public class E2ETestKeyManagementService extends SingletonSerializeAsToken implements KeyManagementService
A simple in-memory KMS that doesn't bother saving keys to disk. A real implementation would:
Probably be accessed via the network layer as an internal node service i.e. via a message queue, so it can run on a separate/firewalled service.
Use the flow framework so requests to fetch keys can be suspended whilst a human signs off on the request.
Use deterministic key derivation.
Possibly have some sort of TREZOR-like two-factor authentication ability.
etc.
KeyManagementService.DefaultImpls
Constructor and Description |
---|
E2ETestKeyManagementService(java.util.Set<java.security.KeyPair> initialKeys)
A simple in-memory KMS that doesn't bother saving keys to disk. A real implementation would:
|
Modifier and Type | Method and Description |
---|---|
java.security.KeyPair |
freshKey()
Generates a new random key and adds it to the exposed map.
|
java.util.Map<java.security.PublicKey,java.security.PrivateKey> |
getKeys()
Returns a snapshot of the current pubkey->privkey mapping.
|
java.security.KeyPair |
toKeyPair(java.security.PublicKey publicKey) |
java.security.KeyPair |
toKeyPair(java.lang.Iterable<? extends java.security.PublicKey> publicKeys)
Returns the first KeyPair matching any of the publicKeys
|
java.security.PrivateKey |
toPrivate(java.security.PublicKey publicKey) |
toToken
freshKey, getKeys, toKeyPair, toKeyPair, toPrivate
toToken
public E2ETestKeyManagementService(java.util.Set<java.security.KeyPair> initialKeys)
A simple in-memory KMS that doesn't bother saving keys to disk. A real implementation would:
Probably be accessed via the network layer as an internal node service i.e. via a message queue, so it can run on a separate/firewalled service.
Use the flow framework so requests to fetch keys can be suspended whilst a human signs off on the request.
Use deterministic key derivation.
Possibly have some sort of TREZOR-like two-factor authentication ability.
etc.
public java.util.Map<java.security.PublicKey,java.security.PrivateKey> getKeys()
Returns a snapshot of the current pubkey->privkey mapping.
public java.security.KeyPair freshKey()
Generates a new random key and adds it to the exposed map.
public java.security.PrivateKey toPrivate(java.security.PublicKey publicKey)
public java.security.KeyPair toKeyPair(java.security.PublicKey publicKey)