Class KeyStoreSpi
- java.lang.Object
-
- java.security.KeyStoreSpi
-
public abstract class KeyStoreSpi extends java.lang.ObjectThis class defines the Service Provider Interface (SPI) for theKeyStoreclass. All the abstract methods in this class must be implemented by each cryptographic service provider who wishes to supply the implementation of a keystore for a particular keystore type.- Since:
- 1.2
- See Also:
KeyStore
-
-
Constructor Summary
Constructors Constructor Description KeyStoreSpi()
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description abstract java.util.Enumeration<java.lang.String>engineAliases()Lists all the alias names of this keystore.abstract booleanengineContainsAlias(java.lang.String alias)Checks if the given alias exists in this keystore.abstract voidengineDeleteEntry(java.lang.String alias)Deletes the entry identified by the given alias from this keystore.abstract CertificateengineGetCertificate(java.lang.String alias)Returns the certificate associated with the given alias.abstract Certificate[]engineGetCertificateChain(java.lang.String alias)Returns the certificate chain associated with the given alias.abstract KeyengineGetKey(java.lang.String alias, char[] password)Returns the key associated with the given alias, using the given password to recover it.abstract booleanengineIsCertificateEntry(java.lang.String alias)Returns true if the entry identified by the given alias was created by a call tosetCertificateEntry, or created by a call tosetEntrywith aTrustedCertificateEntry.abstract booleanengineIsKeyEntry(java.lang.String alias)Returns true if the entry identified by the given alias was created by a call tosetKeyEntry, or created by a call tosetEntrywith aPrivateKeyEntryor aSecretKeyEntry.abstract voidengineLoad(java.io.InputStream stream, char[] password)Loads the keystore from the given input stream.abstract voidengineSetCertificateEntry(java.lang.String alias, Certificate cert)Assigns the given certificate to the given alias.abstract voidengineSetKeyEntry(java.lang.String alias, byte[] key, Certificate[] chain)Assigns the given key (that has already been protected) to the given alias.abstract voidengineSetKeyEntry(java.lang.String alias, Key key, char[] password, Certificate[] chain)abstract intengineSize()Retrieves the number of entries in this keystore.
-
-
-
Method Detail
-
engineGetKey
@Nullable public abstract Key engineGetKey(java.lang.String alias, char[] password) throws NoSuchAlgorithmException, UnrecoverableKeyException
Returns the key associated with the given alias, using the given password to recover it. The key must have been associated with the alias by a call tosetKeyEntry, or by a call tosetEntrywith aPrivateKeyEntryorSecretKeyEntry.- Parameters:
alias- the alias namepassword- the password for recovering the key- Returns:
- the requested key, or null if the given alias does not exist or does not identify a key-related entry.
- Throws:
NoSuchAlgorithmException- if the algorithm for recovering the key cannot be foundUnrecoverableKeyException- if the key cannot be recovered (e.g., the given password is wrong).
-
engineGetCertificateChain
@Nullable public abstract Certificate[] engineGetCertificateChain(java.lang.String alias)
Returns the certificate chain associated with the given alias. The certificate chain must have been associated with the alias by a call tosetKeyEntry, or by a call tosetEntrywith aPrivateKeyEntry.- Parameters:
alias- the alias name- Returns:
- the certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the given alias does not exist or does not contain a certificate chain
-
engineGetCertificate
@Nullable public abstract Certificate engineGetCertificate(java.lang.String alias)
Returns the certificate associated with the given alias.If the given alias name identifies an entry created by a call to
setCertificateEntry, or created by a call tosetEntrywith aTrustedCertificateEntry, then the trusted certificate contained in that entry is returned.If the given alias name identifies an entry created by a call to
setKeyEntry, or created by a call tosetEntrywith aPrivateKeyEntry, then the first element of the certificate chain in that entry (if a chain exists) is returned.- Parameters:
alias- the alias name- Returns:
- the certificate, or null if the given alias does not exist or does not contain a certificate.
