Summary: Constants | Ctors | Methods | Inherited Methods | [Expand All]

public final class

PKCS12KeyStore

extends KeyStoreSpi

java.lang.Object
↳	java.security.KeyStoreSpi
	↳	sun.security.pkcs12.PKCS12KeyStore

Class Overview

This class provides the keystore implementation referred to as "PKCS12". Implements the PKCS#12 PFX protected using the Password privacy mode. The contents are protected using Password integrity mode. Currently we support following PBE algorithms: - pbeWithSHAAnd3KeyTripleDESCBC to encrypt private keys - pbeWithSHAAnd40BitRC2CBC to encrypt certificates Supported encryption of various implementations : Software and mode. Certificate encryption Private key encryption --------------------------------------------------------------------- MSIE4 (domestic 40 bit RC2. 40 bit RC2 and xport versions) PKCS#12 export. MSIE4, 5 (domestic 40 bit RC2, 40 bit RC2, and export versions) 3 key triple DES 3 key triple DES PKCS#12 import. MSIE5 40 bit RC2 3 key triple DES, PKCS#12 export. with SHA1 (168 bits) Netscape Communicator 40 bit RC2 3 key triple DES, (domestic and export with SHA1 (168 bits) versions) PKCS#12 export Netscape Communicator 40 bit ciphers only All. (export version) PKCS#12 import. Netscape Communicator All. All. (domestic or fortified version) PKCS#12 import. OpenSSL PKCS#12 code. All. All. --------------------------------------------------------------------- NOTE: Currently PKCS12 KeyStore does not support TrustedCertEntries. PKCS#12 is mainly used to deliver private keys with their associated certificate chain and aliases. In a PKCS12 keystore, entries are identified by the alias, and a localKeyId is required to match the private key with the certificate.

Summary

Constants
int	VERSION_3

Public Constructors
	PKCS12KeyStore()

Public Methods
Enumeration<String>	engineAliases() Lists all the alias names of this keystore.
boolean	engineContainsAlias(String alias) Checks if the given alias exists in this keystore.
synchronized void	engineDeleteEntry(String alias) Deletes the entry identified by the given alias from this keystore.
Certificate	engineGetCertificate(String alias) Returns the certificate associated with the given alias.
String	engineGetCertificateAlias(Certificate cert) Returns the (alias) name of the first keystore entry whose certificate matches the given certificate.
Certificate[]	engineGetCertificateChain(String alias) Returns the certificate chain associated with the given alias.
Date	engineGetCreationDate(String alias) Returns the creation date of the entry identified by the given alias.
Key	engineGetKey(String alias, char[] password) Returns the key associated with the given alias, using the given password to recover it.
boolean	engineIsCertificateEntry(String alias) Returns true if the entry identified by the given alias is a trusted certificate entry, and false otherwise.
boolean	engineIsKeyEntry(String alias) Returns true if the entry identified by the given alias is a key entry, and false otherwise.
synchronized void	engineLoad(InputStream stream, char[] password) Loads the keystore from the given input stream.
synchronized void	engineSetCertificateEntry(String alias, Certificate cert) Assigns the given certificate to the given alias.
synchronized void	engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain) Assigns the given key to the given alias, protecting it with the given password.
synchronized void	engineSetKeyEntry(String alias, byte[] key, Certificate[] chain) Assigns the given key (that has already been protected) to the given alias.
int	engineSize() Retrieves the number of entries in this keystore.
synchronized void	engineStore(OutputStream stream, char[] password) Stores this keystore to the given output stream, and protects its integrity with the given password.

[Expand]

