Package dev.galasa.framework.spi.creds

Class CredentialsKeyStore

java.lang.Object
dev.galasa.framework.spi.creds.Credentials
dev.galasa.framework.spi.creds.AbstractCredentials
dev.galasa.framework.spi.creds.CredentialsKeyStore
All Implemented Interfaces:
ICredentials, ICredentialsKeyStore
public class CredentialsKeyStore extends AbstractCredentials implements ICredentialsKeyStore
Implementation of ICredentialsKeyStore that stores a Java KeyStore containing certificates and private keys for client authentication. This class handles KeyStore credentials stored in base64 encoding. The KeyStore bytes must be base64 encoded when stored in the credentials store. Supported KeyStore types: PKCS12 - Industry standard format (recommended) JKS - Java KeyStore format (legacy)

  • Field Details

  • Constructor Details

    • CredentialsKeyStore

      public CredentialsKeyStore(String keyStore, String keyStorePassword, String keyStoreType) throws CredentialsException
      Constructor for plain-text KeyStore (programmatic creation/testing). This constructor is used when creating credentials programmatically or for testing. The KeyStore data must be base64 encoded (without "base64:" prefix).
      Parameters:
      keyStore - The base64-encoded KeyStore bytes (without "base64:" prefix)
      keyStorePassword - The password for the KeyStore
      keyStoreType - The type of KeyStore ("PKCS12" or "JKS", defaults to "PKCS12" if null)
      Throws:
      CredentialsException - if decoding fails or format is invalid
      IllegalArgumentException - if keyStoreType is not "PKCS12" or "JKS"

    • CredentialsKeyStore

      public CredentialsKeyStore(SecretKeySpec key, String keyStore, String keyStorePassword, String keyStoreType) throws CredentialsException
      Constructor for KeyStore credentials loaded from storage (file/etcd). This constructor is used when loading credentials from the Credentials Store. It handles both encrypted (from etcd) and encoded (from file) KeyStore data. For etcd storage: - The KeyStore, password, and type values are encrypted - This constructor decrypts them using the provided encryption key - The decrypted KeyStore data is base64 encoded (without "base64:" prefix) For file storage: - KeyStore value is base64 encoded - Password and type are plain text
      Parameters:
      key - The encryption key for decrypting etcd-stored credentials
      keyStore - The KeyStore data (encrypted from etcd, or base64 from file)
      keyStorePassword - The password (encrypted from etcd, or plain text from file)
      keyStoreType - The KeyStore type (encrypted from etcd, or plain text from file)
      Throws:
      CredentialsException - if decryption/decoding fails or format is invalid
      IllegalArgumentException - if keyStoreType is not "PKCS12" or "JKS"

  • Method Details

    • getKeyStore

      public KeyStore getKeyStore() throws CredentialsException
      Get the KeyStore containing certificates and keys. The KeyStore is loaded from the stored bytes using the configured password. The KeyStore can then be used to configure SSL contexts for secure connections. The KeyStore is lazily loaded on first access and cached for subsequent calls. If the KeyStore cannot be loaded, a RuntimeException is thrown with details of the failure.
      Specified by:
      getKeyStore in interface ICredentialsKeyStore
      Returns:
      KeyStore object containing certificates and keys
      Throws:
      CredentialsException

    • getKeyStorePassword

      public String getKeyStorePassword()
      Get the password for the KeyStore. This password is used to unlock the KeyStore and access the private keys within it. The password should be kept secure and is typically encrypted when stored.
      Specified by:
      getKeyStorePassword in interface ICredentialsKeyStore
      Returns:
      KeyStore password as a String

    • getKeyStoreType

      public String getKeyStoreType()
      Get the type of KeyStore. The KeyStore type determines the format and capabilities of the KeyStore. Supported types are: PKCS12 - Industry standard format (recommended) JKS - Java KeyStore format (legacy)
      Specified by:
      getKeyStoreType in interface ICredentialsKeyStore
      Returns:
      KeyStore type identifier ("PKCS12" or "JKS")

    • getEncodedKeyStore

      public String getEncodedKeyStore()
      Get the base64-encoded KeyStore data. Returns the KeyStore bytes in base64-encoded format with the "base64:" prefix. This is the format used for storing and transmitting KeyStore data in the credentials store and via the Secrets API. When credentials are stored in etcd, the value may be encrypted. This method handles decryption automatically and returns the decrypted "base64:..." value. For file-based credentials, it returns the value as stored. Returns the KeyStore data in base64-encoded format. The keyStoreString field already contains the decrypted value (if it was encrypted in etcd) or the original value (if from file storage).
      Specified by:
      getEncodedKeyStore in interface ICredentialsKeyStore
      Returns:
      The base64-encoded KeyStore data with "base64:" prefix

    • toProperties

      public Properties toProperties(String credentialsId)
      Convert this KeyStore credential to Properties format for storage. The KeyStore bytes are base64 encoded for storage. The password is stored as plain text.
      Specified by:
      toProperties in interface ICredentials
      Parameters:
      credentialsId - The ID to use as a prefix for property keys
      Returns:
      Properties object containing the KeyStore data