public class KeyStore extends Object
This type of keystore entry store sensitive crytographic key information in a protected format.Typically this is a secret key or a private key with a certificate chain.
This type of keystore entry contains a single public key certificate belonging to annother entity. It is called trusted because the keystore owner trusts that the certificates belongs to the subject (owner) of the certificate.
Entries in a key store are referred to by their "alias": a simple unique string.
The structure and persistentence of the key store is not specified. Any method could be used to protect sensitive (private or secret) keys. Smart cards or integrated cryptographic engines could be used or the keystore could be simply stored in a file.
Certificate
,
Key
Modifier | Constructor and Description |
---|---|
protected |
KeyStore(KeyStoreSpi keyStoreSpi,
Provider provider,
String type)
Creates an instance of KeyStore
|
Modifier and Type | Method and Description |
---|---|
Enumeration<String> |
aliases()
Generates a list of all the aliases in the keystore.
|
boolean |
containsAlias(String alias)
Determines if the keystore contains the specified alias.
|
void |
deleteEntry(String alias)
Deletes the entry for the specified entry.
|
Certificate |
getCertificate(String alias)
Gets a Certificate for the specified alias.
|
String |
getCertificateAlias(Certificate cert)
Determines if the keystore contains the specified certificate
entry and returns the alias.
|
Certificate[] |
getCertificateChain(String alias)
Gets a Certificate chain for the specified alias.
|
Date |
getCreationDate(String alias)
Gets entry creation date for the specified alias.
|
static String |
getDefaultType()
Returns the default KeyStore type.
|
static KeyStore |
getInstance(String type)
Returns an instance of a
KeyStore representing the specified
type, from the first provider that implements it. |
static KeyStore |
getInstance(String type,
Provider provider)
Returns an instance of a
KeyStore representing the specified
type, from the specified provider. |
static KeyStore |
getInstance(String type,
String provider)
Returns an instance of a
KeyStore representing the specified
type, from the named provider. |
Key |
getKey(String alias,
char[] password)
Returns the key associated with given alias using the
supplied password.
|
Provider |
getProvider()
Gets the provider that the class is from.
|
String |
getType()
Returns the type of the KeyStore supported
|
boolean |
isCertificateEntry(String alias)
Determines if the keystore contains a certificate entry for
the specified alias.
|
boolean |
isKeyEntry(String alias)
Determines if the keystore contains a key entry for
the specified alias.
|
void |
load(InputStream stream,
char[] password)
Loads the keystore from the specified input stream and it
uses the specified password to check for integrity if supplied.
|
void |
setCertificateEntry(String alias,
Certificate cert)
Assign the certificate to the alias in the keystore.
|
void |
setKeyEntry(String alias,
byte[] key,
Certificate[] chain)
Assign the key to the alias in the keystore.
|
void |
setKeyEntry(String alias,
Key key,
char[] password,
Certificate[] chain)
Assign the key to the alias in the keystore, protecting it
with the given password.
|
int |
size()
Returns the number of entries in the keystore.
|
void |
store(OutputStream stream,
char[] password)
Stores the keystore in the specified output stream and it
uses the specified key it keep it secure.
|
protected KeyStore(KeyStoreSpi keyStoreSpi, Provider provider, String type)
keyStoreSpi
- A KeyStore engine to useprovider
- A provider to usetype
- The type of KeyStorepublic static KeyStore getInstance(String type) throws KeyStoreException
KeyStore
representing the specified
type, from the first provider that implements it.type
- the type of keystore to create.KeyStore
repesenting the desired type.KeyStoreException
- if the designated type of is not implemented by
any provider, or the implementation could not be instantiated.IllegalArgumentException
- if type
is
null
or is an empty string.public static KeyStore getInstance(String type, String provider) throws KeyStoreException, NoSuchProviderException
KeyStore
representing the specified
type, from the named provider.type
- the type of keystore to create.provider
- the name of the provider to use.KeyStore
repesenting the desired type.KeyStoreException
- if the designated type is not implemented by the
given provider.NoSuchProviderException
- if the provider is not found.IllegalArgumentException
- if either type
or
provider
is null
or empty.public static KeyStore getInstance(String type, Provider provider) throws KeyStoreException
KeyStore
representing the specified
type, from the specified provider.type
- the type of keystore to create.provider
- the provider to use.KeyStore
repesenting the desired type.KeyStoreException
- if the designated type is not implemented by the
given provider.IllegalArgumentException
- if either type
or
provider
is null
, or if
type
is an empty string.public static final String getDefaultType()
public final Provider getProvider()
public final String getType()
public final Key getKey(String alias, char[] password) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException
alias
- an alias for the key to getpassword
- password to access key withNoSuchAlgorithmException
- if there is no algorithm
for recovering the keyUnrecoverableKeyException
- key cannot be reocovered
(wrong password).KeyStoreException
public final Certificate[] getCertificateChain(String alias) throws KeyStoreException
alias
- the alias nameKeyStoreException
public final Certificate getCertificate(String alias) throws KeyStoreException
alias
- the alias nameKeyStoreException
public final Date getCreationDate(String alias) throws KeyStoreException
alias
- the alias nameKeyStoreException
public final void setKeyEntry(String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException
alias
- the alias namekey
- the key to addchain
- the certificate chain for the corresponding
public keyKeyStoreException
- if it failspublic final void setKeyEntry(String alias, byte[] key, Certificate[] chain) throws KeyStoreException
alias
- the alias namekey
- the key to addchain
- the certificate chain for the corresponding
public keyKeyStoreException
- if it failspublic final void setCertificateEntry(String alias, Certificate cert) throws KeyStoreException
alias
- the alias namecert
- the certificate to addKeyStoreException
- if it failspublic final void deleteEntry(String alias) throws KeyStoreException
alias
- the alias nameKeyStoreException
- if it failspublic final Enumeration<String> aliases() throws KeyStoreException
KeyStoreException
public final boolean containsAlias(String alias) throws KeyStoreException
alias
- the alias nameKeyStoreException
public final int size() throws KeyStoreException
KeyStoreException
public final boolean isKeyEntry(String alias) throws KeyStoreException
alias
- the alias nameKeyStoreException
public final boolean isCertificateEntry(String alias) throws KeyStoreException
alias
- the alias nameKeyStoreException
public final String getCertificateAlias(Certificate cert) throws KeyStoreException
cert
- Certificate to look forKeyStoreException
public final void store(OutputStream stream, char[] password) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException
stream
- the output stream to save the keystore topassword
- the password to protect the keystore integrity withIOException
- if an I/O error occurs.NoSuchAlgorithmException
- the data integrity algorithm
used cannot be found.CertificateException
- if any certificates could not be
stored in the output stream.KeyStoreException
public final void load(InputStream stream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException
stream
- the input stream to load the keystore frompassword
- the password to check the keystore integrity withIOException
- if an I/O error occurs.NoSuchAlgorithmException
- the data integrity algorithm
used cannot be found.CertificateException
- if any certificates could not be
stored in the output stream.