1 /*
2 * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
49 * @see KeyStore
50 *
51 * @since 1.2
52 */
53
54 public abstract class KeyStoreSpi {
55
56 /**
57 * Returns the key associated with the given alias, using the given
58 * password to recover it. The key must have been associated with
59 * the alias by a call to {@code setKeyEntry},
60 * or by a call to {@code setEntry} with a
61 * {@code PrivateKeyEntry} or {@code SecretKeyEntry}.
62 *
63 * @param alias the alias name
64 * @param password the password for recovering the key
65 *
66 * @return the requested key, or null if the given alias does not exist
67 * or does not identify a key-related entry.
68 *
69 * @exception NoSuchAlgorithmException if the algorithm for recovering the
70 * key cannot be found
71 * @exception UnrecoverableKeyException if the key cannot be recovered
72 * (e.g., the given password is wrong).
73 */
74 public abstract Key engineGetKey(String alias, char[] password)
75 throws NoSuchAlgorithmException, UnrecoverableKeyException;
76
77 /**
78 * Returns the certificate chain associated with the given alias.
79 * The certificate chain must have been associated with the alias
80 * by a call to {@code setKeyEntry},
81 * or by a call to {@code setEntry} with a
82 * {@code PrivateKeyEntry}.
83 *
84 * @param alias the alias name
85 *
86 * @return the certificate chain (ordered with the user's certificate first
87 * and the root certificate authority last), or null if the given alias
88 * does not exist or does not contain a certificate chain
89 */
90 public abstract Certificate[] engineGetCertificateChain(String alias);
91
124
125 /**
126 * Assigns the given key to the given alias, protecting it with the given
127 * password.
128 *
129 * <p>If the given key is of type {@code java.security.PrivateKey},
130 * it must be accompanied by a certificate chain certifying the
131 * corresponding public key.
132 *
133 * <p>If the given alias already exists, the keystore information
134 * associated with it is overridden by the given key (and possibly
135 * certificate chain).
136 *
137 * @param alias the alias name
138 * @param key the key to be associated with the alias
139 * @param password the password to protect the key
140 * @param chain the certificate chain for the corresponding public
141 * key (only required if the given key is of type
142 * {@code java.security.PrivateKey}).
143 *
144 * @exception KeyStoreException if the given key cannot be protected, or
145 * this operation fails for some other reason
146 */
147 public abstract void engineSetKeyEntry(String alias, Key key,
148 char[] password,
149 Certificate[] chain)
150 throws KeyStoreException;
151
152 /**
153 * Assigns the given key (that has already been protected) to the given
154 * alias.
155 *
156 * <p>If the protected key is of type
157 * {@code java.security.PrivateKey},
158 * it must be accompanied by a certificate chain certifying the
159 * corresponding public key.
160 *
161 * <p>If the given alias already exists, the keystore information
162 * associated with it is overridden by the given key (and possibly
163 * certificate chain).
164 *
165 * @param alias the alias name
166 * @param key the key (in protected format) to be associated with the alias
167 * @param chain the certificate chain for the corresponding public
168 * key (only useful if the protected key is of type
169 * {@code java.security.PrivateKey}).
170 *
171 * @exception KeyStoreException if this operation fails.
172 */
173 public abstract void engineSetKeyEntry(String alias, byte[] key,
174 Certificate[] chain)
175 throws KeyStoreException;
176
177 /**
178 * Assigns the given certificate to the given alias.
179 *
180 * <p> If the given alias identifies an existing entry
181 * created by a call to {@code setCertificateEntry},
182 * or created by a call to {@code setEntry} with a
183 * {@code TrustedCertificateEntry},
184 * the trusted certificate in the existing entry
185 * is overridden by the given certificate.
186 *
187 * @param alias the alias name
188 * @param cert the certificate
189 *
190 * @exception KeyStoreException if the given alias already exists and does
191 * not identify an entry containing a trusted certificate,
192 * or this operation fails for some other reason.
