Package org.mozilla.jss.provider.java.security

Class JSSKeyStoreSpi

java.lang.Object

java.security.KeyStoreSpi

org.mozilla.jss.provider.java.security.JSSKeyStoreSpi

public class JSSKeyStoreSpi
extends java.security.KeyStoreSpi

The JSS implementation of the JCA KeyStore SPI.

Implementation notes

1. deleteEntry will delete all entries with that label. If the entry is a cert with a matching private key, it will also delete the private key.
2. getCertificate returns first cert with matching nickname. Returns it as a PK11Cert, when possible.
3. getCreationDate is unsupported because NSS doesn't store that information.
4. getKey first looks for a private/symmetric key with the given label. It returns the first one it finds. If it doesn't find one, it looks for a cert with the given nickname. If it finds one, it returns the private key for that cert.
5. isCertificateEntry returns true if there is a cert with this nickname, but it doesn't have a private key. isKeyEntry returns true if there is a key with this nickname, or if there is a cert with this nickname and the cert has an associated private key.
6. load updates the token in the keystore.
7. store is a no-op.
8. setCertificateEntry doesn't work.NSS doesn't have a way of storing a certificate on a specific token unless it has an associated private key. That rules out trusted certificate entries.
9. setKeyEntry not supported yet. Need to convert a temporary key into a permanent key.

Field Summary

Fields

Modifier and Type	Field	Description
static org.slf4j.Logger	logger
protected TokenProxy	proxy

Constructor Summary

Constructors

Constructor	Description
JSSKeyStoreSpi()

Method Summary

Modifier and Type	Method	Description
java.util.Enumeration<java.lang.String>	engineAliases()
boolean	engineContainsAlias(java.lang.String alias)
void	engineDeleteEntry(java.lang.String alias)
java.security.cert.Certificate	engineGetCertificate(java.lang.String alias)
java.lang.String	engineGetCertificateAlias(java.security.cert.Certificate cert)
java.security.cert.Certificate[]	engineGetCertificateChain(java.lang.String alias)
java.util.Date	engineGetCreationDate(java.lang.String alias)
java.security.Key	engineGetKey(java.lang.String alias, char[] password)
boolean	engineIsCertificateEntry(java.lang.String alias)	Returns true if there is a cert with this nickname but there is no key associated with the cert.
boolean	engineIsKeyEntry(java.lang.String alias)	Returns true if there is a key with this alias, or if there is a cert with this alias that has an associated key.
void	engineLoad(java.io.InputStream stream, char[] password)
void	engineLoad(java.security.KeyStore.LoadStoreParameter param)
void	engineSetCertificateEntry(java.lang.String alias, java.security.cert.Certificate cert)	NSS doesn't have a way of storing a certificate on a specific token unless it has an associated private key.
void	engineSetKeyEntry(java.lang.String alias, byte[] key, java.security.cert.Certificate[] chain)
void	engineSetKeyEntry(java.lang.String alias, java.security.Key key, char[] password, java.security.cert.Certificate[] chain)
int	engineSize()
void	engineStore(java.io.OutputStream stream, char[] password)
java.util.Collection<java.lang.String>	getAliases()

Methods inherited from class java.security.KeyStoreSpi

engineEntryInstanceOf, engineGetEntry, engineProbe, engineSetEntry, engineStore

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

public static org.slf4j.Logger logger

proxy

protected TokenProxy proxy

Constructor Detail

JSSKeyStoreSpi

public JSSKeyStoreSpi()

Method Detail

engineAliases

public java.util.Enumeration<java.lang.String> engineAliases()

Specified by:

engineAliases in class java.security.KeyStoreSpi

getAliases

public java.util.Collection<java.lang.String> getAliases()

engineContainsAlias

public boolean engineContainsAlias(java.lang.String alias)

Specified by:

engineContainsAlias in class java.security.KeyStoreSpi

engineDeleteEntry

public void engineDeleteEntry(java.lang.String alias)
                       throws java.security.KeyStoreException

Specified by:

engineDeleteEntry in class java.security.KeyStoreSpi

Throws:

java.security.KeyStoreException

engineGetCertificate

public java.security.cert.Certificate engineGetCertificate(java.lang.String alias)

Specified by:

engineGetCertificate in class java.security.KeyStoreSpi

engineGetCertificateAlias

public java.lang.String engineGetCertificateAlias(java.security.cert.Certificate cert)

Specified by:

engineGetCertificateAlias in class java.security.KeyStoreSpi

engineGetCertificateChain

public java.security.cert.Certificate[] engineGetCertificateChain(java.lang.String alias)

Specified by:

engineGetCertificateChain in class java.security.KeyStoreSpi

engineGetCreationDate

public java.util.Date engineGetCreationDate(java.lang.String alias)

Specified by:

engineGetCreationDate in class java.security.KeyStoreSpi

engineGetKey

public java.security.Key engineGetKey(java.lang.String alias,
                                      char[] password)

Specified by:

engineGetKey in class java.security.KeyStoreSpi

engineIsCertificateEntry

public boolean engineIsCertificateEntry(java.lang.String alias)

Returns true if there is a cert with this nickname but there is no key associated with the cert.

Specified by:

engineIsCertificateEntry in class java.security.KeyStoreSpi

engineIsKeyEntry

public boolean engineIsKeyEntry(java.lang.String alias)

Returns true if there is a key with this alias, or if there is a cert with this alias that has an associated key.

Specified by:

engineIsKeyEntry in class java.security.KeyStoreSpi

engineLoad

public void engineLoad(java.io.InputStream stream,
                       char[] password)
                throws java.io.IOException

Specified by:

engineLoad in class java.security.KeyStoreSpi

Throws:

java.io.IOException

engineLoad

public void engineLoad(java.security.KeyStore.LoadStoreParameter param)
                throws java.io.IOException

Overrides:

engineLoad in class java.security.KeyStoreSpi

Throws:

java.io.IOException

engineSetCertificateEntry

public void engineSetCertificateEntry(java.lang.String alias,
                                      java.security.cert.Certificate cert)
                               throws java.security.KeyStoreException

NSS doesn't have a way of storing a certificate on a specific token unless it has an associated private key. That rules out trusted certificate entries, so we can't supply this method currently.

Specified by:

engineSetCertificateEntry in class java.security.KeyStoreSpi

Throws:

java.security.KeyStoreException

engineSetKeyEntry

public void engineSetKeyEntry(java.lang.String alias,
                              byte[] key,
                              java.security.cert.Certificate[] chain)
                       throws java.security.KeyStoreException

Specified by:

engineSetKeyEntry in class java.security.KeyStoreSpi

Throws:

java.security.KeyStoreException

engineSetKeyEntry

public void engineSetKeyEntry(java.lang.String alias,
                              java.security.Key key,
                              char[] password,
                              java.security.cert.Certificate[] chain)
                       throws java.security.KeyStoreException

Specified by:

engineSetKeyEntry in class java.security.KeyStoreSpi

Throws:

java.security.KeyStoreException

engineSize

public int engineSize()

Specified by:

engineSize in class java.security.KeyStoreSpi

engineStore

public void engineStore(java.io.OutputStream stream,
                        char[] password)
                 throws java.io.IOException

Specified by:

engineStore in class java.security.KeyStoreSpi

Throws:

java.io.IOException