FileDocCategorySizeDatePackage
KeyStoreSpi.javaAPI DocJava SE 5 API20505Fri Aug 26 14:57:14 BST 2005java.security

KeyStoreSpi

public abstract class KeyStoreSpi extends Object
This class defines the Service Provider Interface (SPI) for the KeyStore class. All the abstract methods in this class must be implemented by each cryptographic service provider who wishes to supply the implementation of a keystore for a particular keystore type.
author
Jan Luehe
version
1.18, 05/25/04
see
KeyStore
since
1.2

Fields Summary
Constructors Summary
Methods Summary
public abstract java.util.EnumerationengineAliases()
Lists all the alias names of this keystore.

return
enumeration of the alias names

public abstract booleanengineContainsAlias(java.lang.String alias)
Checks if the given alias exists in this keystore.

param
alias the alias name
return
true if the alias exists, false otherwise

public abstract voidengineDeleteEntry(java.lang.String alias)
Deletes the entry identified by the given alias from this keystore.

param
alias the alias name
exception
KeyStoreException if the entry cannot be removed.

public booleanengineEntryInstanceOf(java.lang.String alias, java.lang.Class entryClass)
Determines if the keystore Entry for the specified alias is an instance or subclass of the specified entryClass.

param
alias the alias name
param
entryClass the entry class
return
true if the keystore Entry for the specified alias is an instance or subclass of the specified entryClass, false otherwise
since
1.5

	if (entryClass == KeyStore.TrustedCertificateEntry.class) {
	    return engineIsCertificateEntry(alias);
	}
	if (entryClass == KeyStore.PrivateKeyEntry.class) {
	    return engineIsKeyEntry(alias) &&
			engineGetCertificate(alias) != null;
	} 
	if (entryClass == KeyStore.SecretKeyEntry.class) {
	    return engineIsKeyEntry(alias) &&
			engineGetCertificate(alias) == null;
	}
	return false;
    
public abstract java.security.cert.CertificateengineGetCertificate(java.lang.String alias)
Returns the certificate associated with the given alias.

If the given alias name identifies an entry created by a call to setCertificateEntry, or created by a call to setEntry with a TrustedCertificateEntry, then the trusted certificate contained in that entry is returned.

If the given alias name identifies an entry created by a call to setKeyEntry, or created by a call to setEntry with a PrivateKeyEntry, then the first element of the certificate chain in that entry (if a chain exists) is returned.

param
alias the alias name
return
the certificate, or null if the given alias does not exist or does not contain a certificate.

public abstract java.lang.StringengineGetCertificateAlias(java.security.cert.Certificate cert)
Returns the (alias) name of the first keystore entry whose certificate matches the given certificate.

This method attempts to match the given certificate with each keystore entry. If the entry being considered was created by a call to setCertificateEntry, or created by a call to setEntry with a TrustedCertificateEntry, then the given certificate is compared to that entry's certificate.

If the entry being considered was created by a call to setKeyEntry, or created by a call to setEntry with a PrivateKeyEntry, then the given certificate is compared to the first element of that entry's certificate chain.

param
cert the certificate to match with.
return
the alias name of the first entry with matching certificate, or null if no such entry exists in this keystore.

public abstract java.security.cert.Certificate[]engineGetCertificateChain(java.lang.String alias)
Returns the certificate chain associated with the given alias. The certificate chain must have been associated with the alias by a call to setKeyEntry, or by a call to setEntry with a PrivateKeyEntry.

param
alias the alias name
return
the certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the given alias does not exist or does not contain a certificate chain

public abstract java.util.DateengineGetCreationDate(java.lang.String alias)
Returns the creation date of the entry identified by the given alias.

param
alias the alias name
return
the creation date of this entry, or null if the given alias does not exist

public java.security.KeyStore$EntryengineGetEntry(java.lang.String alias, java.security.KeyStore$ProtectionParameter protParam)
Gets a KeyStore.Entry for the specified alias with the specified protection parameter.

param
alias get the KeyStore.Entry for this alias
param
protParam the ProtectionParameter used to protect the Entry, which may be null
return
the KeyStore.Entry for the specified alias, or null if there is no such entry
exception
KeyStoreException if the operation failed
exception
NoSuchAlgorithmException if the algorithm for recovering the entry cannot be found
exception
UnrecoverableEntryException if the specified protParam were insufficient or invalid
since
1.5


	if (!engineContainsAlias(alias)) {
	    return null;
	}

	if (protParam == null) {
	    if (engineIsCertificateEntry(alias)) {
		return new KeyStore.TrustedCertificateEntry
				(engineGetCertificate(alias));
	    } else {
		throw new UnrecoverableEntryException
			("requested entry requires a password");
	    }
	}

	if (protParam instanceof KeyStore.PasswordProtection) {
	    if (engineIsCertificateEntry(alias)) {
		throw new UnsupportedOperationException
		    ("trusted certificate entries are not password-protected");
	    } else if (engineIsKeyEntry(alias)) {
		KeyStore.PasswordProtection pp =
			(KeyStore.PasswordProtection)protParam;
		char[] password = pp.getPassword();
		