193 */
194 public abstract void engineSetCertificateEntry(String alias,
195 Certificate cert)
196 throws KeyStoreException;
197
198 /**
199 * Deletes the entry identified by the given alias from this keystore.
200 *
201 * @param alias the alias name
202 *
203 * @exception KeyStoreException if the entry cannot be removed.
204 */
205 public abstract void engineDeleteEntry(String alias)
206 throws KeyStoreException;
207
208 /**
209 * Lists all the alias names of this keystore.
210 *
211 * @return enumeration of the alias names
212 */
213 public abstract Enumeration<String> engineAliases();
214
215 /**
216 * Checks if the given alias exists in this keystore.
217 *
218 * @param alias the alias name
219 *
220 * @return true if the alias exists, false otherwise
221 */
222 public abstract boolean engineContainsAlias(String alias);
223
269 * created by a call to {@code setKeyEntry},
270 * or created by a call to {@code setEntry} with a
271 * {@code PrivateKeyEntry},
272 * then the given certificate is compared to the first
273 * element of that entry's certificate chain.
274 *
275 * @param cert the certificate to match with.
276 *
277 * @return the alias name of the first entry with matching certificate,
278 * or null if no such entry exists in this keystore.
279 */
280 public abstract String engineGetCertificateAlias(Certificate cert);
281
282 /**
283 * Stores this keystore to the given output stream, and protects its
284 * integrity with the given password.
285 *
286 * @param stream the output stream to which this keystore is written.
287 * @param password the password to generate the keystore integrity check
288 *
289 * @exception IOException if there was an I/O problem with data
290 * @exception NoSuchAlgorithmException if the appropriate data integrity
291 * algorithm could not be found
292 * @exception CertificateException if any of the certificates included in
293 * the keystore data could not be stored
294 */
295 public abstract void engineStore(OutputStream stream, char[] password)
296 throws IOException, NoSuchAlgorithmException, CertificateException;
297
298 /**
299 * Stores this keystore using the given
300 * {@code KeyStore.LoadStoreParmeter}.
301 *
302 * @param param the {@code KeyStore.LoadStoreParmeter}
303 * that specifies how to store the keystore,
304 * which may be {@code null}
305 *
306 * @exception IllegalArgumentException if the given
307 * {@code KeyStore.LoadStoreParmeter}
308 * input is not recognized
309 * @exception IOException if there was an I/O problem with data
310 * @exception NoSuchAlgorithmException if the appropriate data integrity
311 * algorithm could not be found
312 * @exception CertificateException if any of the certificates included in
313 * the keystore data could not be stored
314 *
315 * @since 1.5
316 */
317 public void engineStore(KeyStore.LoadStoreParameter param)
318 throws IOException, NoSuchAlgorithmException,
319 CertificateException {
320 throw new UnsupportedOperationException();
321 }
322
323 /**
324 * Loads the keystore from the given input stream.
325 *
326 * <p>A password may be given to unlock the keystore
327 * (e.g. the keystore resides on a hardware token device),
328 * or to check the integrity of the keystore data.
329 * If a password is not given for integrity checking,
330 * then integrity checking is not performed.
331 *
332 * @param stream the input stream from which the keystore is loaded,
333 * or {@code null}
334 * @param password the password used to check the integrity of
335 * the keystore, the password used to unlock the keystore,
336 * or {@code null}
337 *
338 * @exception IOException if there is an I/O or format problem with the
339 * keystore data, if a password is required but not given,
340 * or if the given password was incorrect. If the error is due to a
341 * wrong password, the {@link Throwable#getCause cause} of the
342 * {@code IOException} should be an
343 * {@code UnrecoverableKeyException}
344 * @exception NoSuchAlgorithmException if the algorithm used to check
345 * the integrity of the keystore cannot be found
346 * @exception CertificateException if any of the certificates in the
347 * keystore could not be loaded
348 */
349 public abstract void engineLoad(InputStream stream, char[] password)
350 throws IOException, NoSuchAlgorithmException, CertificateException;
351
352 /**
353 * Loads the keystore using the given
354 * {@code KeyStore.LoadStoreParameter}.
