public class KeyStoreActor extends TypedAtomicActor
Keystores are ways to manage keys and certificates. A keystore file can
be created by using the keytool
executable that comes with Java,
or, if the createFileOrURLIfNecessary parameter is true,
then a keystore will be created for you.
To create a simple keystore by hand that contains a private key and
a public key signed with a self signed certificate, run:
cd $PTII make ptKeystorewhich will create a keystore with a store password of
this.is.the.storePassword,change.it
and key password of
of this.is.the.keyPassword,change.it
.
claudius
A keystore may have at most one type, which describes the format of the keystore. If a keyStore file exists, then the keyStoreType parameter is set to the type of the preexisting keyStore. Changing the keyStoreType of a preexisting keystore to a different type is likely to throw an exception when the keyStore is opened. If a keyStore file does not exist, then when it is created it will be created with the type from the keyStoreType parameter.
The keytool
creates keystores that have a type of
"JKS". To view the keystore type, run
keytool -keystore keystoreFile-list
.
The SecretKey
actor outputs a
key that must read in with a keystore type of "JCEKS", so if this
actor is being used with a SecretKey actor, then the type should be
set to "JCEKS".
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html for possible values.
Derived classes should add input or output ports as necessary. Derived classes should call _loadKeyStore() so that _keyStore is properly initialized before accessing _keyStore themselves.
keytool -genkey -alias claudius -keystore $PTII/ptKeystore -keypass myKeyPassword -storepass myStorePasswordYou will be prompted for information about yourself.
keytool -alias claudius -export -keystore $PTII/ptKeystore -keypass myKeyPassword -storepass myStorePassword -file claudius.cer -rfc
PrivateKeyReader
actor
to read $PTII/ptKeystore with the appropriate passwords
and sign your data.
See the left side of $PTII/ptolemy/actor/lib/security/test/auto/Signature.xml
for an example model.
cxh@cooley 91% keytool -import -alias claudius -keystore $PTII/receivedKeystore -file claudius.cer Enter keystore password: foobar Owner: CN=Claudius Ptolemaus, OU=Your Project, O=Your University, L=Your Town, ST=Your State, C=US Issuer: CN=Claudius Ptolemaus, OU=Your Project, O=Your University, L=Your Town, ST=Your State, C=US Serial number: 3fa9b2c5 Valid from: Wed Nov 05 18:32:37 PST 2003 until: Tue Feb 03 18:32:37 PST 2004 Certificate fingerprints: MD5: D7:43:A0:C0:39:49:A8:80:69:EA:11:91:17:CE:E5:E3 SHA1: C1:3B:9A:92:35:4F:7F:A5:23:AB:57:28:D6:67:ED:43:AB:EA:A9:2B Trust this certificate? [no]: yes Certificate was added to keystore cxh@cooley 92%
cxh@cooley 93% keytool -printcert -file claudius.cer Owner: CN=Claudius Ptolemaus, OU=Your Project, O=Your University, L=Your Town, ST=Your State, C=US Issuer: CN=Claudius Ptolemaus, OU=Your Project, O=Your University, L=Your Town, ST=Your State, C=US Serial number: 3fa9b2c5 Valid from: Wed Nov 05 18:32:37 PST 2003 until: Tue Feb 03 18:32:37 PST 2004 Certificate fingerprints: MD5: D7:43:A0:C0:39:49:A8:80:69:EA:11:91:17:CE:E5:E3 SHA1: C1:3B:9A:92:35:4F:7F:A5:23:AB:57:28:D6:67:ED:43:AB:EA:A9:2B cxh@cooley 94%If the Certificate fingerprints match, then the file has not been modified in transit.
PublicKeyReader
actor with
the appropriate passwords.
See the right side of $PTII/ptolemy/actor/lib/security/test/auto/Signature.xml
for an example model.
For more information about keystores, see Security Tools Summary.
