java.security: abstract public class: KeyStoreSpi

java.security
abstract public class: KeyStoreSpi [javadoc | source]

java.lang.Object
   java.security.KeyStoreSpi

This class defines the Service Provider Interface (SPI) for the KeyStore class. All the abstract methods in this class must be implemented by each cryptographic service provider who wishes to supply the implementation of a keystore for a particular keystore type.

Also see:

KeyStore

author: Jan - Luehe

since: 1.2 -

Method from java.security.KeyStoreSpi Summary:
engineAliases, engineContainsAlias, engineDeleteEntry, engineEntryInstanceOf, engineGetCertificate, engineGetCertificateAlias, engineGetCertificateChain, engineGetCreationDate, engineGetEntry, engineGetKey, engineIsCertificateEntry, engineIsKeyEntry, engineLoad, engineLoad, engineSetCertificateEntry, engineSetEntry, engineSetKeyEntry, engineSetKeyEntry, engineSize, engineStore, engineStore

Methods from java.lang.Object:
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from java.security.KeyStoreSpi Detail:
abstract public Enumeration<String> engineAliases() Lists all the alias names of this keystore.
abstract public boolean engineContainsAlias(String alias) Checks if the given alias exists in this keystore.
abstract public void engineDeleteEntry(String alias) throws KeyStoreException Deletes the entry identified by the given alias from this keystore.
public boolean engineEntryInstanceOf(String alias, Class<Entry> entryClass) { if (entryClass == KeyStore.TrustedCertificateEntry.class) { return engineIsCertificateEntry(alias); } if (entryClass == KeyStore.PrivateKeyEntry.class) { return engineIsKeyEntry(alias) && engineGetCertificate(alias) != null; } if (entryClass == KeyStore.SecretKeyEntry.class) { return engineIsKeyEntry(alias) && engineGetCertificate(alias) == null; } return false; } Determines if the keystore `Entry` for the specified `alias` is an instance or subclass of the specified `entryClass`.
abstract public Certificate engineGetCertificate(String alias) Returns the certificate associated with the given alias. If the given alias name identifies an entry created by a call to `setCertificateEntry`, or created by a call to `setEntry` with a `TrustedCertificateEntry`, then the trusted certificate contained in that entry is returned. If the given alias name identifies an entry created by a call to `setKeyEntry`, or created by a call to `setEntry` with a `PrivateKeyEntry`, then the first element of the certificate chain in that entry (if a chain exists) is returned.
abstract public String engineGetCertificateAlias(Certificate cert) Returns the (alias) name of the first keystore entry whose certificate matches the given certificate. This method attempts to match the given certificate with each keystore entry. If the entry being considered was created by a call to `setCertificateEntry`, or created by a call to `setEntry` with a `TrustedCertificateEntry`, then the given certificate is compared to that entry's certificate. If the entry being considered was created by a call to `setKeyEntry`, or created by a call to `setEntry` with a `PrivateKeyEntry`, then the given certificate is compared to the first element of that entry's certificate chain.
abstract public Certificate[] engineGetCertificateChain(String alias) Returns the certificate chain associated with the given alias. The certificate chain must have been associated with the alias by a call to `setKeyEntry`, or by a call to `setEntry` with a `PrivateKeyEntry`.
abstract public Date engineGetCreationDate(String alias) Returns the creation date of the entry identified by the given alias.
public Entry engineGetEntry(String alias, ProtectionParameter protParam) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException { if (!engineContainsAlias(alias)) { return null; } if (protParam == null) { if (engineIsCertificateEntry(alias)) { return new KeyStore.TrustedCertificateEntry (engineGetCertificate(alias)); } else { throw new UnrecoverableKeyException ("requested entry requires a password"); } } if (protParam instanceof KeyStore.PasswordProtection) { if (engineIsCertificateEntry(alias)) { throw new UnsupportedOperationException ("trusted certificate entries are not password-protected"); } else if (engineIsKeyEntry(alias)) { KeyStore.PasswordProtection pp = (KeyStore.PasswordProtection)protParam; char[] password = pp.getPassword(); Key key = engineGetKey(alias, password); if (key instanceof PrivateKey) { Certificate[] chain = engineGetCertificateChain(alias); return new KeyStore.PrivateKeyEntry((PrivateKey)key, chain); } else if (key instanceof SecretKey) { return new KeyStore.SecretKeyEntry((SecretKey)key); } } } throw new UnsupportedOperationException(); } Gets a `KeyStore.Entry` for the specified alias with the specified protection parameter.
abstract public Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException, UnrecoverableKeyException Returns the key associated with the given alias, using the given password to recover it. The key must have been associated with the alias by a call to `setKeyEntry`, or by a call to `setEntry` with a `PrivateKeyEntry` or `SecretKeyEntry`.
abstract public boolean engineIsCertificateEntry(String alias) Returns true if the entry identified by the given alias was created by a call to `setCertificateEntry`, or created by a call to `setEntry` with a `TrustedCertificateEntry`.
abstract public boolean engineIsKeyEntry(String alias) Returns true if the entry identified by the given alias was created by a call to `setKeyEntry`, or created by a call to `setEntry` with a `PrivateKeyEntry` or a `SecretKeyEntry`.
