Class JSSKeyStoreSpi

java.lang.Object
java.security.KeyStoreSpi
org.mozilla.jss.provider.java.security.JSSKeyStoreSpi

public class JSSKeyStoreSpi extends KeyStoreSpi
The JSS implementation of the JCA KeyStore SPI.

Implementation notes

  1. deleteEntry will delete all entries with that label. If the entry is a cert with a matching private key, it will also delete the private key.
  2. getCertificate returns first cert with matching nickname. Returns it as a PK11Cert, when possible.
  3. getCreationDate is unsupported because NSS doesn't store that information.
  4. getKey first looks for a private/symmetric key with the given label. It returns the first one it finds. If it doesn't find one, it looks for a cert with the given nickname. If it finds one, it returns the private key for that cert.
  5. isCertificateEntry returns true if there is a cert with this nickname, but it doesn't have a private key. isKeyEntry returns true if there is a key with this nickname, or if there is a cert with this nickname and the cert has an associated private key.
  6. load updates the token in the keystore.
  7. store is a no-op.
  8. setCertificateEntry doesn't work.NSS doesn't have a way of storing a certificate on a specific token unless it has an associated private key. That rules out trusted certificate entries.
  9. setKeyEntry not supported yet. Need to convert a temporary key into a permanent key.