Entity.ContainedObjectsIterator
Modifier and Type | Field and Description |
---|---|
protected java.lang.String |
_alias
The alias of the Certificate that we are looking for.
|
protected java.lang.String |
_keyPassword
The password for the key.
|
protected java.security.KeyStore |
_keyStore
The KeyStore itself.
|
protected java.lang.String |
_keyStoreType
The keyStore type.
|
protected boolean |
_loadKeyStoreNeeded
Set to true if fileOrURL has changed and the keyStore needs to be
read in again and the aliases updated.
|
protected java.lang.String |
_provider
The provider to be used for a provider specific implementation.
|
protected java.lang.String |
_storePassword
The password for the keyStore.
|
StringParameter |
alias
The alias of the certificate that we are looking for.
|
Parameter |
createFileOrURLIfNecessary
If true, then create the keystore named by fileOrURL
if the fileOrURL does not exist.
|
FileParameter |
fileOrURL
The file name or URL from which to read.
|
PortParameter |
keyPassword
The password to the Key.
|
StringParameter |
keyStoreType
The type of the keystore.
|
StringParameter |
provider
Specify a provider for the given algorithm.
|
PortParameter |
storePassword
The password to the KeyStore.
|
_typesValid
_actorFiringListeners, _initializables, _notifyingActorFiring, _stopRequested
_changeListeners, _changeLock, _changeRequests, _debugging, _debugListeners, _deferChangeRequests, _elementName, _isPersistent, _verbose, _workspace, ATTRIBUTES, CLASSNAME, COMPLETE, CONTENTS, DEEP, FULLNAME, LINKS
COMPLETED, NOT_READY, STOP_ITERATING
Constructor and Description |
---|
KeyStoreActor(CompositeEntity container,
java.lang.String name)
Construct an actor with the given container and name.
|
Modifier and Type | Method and Description |
---|---|
protected void |
_initializeKeyStore()
If necessary, initialize the _keyStore by calling
KeyStore.getInstance().
|
protected void |
_loadKeyStore()
If necessary, load the _keyStore and update the choice of aliases.
|
void |
attributeChanged(Attribute attribute)
If the specified attribute is URL, then close
the current file (if there is one) and open the new one.
|
void |
createKeystore(java.lang.String keystoreFilename)
Create the keystore file.
|
protected java.lang.String |
fileOrURLDescription()
Return descriptive information about fileOrURL.
|
void |
fire()
Load the keystore for use by derived classes.
|
void |
stopFire()
Override the base class to stop waiting for input data.
|
void |
wrapup()
Terminate the subprocess.
|
_containedTypeConstraints, _customTypeConstraints, _defaultTypeConstraints, _fireAt, _fireAt, attributeTypeChanged, clone, clone, isBackwardTypeInferenceEnabled, newPort, typeConstraintList, typeConstraints
_actorFiring, _actorFiring, _declareDelayDependency, addActorFiringListener, addInitializable, connectionsChanged, createReceivers, declareDelayDependency, getCausalityInterface, getDirector, getExecutiveDirector, getManager, initialize, inputPortList, isFireFunctional, isStrict, iterate, newReceiver, outputPortList, postfire, prefire, preinitialize, pruneDependencies, recordFiring, removeActorFiringListener, removeDependency, removeInitializable, setContainer, stop, terminate
_adjustDeferrals, _checkContainer, _getContainedObject, _propagateExistence, getContainer, instantiate, isAtomic, isOpaque, moveDown, moveToFirst, moveToIndex, moveToLast, moveUp, propagateExistence, setName
_addPort, _description, _exportMoMLContents, _removePort, _validateSettables, connectedPortList, connectedPorts, containedObjectsIterator, getAttribute, getPort, getPorts, linkedRelationList, linkedRelations, portList, removeAllPorts, setClassDefinition, uniqueName
_setParent, exportMoML, getChildren, getElementName, getParent, getPrototypeList, isClassDefinition, isWithinClassDefinition
