org.mozilla.jss.provider.java.security
Class JSSKeyStoreSpi
java.lang.Object
java.security.KeyStoreSpi
org.mozilla.jss.provider.java.security.JSSKeyStoreSpi
public class JSSKeyStoreSpi
- extends java.security.KeyStoreSpi
The JSS implementation of the JCA KeyStore SPI.
Implementation notes
- deleteEntry will delete all entries with that label. If the entry is a
cert with a matching private key, it will also delete the private key.
- getCertificate returns first cert with matching nickname. Converts it
into a java.security.cert.X509Certificate (not a JSS cert).
- getCertificateChain only returns a single certificate. That's because
we don't have a way to build a chain from a specific slot--only from
the set of all slots.
- getCreationDate is unsupported because NSS doesn't store that
information.
- getKey first looks for a private/symmetric key with the given label.
It returns the first one it finds. If it doesn't find one, it looks for a
cert with the given nickname. If it finds one, it returns the private key
for that cert.
- isCertificateEntry returns true if there is a cert with this nickname,
but it doesn't have a private key. isKeyEntry returns true if there is a key
with this nickname, or if there is a cert with this nickname and the cert
has an associated private key.
- load and store are no-ops.
- setCertificateEntry doesn't work.NSS doesn't have a way of storing a
certificate on a specific token unless it has an associated private key.
That rules out trusted certificate entries.
- setKeyEntry not supported yet. Need to convert a temporary key
into a permanent key.
|
Method Summary |
java.util.Enumeration |
engineAliases()
Returns a list of unique aliases. |
boolean |
engineContainsAlias(java.lang.String alias)
|
void |
engineDeleteEntry(java.lang.String alias)
|
java.security.cert.Certificate |
engineGetCertificate(java.lang.String alias)
|
java.lang.String |
engineGetCertificateAlias(java.security.cert.Certificate cert)
|
java.security.cert.Certificate[] |
engineGetCertificateChain(java.lang.String alias)
|
java.util.Date |
engineGetCreationDate(java.lang.String alias)
|
java.security.Key |
engineGetKey(java.lang.String alias,
char[] password)
|
java.lang.Object |
engineGetKeyNative(java.lang.String alias,
char[] password)
|
boolean |
engineIsCertificateEntry(java.lang.String alias)
Returns true if there is a cert with this nickname but there is no
key associated with the cert. |
boolean |
engineIsKeyEntry(java.lang.String alias)
Returns true if there is a key with this alias, or if
there is a cert with this alias that has an associated key. |
void |
engineLoad(java.io.InputStream stream,
char[] password)
|
void |
engineSetCertificateEntry(java.lang.String alias,
java.security.cert.Certificate cert)
NSS doesn't have a way of storing a certificate on a specific token
unless it has an associated private key. |
void |
engineSetKeyEntry(java.lang.String alias,
byte[] key,
java.security.cert.Certificate[] chain)
|
void |
engineSetKeyEntry(java.lang.String alias,
java.security.Key key,
char[] password,
java.security.cert.Certificate[] chain)
|
int |
engineSize()
|
void |
engineStore(java.io.OutputStream stream,
char[] password)
|
| Methods inherited from class java.security.KeyStoreSpi |
engineEntryInstanceOf, engineGetEntry, engineLoad, engineSetEntry, engineStore |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
proxy
protected TokenProxy proxy
JSSKeyStoreSpi
public JSSKeyStoreSpi()
engineAliases
public java.util.Enumeration engineAliases()
- Returns a list of unique aliases.
- Specified by:
engineAliases in class java.security.KeyStoreSpi
engineContainsAlias
public boolean engineContainsAlias(java.lang.String alias)
- Specified by:
engineContainsAlias in class java.security.KeyStoreSpi
engineDeleteEntry
public void engineDeleteEntry(java.lang.String alias)
- Specified by:
engineDeleteEntry in class java.security.KeyStoreSpi
engineGetCertificate
public java.security.cert.Certificate engineGetCertificate(java.lang.String alias)
- Specified by:
engineGetCertificate in class java.security.KeyStoreSpi
engineGetCertificateAlias
public java.lang.String engineGetCertificateAlias(java.security.cert.Certificate cert)
- Specified by:
engineGetCertificateAlias in class java.security.KeyStoreSpi
engineGetCertificateChain
public java.security.cert.Certificate[] engineGetCertificateChain(java.lang.String alias)
- Specified by:
engineGetCertificateChain in class java.security.KeyStoreSpi
engineGetCreationDate
public java.util.Date engineGetCreationDate(java.lang.String alias)
- Specified by:
engineGetCreationDate in class java.security.KeyStoreSpi
engineGetKey
public java.security.Key engineGetKey(java.lang.String alias,
char[] password)
- Specified by:
engineGetKey in class java.security.KeyStoreSpi
engineGetKeyNative
public java.lang.Object engineGetKeyNative(java.lang.String alias,
char[] password)
engineIsCertificateEntry
public boolean engineIsCertificateEntry(java.lang.String alias)
- Returns true if there is a cert with this nickname but there is no
key associated with the cert.
- Specified by:
engineIsCertificateEntry in class java.security.KeyStoreSpi
engineIsKeyEntry
public boolean engineIsKeyEntry(java.lang.String alias)
- Returns true if there is a key with this alias, or if
there is a cert with this alias that has an associated key.
- Specified by:
engineIsKeyEntry in class java.security.KeyStoreSpi
engineLoad
public void engineLoad(java.io.InputStream stream,
char[] password)
throws java.io.IOException
- Specified by:
engineLoad in class java.security.KeyStoreSpi
- Throws:
java.io.IOException
engineSetCertificateEntry
public void engineSetCertificateEntry(java.lang.String alias,
java.security.cert.Certificate cert)
throws java.security.KeyStoreException
- NSS doesn't have a way of storing a certificate on a specific token
unless it has an associated private key. That rules out
trusted certificate entries, so we can't supply this method currently.
- Specified by:
engineSetCertificateEntry in class java.security.KeyStoreSpi
- Throws:
java.security.KeyStoreException
engineSetKeyEntry
public void engineSetKeyEntry(java.lang.String alias,
byte[] key,
java.security.cert.Certificate[] chain)
throws java.security.KeyStoreException
- Specified by:
engineSetKeyEntry in class java.security.KeyStoreSpi
- Throws:
java.security.KeyStoreException
engineSetKeyEntry
public void engineSetKeyEntry(java.lang.String alias,
java.security.Key key,
char[] password,
java.security.cert.Certificate[] chain)
throws java.security.KeyStoreException
- Specified by:
engineSetKeyEntry in class java.security.KeyStoreSpi
- Throws:
java.security.KeyStoreException
engineSize
public int engineSize()
- Specified by:
engineSize in class java.security.KeyStoreSpi
engineStore
public void engineStore(java.io.OutputStream stream,
char[] password)
throws java.io.IOException
- Specified by:
engineStore in class java.security.KeyStoreSpi
- Throws:
java.io.IOException