public void engineLoad(LoadStoreParameter param) throws IOException, NoSuchAlgorithmException, CertificateException { if (param == null) { engineLoad((InputStream)null, (char[])null); return; } if (param instanceof KeyStore.SimpleLoadStoreParameter) { ProtectionParameter protection = param.getProtectionParameter(); char[] password; if (protection instanceof PasswordProtection) { password = ((PasswordProtection)protection).getPassword(); } else if (protection instanceof CallbackHandlerProtection) { CallbackHandler handler = ((CallbackHandlerProtection)protection).getCallbackHandler(); PasswordCallback callback = new PasswordCallback("Password: ", false); try { handler.handle(new Callback[] {callback}); } catch (UnsupportedCallbackException e) { throw new NoSuchAlgorithmException ("Could not obtain password", e); } password = callback.getPassword(); callback.clearPassword(); if (password == null) { throw new NoSuchAlgorithmException ("No password provided"); } } else { throw new NoSuchAlgorithmException("ProtectionParameter must" + " be PasswordProtection or CallbackHandlerProtection"); } engineLoad(null, password); return; } throw new UnsupportedOperationException(); } Loads the keystore using the given `KeyStore.LoadStoreParameter`. Note that if this KeyStore has already been loaded, it is reinitialized and loaded again from the given parameter.
abstract public void engineLoad(InputStream stream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException Loads the keystore from the given input stream. A password may be given to unlock the keystore (e.g. the keystore resides on a hardware token device), or to check the integrity of the keystore data. If a password is not given for integrity checking, then integrity checking is not performed.
abstract public void engineSetCertificateEntry(String alias, Certificate cert) throws KeyStoreException Assigns the given certificate to the given alias. If the given alias identifies an existing entry created by a call to `setCertificateEntry`, or created by a call to `setEntry` with a `TrustedCertificateEntry`, the trusted certificate in the existing entry is overridden by the given certificate.
public void engineSetEntry(String alias, Entry entry, ProtectionParameter protParam) throws KeyStoreException { // get password if (protParam != null && !(protParam instanceof KeyStore.PasswordProtection)) { throw new KeyStoreException("unsupported protection parameter"); } KeyStore.PasswordProtection pProtect = null; if (protParam != null) { pProtect = (KeyStore.PasswordProtection)protParam; } // set entry if (entry instanceof KeyStore.TrustedCertificateEntry) { if (protParam != null && pProtect.getPassword() != null) { // pre-1.5 style setCertificateEntry did not allow password throw new KeyStoreException ("trusted certificate entries are not password-protected"); } else { KeyStore.TrustedCertificateEntry tce = (KeyStore.TrustedCertificateEntry)entry; engineSetCertificateEntry(alias, tce.getTrustedCertificate()); return; } } else if (entry instanceof KeyStore.PrivateKeyEntry) { if (pProtect == null \|\| pProtect.getPassword() == null) { // pre-1.5 style setKeyEntry required password throw new KeyStoreException ("non-null password required to create PrivateKeyEntry"); } else { engineSetKeyEntry (alias, ((KeyStore.PrivateKeyEntry)entry).getPrivateKey(), pProtect.getPassword(), ((KeyStore.PrivateKeyEntry)entry).getCertificateChain()); return; } } else if (entry instanceof KeyStore.SecretKeyEntry) { if (pProtect == null \|\| pProtect.getPassword() == null) { // pre-1.5 style setKeyEntry required password throw new KeyStoreException ("non-null password required to create SecretKeyEntry"); } else { engineSetKeyEntry (alias, ((KeyStore.SecretKeyEntry)entry).getSecretKey(), pProtect.getPassword(), (Certificate[])null); return; } } throw new KeyStoreException ("unsupported entry type: " + entry.getClass().getName()); } Saves a `KeyStore.Entry` under the specified alias. The specified protection parameter is used to protect the `Entry`. If an entry already exists for the specified alias, it is overridden.
abstract public void engineSetKeyEntry(String alias, byte[] key, Certificate[] chain) throws KeyStoreException Assigns the given key (that has already been protected) to the given alias. If the protected key is of type `java.security.PrivateKey`, it must be accompanied by a certificate chain certifying the corresponding public key. If the given alias already exists, the keystore information associated with it is overridden by the given key (and possibly certificate chain).
abstract public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException Assigns the given key to the given alias, protecting it with the given password. If the given key is of type `java.security.PrivateKey`, it must be accompanied by a certificate chain certifying the corresponding public key. If the given alias already exists, the keystore information associated with it is overridden by the given key (and possibly certificate chain).
abstract public int engineSize() Retrieves the number of entries in this keystore.
public void engineStore(LoadStoreParameter param) throws IOException, NoSuchAlgorithmException, CertificateException { throw new UnsupportedOperationException(); } Stores this keystore using the given `KeyStore.LoadStoreParmeter`.
abstract public void engineStore(OutputStream stream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException Stores this keystore to the given output stream, and protects its integrity with the given password.