Inherited Methods

From class java.security.KeyStoreSpi

abstract Enumeration<String>	engineAliases() Lists all the alias names of this keystore.
abstract boolean	engineContainsAlias(String alias) Checks if the given alias exists in this keystore.
abstract void	engineDeleteEntry(String alias) Deletes the entry identified by the given alias from this keystore.
boolean	engineEntryInstanceOf(String alias, Class<? extends KeyStore.Entry> entryClass) Determines if the keystore `Entry` for the specified `alias` is an instance or subclass of the specified `entryClass`.
abstract Certificate	engineGetCertificate(String alias) Returns the certificate associated with the given alias.
abstract String	engineGetCertificateAlias(Certificate cert) Returns the (alias) name of the first keystore entry whose certificate matches the given certificate.
abstract Certificate[]	engineGetCertificateChain(String alias) Returns the certificate chain associated with the given alias.
abstract Date	engineGetCreationDate(String alias) Returns the creation date of the entry identified by the given alias.
KeyStore.Entry	engineGetEntry(String alias, KeyStore.ProtectionParameter protParam) Gets a `KeyStore.Entry` for the specified alias with the specified protection parameter.
abstract Key	engineGetKey(String alias, char[] password) Returns the key associated with the given alias, using the given password to recover it.
abstract boolean	engineIsCertificateEntry(String alias) Returns true if the entry identified by the given alias was created by a call to `setCertificateEntry`, or created by a call to `setEntry` with a `TrustedCertificateEntry`.
abstract boolean	engineIsKeyEntry(String alias) Returns true if the entry identified by the given alias was created by a call to `setKeyEntry`, or created by a call to `setEntry` with a `PrivateKeyEntry` or a `SecretKeyEntry`.
void	engineLoad(KeyStore.LoadStoreParameter param) Loads the keystore using the given `KeyStore.LoadStoreParameter`.
abstract void	engineLoad(InputStream stream, char[] password) Loads the keystore from the given input stream.
abstract void	engineSetCertificateEntry(String alias, Certificate cert) Assigns the given certificate to the given alias.
void	engineSetEntry(String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter protParam) Saves a `KeyStore.Entry` under the specified alias.
abstract void	engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain) Assigns the given key to the given alias, protecting it with the given password.
abstract void	engineSetKeyEntry(String alias, byte[] key, Certificate[] chain) Assigns the given key (that has already been protected) to the given alias.
abstract int	engineSize() Retrieves the number of entries in this keystore.
void	engineStore(KeyStore.LoadStoreParameter param) Stores this keystore using the given `KeyStore.LoadStoreParmeter`.
abstract void	engineStore(OutputStream stream, char[] password) Stores this keystore to the given output stream, and protects its integrity with the given password.

From class java.lang.Object

Object	clone() Creates and returns a copy of this object.
boolean	equals(Object obj) Indicates whether some other object is "equal to" this one.
void	finalize() Called by the garbage collector on an object when garbage collection determines that there are no more references to the object.
final Class<?>	getClass() Returns the runtime class of this `Object`.
int	hashCode() Returns a hash code value for the object.
final void	notify() Wakes up a single thread that is waiting on this object's monitor.
final void	notifyAll() Wakes up all threads that are waiting on this object's monitor.
String	toString() Returns a string representation of the object.
final void	wait() Causes the current thread to wait until another thread invokes the `notify()` method or the `notifyAll()` method for this object.
final void	wait(long timeout, int nanos) Causes the current thread to wait until another thread invokes the `notify()` method or the `notifyAll()` method for this object, or some other thread interrupts the current thread, or a certain amount of real time has elapsed.
final void	wait(long timeout) Causes the current thread to wait until either another thread invokes the `notify()` method or the `notifyAll()` method for this object, or a specified amount of time has elapsed.

Constants

public static final int VERSION_3

Constant Value: 3 (0x00000003)

Public Constructors

public PKCS12KeyStore ()

Public Methods

public Enumeration<String> engineAliases ()

Lists all the alias names of this keystore.

Returns

enumeration of the alias names

public boolean engineContainsAlias (String alias)

Checks if the given alias exists in this keystore.

Parameters

alias	the alias name

Returns

true if the alias exists, false otherwise

public synchronized void engineDeleteEntry (String alias)

Deletes the entry identified by the given alias from this keystore.

Parameters

alias	the alias name

Throws

KeyStoreException	if the entry cannot be removed.

public Certificate engineGetCertificate (String alias)

Returns the certificate associated with the given alias.

If the given alias name identifies a trusted certificate entry, the certificate associated with that entry is returned. If the given alias name identifies a key entry, the first element of the certificate chain of that entry is returned, or null if that entry does not have a certificate chain.

Parameters

alias	the alias name

Returns

the certificate, or null if the given alias does not exist or does not contain a certificate.

public String engineGetCertificateAlias (Certificate cert)

Returns the (alias) name of the first keystore entry whose certificate matches the given certificate.

This method attempts to match the given certificate with each keystore entry. If the entry being considered is a trusted certificate entry, the given certificate is compared to that entry's certificate. If the entry being considered is a key entry, the given certificate is compared to the first element of that entry's certificate chain (if a chain exists).

Parameters

cert	the certificate to match with.

Returns

the (alias) name of the first entry with matching certificate, or null if no such entry exists in this keystore.

public Certificate[] engineGetCertificateChain (String alias)

Returns the certificate chain associated with the given alias.

Parameters

alias	the alias name

Returns

the certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the given alias does not exist or does not contain a certificate chain (i.e., the given alias identifies either a trusted certificate entry or a key entry without a certificate chain).

public Date engineGetCreationDate (String alias)

Returns the creation date of the entry identified by the given alias.

Parameters

alias	the alias name

Returns

the creation date of this entry, or null if the given alias does not exist

public Key engineGetKey (String alias, char[] password)

Returns the key associated with the given alias, using the given password to recover it.

Parameters

alias	the alias name
password	the password for recovering the key

Returns

the requested key, or null if the given alias does not exist or does not identify a key entry.