355 *
356 * <p> Note that if this KeyStore has already been loaded, it is
357 * reinitialized and loaded again from the given parameter.
358 *
359 * @param param the {@code KeyStore.LoadStoreParameter}
360 * that specifies how to load the keystore,
361 * which may be {@code null}
362 *
363 * @implSpec
364 * The default implementation examines {@code KeyStore.LoadStoreParameter}
365 * to extract its password and pass it to
366 * {@link KeyStoreSpi#engineLoad(InputStream, char[])} along with a
367 * {@code null} {@code InputStream}.
368 * <p>
369 * If {@code KeyStore.LoadStoreParameter} is {@code null} then
370 * the password parameter will also be {@code null}.
371 * Otherwise the {@code KeyStore.ProtectionParameter} of
372 * {@code KeyStore.LoadStoreParameter} must be either a
373 * {@code KeyStore.PasswordProtection} or a
374 * {@code KeyStore.CallbackHandlerProtection} that supports
375 * {@code PasswordCallback} so that the password parameter can be
376 * extracted. If the {@code KeyStore.ProtectionParameter} is neither
377 * of those classes then a {@code NoSuchAlgorithmException} is thrown.
378 *
379 * @exception IllegalArgumentException if the given
380 * {@code KeyStore.LoadStoreParameter}
381 * input is not recognized
382 * @exception IOException if there is an I/O or format problem with the
383 * keystore data. If the error is due to an incorrect
384 * {@code ProtectionParameter} (e.g. wrong password)
385 * the {@link Throwable#getCause cause} of the
386 * {@code IOException} should be an
387 * {@code UnrecoverableKeyException}
388 * @exception NoSuchAlgorithmException if the algorithm used to check
389 * the integrity of the keystore cannot be found
390 * @exception CertificateException if any of the certificates in the
391 * keystore could not be loaded
392 *
393 * @since 1.5
394 */
395 public void engineLoad(KeyStore.LoadStoreParameter param)
396 throws IOException, NoSuchAlgorithmException,
397 CertificateException {
398 engineLoad(null, param);
399 }
400
401 void engineLoad(InputStream stream, KeyStore.LoadStoreParameter param)
402 throws IOException, NoSuchAlgorithmException,
403 CertificateException {
404
405 if (param == null) {
406 engineLoad((InputStream)null, (char[])null);
407 return;
408 }
409
410 ProtectionParameter protection = param.getProtectionParameter();
430 } else {
431 throw new NoSuchAlgorithmException("ProtectionParameter must"
432 + " be PasswordProtection or CallbackHandlerProtection");
433 }
434 engineLoad(stream, password);
435 return;
436 }
437
438 /**
439 * Gets a {@code KeyStore.Entry} for the specified alias
440 * with the specified protection parameter.
441 *
442 * @param alias get the {@code KeyStore.Entry} for this alias
443 * @param protParam the {@code ProtectionParameter}
444 * used to protect the {@code Entry},
445 * which may be {@code null}
446 *
447 * @return the {@code KeyStore.Entry} for the specified alias,
448 * or {@code null} if there is no such entry
449 *
450 * @exception KeyStoreException if the operation failed
451 * @exception NoSuchAlgorithmException if the algorithm for recovering the
452 * entry cannot be found
453 * @exception UnrecoverableEntryException if the specified
454 * {@code protParam} were insufficient or invalid
455 * @exception UnrecoverableKeyException if the entry is a
456 * {@code PrivateKeyEntry} or {@code SecretKeyEntry}
457 * and the specified {@code protParam} does not contain
458 * the information needed to recover the key (e.g. wrong password)
459 *
460 * @since 1.5
461 */
462 public KeyStore.Entry engineGetEntry(String alias,
463 KeyStore.ProtectionParameter protParam)
464 throws KeyStoreException, NoSuchAlgorithmException,
465 UnrecoverableEntryException {
466
467 if (!engineContainsAlias(alias)) {
468 return null;
469 }
470
471 if (protParam == null) {
472 if (engineIsCertificateEntry(alias)) {
473 return new KeyStore.TrustedCertificateEntry
474 (engineGetCertificate(alias));
475 } else {
501 }
502 }
503
504 throw new UnsupportedOperationException();
505 }
506
507 /**
508 * Saves a {@code KeyStore.Entry} under the specified alias.
