462 return null;
463 }
464
465 if (protParam == null) {
466 if (engineIsCertificateEntry(alias)) {
467 return new KeyStore.TrustedCertificateEntry
468 (engineGetCertificate(alias));
469 } else {
470 throw new UnrecoverableKeyException
471 ("requested entry requires a password");
472 }
473 }
474
475 if (protParam instanceof KeyStore.PasswordProtection) {
476 if (engineIsCertificateEntry(alias)) {
477 throw new UnsupportedOperationException
478 ("trusted certificate entries are not password-protected");
479 } else if (engineIsKeyEntry(alias)) {
480 KeyStore.PasswordProtection pp =
481 (KeyStore.PasswordProtection)protParam;
482 char[] password = pp.getPassword();
483
484 Key key = engineGetKey(alias, password);
485 if (key instanceof PrivateKey) {
486 Certificate[] chain = engineGetCertificateChain(alias);
487 return new KeyStore.PrivateKeyEntry((PrivateKey)key, chain);
488 } else if (key instanceof SecretKey) {
489 return new KeyStore.SecretKeyEntry((SecretKey)key);
490 }
491 }
492 }
493
494 throw new UnsupportedOperationException();
495 }
496
497 /**
498 * Saves a {@code KeyStore.Entry} under the specified alias.
499 * The specified protection parameter is used to protect the
500 * {@code Entry}.
501 *
507 * @param protParam the {@code ProtectionParameter}
508 * used to protect the {@code Entry},
509 * which may be {@code null}
510 *
511 * @exception KeyStoreException if this operation fails
512 *
513 * @since 1.5
514 */
515 public void engineSetEntry(String alias, KeyStore.Entry entry,
516 KeyStore.ProtectionParameter protParam)
517 throws KeyStoreException {
518
519 // get password
520 if (protParam != null &&
521 !(protParam instanceof KeyStore.PasswordProtection)) {
522 throw new KeyStoreException("unsupported protection parameter");
523 }
524 KeyStore.PasswordProtection pProtect = null;
525 if (protParam != null) {
526 pProtect = (KeyStore.PasswordProtection)protParam;
527 }
528
529 // set entry
530 if (entry instanceof KeyStore.TrustedCertificateEntry) {
531 if (protParam != null && pProtect.getPassword() != null) {
532 // pre-1.5 style setCertificateEntry did not allow password
533 throw new KeyStoreException
534 ("trusted certificate entries are not password-protected");
535 } else {
536 KeyStore.TrustedCertificateEntry tce =
537 (KeyStore.TrustedCertificateEntry)entry;
538 engineSetCertificateEntry(alias, tce.getTrustedCertificate());
539 return;
540 }
541 } else if (entry instanceof KeyStore.PrivateKeyEntry) {
542 if (pProtect == null || pProtect.getPassword() == null) {
543 // pre-1.5 style setKeyEntry required password
544 throw new KeyStoreException
545 ("non-null password required to create PrivateKeyEntry");
546 } else {
547 engineSetKeyEntry
|
462 return null;
463 }
464
465 if (protParam == null) {
466 if (engineIsCertificateEntry(alias)) {
467 return new KeyStore.TrustedCertificateEntry
468 (engineGetCertificate(alias));
469 } else {
470 throw new UnrecoverableKeyException
471 ("requested entry requires a password");
472 }
473 }
474
475 if (protParam instanceof KeyStore.PasswordProtection) {
476 if (engineIsCertificateEntry(alias)) {
477 throw new UnsupportedOperationException
478 ("trusted certificate entries are not password-protected");
479 } else if (engineIsKeyEntry(alias)) {
480 KeyStore.PasswordProtection pp =
481 (KeyStore.PasswordProtection)protParam;
482 if (pp.getProtectionAlgorithm() != null) {
483 throw new KeyStoreException(
484 "unsupported password protection algorithm");
485 }
486 char[] password = pp.getPassword();
487
488 Key key = engineGetKey(alias, password);
489 if (key instanceof PrivateKey) {
490 Certificate[] chain = engineGetCertificateChain(alias);
491 return new KeyStore.PrivateKeyEntry((PrivateKey)key, chain);
492 } else if (key instanceof SecretKey) {
493 return new KeyStore.SecretKeyEntry((SecretKey)key);
494 }
495 }
496 }
497
498 throw new UnsupportedOperationException();
499 }
500
501 /**
502 * Saves a {@code KeyStore.Entry} under the specified alias.
503 * The specified protection parameter is used to protect the
504 * {@code Entry}.
505 *
511 * @param protParam the {@code ProtectionParameter}
512 * used to protect the {@code Entry},
513 * which may be {@code null}
514 *
515 * @exception KeyStoreException if this operation fails
516 *
517 * @since 1.5
518 */
519 public void engineSetEntry(String alias, KeyStore.Entry entry,
520 KeyStore.ProtectionParameter protParam)
521 throws KeyStoreException {
522
523 // get password
524 if (protParam != null &&
525 !(protParam instanceof KeyStore.PasswordProtection)) {
526 throw new KeyStoreException("unsupported protection parameter");
527 }
528 KeyStore.PasswordProtection pProtect = null;
529 if (protParam != null) {
530 pProtect = (KeyStore.PasswordProtection)protParam;
531 if (pProtect.getProtectionAlgorithm() != null) {
532 throw new KeyStoreException(
533 "unsupported password protection algorithm");
534 }
535 }
536
537 // set entry
538 if (entry instanceof KeyStore.TrustedCertificateEntry) {
539 if (protParam != null && pProtect.getPassword() != null) {
540 // pre-1.5 style setCertificateEntry did not allow password
541 throw new KeyStoreException
542 ("trusted certificate entries are not password-protected");
543 } else {
544 KeyStore.TrustedCertificateEntry tce =
545 (KeyStore.TrustedCertificateEntry)entry;
546 engineSetCertificateEntry(alias, tce.getTrustedCertificate());
547 return;
548 }
549 } else if (entry instanceof KeyStore.PrivateKeyEntry) {
550 if (pProtect == null || pProtect.getPassword() == null) {
551 // pre-1.5 style setKeyEntry required password
552 throw new KeyStoreException
553 ("non-null password required to create PrivateKeyEntry");
554 } else {
555 engineSetKeyEntry
|