Class KeyStoreSpi
public abstract class KeyStoreSpi extends Object
KeyStore
class. All the abstract methods in this class must be implemented by each cryptographic service provider who wishes to supply the implementation of a keystore for a particular keystore type.- Since:
- 1.2
- See Also:
Constructor Summary
Constructor | Description |
---|---|
KeyStoreSpi() |
Constructor for subclasses to call. |
Method Summary
Modifier and Type | Method | Description |
---|---|---|
abstract Enumeration<String> |
engineAliases() |
Lists all the alias names of this keystore. |
abstract boolean |
engineContainsAlias |
Checks if the given alias exists in this keystore. |
abstract void |
engineDeleteEntry |
Deletes the entry identified by the given alias from this keystore. |
boolean |
engineEntryInstanceOf |
Determines if the keystore Entry for the specified alias is an instance or subclass of the specified entryClass . |
abstract Certificate |
engineGetCertificate |
Returns the certificate associated with the given alias. |
abstract String |
engineGetCertificateAlias |
Returns the (alias) name of the first keystore entry whose certificate matches the given certificate. |
abstract Certificate[] |
engineGetCertificateChain |
Returns the certificate chain associated with the given alias. |
abstract Date |
engineGetCreationDate |
Returns the creation date of the entry identified by the given alias. |
KeyStore.Entry |
engineGetEntry |
Gets a KeyStore.Entry for the specified alias with the specified protection parameter. |
abstract Key |
engineGetKey |
Returns the key associated with the given alias, using the given password to recover it. |
abstract boolean |
engineIsCertificateEntry |
Returns true if the entry identified by the given alias was created by a call to setCertificateEntry , or created by a call to setEntry with a TrustedCertificateEntry . |
abstract boolean |
engineIsKeyEntry |
Returns true if the entry identified by the given alias was created by a call to setKeyEntry , or created by a call to setEntry with a PrivateKeyEntry or a SecretKeyEntry . |
abstract void |
engineLoad |
Loads the keystore from the given input stream. |
void |
engineLoad |
Loads the keystore using the given KeyStore.LoadStoreParameter . |
boolean |
engineProbe |
Probes the specified input stream to determine whether it contains a keystore that is supported by this implementation, or not. |
abstract void |
engineSetCertificateEntry |
Assigns the given certificate to the given alias. |
void |
engineSetEntry |
Saves a KeyStore.Entry under the specified alias. |
abstract void |
engineSetKeyEntry |
Assigns the given key (that has already been protected) to the given alias. |
abstract void |
engineSetKeyEntry |
Assigns the given key to the given alias, protecting it with the given password. |
abstract int |
engineSize() |
Retrieves the number of entries in this keystore. |
abstract void |
engineStore |
Stores this keystore to the given output stream, and protects its integrity with the given password. |
void |
engineStore |
Stores this keystore using the given KeyStore.LoadStoreParameter . |
Constructor Details
KeyStoreSpi
public KeyStoreSpi()
Method Details
engineGetKey
public abstract Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException, UnrecoverableKeyException
setKeyEntry
, or by a call to setEntry
with a PrivateKeyEntry
or SecretKeyEntry
.- Parameters:
-
alias
- the alias name -
password
- the password for recovering the key - Returns:
- the requested key, or null if the given alias does not exist or does not identify a key-related entry.
- Throws:
-
NoSuchAlgorithmException
- if the algorithm for recovering the key cannot be found -
UnrecoverableKeyException
- if the key cannot be recovered (e.g., the given password is wrong).
engineGetCertificateChain
public abstract Certificate[] engineGetCertificateChain(String alias)
setKeyEntry
, or by a call to setEntry
with a PrivateKeyEntry
.- Parameters:
-
alias
- the alias name - Returns:
- the certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the given alias does not exist or does not contain a certificate chain
engineGetCertificate
public abstract Certificate engineGetCertificate(String alias)
If the given alias name identifies an entry created by a call to setCertificateEntry
, or created by a call to setEntry
with a TrustedCertificateEntry
, then the trusted certificate contained in that entry is returned.
If the given alias name identifies an entry created by a call to setKeyEntry
, or created by a call to setEntry
with a PrivateKeyEntry
, then the first element of the certificate chain in that entry (if a chain exists) is returned.
- Parameters:
-
alias
- the alias name - Returns:
- the certificate, or null if the given alias does not exist or does not contain a certificate.
engineGetCreationDate
public abstract Date engineGetCreationDate(String alias)
- Parameters:
-
alias
- the alias name - Returns:
- the creation date of this entry, or null if the given alias does not exist
engineSetKeyEntry
public abstract void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException
If the given key is of type java.security.PrivateKey
, it must be accompanied by a certificate chain certifying the corresponding public key.
