Package net.shibboleth.shared.security.impl

Class ScriptedKeyStrategy

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
net.shibboleth.shared.security.impl.ScriptedKeyStrategy
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, DataSealerKeyStrategy
public class ScriptedKeyStrategy extends AbstractInitializableComponent implements DataSealerKeyStrategy
Implements a strategy for access to versioned symmetric keys using scripts.

Suitable for integrating with external key services.

  • Field Details

    • log

      @Nonnull private org.slf4j.Logger log
      Class logger.

    • keyScript

      @NonnullAfterInit private EvaluableScript keyScript
      Script to obtain keys.

    • customObject

      @Nullable private Object customObject
      Custom object for script.

    • currentAlias

      @NonnullAfterInit private String currentAlias
      Current key alias loaded.

    • defaultKey

      @NonnullAfterInit private SecretKey defaultKey
      Current default key loaded.

    • keyCache

      @Nonnull private final LinkedHashMap<String,SecretKey> keyCache
      Cache of keys.

    • updateInterval

      @Nonnull private Duration updateInterval
      Time between key update checks. Default value: (PT15M).

    • updateTaskTimer

      @Nullable private Timer updateTaskTimer
      Timer used to schedule update tasks.

    • internalTaskTimer

      @Nullable private Timer internalTaskTimer
      Timer used to schedule update tasks if no external one set.

    • updateTask

      @Nullable private TimerTask updateTask
      Task that checks for updated key version.

    • cacheSize

      @NonNegative private long cacheSize
      Size of key cache to maintain.

  • Constructor Details

    • ScriptedKeyStrategy

      public ScriptedKeyStrategy()
      Constructor.

  • Method Details

    • setKeyScript

      public void setKeyScript(@Nonnull EvaluableScript script)
      Set the script to run to access keys.
      Parameters:
      script - script to run

    • setCustomObject

      public void setCustomObject(@Nullable Object object)
      Set the custom (externally provided) object.
      Parameters:
      object - the custom object

    • setUpdateInterval

      public void setUpdateInterval(@Nonnull Duration interval)
      Set the time between key update checks. A value of 0 indicates that no updates will be performed. This setting cannot be changed after the service has been initialized.
      Parameters:
      interval - time between key update checks

    • setUpdateTaskTimer

      public void setUpdateTaskTimer(@Nullable Timer timer)
      Set the timer used to schedule update tasks. This setting cannot be changed after the service has been initialized.
      Parameters:
      timer - timer used to schedule update tasks

    • setCacheSize

      public void setCacheSize(@NonNegative long size)
      Set the number of keys to cache.

      Defaults to 30.

      Parameters:
      size - size of cache

    • doInitialize

      public void doInitialize() throws ComponentInitializationException
      Overrides:
      doInitialize in class AbstractInitializableComponent
      Throws:
      ComponentInitializationException

    • doDestroy

      protected void doDestroy()
      Overrides:
      doDestroy in class AbstractInitializableComponent

    • getDefaultKey

      @Nonnull public Pair<String,SecretKey> getDefaultKey() throws KeyException
      Get the default/current key to use for new operations, returned along with an identifier for it.
      Specified by:
      getDefaultKey in interface DataSealerKeyStrategy
      Returns:
      the key
      Throws:
      KeyException - if the key cannot be returned

    • getDefaultKeyRecord

      @Nonnull public DataSealerKeyStrategy.NamedKey getDefaultKeyRecord() throws KeyException
      Get an immutable record of the default named key.
      Specified by:
      getDefaultKeyRecord in interface DataSealerKeyStrategy
      Returns:
      default key record
      Throws:
      KeyException - if the key is unobtainable

    • getKey

      @Nonnull public SecretKey getKey(@Nonnull @NotEmpty String name) throws KeyException
      Get a specifically named key.
      Specified by:
      getKey in interface DataSealerKeyStrategy
      Parameters:
      name - name of the key to retrieve
      Returns:
      the key
      Throws:
      KeyException - if the key cannot be returned, does not exist, etc.

    • updateDefaultKey

      private void updateDefaultKey() throws KeyException
      Update the loaded copy of the default key based on the current key version if it's out of date (loading key version from scratch if need be).

      Also purge cache to limit size.

      Throws:
      KeyException - if the key cannot be updated