-
engineSetKeyEntry
public abstract void engineSetKeyEntry(java.lang.String alias, byte[] key, Certificate[] chain) throws KeyStoreExceptionAssigns the given key (that has already been protected) to the given alias.If the protected key is of type
java.security.PrivateKey, it must be accompanied by a certificate chain certifying the corresponding public key.If the given alias already exists, the keystore information associated with it is overridden by the given key (and possibly certificate chain).
- Parameters:
alias- the alias namekey- the key (in protected format) to be associated with the aliaschain- the certificate chain for the corresponding public key (only useful if the protected key is of typejava.security.PrivateKey).- Throws:
KeyStoreException- if this operation fails.
-
engineSetKeyEntry
public abstract void engineSetKeyEntry(java.lang.String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException- Throws:
KeyStoreException
-
engineSetCertificateEntry
public abstract void engineSetCertificateEntry(java.lang.String alias, Certificate cert) throws KeyStoreExceptionAssigns the given certificate to the given alias.If the given alias identifies an existing entry created by a call to
setCertificateEntry, or created by a call tosetEntrywith aTrustedCertificateEntry, the trusted certificate in the existing entry is overridden by the given certificate.- Parameters:
alias- the alias namecert- the certificate- Throws:
KeyStoreException- if the given alias already exists and does not identify an entry containing a trusted certificate, or this operation fails for some other reason.
-
engineDeleteEntry
public abstract void engineDeleteEntry(java.lang.String alias) throws KeyStoreExceptionDeletes the entry identified by the given alias from this keystore.- Parameters:
alias- the alias name- Throws:
KeyStoreException- if the entry cannot be removed.
-
engineAliases
public abstract java.util.Enumeration<java.lang.String> engineAliases()
Lists all the alias names of this keystore.- Returns:
- enumeration of the alias names
-
engineContainsAlias
public abstract boolean engineContainsAlias(java.lang.String alias)
Checks if the given alias exists in this keystore.- Parameters:
alias- the alias name- Returns:
- true if the alias exists, false otherwise
-
engineSize
public abstract int engineSize()
Retrieves the number of entries in this keystore.- Returns:
- the number of entries in this keystore
-
engineIsKeyEntry
public abstract boolean engineIsKeyEntry(java.lang.String alias)
Returns true if the entry identified by the given alias was created by a call tosetKeyEntry, or created by a call tosetEntrywith aPrivateKeyEntryor aSecretKeyEntry.- Parameters:
alias- the alias for the keystore entry to be checked- Returns:
- true if the entry identified by the given alias is a key-related, false otherwise.
-
engineIsCertificateEntry
public abstract boolean engineIsCertificateEntry(java.lang.String alias)
Returns true if the entry identified by the given alias was created by a call tosetCertificateEntry, or created by a call tosetEntrywith aTrustedCertificateEntry.- Parameters:
alias- the alias for the keystore entry to be checked- Returns:
- true if the entry identified by the given alias contains a trusted certificate, false otherwise.
-
engineLoad
public abstract void engineLoad(@Nullable java.io.InputStream stream, @Nullable char[] password) throws java.io.IOException, NoSuchAlgorithmException, CertificateExceptionLoads the keystore from the given input stream.A password may be given to unlock the keystore (e.g. the keystore resides on a hardware token device), or to check the integrity of the keystore data. If a password is not given for integrity checking, then integrity checking is not performed.
- Parameters:
stream- the input stream from which the keystore is loaded, ornullpassword- the password used to check the integrity of the keystore, the password used to unlock the keystore, ornull- Throws:
java.io.IOException- if there is an I/O or format problem with the keystore data, if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, thecauseof theIOExceptionshould be anUnrecoverableKeyExceptionNoSuchAlgorithmException- if the algorithm used to check the integrity of the keystore cannot be foundCertificateException- if any of the certificates in the keystore could not be loaded
-
-