If the given alias already exists, the keystore information associated with it is overridden by the given key (and possibly certificate chain).
- Parameters:
-
alias
- the alias name -
key
- the key to be associated with the alias -
password
- the password to protect the key -
chain
- the certificate chain for the corresponding public key (only required if the given key is of typejava.security.PrivateKey
). - Throws:
-
KeyStoreException
- if the given key cannot be protected, or this operation fails for some other reason
engineSetKeyEntry
public abstract void engineSetKeyEntry(String alias, byte[] key, Certificate[] chain) throws KeyStoreException
If the protected key is of type java.security.PrivateKey
, it must be accompanied by a certificate chain certifying the corresponding public key.
If the given alias already exists, the keystore information associated with it is overridden by the given key (and possibly certificate chain).
- Parameters:
-
alias
- the alias name -
key
- the key (in protected format) to be associated with the alias -
chain
- the certificate chain for the corresponding public key (only useful if the protected key is of typejava.security.PrivateKey
). - Throws:
-
KeyStoreException
- if this operation fails.
engineSetCertificateEntry
public abstract void engineSetCertificateEntry(String alias, Certificate cert) throws KeyStoreException
If the given alias identifies an existing entry created by a call to setCertificateEntry
, or created by a call to setEntry
with a TrustedCertificateEntry
, the trusted certificate in the existing entry is overridden by the given certificate.
- Parameters:
-
alias
- the alias name -
cert
- the certificate - Throws:
-
KeyStoreException
- if the given alias already exists and does not identify an entry containing a trusted certificate, or this operation fails for some other reason.
engineDeleteEntry
public abstract void engineDeleteEntry(String alias) throws KeyStoreException
- Parameters:
-
alias
- the alias name - Throws:
-
KeyStoreException
- if the entry cannot be removed.
engineAliases
public abstract Enumeration<String> engineAliases()
- Returns:
- enumeration of the alias names
engineContainsAlias
public abstract boolean engineContainsAlias(String alias)
- Parameters:
-
alias
- the alias name - Returns:
- true if the alias exists, false otherwise
engineSize
public abstract int engineSize()
- Returns:
- the number of entries in this keystore
engineIsKeyEntry
public abstract boolean engineIsKeyEntry(String alias)
setKeyEntry
, or created by a call to setEntry
with a PrivateKeyEntry
or a SecretKeyEntry
.- Parameters:
-
alias
- the alias for the keystore entry to be checked - Returns:
- true if the entry identified by the given alias is a key-related, false otherwise.
engineIsCertificateEntry
public abstract boolean engineIsCertificateEntry(String alias)
setCertificateEntry
, or created by a call to setEntry
with a TrustedCertificateEntry
.- Parameters:
-
alias
- the alias for the keystore entry to be checked - Returns:
- true if the entry identified by the given alias contains a trusted certificate, false otherwise.
engineGetCertificateAlias
public abstract String engineGetCertificateAlias(Certificate cert)
This method attempts to match the given certificate with each keystore entry. If the entry being considered was created by a call to setCertificateEntry
, or created by a call to setEntry
with a TrustedCertificateEntry
, then the given certificate is compared to that entry's certificate.
If the entry being considered was created by a call to setKeyEntry
, or created by a call to setEntry
with a PrivateKeyEntry
, then the given certificate is compared to the first element of that entry's certificate chain.
- Parameters:
-
cert
- the certificate to match with. - Returns:
- the alias name of the first entry with matching certificate, or null if no such entry exists in this keystore.
engineStore
public abstract void engineStore(OutputStream stream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException
- Parameters:
-
stream
- the output stream to which this keystore is written. -
password
- the password to generate the keystore integrity check - Throws:
-
IOException
- if there was an I/O problem with data -
NoSuchAlgorithmException
- if the appropriate data integrity algorithm could not be found -
CertificateException
- if any of the certificates included in the keystore data could not be stored
engineStore
public void engineStore(KeyStore.LoadStoreParameter param) throws IOException, NoSuchAlgorithmException, CertificateException
KeyStore.LoadStoreParameter
.- Implementation Requirements:
- The default implementation throws an
UnsupportedOperationException
. - Parameters:
-
param
- theKeyStore.LoadStoreParameter
that specifies how to store the keystore, which may benull
- Throws:
-
IllegalArgumentException
- if the givenKeyStore.LoadStoreParameter
input is not recognized -
IOException
- if there was an I/O problem with data -
NoSuchAlgorithmException
- if the appropriate data integrity algorithm could not be found -
CertificateException
- if any of the certificates included in the keystore data could not be stored -
UnsupportedOperationException
- if the implementation does not support this operation - Since:
- 1.5
engineLoad
public abstract void engineLoad(InputStream stream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException
A password may be given to unlock the keystore (e.g. the keystore resides on a hardware token device), or to check the integrity of the keystore data. If a password is not given for integrity checking, then integrity checking is not performed.