509 * The specified protection parameter is used to protect the
510 * {@code Entry}.
511 *
512 * <p> If an entry already exists for the specified alias,
513 * it is overridden.
514 *
515 * @param alias save the {@code KeyStore.Entry} under this alias
516 * @param entry the {@code Entry} to save
517 * @param protParam the {@code ProtectionParameter}
518 * used to protect the {@code Entry},
519 * which may be {@code null}
520 *
521 * @exception KeyStoreException if this operation fails
522 *
523 * @since 1.5
524 */
525 public void engineSetEntry(String alias, KeyStore.Entry entry,
526 KeyStore.ProtectionParameter protParam)
527 throws KeyStoreException {
528
529 // get password
530 if (protParam != null &&
531 !(protParam instanceof KeyStore.PasswordProtection)) {
532 throw new KeyStoreException("unsupported protection parameter");
533 }
534 KeyStore.PasswordProtection pProtect = null;
535 if (protParam != null) {
536 pProtect = (KeyStore.PasswordProtection)protParam;
537 if (pProtect.getProtectionAlgorithm() != null) {
538 throw new KeyStoreException(
539 "unsupported password protection algorithm");
540 }
541 }
|
1 /*
2 * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
49 * @see KeyStore
50 *
51 * @since 1.2
52 */
53
54 public abstract class KeyStoreSpi {
55
56 /**
57 * Returns the key associated with the given alias, using the given
58 * password to recover it. The key must have been associated with
59 * the alias by a call to {@code setKeyEntry},
60 * or by a call to {@code setEntry} with a
61 * {@code PrivateKeyEntry} or {@code SecretKeyEntry}.
62 *
63 * @param alias the alias name
64 * @param password the password for recovering the key
65 *
66 * @return the requested key, or null if the given alias does not exist
67 * or does not identify a key-related entry.
68 *
69 * @throws NoSuchAlgorithmException if the algorithm for recovering the
70 * key cannot be found
71 * @throws UnrecoverableKeyException if the key cannot be recovered
72 * (e.g., the given password is wrong).
73 */
74 public abstract Key engineGetKey(String alias, char[] password)
75 throws NoSuchAlgorithmException, UnrecoverableKeyException;
76
77 /**
78 * Returns the certificate chain associated with the given alias.
79 * The certificate chain must have been associated with the alias
80 * by a call to {@code setKeyEntry},
81 * or by a call to {@code setEntry} with a
82 * {@code PrivateKeyEntry}.
83 *
84 * @param alias the alias name
85 *
86 * @return the certificate chain (ordered with the user's certificate first
87 * and the root certificate authority last), or null if the given alias
88 * does not exist or does not contain a certificate chain
89 */
90 public abstract Certificate[] engineGetCertificateChain(String alias);
91
124
125 /**
126 * Assigns the given key to the given alias, protecting it with the given
127 * password.
128 *
129 * <p>If the given key is of type {@code java.security.PrivateKey},
130 * it must be accompanied by a certificate chain certifying the
131 * corresponding public key.
132 *
133 * <p>If the given alias already exists, the keystore information
134 * associated with it is overridden by the given key (and possibly
135 * certificate chain).
