Package io.deephaven.enterprise.auth

Class KeyPairFile

java.lang.Object
io.deephaven.enterprise.auth.KeyPairFile
Direct Known Subclasses:
PubKeyFile
public class KeyPairFile extends Object
A public and private key used to authenticate to Deephaven.

  • Field Details

    • USER_TAG

      public static final String USER_TAG
      The tag for the "user" line in a private key file, which is the user to authenticate as.
      See Also:

    • OPERATEAS_TAG

      public static final String OPERATEAS_TAG
      The tag for the "operateas" line in a private key file, which is the user to operate as after authentication.
      See Also:

    • PRIVATE_TAG

      public static final String PRIVATE_TAG
      The tag for the "private" line in a private key file, which contains the DER encoded private key.
      See Also:

    • PUBLIC_TAG

      public static final String PUBLIC_TAG
      The tag for the "public" line in a private key file, which contains the DER encoded public key.
      See Also:

    • EC_SENTINEL

      public static final byte[] EC_SENTINEL
      If the key bytes start with "EC:", then we treat the key as an ECDSA key; otherwise we assume it is DSA.

  • Constructor Details

    • KeyPairFile

      public KeyPairFile(@NotNull String privateKeyFileOrResource)

    • KeyPairFile

      public KeyPairFile(String[] privateKeyLines)

    • KeyPairFile

      public KeyPairFile(@NotNull String source, @NotNull Map<String,String> keyLines)

  • Method Details

    • readKeyLines

      public static Map<String,String> readKeyLines(Class clazz, @NotNull String privateKeyFileOrResource)

    • readFromStream

      public static Map<String,String> readFromStream(@NotNull InputStream keyInputStream, String sourceDescription) throws IOException
      Throws:
      IOException

    • hasEcSentinel

      public static boolean hasEcSentinel(byte[] x509encoded)
      Returns true if the byte array begins with the "EC:" sentinel
      Parameters:
      x509encoded - the encoded key, possibly prepended with "EC:"
      Returns:
      true if we should decode this as an EC key, after calling stripEcSentinel

    • stripEcSentinel

      public static byte[] stripEcSentinel(byte[] encoded)
      Remove "EC:" from the beginning of the encoded key. The encoded array must begin with "EC:" or result are undefined.
      Parameters:
      encoded - the encoded key with the sentinel
      Returns:
      the encoded key without the sentinel

    • addEcSentinel

      public static byte[] addEcSentinel(byte[] encoded)
      Add "EC" sentinel to encoded key
      Parameters:
      encoded - the encoded key
      Returns:
      the encoded key prepended with "EC:"

    • maybeAddSentinelAndBase64Encode

      public static String maybeAddSentinelAndBase64Encode(PublicKey publicKey)
      Encode publicKey into a base64 string, possibly adding the EC sentinel as appropriate.
      Parameters:
      publicKey - the public key to encode
      Returns:
      an encoded string of the public key

    • maybeAddSentinelAndEncode

      public static byte[] maybeAddSentinelAndEncode(PublicKey publicKey)
      Encode publicKey, adding the EC sentinel as appropriate.
      Parameters:
      publicKey - the public key to encode
      Returns:
      an encoded public key

    • getUser

      public String getUser()

    • getOperateAs

      public String getOperateAs()

    • getPublicKey

      public PublicKey getPublicKey()

    • getPrivateKey

      public PrivateKey getPrivateKey()

    • getSignedBytes

      public byte[] getSignedBytes(byte[] bytes) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException
      Throws:
      NoSuchProviderException
      NoSuchAlgorithmException
      InvalidKeyException
      SignatureException

    • generateNewKeys

      public static KeyPairFile generateNewKeys(String privateKeyFile, String publicKeyFile, String user) throws NoSuchAlgorithmException, NoSuchProviderException, IOException
      Generates a new ECDSA public and private key pair and writes it in Deephaven format.

      This method delegates to generateNewKeys(String, String, String, String), with a value for operateas that is equal to user.

      To use the key, you must store the public key in the ACL database.

      Parameters:
      privateKeyFile - the destination for the private key file
      publicKeyFile - the destination for the public key file
      user - the username to write to the key file
      Returns:
      a KeyPairFile with the new key
      Throws:
      NoSuchAlgorithmException
      NoSuchProviderException
      IOException

    • generateNewKeys

      public static KeyPairFile generateNewKeys(String privateKeyFile, String publicKeyFile, String user, String operateAs) throws NoSuchAlgorithmException, NoSuchProviderException, IOException
      Generates a new ECDSA public and private key pair and writes it in Deephaven format.

      To use the key, you must store the public key in the ACL database.

      Parameters:
      privateKeyFile - the destination for the private key file
      publicKeyFile - the destination for the public key file
      user - the username to write to the key file
      operateAs - the user to operate as after authentication
      Returns:
      a KeyPairFile with the new key
      Throws:
      NoSuchAlgorithmException
      NoSuchProviderException
      IOException