Package ghidra.net

Class ApplicationKeyManagerFactory

java.lang.Object
ghidra.net.ApplicationKeyManagerFactory
public class ApplicationKeyManagerFactory extends Object
ApplicationKeyManagerFactory provides application keystore management functionality and the ability to generate X509KeyManager's for use with an SSLContext or other PKI related operations. Access to keystore data (other than keystore path) is restricted to package access. Certain public operations are exposed via the ApplicationKeyManagerUtils class.

  • Field Details

    • KEYSTORE_PATH_PROPERTY

      public static final String KEYSTORE_PATH_PROPERTY
      Keystore path system property or user preference. Setting the system property will take precedence over the user preference.
      See Also:

    • KEYSTORE_PASSWORD_PROPERTY

      public static final String KEYSTORE_PASSWORD_PROPERTY
      Password system property may be set. If set, this password will be used when accessing the keystore before attempting to use customPasswordProvider if it has been set.
      See Also:

    • DEFAULT_PASSWORD

      public static final String DEFAULT_PASSWORD
      See Also:

  • Method Details

    • setKeyStorePasswordProvider

      public static void setKeyStorePasswordProvider(KeyStorePasswordProvider provider)
      Set the active keystore password provider
      Parameters:
      provider - keystore password provider

    • setKeyStore

      public static boolean setKeyStore(String path, boolean savePreference)
      Set user keystore file path (e.g., certificate file with private key). This method will have no effect if the keystore had been set via the system property and an error will be displayed. Otherwise, the keystore will be updated and the key manager re-initialized. The user preference will be updated unless a failure occurred while attempting to open the keystore. This change will take immediate effect for the current executing application, however, it may still be superseded by a system property setting when running the application in the future. See getKeyStore().
      Parameters:
      path - keystore file path or null to clear current key store and preference.
      savePreference - if true will be saved as user preference
      Returns:
      true if successful else false if error occured (see log).

    • getKeyStore

      public static String getKeyStore()
      Get the keystore path associated with the active key manager or the preferred keystore path if not yet initialized.

    • getPreferredKeyStore

      public static String getPreferredKeyStore()
      If the system property ghidra.keystore takes precedence in establishing the keystore. If using a GUI and the system property has not been set, the user preference with the same name will be used.
      Returns:
      active keystore path or null if currently not running with a keystore or one has not been set.

    • usingGeneratedSelfSignedCertificate

      public static boolean usingGeneratedSelfSignedCertificate()
      Determine if active key manager is utilizing a generated self-signed certificate.
      Returns:
      true if using self-signed certificate.

    • setDefaultIdentity

      public static void setDefaultIdentity(X500Principal identity)
      Set the default self-signed principal identity to be used during initialization if no keystore defined. Current application key manager will be invalidated. (NOTE: this is intended for server use only when client will not be performing CA validation).
      Parameters:
      identity - if not null and a KeyStore path has not be set, this identity will be used to generate a self-signed certificate and private key

    • addSubjectAlternativeName

      public static void addSubjectAlternativeName(String subjectAltName)
      Add the optional self-signed subject alternative name to be used during initialization if no keystore defined. Current application key manager will be invalidated. (NOTE: this is intended for server use only when client will not be performing CA validation).
      Parameters:
      subjectAltName - name to be added to the current list of alternative subject names. A null value will clear all names currently set. name will be used to generate a self-signed certificate and private key

    • getSubjectAlternativeName

      public static List<String> getSubjectAlternativeName()
      Get the current list of subject alternative names to be used for a self-signed certificate if no keystore defined.
      Returns:
      list of subject alternative names to be used for a self-signed certificate if no keystore defined.

    • initialize

      public static boolean initialize()
      Initialize key manager if needed. Doing this explicitly independent of an SSL connection allows application to bail before initiating connection. This will get handshake failure if user forgets keystore password or other keystore problem.
      Returns:
      true if key manager initialized, otherwise false

    • invalidateKeyManagers

      public static void invalidateKeyManagers()
      Invalidate the key managers associated with this factory