136 *
137 * @param alias the alias name
138 * @param key the key to be associated with the alias
139 * @param password the password to protect the key
140 * @param chain the certificate chain for the corresponding public
141 * key (only required if the given key is of type
142 * {@code java.security.PrivateKey}).
143 *
144 * @throws KeyStoreException if the given key cannot be protected, or
145 * this operation fails for some other reason
146 */
147 public abstract void engineSetKeyEntry(String alias, Key key,
148 char[] password,
149 Certificate[] chain)
150 throws KeyStoreException;
151
152 /**
153 * Assigns the given key (that has already been protected) to the given
154 * alias.
155 *
156 * <p>If the protected key is of type
157 * {@code java.security.PrivateKey},
158 * it must be accompanied by a certificate chain certifying the
159 * corresponding public key.
160 *
161 * <p>If the given alias already exists, the keystore information
162 * associated with it is overridden by the given key (and possibly
163 * certificate chain).
164 *
165 * @param alias the alias name
166 * @param key the key (in protected format) to be associated with the alias
167 * @param chain the certificate chain for the corresponding public
168 * key (only useful if the protected key is of type
169 * {@code java.security.PrivateKey}).
170 *
171 * @throws KeyStoreException if this operation fails.
172 */
173 public abstract void engineSetKeyEntry(String alias, byte[] key,
174 Certificate[] chain)
175 throws KeyStoreException;
176
177 /**
178 * Assigns the given certificate to the given alias.
179 *
180 * <p> If the given alias identifies an existing entry
181 * created by a call to {@code setCertificateEntry},
182 * or created by a call to {@code setEntry} with a
183 * {@code TrustedCertificateEntry},
184 * the trusted certificate in the existing entry
185 * is overridden by the given certificate.
186 *
187 * @param alias the alias name
188 * @param cert the certificate
189 *
190 * @throws KeyStoreException if the given alias already exists and does
191 * not identify an entry containing a trusted certificate,
192 * or this operation fails for some other reason.
193 */
194 public abstract void engineSetCertificateEntry(String alias,
195 Certificate cert)
196 throws KeyStoreException;
197
198 /**
199 * Deletes the entry identified by the given alias from this keystore.
200 *
201 * @param alias the alias name
202 *
203 * @throws KeyStoreException if the entry cannot be removed.
204 */
205 public abstract void engineDeleteEntry(String alias)
206 throws KeyStoreException;
207
208 /**
209 * Lists all the alias names of this keystore.
210 *
211 * @return enumeration of the alias names
212 */
213 public abstract Enumeration<String> engineAliases();
214
215 /**
216 * Checks if the given alias exists in this keystore.
217 *
218 * @param alias the alias name
219 *
220 * @return true if the alias exists, false otherwise
221 */
222 public abstract boolean engineContainsAlias(String alias);
223
269 * created by a call to {@code setKeyEntry},
270 * or created by a call to {@code setEntry} with a
271 * {@code PrivateKeyEntry},
272 * then the given certificate is compared to the first
273 * element of that entry's certificate chain.
274 *
275 * @param cert the certificate to match with.
276 *
277 * @return the alias name of the first entry with matching certificate,
278 * or null if no such entry exists in this keystore.
279 */
280 public abstract String engineGetCertificateAlias(Certificate cert);
281
282 /**
283 * Stores this keystore to the given output stream, and protects its
284 * integrity with the given password.
285 *
286 * @param stream the output stream to which this keystore is written.
287 * @param password the password to generate the keystore integrity check
288 *
289 * @throws IOException if there was an I/O problem with data
290 * @throws NoSuchAlgorithmException if the appropriate data integrity
291 * algorithm could not be found
292 * @throws CertificateException if any of the certificates included in
293 * the keystore data could not be stored
294 */
295 public abstract void engineStore(OutputStream stream, char[] password)
296 throws IOException, NoSuchAlgorithmException, CertificateException;
297
298 /**
299 * Stores this keystore using the given
300 * {@code KeyStore.LoadStoreParmeter}.
