Constructor Summary

Method Summary

Constructor Details

• KeyStoreSpi

  public KeyStoreSpi()

  Constructor for subclasses to call.

Method Details

• engineGetKey

  public abstract Key engineGetKey(String alias, char[] password) throwsNoSuchAlgorithmException,UnrecoverableKeyException

  Returns the key associated with the given alias, using the given password to recover it. The key must have been associated with the alias by a call tosetKeyEntry, or by a call tosetEntry with aPrivateKeyEntry orSecretKeyEntry.

  Parameters:

  alias - the alias name

  password - the password for recovering the key

  Returns:

  the requested key, ornull if the given alias does not exist or does not identify a key-related entry.

  Throws:

  NoSuchAlgorithmException - if the algorithm for recovering the key cannot be found

  UnrecoverableKeyException - if the key cannot be recovered (e.g., the given password is wrong).

• engineGetCertificateChain

  public abstract Certificate[] engineGetCertificateChain(String alias)

  Returns the certificate chain associated with the given alias. The certificate chain must have been associated with the alias by a call tosetKeyEntry, or by a call tosetEntry with aPrivateKeyEntry.

  Parameters:

  alias - the alias name

  Returns:

  the certificate chain (ordered with the user's certificate first and the root certificate authority last), ornull if the given alias * does not exist or does not contain a certificate chain

• engineGetCertificate

  public abstract Certificate engineGetCertificate(String alias)

  Returns the certificate associated with the given alias.

  If the given alias name identifies an entry created by a call tosetCertificateEntry, or created by a call tosetEntry with aTrustedCertificateEntry, then the trusted certificate contained in that entry is returned.

  If the given alias name identifies an entry created by a call tosetKeyEntry, or created by a call tosetEntry with aPrivateKeyEntry, then the first element of the certificate chain in that entry (if a chain exists) is returned.

  Parameters:

  alias - the alias name

  Returns:

  the certificate, ornull if the given alias does not exist or does not contain a certificate.

• engineGetCreationDate

  public abstract Date engineGetCreationDate(String alias)

  Returns the creation date of the entry identified by the given alias.

  Parameters:

  alias - the alias name

  Returns:

  the creation date of this entry, ornull if the given alias does not exist

• engineSetKeyEntry

  public abstract void engineSetKeyEntry(String alias,Key key, char[] password,Certificate[] chain) throwsKeyStoreException

  Assigns the given key to the given alias, protecting it with the given password.

  If the given key is of typejava.security.PrivateKey, it must be accompanied by a certificate chain certifying the corresponding public key.

  If the given alias already exists, the keystore information associated with it is overridden by the given key (and possibly certificate chain).

  Parameters:

  alias - the alias name

  key - the key to be associated with the alias

  password - the password to protect the key

  chain - the certificate chain for the corresponding public key (only required if the given key is of typejava.security.PrivateKey).

  Throws:

  KeyStoreException - if the given key cannot be protected, or this operation fails for some other reason

• engineSetKeyEntry

  public abstract void engineSetKeyEntry(String alias, byte[] key,Certificate[] chain) throwsKeyStoreException

  Assigns the given key (that has already been protected) to the given alias.

  If the protected key is of typejava.security.PrivateKey, it must be accompanied by a certificate chain certifying the corresponding public key.

  If the given alias already exists, the keystore information associated with it is overridden by the given key (and possibly certificate chain).

  Parameters:

  alias - the alias name

  key - the key (in protected format) to be associated with the alias

  chain - the certificate chain for the corresponding public key (only useful if the protected key is of typejava.security.PrivateKey).

  Throws:

  KeyStoreException - if this operation fails.

• engineSetCertificateEntry

  public abstract void engineSetCertificateEntry(String alias,Certificate cert) throwsKeyStoreException

  Assigns the given certificate to the given alias.

  If the given alias identifies an existing entry created by a call tosetCertificateEntry, or created by a call tosetEntry with aTrustedCertificateEntry, the trusted certificate in the existing entry is overridden by the given certificate.

  Parameters:

  alias - the alias name

  cert - the certificate

  Throws:

  KeyStoreException - if the given alias already exists and does not identify an entry containing a trusted certificate, or this operation fails for some other reason.

• engineDeleteEntry

  public abstract void engineDeleteEntry(String alias) throwsKeyStoreException

  Deletes the entry identified by the given alias from this keystore.

  Parameters:

  alias - the alias name

  Throws:

  KeyStoreException - if the entry cannot be removed.