Throws

NoSuchAlgorithmException	if the algorithm for recovering the key cannot be found
UnrecoverableKeyException	if the key cannot be recovered (e.g., the given password is wrong).

public boolean engineIsCertificateEntry (String alias)

Returns true if the entry identified by the given alias is a trusted certificate entry, and false otherwise.

Parameters

alias	the alias for the keystore entry to be checked

Returns

true if the entry identified by the given alias is a trusted certificate entry, false otherwise.

public boolean engineIsKeyEntry (String alias)

Returns true if the entry identified by the given alias is a key entry, and false otherwise.

Parameters

alias	the alias for the keystore entry to be checked

Returns

true if the entry identified by the given alias is a key entry, false otherwise.

public synchronized void engineLoad (InputStream stream, char[] password)

Loads the keystore from the given input stream.

If a password is given, it is used to check the integrity of the keystore data. Otherwise, the integrity of the keystore is not checked.

Parameters

stream	the input stream from which the keystore is loaded
password	the (optional) password used to check the integrity of the keystore.

Throws

IOException	if there is an I/O or format problem with the keystore data
NoSuchAlgorithmException	if the algorithm used to check the integrity of the keystore cannot be found
CertificateException	if any of the certificates in the keystore could not be loaded

public synchronized void engineSetCertificateEntry (String alias, Certificate cert)

Assigns the given certificate to the given alias.

If the given alias already exists in this keystore and identifies a trusted certificate entry, the certificate associated with it is overridden by the given certificate.

Parameters

alias	the alias name
cert	the certificate

Throws

KeyStoreException	if the given alias already exists and does identify a key entry, or on an attempt to create a trusted cert entry which is currently not supported.

public synchronized void engineSetKeyEntry (String alias, Key key, char[] password, Certificate[] chain)

Assigns the given key to the given alias, protecting it with the given password.

If the given key is of type java.security.PrivateKey, it must be accompanied by a certificate chain certifying the corresponding public key.

If the given alias already exists, the keystore information associated with it is overridden by the given key (and possibly certificate chain).

Parameters

alias	the alias name
key	the key to be associated with the alias
password	the password to protect the key
chain	the certificate chain for the corresponding public key (only required if the given key is of type `java.security.PrivateKey`).

Throws

KeyStoreException	if the given key cannot be protected, or this operation fails for some other reason

public synchronized void engineSetKeyEntry (String alias, byte[] key, Certificate[] chain)

Assigns the given key (that has already been protected) to the given alias.

If the protected key is of type java.security.PrivateKey, it must be accompanied by a certificate chain certifying the corresponding public key. If the underlying keystore implementation is of type jks, key must be encoded as an EncryptedPrivateKeyInfo as defined in the PKCS #8 standard.

If the given alias already exists, the keystore information associated with it is overridden by the given key (and possibly certificate chain).

Parameters

alias	the alias name
key	the key (in protected format) to be associated with the alias
chain	the certificate chain for the corresponding public key (only useful if the protected key is of type `java.security.PrivateKey`).

Throws

KeyStoreException	if this operation fails.

public int engineSize ()

Retrieves the number of entries in this keystore.

Returns

the number of entries in this keystore

public synchronized void engineStore (OutputStream stream, char[] password)

Stores this keystore to the given output stream, and protects its integrity with the given password.

Parameters

stream	the output stream to which this keystore is written.
password	the password to generate the keystore integrity check

Throws

IOException	if there was an I/O problem with data
NoSuchAlgorithmException	if the appropriate data integrity algorithm could not be found
CertificateException	if any of the certificates included in the keystore data could not be stored

Classes

PKCS12KeyStore

Class Overview

See Also

Summary

Constants

public static final int VERSION_3

Public Constructors

public PKCS12KeyStore ()

Public Methods

public Enumeration<String> engineAliases ()

Returns

public boolean engineContainsAlias (String alias)

Parameters

Returns

public synchronized void engineDeleteEntry (String alias)

Parameters

Throws

public Certificate engineGetCertificate (String alias)

Parameters

Returns

public String engineGetCertificateAlias (Certificate cert)

Parameters

Returns

public Certificate[] engineGetCertificateChain (String alias)

Parameters

Returns

public Date engineGetCreationDate (String alias)

Parameters

Returns

public Key engineGetKey (String alias, char[] password)

Parameters

Returns

Throws

public boolean engineIsCertificateEntry (String alias)

Parameters

Returns

public boolean engineIsKeyEntry (String alias)

Parameters

Returns

public synchronized void engineLoad (InputStream stream, char[] password)

Parameters

Throws

public synchronized void engineSetCertificateEntry (String alias, Certificate cert)

Parameters

Throws

public synchronized void engineSetKeyEntry (String alias, Key key, char[] password, Certificate[] chain)

Parameters

Throws

public synchronized void engineSetKeyEntry (String alias, byte[] key, Certificate[] chain)

Parameters

Throws

public int engineSize ()

Returns

public synchronized void engineStore (OutputStream stream, char[] password)

Parameters

Throws