301 *
302 * @param param the {@code KeyStore.LoadStoreParmeter}
303 * that specifies how to store the keystore,
304 * which may be {@code null}
305 *
306 * @throws IllegalArgumentException if the given
307 * {@code KeyStore.LoadStoreParmeter}
308 * input is not recognized
309 * @throws IOException if there was an I/O problem with data
310 * @throws NoSuchAlgorithmException if the appropriate data integrity
311 * algorithm could not be found
312 * @throws CertificateException if any of the certificates included in
313 * the keystore data could not be stored
314 *
315 * @since 1.5
316 */
317 public void engineStore(KeyStore.LoadStoreParameter param)
318 throws IOException, NoSuchAlgorithmException,
319 CertificateException {
320 throw new UnsupportedOperationException();
321 }
322
323 /**
324 * Loads the keystore from the given input stream.
325 *
326 * <p>A password may be given to unlock the keystore
327 * (e.g. the keystore resides on a hardware token device),
328 * or to check the integrity of the keystore data.
329 * If a password is not given for integrity checking,
330 * then integrity checking is not performed.
331 *
332 * @param stream the input stream from which the keystore is loaded,
333 * or {@code null}
334 * @param password the password used to check the integrity of
335 * the keystore, the password used to unlock the keystore,
336 * or {@code null}
337 *
338 * @throws IOException if there is an I/O or format problem with the
339 * keystore data, if a password is required but not given,
340 * or if the given password was incorrect. If the error is due to a
341 * wrong password, the {@link Throwable#getCause cause} of the
342 * {@code IOException} should be an
343 * {@code UnrecoverableKeyException}
344 * @throws NoSuchAlgorithmException if the algorithm used to check
345 * the integrity of the keystore cannot be found
346 * @throws CertificateException if any of the certificates in the
347 * keystore could not be loaded
348 */
349 public abstract void engineLoad(InputStream stream, char[] password)
350 throws IOException, NoSuchAlgorithmException, CertificateException;
351
352 /**
353 * Loads the keystore using the given
354 * {@code KeyStore.LoadStoreParameter}.
355 *
356 * <p> Note that if this KeyStore has already been loaded, it is
357 * reinitialized and loaded again from the given parameter.
358 *
359 * @param param the {@code KeyStore.LoadStoreParameter}
360 * that specifies how to load the keystore,
361 * which may be {@code null}
362 *
363 * @implSpec
364 * The default implementation examines {@code KeyStore.LoadStoreParameter}
365 * to extract its password and pass it to
366 * {@link KeyStoreSpi#engineLoad(InputStream, char[])} along with a
367 * {@code null} {@code InputStream}.
368 * <p>
369 * If {@code KeyStore.LoadStoreParameter} is {@code null} then
370 * the password parameter will also be {@code null}.
371 * Otherwise the {@code KeyStore.ProtectionParameter} of
372 * {@code KeyStore.LoadStoreParameter} must be either a
373 * {@code KeyStore.PasswordProtection} or a
374 * {@code KeyStore.CallbackHandlerProtection} that supports
375 * {@code PasswordCallback} so that the password parameter can be
376 * extracted. If the {@code KeyStore.ProtectionParameter} is neither
377 * of those classes then a {@code NoSuchAlgorithmException} is thrown.
