public abstract class KeyStoreSpi extends Object
KeyStore
class. All the
abstract methods in this class must be implemented by each cryptographic service provider who wishes to supply the
implementation of a keystore for a particular keystore type.KeyStore
Constructor and Description |
---|
KeyStoreSpi() |
Modifier and Type | Method and Description |
---|---|
abstract Enumeration<String> |
engineAliases()
Lists all the alias names of this keystore.
|
abstract boolean |
engineContainsAlias(String alias)
Checks if the given alias exists in this keystore.
|
abstract void |
engineDeleteEntry(String alias)
Deletes the entry identified by the given alias from this keystore.
|
abstract Certificate |
engineGetCertificate(String alias)
Returns the certificate associated with the given alias.
|
abstract Certificate[] |
engineGetCertificateChain(String alias)
Returns the certificate chain associated with the given alias.
|
abstract Key |
engineGetKey(String alias,
char[] password)
Returns the key associated with the given alias, using the given password to recover it.
|
abstract boolean |
engineIsCertificateEntry(String alias)
Returns true if the entry identified by the given alias was created by a call to
setCertificateEntry , or
created by a call to setEntry with a TrustedCertificateEntry . |
abstract boolean |
engineIsKeyEntry(String alias)
Returns true if the entry identified by the given alias was created by a call to
setKeyEntry , or created
by a call to setEntry with a PrivateKeyEntry or a SecretKeyEntry . |
abstract void |
engineLoad(InputStream stream,
char[] password)
Loads the keystore from the given input stream.
|
abstract void |
engineSetCertificateEntry(String alias,
Certificate cert)
Assigns the given certificate to the given alias.
|
abstract void |
engineSetKeyEntry(String alias,
byte[] key,
Certificate[] chain)
Assigns the given key (that has already been protected) to the given alias.
|
abstract int |
engineSize()
Retrieves the number of entries in this keystore.
|
@Nullable public abstract Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException, UnrecoverableKeyException
setKeyEntry
, or by a call to setEntry
with a
PrivateKeyEntry
or SecretKeyEntry
.alias
- the alias namepassword
- the password for recovering the keyNoSuchAlgorithmException
- if the algorithm for recovering the key cannot be foundUnrecoverableKeyException
- if the key cannot be recovered (e.g., the given password is wrong).@Nullable public abstract Certificate[] engineGetCertificateChain(String alias)
setKeyEntry
, or by a call to setEntry
with a PrivateKeyEntry
.alias
- the alias name@Nullable public abstract Certificate engineGetCertificate(String alias)
If the given alias name identifies an entry created by a call to setCertificateEntry
, or created by a
call to setEntry
with a TrustedCertificateEntry
, then the trusted certificate contained in that
entry is returned.
If the given alias name identifies an entry created by a call to setKeyEntry
, or created by a call to
setEntry
with a PrivateKeyEntry
, then the first element of the certificate chain in that entry
(if a chain exists) is returned.
alias
- the alias namepublic abstract void engineSetKeyEntry(String alias, byte[] key, Certificate[] chain) throws KeyStoreException
If the protected key is of type java.security.PrivateKey
, it must be accompanied by a certificate chain
certifying the corresponding public key.
If the given alias already exists, the keystore information associated with it is overridden by the given key (and possibly certificate chain).
alias
- the alias namekey
- the key (in protected format) to be associated with the aliaschain
- the certificate chain for the corresponding public key (only useful if the protected key is of type
java.security.PrivateKey
).KeyStoreException
- if this operation fails.public abstract void engineSetCertificateEntry(String alias, Certificate cert) throws KeyStoreException
If the given alias identifies an existing entry created by a call to setCertificateEntry
, or created by a
call to setEntry
with a TrustedCertificateEntry
, the trusted certificate in the existing entry is
overridden by the given certificate.
alias
- the alias namecert
- the certificateKeyStoreException
- if the given alias already exists and does not identify an entry containing a trusted certificate,
or this operation fails for some other reason.public abstract void engineDeleteEntry(String alias) throws KeyStoreException
alias
- the alias nameKeyStoreException
- if the entry cannot be removed.public abstract Enumeration<String> engineAliases()
public abstract boolean engineContainsAlias(String alias)
alias
- the alias namepublic abstract int engineSize()
public abstract boolean engineIsKeyEntry(String alias)
setKeyEntry
, or created
by a call to setEntry
with a PrivateKeyEntry
or a SecretKeyEntry
.alias
- the alias for the keystore entry to be checkedpublic abstract boolean engineIsCertificateEntry(String alias)
setCertificateEntry
, or
created by a call to setEntry
with a TrustedCertificateEntry
.alias
- the alias for the keystore entry to be checkedpublic abstract void engineLoad(@Nullable InputStream stream, @Nullable char[] password) throws IOException, NoSuchAlgorithmException, CertificateException
A password may be given to unlock the keystore (e.g. the keystore resides on a hardware token device), or to check the integrity of the keystore data. If a password is not given for integrity checking, then integrity checking is not performed.
stream
- the input stream from which the keystore is loaded, or null
password
- the password used to check the integrity of the keystore, the password used to unlock the keystore, or
null
IOException
- if there is an I/O or format problem with the keystore data, if a password is required but not
given, or if the given password was incorrect. If the error is due to a wrong password, the
cause
of the IOException
should be an
UnrecoverableKeyException
NoSuchAlgorithmException
- if the algorithm used to check the integrity of the keystore cannot be foundCertificateException
- if any of the certificates in the keystore could not be loaded