java.io.Closeable
, java.lang.AutoCloseable
, SecureSettings
public class KeyStoreWrapper extends java.lang.Object implements SecureSettings
load(Path)
. Then call
decrypt(char[])
with the keystore password, or an empty char array if
hasPassword()
is false
. Loading and decrypting should happen
in a single thread. Once decrypted, settings may be read in multiple threads.Modifier and Type | Field | Description |
---|---|---|
static Setting<SecureString> |
SEED_SETTING |
Modifier and Type | Method | Description |
---|---|---|
static void |
addBootstrapSeed(KeyStoreWrapper wrapper) |
Add the bootstrap seed setting, which may be used as a unique, secure, random value by the node
|
void |
close() |
|
static KeyStoreWrapper |
create() |
Constructs a new keystore with the given password.
|
void |
decrypt(char[] password) |
Decrypts the underlying keystore data.
|
java.io.InputStream |
getFile(java.lang.String setting) |
Return a file setting.
|
java.util.Set<java.lang.String> |
getSettingNames() |
It is possible to retrieve the setting names even if the keystore is closed.
|
SecureString |
getString(java.lang.String setting) |
Return a string setting.
|
boolean |
hasPassword() |
Return true iff calling
decrypt(char[]) requires a non-empty password. |
boolean |
isLoaded() |
Returns true iff the settings are loaded and retrievable.
|
static java.nio.file.Path |
keystorePath(java.nio.file.Path configDir) |
Returns a path representing the ES keystore in the given config dir.
|
static KeyStoreWrapper |
load(java.nio.file.Path configDir) |
Loads information about the Elasticsearch keystore from the provided config directory.
|
void |
save(java.nio.file.Path configDir,
char[] password) |
Write the keystore to the given config directory.
|
static void |
upgrade(KeyStoreWrapper wrapper,
java.nio.file.Path configDir,
char[] password) |
Upgrades the format of the keystore, if necessary.
|
static void |
validateSettingName(java.lang.String setting) |
Ensure the given setting name is allowed.
|
public static final Setting<SecureString> SEED_SETTING
public static java.nio.file.Path keystorePath(java.nio.file.Path configDir)
public static KeyStoreWrapper create()
public static void addBootstrapSeed(KeyStoreWrapper wrapper)
public static KeyStoreWrapper load(java.nio.file.Path configDir) throws java.io.IOException
decrypt(char[])
must be called before reading or writing any entries.
Returns null
if no keystore exists.java.io.IOException
public static void upgrade(KeyStoreWrapper wrapper, java.nio.file.Path configDir, char[] password) throws java.lang.Exception
java.lang.Exception
public boolean isLoaded()
SecureSettings
isLoaded
in interface SecureSettings
public boolean hasPassword()
decrypt(char[])
requires a non-empty password.public void decrypt(char[] password) throws java.security.GeneralSecurityException, java.io.IOException
java.security.GeneralSecurityException
java.io.IOException
public void save(java.nio.file.Path configDir, char[] password) throws java.lang.Exception
java.lang.Exception
public java.util.Set<java.lang.String> getSettingNames()
SecureSetting
to correctly determine that a entry exists even though it cannot be read. Thus attempting to
read a secure setting after the keystore is closed will generate a "keystore is closed" exception rather than using the fallback
setting.getSettingNames
in interface SecureSettings
public SecureString getString(java.lang.String setting)
SecureSettings
SecureString
should be closed once it is used.getString
in interface SecureSettings
public java.io.InputStream getFile(java.lang.String setting)
SecureSettings
InputStream
should be closed once it is used.getFile
in interface SecureSettings
public static void validateSettingName(java.lang.String setting)
java.lang.IllegalArgumentException
- if the setting name is not validpublic void close()
close
in interface java.lang.AutoCloseable
close
in interface java.io.Closeable
close
in interface SecureSettings