		try {
		    Key key = engineGetKey(alias, password);
		    if (key instanceof PrivateKey) {
			Certificate[] chain = engineGetCertificateChain(alias);
			return new KeyStore.PrivateKeyEntry
						((PrivateKey)key, chain);
		    } else if (key instanceof SecretKey) {
			return new KeyStore.SecretKeyEntry((SecretKey)key);
		    }
		} catch (UnrecoverableKeyException uke) {
		    UnrecoverableEntryException uee =
			new UnrecoverableEntryException();
		    uee.initCause(uke);
		    throw uee;
		}
	    }
	}

	throw new UnsupportedOperationException();
    
public abstract java.security.KeyengineGetKey(java.lang.String alias, char[] password)
Returns the key associated with the given alias, using the given password to recover it. The key must have been associated with the alias by a call to setKeyEntry, or by a call to setEntry with a PrivateKeyEntry or SecretKeyEntry.

param
alias the alias name
param
password the password for recovering the key
return
the requested key, or null if the given alias does not exist or does not identify a key-related entry.
exception
NoSuchAlgorithmException if the algorithm for recovering the key cannot be found
exception
UnrecoverableKeyException if the key cannot be recovered (e.g., the given password is wrong).

public abstract booleanengineIsCertificateEntry(java.lang.String alias)
Returns true if the entry identified by the given alias was created by a call to setCertificateEntry, or created by a call to setEntry with a TrustedCertificateEntry.

param
alias the alias for the keystore entry to be checked
return
true if the entry identified by the given alias contains a trusted certificate, false otherwise.

public abstract booleanengineIsKeyEntry(java.lang.String alias)
Returns true if the entry identified by the given alias was created by a call to setKeyEntry, or created by a call to setEntry with a PrivateKeyEntry or a SecretKeyEntry.

param
alias the alias for the keystore entry to be checked
return
true if the entry identified by the given alias is a key-related, false otherwise.

public abstract voidengineLoad(java.io.InputStream stream, char[] password)
Loads the keystore from the given input stream.

A password may be given to unlock the keystore (e.g. the keystore resides on a hardware token device), or to check the integrity of the keystore data. If a password is not given for integrity checking, then integrity checking is not performed.

param
stream the input stream from which the keystore is loaded, or null
param
password the password used to check the integrity of the keystore, the password used to unlock the keystore, or null
exception
IOException if there is an I/O or format problem with the keystore data, if a password is required but not given, or if the given password was incorrect
exception
NoSuchAlgorithmException if the algorithm used to check the integrity of the keystore cannot be found
exception
CertificateException if any of the certificates in the keystore could not be loaded

public voidengineLoad(java.security.KeyStore$LoadStoreParameter param)
Loads the keystore using the given KeyStore.LoadStoreParameter.

Note that if this KeyStore has already been loaded, it is reinitialized and loaded again from the given parameter.

param
param the KeyStore.LoadStoreParameter that specifies how to load the keystore, which may be null
exception
IllegalArgumentException if the given KeyStore.LoadStoreParameter input is not recognized
exception
IOException if there is an I/O or format problem with the keystore data
exception
NoSuchAlgorithmException if the algorithm used to check the integrity of the keystore cannot be found
exception
CertificateException if any of the certificates in the keystore could not be loaded
since
1.5


	if (param == null) {
	    engineLoad((InputStream)null, (char[])null);
	    return;
	}
	
	if (param instanceof KeyStore.SimpleLoadStoreParameter) {
	    ProtectionParameter protection = param.getProtectionParameter();
	    char[] password;
	    if (protection instanceof PasswordProtection) {
		password = ((PasswordProtection)param).getPassword();
	    } else if (protection instanceof CallbackHandlerProtection) {
		CallbackHandler handler = 
		    ((CallbackHandlerProtection)param).getCallbackHandler();
		PasswordCallback callback = 
		    new PasswordCallback("Password: ", false);
		try {
		    handler.handle(new Callback[] {callback});
		} catch (UnsupportedCallbackException e) {
		    throw new NoSuchAlgorithmException
			("Could not obtain password", e);
		}
		password = callback.getPassword();
		callback.clearPassword();
		if (password == null) {
		    throw new NoSuchAlgorithmException
			("No password provided");
		}
	    } else {
		throw new NoSuchAlgorithmException("ProtectionParameter must"
		    + " be PasswordProtection or CallbackHandlerProtection");
	    }
	    engineLoad(null, password);
	    return;
	}

	throw new UnsupportedOperationException();
    
public abstract voidengineSetCertificateEntry(java.lang.String alias, java.security.cert.Certificate cert)
Assigns the given certificate to the given alias.

