + "\t[" + expected + " entries]"); checkEntries(keystore, expected); @@ -158,12 +154,10 @@ public class DKSTest { config = new URI(CONFIG + "#keystores_tmp"); System.out.println("Storing domain keystore: " + config + "\t[" + expected + " entries]"); - keystore.store( - new KeyStore.DomainLoadStoreParameter(config, PASSWORDS)); + keystore.store(new DomainLoadStoreParameter(config, PASSWORDS)); keystore = KeyStore.getInstance("DKS"); // reload entries - keystore.load( - new KeyStore.DomainLoadStoreParameter(config, PASSWORDS)); + keystore.load(new DomainLoadStoreParameter(config, PASSWORDS)); System.out.println("Reloading domain keystore: " + config + "\t[" + expected + " entries]"); checkEntries(keystore, expected); -- GitLab