• engineAliases

  public abstract Enumeration<String> engineAliases()

  Lists all the alias names of this keystore.

  Returns:

  enumeration of the alias names

• engineContainsAlias

  public abstract boolean engineContainsAlias(String alias)

  Checks if the given alias exists in this keystore.

  Parameters:

  alias - the alias name

  Returns:

  true if the alias exists,false otherwise

• engineSize

  public abstract int engineSize()

  Retrieves the number of entries in this keystore.

  Returns:

  the number of entries in this keystore

• engineIsKeyEntry

  public abstract boolean engineIsKeyEntry(String alias)

  Returnstrue if the entry identified by the given alias was created by a call tosetKeyEntry, or created by a call tosetEntry with aPrivateKeyEntry or aSecretKeyEntry.

  Parameters:

  alias - the alias for the keystore entry to be checked

  Returns:

  true if the entry identified by the given alias is a key-related,false otherwise.

• engineIsCertificateEntry

  public abstract boolean engineIsCertificateEntry(String alias)

  Returnstrue if the entry identified by the given alias was created by a call tosetCertificateEntry, or created by a call tosetEntry with aTrustedCertificateEntry.

  Parameters:

  alias - the alias for the keystore entry to be checked

  Returns:

  true if the entry identified by the given alias contains a trusted certificate,false otherwise.

• engineGetCertificateAlias

  public abstract String engineGetCertificateAlias(Certificate cert)

  Returns the (alias) name of the first keystore entry whose certificate matches the given certificate.

  This method attempts to match the given certificate with each keystore entry. If the entry being considered was created by a call tosetCertificateEntry, or created by a call tosetEntry with aTrustedCertificateEntry, then the given certificate is compared to that entry's certificate.

  If the entry being considered was created by a call tosetKeyEntry, or created by a call tosetEntry with aPrivateKeyEntry, then the given certificate is compared to the first element of that entry's certificate chain.

  Parameters:

  cert - the certificate to match with.

  Returns:

  the alias name of the first entry with matching certificate, ornull if no such entry exists in this keystore.

• engineStore

  public abstract void engineStore(OutputStream stream, char[] password) throwsIOException,NoSuchAlgorithmException,CertificateException

  Stores this keystore to the given output stream, and protects its integrity with the given password.

  Parameters:

  stream - the output stream to which this keystore is written.

  password - the password to generate the keystore integrity check. May benull if the keystore does not support or require an integrity check.

  Throws:

  IOException - if there was an I/O problem with data

  NoSuchAlgorithmException - if the appropriate data integrity algorithm could not be found

  CertificateException - if any of the certificates included in the keystore data could not be stored

• engineStore

  public void engineStore(KeyStore.LoadStoreParameter param) throwsIOException,NoSuchAlgorithmException,CertificateException

  Stores this keystore using the givenKeyStore.LoadStoreParameter.

  Implementation Requirements:

  The default implementation throws anUnsupportedOperationException.

  Parameters:

  param - theKeyStore.LoadStoreParameter that specifies how to store the keystore, which may benull

  Throws:

  IllegalArgumentException - if the givenKeyStore.LoadStoreParameter input is not recognized

  IOException - if there was an I/O problem with data

  NoSuchAlgorithmException - if the appropriate data integrity algorithm could not be found

  CertificateException - if any of the certificates included in the keystore data could not be stored

  UnsupportedOperationException - if the implementation does not support this operation

  Since:

  1.5

• engineLoad

  public abstract void engineLoad(InputStream stream, char[] password) throwsIOException,NoSuchAlgorithmException,CertificateException

  Loads the keystore from the given input stream.

  A password may be given to unlock the keystore (e.g. the keystore resides on a hardware token device), or to check the integrity of the keystore data. If a password is not given for integrity checking, then integrity checking is not performed.

  Parameters:

  stream - the input stream from which the keystore is loaded, ornull

  password - the password used to check the integrity of the keystore, the password used to unlock the keystore, ornull

  Throws:

  IOException - if there is an I/O or format problem with the keystore data, if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, thecause of theIOException should be anUnrecoverableKeyException

  NoSuchAlgorithmException - if the algorithm used to check the integrity of the keystore cannot be found

  CertificateException - if any of the certificates in the keystore could not be loaded

• engineLoad

  public void engineLoad(KeyStore.LoadStoreParameter param) throwsIOException,NoSuchAlgorithmException,CertificateException

  Loads the keystore using the givenKeyStore.LoadStoreParameter.

  Note that if this KeyStore has already been loaded, it is reinitialized and loaded again from the given parameter.

