Class JSSKeyStoreSpi
java.lang.Object
java.security.KeyStoreSpi
org.mozilla.jss.provider.java.security.JSSKeyStoreSpi
The JSS implementation of the JCA KeyStore SPI.
Implementation notes
- deleteEntry will delete all entries with that label. If the entry is a cert with a matching private key, it will also delete the private key.
- getCertificate returns first cert with matching nickname. Returns it as a PK11Cert, when possible.
- getCreationDate is unsupported because NSS doesn't store that information.
- getKey first looks for a private/symmetric key with the given label. It returns the first one it finds. If it doesn't find one, it looks for a cert with the given nickname. If it finds one, it returns the private key for that cert.
- isCertificateEntry returns true if there is a cert with this nickname, but it doesn't have a private key. isKeyEntry returns true if there is a key with this nickname, or if there is a cert with this nickname and the cert has an associated private key.
- load updates the token in the keystore.
- store is a no-op.
- setCertificateEntry doesn't work.NSS doesn't have a way of storing a certificate on a specific token unless it has an associated private key. That rules out trusted certificate entries.
- setKeyEntry not supported yet. Need to convert a temporary key into a permanent key.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic org.slf4j.Logger
protected TokenProxy
(package private) CryptoToken
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionboolean
engineContainsAlias
(String alias) void
engineDeleteEntry
(String alias) engineGetCertificate
(String alias) engineGetCertificateChain
(String alias) engineGetCreationDate
(String alias) engineGetKey
(String alias, char[] password) boolean
engineIsCertificateEntry
(String alias) Returns true if there is a cert with this nickname but there is no key associated with the cert.boolean
engineIsKeyEntry
(String alias) Returns true if there is a key with this alias, or if there is a cert with this alias that has an associated key.void
engineLoad
(InputStream stream, char[] password) void
void
engineSetCertificateEntry
(String alias, Certificate cert) NSS doesn't have a way of storing a certificate on a specific token unless it has an associated private key.void
engineSetKeyEntry
(String alias, byte[] key, Certificate[] chain) void
engineSetKeyEntry
(String alias, Key key, char[] password, Certificate[] chain) private void
engineSetKeyEntryNative
(String alias, Object key, char[] password, Certificate[] chain) int
void
engineStore
(OutputStream stream, char[] password) private String
getCertNickname
(byte[] derCert) (package private) String[]
parseAlias
(String alias) Methods inherited from class java.security.KeyStoreSpi
engineEntryInstanceOf, engineGetAttributes, engineGetEntry, engineProbe, engineSetEntry, engineStore
-
Field Details
-
logger
public static org.slf4j.Logger logger -
token
CryptoToken token -
proxy
-
-
Constructor Details
-
JSSKeyStoreSpi
public JSSKeyStoreSpi()
-
-
Method Details
-
parseAlias
-
engineAliases
- Specified by:
engineAliases
in classKeyStoreSpi
-
getAliases
-
engineContainsAlias
- Specified by:
engineContainsAlias
in classKeyStoreSpi
-
engineDeleteEntry
- Specified by:
engineDeleteEntry
in classKeyStoreSpi
- Throws:
KeyStoreException
-
engineGetCertificate
- Specified by:
engineGetCertificate
in classKeyStoreSpi
-
engineGetCertificateAlias
- Specified by:
engineGetCertificateAlias
in classKeyStoreSpi
-
getCertNickname
-
engineGetCertificateChain
- Specified by:
engineGetCertificateChain
in classKeyStoreSpi
-
engineGetCreationDate
- Specified by:
engineGetCreationDate
in classKeyStoreSpi
-
engineGetKey
- Specified by:
engineGetKey
in classKeyStoreSpi
-
engineIsCertificateEntry
Returns true if there is a cert with this nickname but there is no key associated with the cert.- Specified by:
engineIsCertificateEntry
in classKeyStoreSpi
-
engineIsKeyEntry
Returns true if there is a key with this alias, or if there is a cert with this alias that has an associated key.- Specified by:
engineIsKeyEntry
in classKeyStoreSpi
-
engineLoad
- Specified by:
engineLoad
in classKeyStoreSpi
- Throws:
IOException
-
engineLoad
- Overrides:
engineLoad
in classKeyStoreSpi
- Throws:
IOException
-
engineSetCertificateEntry
NSS doesn't have a way of storing a certificate on a specific token unless it has an associated private key. That rules out trusted certificate entries, so we can't supply this method currently.- Specified by:
engineSetCertificateEntry
in classKeyStoreSpi
- Throws:
KeyStoreException
-
engineSetKeyEntry
public void engineSetKeyEntry(String alias, byte[] key, Certificate[] chain) throws KeyStoreException - Specified by:
engineSetKeyEntry
in classKeyStoreSpi
- Throws:
KeyStoreException
-
engineSetKeyEntry
public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException - Specified by:
engineSetKeyEntry
in classKeyStoreSpi
- Throws:
KeyStoreException
-
engineSetKeyEntryNative
private void engineSetKeyEntryNative(String alias, Object key, char[] password, Certificate[] chain) throws KeyStoreException - Throws:
KeyStoreException
-
engineSize
public int engineSize()- Specified by:
engineSize
in classKeyStoreSpi
-
engineStore
- Specified by:
engineStore
in classKeyStoreSpi
- Throws:
IOException
-