462 return null; 463 } 464 465 if (protParam == null) { 466 if (engineIsCertificateEntry(alias)) { 467 return new KeyStore.TrustedCertificateEntry 468 (engineGetCertificate(alias)); 469 } else { 470 throw new UnrecoverableKeyException 471 ("requested entry requires a password"); 472 } 473 } 474 475 if (protParam instanceof KeyStore.PasswordProtection) { 476 if (engineIsCertificateEntry(alias)) { 477 throw new UnsupportedOperationException 478 ("trusted certificate entries are not password-protected"); 479 } else if (engineIsKeyEntry(alias)) { 480 KeyStore.PasswordProtection pp = 481 (KeyStore.PasswordProtection)protParam; 482 char[] password = pp.getPassword(); 483 484 Key key = engineGetKey(alias, password); 485 if (key instanceof PrivateKey) { 486 Certificate[] chain = engineGetCertificateChain(alias); 487 return new KeyStore.PrivateKeyEntry((PrivateKey)key, chain); 488 } else if (key instanceof SecretKey) { 489 return new KeyStore.SecretKeyEntry((SecretKey)key); 490 } 491 } 492 } 493 494 throw new UnsupportedOperationException(); 495 } 496 497 /** 498 * Saves a {@code KeyStore.Entry} under the specified alias. 499 * The specified protection parameter is used to protect the 500 * {@code Entry}. 501 * 507 * @param protParam the {@code ProtectionParameter} 508 * used to protect the {@code Entry}, 509 * which may be {@code null} 510 * 511 * @exception KeyStoreException if this operation fails 512 * 513 * @since 1.5 514 */ 515 public void engineSetEntry(String alias, KeyStore.Entry entry, 516 KeyStore.ProtectionParameter protParam) 517 throws KeyStoreException { 518 519 // get password 520 if (protParam != null && 521 !(protParam instanceof KeyStore.PasswordProtection)) { 522 throw new KeyStoreException("unsupported protection parameter"); 523 } 524 KeyStore.PasswordProtection pProtect = null; 525 if (protParam != null) { 526 pProtect = (KeyStore.PasswordProtection)protParam; 527 } 528 529 // set entry 530 if (entry instanceof KeyStore.TrustedCertificateEntry) { 531 if (protParam != null && pProtect.getPassword() != null) { 532 // pre-1.5 style setCertificateEntry did not allow password 533 throw new KeyStoreException 534 ("trusted certificate entries are not password-protected"); 535 } else { 536 KeyStore.TrustedCertificateEntry tce = 537 (KeyStore.TrustedCertificateEntry)entry; 538 engineSetCertificateEntry(alias, tce.getTrustedCertificate()); 539 return; 540 } 541 } else if (entry instanceof KeyStore.PrivateKeyEntry) { 542 if (pProtect == null || pProtect.getPassword() == null) { 543 // pre-1.5 style setKeyEntry required password 544 throw new KeyStoreException 545 ("non-null password required to create PrivateKeyEntry"); 546 } else { 547 engineSetKeyEntry | 462 return null; 463 } 464 465 if (protParam == null) { 466 if (engineIsCertificateEntry(alias)) { 467 return new KeyStore.TrustedCertificateEntry 468 (engineGetCertificate(alias)); 469 } else { 470 throw new UnrecoverableKeyException 471 ("requested entry requires a password"); 472 } 473 } 474 475 if (protParam instanceof KeyStore.PasswordProtection) { 476 if (engineIsCertificateEntry(alias)) { 477 throw new UnsupportedOperationException 478 ("trusted certificate entries are not password-protected"); 479 } else if (engineIsKeyEntry(alias)) { 480 KeyStore.PasswordProtection pp = 481 (KeyStore.PasswordProtection)protParam; 482 if (pp.getProtectionAlgorithm() != null) { 483 throw new KeyStoreException( 484 "unsupported password protection algorithm"); 485 } 486 char[] password = pp.getPassword(); 487 488 Key key = engineGetKey(alias, password); 489 if (key instanceof PrivateKey) { 490 Certificate[] chain = engineGetCertificateChain(alias); 491 return new KeyStore.PrivateKeyEntry((PrivateKey)key, chain); 492 } else if (key instanceof SecretKey) { 493 return new KeyStore.SecretKeyEntry((SecretKey)key); 494 } 495 } 496 } 497 498 throw new UnsupportedOperationException(); 499 } 500 501 /** 502 * Saves a {@code KeyStore.Entry} under the specified alias. 503 * The specified protection parameter is used to protect the 504 * {@code Entry}. 505 * 511 * @param protParam the {@code ProtectionParameter} 512 * used to protect the {@code Entry}, 513 * which may be {@code null} 514 * 515 * @exception KeyStoreException if this operation fails 516 * 517 * @since 1.5 518 */ 519 public void engineSetEntry(String alias, KeyStore.Entry entry, 520 KeyStore.ProtectionParameter protParam) 521 throws KeyStoreException { 522 523 // get password 524 if (protParam != null && 525 !(protParam instanceof KeyStore.PasswordProtection)) { 526 throw new KeyStoreException("unsupported protection parameter"); 527 } 528 KeyStore.PasswordProtection pProtect = null; 529 if (protParam != null) { 530 pProtect = (KeyStore.PasswordProtection)protParam; 531 if (pProtect.getProtectionAlgorithm() != null) { 532 throw new KeyStoreException( 533 "unsupported password protection algorithm"); 534 } 535 } 536 537 // set entry 538 if (entry instanceof KeyStore.TrustedCertificateEntry) { 539 if (protParam != null && pProtect.getPassword() != null) { 540 // pre-1.5 style setCertificateEntry did not allow password 541 throw new KeyStoreException 542 ("trusted certificate entries are not password-protected"); 543 } else { 544 KeyStore.TrustedCertificateEntry tce = 545 (KeyStore.TrustedCertificateEntry)entry; 546 engineSetCertificateEntry(alias, tce.getTrustedCertificate()); 547 return; 548 } 549 } else if (entry instanceof KeyStore.PrivateKeyEntry) { 550 if (pProtect == null || pProtect.getPassword() == null) { 551 // pre-1.5 style setKeyEntry required password 552 throw new KeyStoreException 553 ("non-null password required to create PrivateKeyEntry"); 554 } else { 555 engineSetKeyEntry |