  Implementation Requirements:

  The default implementation examinesKeyStore.LoadStoreParameter to extract its password and pass it toengineLoad(InputStream, char[]) along with anullInputStream.

  IfKeyStore.LoadStoreParameter isnull then the password parameter will also benull. Otherwise, theKeyStore.ProtectionParameter ofKeyStore.LoadStoreParameter must be either aKeyStore.PasswordProtection or aKeyStore.CallbackHandlerProtection that supportsPasswordCallback so that the password parameter can be extracted. If theKeyStore.ProtectionParameter is neither of those classes then aNoSuchAlgorithmException is thrown.

  Parameters:

  param - theKeyStore.LoadStoreParameter that specifies how to load the keystore, which may benull

  Throws:

  IllegalArgumentException - if the givenKeyStore.LoadStoreParameter input is not recognized

  IOException - if there is an I/O or format problem with the keystore data. If the error is due to an incorrectProtectionParameter (e.g. wrong password) thecause of theIOException should be anUnrecoverableKeyException

  NoSuchAlgorithmException - if the algorithm used to check the integrity of the keystore cannot be found

  CertificateException - if any of the certificates in the keystore could not be loaded

  Since:

  1.5

• engineGetAttributes

  public Set<KeyStore.Entry.Attribute> engineGetAttributes(String alias)

  Retrieves the attributes associated with the given alias.

  Implementation Requirements:

  The default implementation returns an emptySet.KeyStoreSpi implementations that support attributes should override this method.

  Parameters:

  alias - the alias name

  Returns:

  an unmodifiableSet of attributes. This set is empty if the given alias does not exist or there are no attributes associated with the alias. This set may also be empty forPrivateKeyEntry orSecretKeyEntry entries that contain protected attributes. These protected attributes should be populated into the result returned byengineGetEntry(java.lang.String, java.security.KeyStore.ProtectionParameter) and can be retrieved by calling theKeyStore.Entry.getAttributes() method.

  Since:

  18

• engineGetEntry

  public KeyStore.Entry engineGetEntry(String alias,KeyStore.ProtectionParameter protParam) throwsKeyStoreException,NoSuchAlgorithmException,UnrecoverableEntryException

  Gets aKeyStore.Entry for the specified alias with the specified protection parameter.

  Parameters:

  alias - get theKeyStore.Entry for this alias

  protParam - theProtectionParameter used to protect theEntry, which may benull

  Returns:

  theKeyStore.Entry for the specified alias, ornull if there is no such entry

  Throws:

  KeyStoreException - if the operation failed

  NoSuchAlgorithmException - if the algorithm for recovering the entry cannot be found

  UnrecoverableEntryException - if the specifiedprotParam were insufficient or invalid

  UnrecoverableKeyException - if the entry is aPrivateKeyEntry orSecretKeyEntry and the specifiedprotParam does not contain the information needed to recover the key (e.g. wrong password)

  Since:

  1.5

• engineSetEntry

  public void engineSetEntry(String alias,KeyStore.Entry entry,KeyStore.ProtectionParameter protParam) throwsKeyStoreException

  Saves aKeyStore.Entry under the specified alias. The specified protection parameter is used to protect theEntry.

  If an entry already exists for the specified alias, it is overridden.

  Parameters:

  alias - save theKeyStore.Entry under this alias

  entry - theEntry to save

  protParam - theProtectionParameter used to protect theEntry, which may benull

  Throws:

  KeyStoreException - if this operation fails

  Since:

  1.5

• engineEntryInstanceOf

  public boolean engineEntryInstanceOf(String alias,Class<? extendsKeyStore.Entry> entryClass)

  Determines if the keystoreEntry for the specifiedalias is an instance or subclass of the specifiedentryClass.

  Parameters:

  alias - the alias name

  entryClass - the entry class

  Returns:

  true if the keystoreEntry for the specifiedalias is an instance or subclass of the specifiedentryClass, false otherwise

  Since:

  1.5

• engineProbe

  public boolean engineProbe(InputStream stream) throwsIOException

  Probes the specified input stream to determine whether it contains a keystore that is supported by this implementation, or not.

  Implementation Requirements:

  This method returnsfalse by default. Keystore implementations should override this method to peek at the data stream directly or to use other content detection mechanisms.

  Parameters:

  stream - the keystore data to be probed

  Returns:

  true if the keystore data is supported, otherwisefalse

  Throws:

  IOException - if there is an I/O problem with the keystore data.

  NullPointerException - if stream isnull.

  Since:

  9