- Parameters:
-
stream
- the input stream from which the keystore is loaded, ornull
-
password
- the password used to check the integrity of the keystore, the password used to unlock the keystore, ornull
- Throws:
-
IOException
- if there is an I/O or format problem with the keystore data, if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, thecause
of theIOException
should be anUnrecoverableKeyException
-
NoSuchAlgorithmException
- if the algorithm used to check the integrity of the keystore cannot be found -
CertificateException
- if any of the certificates in the keystore could not be loaded
engineLoad
public void engineLoad(KeyStore.LoadStoreParameter param) throws IOException, NoSuchAlgorithmException, CertificateException
KeyStore.LoadStoreParameter
. Note that if this KeyStore has already been loaded, it is reinitialized and loaded again from the given parameter.
- Implementation Requirements:
- The default implementation examines
KeyStore.LoadStoreParameter
to extract its password and pass it toengineLoad(InputStream, char[])
along with anull
InputStream
.If
KeyStore.LoadStoreParameter
isnull
then the password parameter will also benull
. Otherwise theKeyStore.ProtectionParameter
ofKeyStore.LoadStoreParameter
must be either aKeyStore.PasswordProtection
or aKeyStore.CallbackHandlerProtection
that supportsPasswordCallback
so that the password parameter can be extracted. If theKeyStore.ProtectionParameter
is neither of those classes then aNoSuchAlgorithmException
is thrown. - Parameters:
-
param
- theKeyStore.LoadStoreParameter
that specifies how to load the keystore, which may benull
- Throws:
-
IllegalArgumentException
- if the givenKeyStore.LoadStoreParameter
input is not recognized -
IOException
- if there is an I/O or format problem with the keystore data. If the error is due to an incorrectProtectionParameter
(e.g. wrong password) thecause
of theIOException
should be anUnrecoverableKeyException
-
NoSuchAlgorithmException
- if the algorithm used to check the integrity of the keystore cannot be found -
CertificateException
- if any of the certificates in the keystore could not be loaded - Since:
- 1.5
engineGetEntry
public KeyStore.Entry engineGetEntry(String alias, KeyStore.ProtectionParameter protParam) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException
KeyStore.Entry
for the specified alias with the specified protection parameter.- Parameters:
-
alias
- get theKeyStore.Entry
for this alias -
protParam
- theProtectionParameter
used to protect theEntry
, which may benull
- Returns:
- the
KeyStore.Entry
for the specified alias, ornull
if there is no such entry - Throws:
-
KeyStoreException
- if the operation failed -
NoSuchAlgorithmException
- if the algorithm for recovering the entry cannot be found -
UnrecoverableEntryException
- if the specifiedprotParam
were insufficient or invalid -
UnrecoverableKeyException
- if the entry is aPrivateKeyEntry
orSecretKeyEntry
and the specifiedprotParam
does not contain the information needed to recover the key (e.g. wrong password) - Since:
- 1.5
engineSetEntry
public void engineSetEntry(String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter protParam) throws KeyStoreException
KeyStore.Entry
under the specified alias. The specified protection parameter is used to protect the Entry
. If an entry already exists for the specified alias, it is overridden.
- Parameters:
-
alias
- save theKeyStore.Entry
under this alias -
entry
- theEntry
to save -
protParam
- theProtectionParameter
used to protect theEntry
, which may benull
- Throws:
-
KeyStoreException
- if this operation fails - Since:
- 1.5
engineEntryInstanceOf
public boolean engineEntryInstanceOf(String alias, Class<? extends KeyStore.Entry> entryClass)
Entry
for the specified alias
is an instance or subclass of the specified entryClass
.- Parameters:
-
alias
- the alias name -
entryClass
- the entry class - Returns:
- true if the keystore
Entry
for the specifiedalias
is an instance or subclass of the specifiedentryClass
, false otherwise - Since:
- 1.5
engineProbe
public boolean engineProbe(InputStream stream) throws IOException
- Implementation Requirements:
- This method returns false by default. Keystore implementations should override this method to peek at the data stream directly or to use other content detection mechanisms.
- Parameters:
-
stream
- the keystore data to be probed - Returns:
- true if the keystore data is supported, otherwise false
- Throws:
-
IOException
- if there is an I/O problem with the keystore data. -
NullPointerException
- if stream isnull
. - Since:
- 9
© 1993, 2021, Oracle and/or its affiliates. All rights reserved.
Documentation extracted from Debian's OpenJDK Development Kit package.
Licensed under the GNU General Public License, version 2, with the Classpath Exception.
Various third party code in OpenJDK is licensed under different licenses (see Debian package).
Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/security/KeyStoreSpi.html