Package org.elasticsearch.common.settings

Class KeyStoreWrapper

java.lang.Object

org.elasticsearch.common.settings.KeyStoreWrapper

All Implemented Interfaces:

java.io.Closeable, java.lang.AutoCloseable, SecureSettings

public class KeyStoreWrapper
extends java.lang.Object
implements SecureSettings

A disk based container for sensitive settings in Elasticsearch. Loading a keystore has 2 phases. First, call load(Path). Then call decrypt(char[]) with the keystore password, or an empty char array if hasPassword() is false. Loading and decrypting should happen in a single thread. Once decrypted, settings may be read in multiple threads.

Field Summary

Fields

Modifier and Type	Field	Description
static Setting<SecureString>	SEED_SETTING

Method Summary

Modifier and Type	Method	Description
static void	addBootstrapSeed(KeyStoreWrapper wrapper)	Add the bootstrap seed setting, which may be used as a unique, secure, random value by the node
void	close()
static KeyStoreWrapper	create()	Constructs a new keystore with the given password.
void	decrypt(char[] password)	Decrypts the underlying keystore data.
java.io.InputStream	getFile(java.lang.String setting)	Return a file setting.
java.util.Set<java.lang.String>	getSettingNames()	It is possible to retrieve the setting names even if the keystore is closed.
SecureString	getString(java.lang.String setting)	Return a string setting.
boolean	hasPassword()	Return true iff calling decrypt(char[]) requires a non-empty password.
boolean	isLoaded()	Returns true iff the settings are loaded and retrievable.
static java.nio.file.Path	keystorePath(java.nio.file.Path configDir)	Returns a path representing the ES keystore in the given config dir.
static KeyStoreWrapper	load(java.nio.file.Path configDir)	Loads information about the Elasticsearch keystore from the provided config directory.
void	save(java.nio.file.Path configDir, char[] password)	Write the keystore to the given config directory.
static void	upgrade(KeyStoreWrapper wrapper, java.nio.file.Path configDir, char[] password)	Upgrades the format of the keystore, if necessary.
static void	validateSettingName(java.lang.String setting)	Ensure the given setting name is allowed.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SEED_SETTING

public static final Setting<SecureString> SEED_SETTING

Method Detail

keystorePath

public static java.nio.file.Path keystorePath(java.nio.file.Path configDir)

Returns a path representing the ES keystore in the given config dir.

create

public static KeyStoreWrapper create()

Constructs a new keystore with the given password.

addBootstrapSeed

public static void addBootstrapSeed(KeyStoreWrapper wrapper)

Add the bootstrap seed setting, which may be used as a unique, secure, random value by the node

load

public static KeyStoreWrapper load(java.nio.file.Path configDir)
                            throws java.io.IOException

Loads information about the Elasticsearch keystore from the provided config directory. decrypt(char[]) must be called before reading or writing any entries. Returns null if no keystore exists.

Throws:

java.io.IOException

upgrade

public static void upgrade(KeyStoreWrapper wrapper,
                           java.nio.file.Path configDir,
                           char[] password)
                    throws java.lang.Exception

Upgrades the format of the keystore, if necessary.

Throws:

java.lang.Exception

isLoaded

public boolean isLoaded()

Description copied from interface: SecureSettings

Returns true iff the settings are loaded and retrievable.

Specified by:

isLoaded in interface SecureSettings

hasPassword

public boolean hasPassword()

Return true iff calling decrypt(char[]) requires a non-empty password.

decrypt

public void decrypt(char[] password)
             throws java.security.GeneralSecurityException,
                    java.io.IOException

Decrypts the underlying keystore data. This may only be called once.

Throws:

java.security.GeneralSecurityException

java.io.IOException

save

public void save(java.nio.file.Path configDir,
                 char[] password)
          throws java.lang.Exception

Write the keystore to the given config directory.

Throws:

java.lang.Exception

getSettingNames

public java.util.Set<java.lang.String> getSettingNames()

It is possible to retrieve the setting names even if the keystore is closed. This allows SecureSetting to correctly determine that a entry exists even though it cannot be read. Thus attempting to read a secure setting after the keystore is closed will generate a "keystore is closed" exception rather than using the fallback setting.

Specified by:

getSettingNames in interface SecureSettings

getString

public SecureString getString(java.lang.String setting)

Description copied from interface: SecureSettings

Return a string setting. The SecureString should be closed once it is used.

Specified by:

getString in interface SecureSettings

getFile

public java.io.InputStream getFile(java.lang.String setting)

Description copied from interface: SecureSettings

Return a file setting. The InputStream should be closed once it is used.

Specified by:

getFile in interface SecureSettings

validateSettingName

public static void validateSettingName(java.lang.String setting)

Ensure the given setting name is allowed.

Throws:

java.lang.IllegalArgumentException - if the setting name is not valid

close

public void close()

Specified by:

close in interface java.lang.AutoCloseable

Specified by:

close in interface java.io.Closeable

Specified by:

close in interface SecureSettings