_addAttribute, _adjustOverride, _attachText, _cloneFixAttributeFields, _containedDecorators, _copyChangeRequestList, _debug, _debug, _debug, _debug, _debug, _executeChangeRequests, _getIndentPrefix, _isMoMLSuppressed, _markContentsDerived, _notifyHierarchyListenersAfterChange, _notifyHierarchyListenersBeforeChange, _propagateValue, _removeAttribute, _splitName, _stripNumericSuffix, addChangeListener, addDebugListener, addHierarchyListener, attributeDeleted, attributeList, attributeList, decorators, deepContains, depthInHierarchy, description, description, event, executeChangeRequests, exportMoML, exportMoML, exportMoML, exportMoML, exportMoMLPlain, getAttribute, getAttributes, getChangeListeners, getClassName, getDecoratorAttribute, getDecoratorAttributes, getDerivedLevel, getDerivedList, getDisplayName, getFullName, getModelErrorHandler, getName, getName, getSource, handleModelError, isDeferringChangeRequests, isOverridden, isPersistent, lazyContainedObjectsIterator, message, notifyOfNameChange, propagateValue, propagateValues, removeAttribute, removeChangeListener, removeDebugListener, removeHierarchyListener, requestChange, setClassName, setDeferringChangeRequests, setDerivedLevel, setDisplayName, setModelErrorHandler, setPersistent, setSource, sortContainedObjects, toplevel, toString, validateSettables, workspace
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
createReceivers, getCausalityInterface, getDirector, getExecutiveDirector, getManager, inputPortList, newReceiver, outputPortList
isFireFunctional, isStrict, iterate, postfire, prefire, stop, terminate
addInitializable, initialize, preinitialize, removeInitializable
description, getContainer, getDisplayName, getFullName, getName, getName, setName
getDerivedLevel, getDerivedList, propagateValue
public StringParameter alias
public Parameter createFileOrURLIfNecessary
public FileParameter fileOrURL
FileParameter
public StringParameter keyStoreType
Note that secret keys generated by the
SecretKey
actor should be saved in a keystore of type
"JCEKS".
public PortParameter keyPassword
public StringParameter provider
public PortParameter storePassword
protected java.lang.String _alias
protected java.lang.String _keyPassword
protected java.security.KeyStore _keyStore
protected java.lang.String _keyStoreType
protected java.lang.String _provider
protected java.lang.String _storePassword
protected boolean _loadKeyStoreNeeded
public KeyStoreActor(CompositeEntity container, java.lang.String name) throws IllegalActionException, NameDuplicationException
container
- The container.name
- The name of this actor.IllegalActionException
- If the actor cannot be contained
by the proposed container.NameDuplicationException
- If the container already has an
actor with this name.public void attributeChanged(Attribute attribute) throws IllegalActionException
attributeChanged
in class NamedObj
attribute
- The attribute that has changed.IllegalActionException
- If the specified attribute
is URL and the file cannot be opened.public void createKeystore(java.lang.String keystoreFilename) throws IllegalActionException
keystoreFilename
- The name of the keystore file.IllegalActionException
- If there is a problem creating
the keystore.public void fire() throws IllegalActionException
fire
in interface Executable
fire
in class AtomicActor<TypedIOPort>
IllegalActionException
- Not thrown in this base class.public void stopFire()
stopFire
in interface Executable
stopFire
in class AtomicActor<TypedIOPort>
public void wrapup() throws IllegalActionException
wrapup
in interface Initializable
wrapup
in class AtomicActor<TypedIOPort>
IllegalActionException
- Not thrown in this base class.protected void _initializeKeyStore() throws IllegalActionException
IllegalActionException
- If KeyStore.getInstance()
throws an exception.protected void _loadKeyStore() throws IllegalActionException
IllegalActionException
- If there is a problem creating
a new keystore or loading a preexisting keystore.protected java.lang.String fileOrURLDescription()