378 *
379 * @throws IllegalArgumentException if the given
380 * {@code KeyStore.LoadStoreParameter}
381 * input is not recognized
382 * @throws IOException if there is an I/O or format problem with the
383 * keystore data. If the error is due to an incorrect
384 * {@code ProtectionParameter} (e.g. wrong password)
385 * the {@link Throwable#getCause cause} of the
386 * {@code IOException} should be an
387 * {@code UnrecoverableKeyException}
388 * @throws NoSuchAlgorithmException if the algorithm used to check
389 * the integrity of the keystore cannot be found
390 * @throws CertificateException if any of the certificates in the
391 * keystore could not be loaded
392 *
393 * @since 1.5
394 */
395 public void engineLoad(KeyStore.LoadStoreParameter param)
396 throws IOException, NoSuchAlgorithmException,
397 CertificateException {
398 engineLoad(null, param);
399 }
400
401 void engineLoad(InputStream stream, KeyStore.LoadStoreParameter param)
402 throws IOException, NoSuchAlgorithmException,
403 CertificateException {
404
405 if (param == null) {
406 engineLoad((InputStream)null, (char[])null);
407 return;
408 }
409
410 ProtectionParameter protection = param.getProtectionParameter();
430 } else {
431 throw new NoSuchAlgorithmException("ProtectionParameter must"
432 + " be PasswordProtection or CallbackHandlerProtection");
433 }
434 engineLoad(stream, password);
435 return;
436 }
437
438 /**
439 * Gets a {@code KeyStore.Entry} for the specified alias
440 * with the specified protection parameter.
441 *
442 * @param alias get the {@code KeyStore.Entry} for this alias
443 * @param protParam the {@code ProtectionParameter}
444 * used to protect the {@code Entry},
445 * which may be {@code null}
446 *
447 * @return the {@code KeyStore.Entry} for the specified alias,
448 * or {@code null} if there is no such entry
449 *
450 * @throws KeyStoreException if the operation failed
451 * @throws NoSuchAlgorithmException if the algorithm for recovering the
452 * entry cannot be found
453 * @throws UnrecoverableEntryException if the specified
454 * {@code protParam} were insufficient or invalid
455 * @throws UnrecoverableKeyException if the entry is a
456 * {@code PrivateKeyEntry} or {@code SecretKeyEntry}
457 * and the specified {@code protParam} does not contain
458 * the information needed to recover the key (e.g. wrong password)
459 *
460 * @since 1.5
461 */
462 public KeyStore.Entry engineGetEntry(String alias,
463 KeyStore.ProtectionParameter protParam)
464 throws KeyStoreException, NoSuchAlgorithmException,
465 UnrecoverableEntryException {
466
467 if (!engineContainsAlias(alias)) {
468 return null;
469 }
470
471 if (protParam == null) {
472 if (engineIsCertificateEntry(alias)) {
473 return new KeyStore.TrustedCertificateEntry
474 (engineGetCertificate(alias));
475 } else {
501 }
502 }
503
504 throw new UnsupportedOperationException();
505 }
506
507 /**
508 * Saves a {@code KeyStore.Entry} under the specified alias.
509 * The specified protection parameter is used to protect the
510 * {@code Entry}.
511 *
512 * <p> If an entry already exists for the specified alias,
513 * it is overridden.
514 *
515 * @param alias save the {@code KeyStore.Entry} under this alias
516 * @param entry the {@code Entry} to save
517 * @param protParam the {@code ProtectionParameter}
518 * used to protect the {@code Entry},
519 * which may be {@code null}
520 *
521 * @throws KeyStoreException if this operation fails
522 *
523 * @since 1.5
524 */
525 public void engineSetEntry(String alias, KeyStore.Entry entry,
526 KeyStore.ProtectionParameter protParam)
527 throws KeyStoreException {
528
529 // get password
530 if (protParam != null &&
531 !(protParam instanceof KeyStore.PasswordProtection)) {
532 throw new KeyStoreException("unsupported protection parameter");
533 }
534 KeyStore.PasswordProtection pProtect = null;
535 if (protParam != null) {
536 pProtect = (KeyStore.PasswordProtection)protParam;
537 if (pProtect.getProtectionAlgorithm() != null) {
538 throw new KeyStoreException(
539 "unsupported password protection algorithm");
540 }
541 }
|