Package ghidra.net
Class ApplicationKeyManagerFactory
java.lang.Object
ghidra.net.ApplicationKeyManagerFactory
ApplicationKeyManagerFactory
provides application keystore management
functionality and the ability to generate X509KeyManager's for use with an SSLContext
or other PKI related operations. Access to keystore data (other than keystore path)
is restricted to package access. Certain public operations are exposed via the
ApplicationKeyManagerUtils
class.-
Field Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic void
addSubjectAlternativeName
(String subjectAltName) Add the optional self-signed subject alternative name to be used during initialization if no keystore defined.static String
Get the keystore path associated with the active key manager or the preferred keystore path if not yet initialized.static String
If the system property ghidra.keystore takes precedence in establishing the keystore.Get the current list of subject alternative names to be used for a self-signed certificate if no keystore defined.static boolean
Initialize key manager if needed.static void
Invalidate the key managers associated with this factorystatic void
setDefaultIdentity
(X500Principal identity) Set the default self-signed principal identity to be used during initialization if no keystore defined.static boolean
setKeyStore
(String path, boolean savePreference) Set user keystore file path (e.g., certificate file with private key).static void
Set the active keystore password providerstatic boolean
Determine if active key manager is utilizing a generated self-signed certificate.
-
Field Details
-
KEYSTORE_PATH_PROPERTY
Keystore path system property or user preference. Setting the system property will take precedence over the user preference.- See Also:
-
KEYSTORE_PASSWORD_PROPERTY
Password system property may be set. If set, this password will be used when accessing the keystore before attempting to usecustomPasswordProvider
if it has been set.- See Also:
-
DEFAULT_PASSWORD
- See Also:
-
-
Method Details
-
setKeyStorePasswordProvider
Set the active keystore password provider- Parameters:
provider
- keystore password provider
-
setKeyStore
Set user keystore file path (e.g., certificate file with private key). This method will have no effect if the keystore had been set via the system property and an error will be displayed. Otherwise, the keystore will be updated and the key manager re-initialized. The user preference will be updated unless a failure occurred while attempting to open the keystore. This change will take immediate effect for the current executing application, however, it may still be superseded by a system property setting when running the application in the future. SeegetKeyStore()
.- Parameters:
path
- keystore file path or null to clear current key store and preference.savePreference
- if true will be saved as user preference- Returns:
- true if successful else false if error occured (see log).
-
getKeyStore
Get the keystore path associated with the active key manager or the preferred keystore path if not yet initialized. -
getPreferredKeyStore
If the system property ghidra.keystore takes precedence in establishing the keystore. If using a GUI and the system property has not been set, the user preference with the same name will be used.- Returns:
- active keystore path or null if currently not running with a keystore or one has not been set.
-
usingGeneratedSelfSignedCertificate
public static boolean usingGeneratedSelfSignedCertificate()Determine if active key manager is utilizing a generated self-signed certificate.- Returns:
- true if using self-signed certificate.
-
setDefaultIdentity
Set the default self-signed principal identity to be used during initialization if no keystore defined. Current application key manager will be invalidated. (NOTE: this is intended for server use only when client will not be performing CA validation).- Parameters:
identity
- if not null and a KeyStore path has not be set, this identity will be used to generate a self-signed certificate and private key
-
addSubjectAlternativeName
Add the optional self-signed subject alternative name to be used during initialization if no keystore defined. Current application key manager will be invalidated. (NOTE: this is intended for server use only when client will not be performing CA validation).- Parameters:
subjectAltName
- name to be added to the current list of alternative subject names. A null value will clear all names currently set. name will be used to generate a self-signed certificate and private key
-
getSubjectAlternativeName
Get the current list of subject alternative names to be used for a self-signed certificate if no keystore defined.- Returns:
- list of subject alternative names to be used for a self-signed certificate if no keystore defined.
-
initialize
public static boolean initialize()Initialize key manager if needed. Doing this explicitly independent of an SSL connection allows application to bail before initiating connection. This will get handshake failure if user forgets keystore password or other keystore problem.- Returns:
- true if key manager initialized, otherwise false
-
invalidateKeyManagers
public static void invalidateKeyManagers()Invalidate the key managers associated with this factory
-