Remove dependency on AEM's KeyStoreService

Introduce AEM agnostic service interface for which an impl is only
registered when running inside AEM.
Allows starting SCR component AuthorizableInstallerServiceImpl even
outside AEM.

This closes #878

Author: kwin

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aem/AemUserKeyStoreService.java

@@ -0,0 +1,57 @@
+package biz.netcentric.cq.tools.actool.aem;
+
+/*-
+ * #%L
+ * Access Control Tool Bundle
+ * %%
+ * Copyright (C) 2015 - 2026 Cognizant Netcentric
+ * %%
+ * This program and the accompanying materials are made
+ * available under the terms of the Eclipse Public License 2.0
+ * which is available at https://www.eclipse.org/legal/epl-2.0/
+ * 
+ * SPDX-License-Identifier: EPL-2.0
+ * #L%
+ */
+
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+
+import org.apache.sling.api.resource.ResourceResolver;
+import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.Reference;
+import org.osgi.service.component.annotations.ReferencePolicyOption;
+
+import com.adobe.granite.keystore.KeyStoreService;
+
+import biz.netcentric.cq.tools.actool.crypto.UserKeyStoreService;
+
+@Component
+public class AemUserKeyStoreService implements UserKeyStoreService {
+
+    @Reference(policyOption = ReferencePolicyOption.GREEDY)
+    private KeyStoreService delegate;
+
+    @Override
+    public boolean keyStoreExists(ResourceResolver resourceResolver, String userId) {
+        return delegate.keyStoreExists(resourceResolver, userId);
+    }
+
+    @Override
+    public void addKeyStoreKeyEntry(ResourceResolver resourceResolver, String userId, String key, PrivateKey privateKey,
+            Certificate[] certificates) {
+        delegate.addKeyStoreKeyEntry(resourceResolver, userId, key, privateKey, certificates);
+    }
+
+    @Override
+    public void addKeyStoreKeyPair(ResourceResolver resourceResolver, String userId, KeyPair keyPair, String key) {
+        delegate.addKeyStoreKeyPair(resourceResolver, userId, keyPair, key);
+    }
+
+    @Override
+    public void createKeyStore(ResourceResolver resourceResolver, String userId, char[] keyStorePasswordCharArray) {
+        delegate.createKeyStore(resourceResolver, userId, keyStorePasswordCharArray);
+    }
+
+}

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImpl.java

@@ -62,7 +62,6 @@
 import org.slf4j.LoggerFactory;
 
 import com.adobe.granite.keystore.KeyStoreNotInitialisedException;
-import com.adobe.granite.keystore.KeyStoreService;
 
 import biz.netcentric.cq.tools.actool.api.InstallationOptions;
 import biz.netcentric.cq.tools.actool.authorizableinstaller.AuthorizableCreatorException;
@@ -73,6 +72,7 @@
 import biz.netcentric.cq.tools.actool.configmodel.pkcs.Key;
 import biz.netcentric.cq.tools.actool.configmodel.pkcs.RandomPassword;
 import biz.netcentric.cq.tools.actool.crypto.DecryptionService;
+import biz.netcentric.cq.tools.actool.crypto.UserKeyStoreService;
 import biz.netcentric.cq.tools.actool.externalusermanagement.ExternalGroupManagement;
 import biz.netcentric.cq.tools.actool.helper.AcHelper;
 import biz.netcentric.cq.tools.actool.helper.AccessControlUtils;
@@ -105,7 +105,7 @@ public class AuthorizableInstallerServiceImpl implements
     DecryptionService decryptionService;
 
     @Reference(cardinality = ReferenceCardinality.OPTIONAL, policy=ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
-    volatile KeyStoreService keyStoreService;
+    volatile UserKeyStoreService keyStoreService;
 
     @Reference(policyOption = ReferencePolicyOption.GREEDY)
     ResourceResolverFactory resourceResolverFactory;

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/crypto/UserKeyStoreService.java

@@ -0,0 +1,36 @@
+package biz.netcentric.cq.tools.actool.crypto;
+
+/*-
+ * #%L
+ * Access Control Tool Bundle
+ * %%
+ * Copyright (C) 2015 - 2026 Cognizant Netcentric
+ * %%
+ * This program and the accompanying materials are made
+ * available under the terms of the Eclipse Public License 2.0
+ * which is available at https://www.eclipse.org/legal/epl-2.0/
+ * 
+ * SPDX-License-Identifier: EPL-2.0
+ * #L%
+ */
+
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+
+import org.apache.sling.api.resource.ResourceResolver;
+
+/** Interface for managing user's key stores. 
+ * This allows to decouple from a concrete (AEM-specific) interface like {@link com.adobe.granite.keystore.KeyStoreService} */
+public interface UserKeyStoreService {
+
+    boolean keyStoreExists(ResourceResolver resourceResolver, String userId);
+
+    void addKeyStoreKeyEntry(ResourceResolver resourceResolver, String userId, String key, PrivateKey privateKey,
+            Certificate[] certificates);
+
+    void addKeyStoreKeyPair(ResourceResolver resourceResolver, String userId, KeyPair keyPair, String key);
+
+    void createKeyStore(ResourceResolver resourceResolver, String userId, char[] keyStorePasswordCharArray);
+
+}