If the given alias identifies an existing entry created by a call to setCertificateEntry, or created by a call to setEntry with a TrustedCertificateEntry, the trusted certificate in the existing entry is overridden by the given certificate.

param
alias the alias name
param
cert the certificate
exception
KeyStoreException if the given alias already exists and does not identify an entry containing a trusted certificate, or this operation fails for some other reason.

public voidengineSetEntry(java.lang.String alias, java.security.KeyStore$Entry entry, java.security.KeyStore$ProtectionParameter protParam)
Saves a KeyStore.Entry under the specified alias. The specified protection parameter is used to protect the Entry.

If an entry already exists for the specified alias, it is overridden.

param
alias save the KeyStore.Entry under this alias
param
entry the Entry to save
param
protParam the ProtectionParameter used to protect the Entry, which may be null
exception
KeyStoreException if this operation fails
since
1.5


	// get password
	if (protParam != null &&
	    !(protParam instanceof KeyStore.PasswordProtection)) {
	    throw new KeyStoreException("unsupported protection parameter");
	}
	KeyStore.PasswordProtection pProtect = null;
	if (protParam != null) {
	    pProtect = (KeyStore.PasswordProtection)protParam;
	}

	// set entry
	if (entry instanceof KeyStore.TrustedCertificateEntry) {
	    if (protParam != null && pProtect.getPassword() != null) {
		// pre-1.5 style setCertificateEntry did not allow password
		throw new KeyStoreException
		    ("trusted certificate entries are not password-protected");
	    } else {
		KeyStore.TrustedCertificateEntry tce =
			(KeyStore.TrustedCertificateEntry)entry;
		engineSetCertificateEntry(alias, tce.getTrustedCertificate());
		return;
	    }
	} else if (entry instanceof KeyStore.PrivateKeyEntry) {
	    if (pProtect == null || pProtect.getPassword() == null) {
		// pre-1.5 style setKeyEntry required password
		throw new KeyStoreException
		    ("non-null password required to create PrivateKeyEntry");
	    } else {
		engineSetKeyEntry
		    (alias,
		    ((KeyStore.PrivateKeyEntry)entry).getPrivateKey(),
		    pProtect.getPassword(),
		    ((KeyStore.PrivateKeyEntry)entry).getCertificateChain());
		return;
	    }
	} else if (entry instanceof KeyStore.SecretKeyEntry) {
	    if (pProtect == null || pProtect.getPassword() == null) {
		// pre-1.5 style setKeyEntry required password
		throw new KeyStoreException
		    ("non-null password required to create SecretKeyEntry");
	    } else {
		engineSetKeyEntry
		    (alias,
		    ((KeyStore.SecretKeyEntry)entry).getSecretKey(),
		    pProtect.getPassword(),
		    (Certificate[])null);
		return;
	    }
	}

	throw new KeyStoreException
		("unsupported entry type: " + entry.getClass().getName());
    
public abstract voidengineSetKeyEntry(java.lang.String alias, java.security.Key key, char[] password, java.security.cert.Certificate[] chain)
Assigns the given key to the given alias, protecting it with the given password.

If the given key is of type java.security.PrivateKey, it must be accompanied by a certificate chain certifying the corresponding public key.

If the given alias already exists, the keystore information associated with it is overridden by the given key (and possibly certificate chain).

param
alias the alias name
param
key the key to be associated with the alias
param
password the password to protect the key
param
chain the certificate chain for the corresponding public key (only required if the given key is of type java.security.PrivateKey).
exception
KeyStoreException if the given key cannot be protected, or this operation fails for some other reason

public abstract voidengineSetKeyEntry(java.lang.String alias, byte[] key, java.security.cert.Certificate[] chain)
Assigns the given key (that has already been protected) to the given alias.

If the protected key is of type java.security.PrivateKey, it must be accompanied by a certificate chain certifying the corresponding public key.

If the given alias already exists, the keystore information associated with it is overridden by the given key (and possibly certificate chain).

param
alias the alias name
param
key the key (in protected format) to be associated with the alias
param
chain the certificate chain for the corresponding public key (only useful if the protected key is of type java.security.PrivateKey).
exception
KeyStoreException if this operation fails.

public abstract intengineSize()
Retrieves the number of entries in this keystore.

return
the number of entries in this keystore

public abstract voidengineStore(java.io.OutputStream stream, char[] password)
Stores this keystore to the given output stream, and protects its integrity with the given password.

param
stream the output stream to which this keystore is written.
param
password the password to generate the keystore integrity check
exception
IOException if there was an I/O problem with data
exception
NoSuchAlgorithmException if the appropriate data integrity algorithm could not be found
exception
CertificateException if any of the certificates included in the keystore data could not be stored

public voidengineStore(java.security.KeyStore$LoadStoreParameter param)
Stores this keystore using the given KeyStore.LoadStoreParmeter.

param
param the KeyStore.LoadStoreParmeter that specifies how to store the keystore, which may be null
exception
IllegalArgumentException if the given KeyStore.LoadStoreParmeter input is not recognized
exception
IOException if there was an I/O problem with data
exception
NoSuchAlgorithmException if the appropriate data integrity algorithm could not be found
exception
CertificateException if any of the certificates included in the keystore data could not be stored
since
1.5

	throw new UnsupportedOperationException();