org.mozilla.jss.provider.java.security
Class JSSKeyStoreSpi
public
class
JSSKeyStoreSpi
extends KeyStoreSpi
The JSS implementation of the JCA KeyStore SPI.
Implementation notes
- deleteEntry will delete all entries with that label. If the entry is a
cert with a matching private key, it will also delete the private key.
- getCertificate returns first cert with matching nickname. Converts it
into a java.security.cert.X509Certificate (not a JSS cert).
- getCertificateChain only returns a single certificate. That's because
we don't have a way to build a chain from a specific slot--only from
the set of all slots.
- getCreationDate is unsupported because NSS doesn't store that
information.
- getKey first looks for a private/symmetric key with the given label.
It returns the first one it finds. If it doesn't find one, it looks for a
cert with the given nickname. If it finds one, it returns the private key
for that cert.
- isCertificateEntry returns true if there is a cert with this nickname,
but it doesn't have a private key. isKeyEntry returns true if there is a key
with this nickname, or if there is a cert with this nickname and the cert
has an associated private key.
- load and store are no-ops.
- setCertificateEntry doesn't work.NSS doesn't have a way of storing a
certificate on a specific token unless it has an associated private key.
That rules out trusted certificate entries.
- setKeyEntry not supported yet. Need to convert a temporary key
into a permanent key.
Method Summary |
Enumeration | engineAliases()
Returns a list of unique aliases. |
boolean | engineContainsAlias(String alias) |
void | engineDeleteEntry(String alias) |
Certificate | engineGetCertificate(String alias) |
String | engineGetCertificateAlias(Certificate cert) |
Certificate[] | engineGetCertificateChain(String alias) |
Date | engineGetCreationDate(String alias) |
Key | engineGetKey(String alias, char[] password) |
Object | engineGetKeyNative(String alias, char[] password) |
boolean | engineIsCertificateEntry(String alias)
Returns true if there is a cert with this nickname but there is no
key associated with the cert. |
boolean | engineIsKeyEntry(String alias)
Returns true if there is a key with this alias, or if
there is a cert with this alias that has an associated key. |
void | engineLoad(InputStream stream, char[] password) |
void | engineSetCertificateEntry(String alias, Certificate cert)
NSS doesn't have a way of storing a certificate on a specific token
unless it has an associated private key. |
void | engineSetKeyEntry(String alias, byte[] key, Certificate[] chain) |
void | engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain) |
int | engineSize() |
void | engineStore(OutputStream stream, char[] password) |
public JSSKeyStoreSpi()
public Enumeration engineAliases()
Returns a list of unique aliases.
public boolean engineContainsAlias(String alias)
public void engineDeleteEntry(String alias)
public Certificate engineGetCertificate(String alias)
public String engineGetCertificateAlias(Certificate cert)
public Certificate[] engineGetCertificateChain(String alias)
public Date engineGetCreationDate(String alias)
public Key engineGetKey(String alias, char[] password)
public Object engineGetKeyNative(String alias, char[] password)
public boolean engineIsCertificateEntry(String alias)
Returns true if there is a cert with this nickname but there is no
key associated with the cert.
public boolean engineIsKeyEntry(String alias)
Returns true if there is a key with this alias, or if
there is a cert with this alias that has an associated key.
public void engineLoad(InputStream stream, char[] password)
public void engineSetCertificateEntry(String alias, Certificate cert)
NSS doesn't have a way of storing a certificate on a specific token
unless it has an associated private key. That rules out
trusted certificate entries, so we can't supply this method currently.
public void engineSetKeyEntry(String alias, byte[] key, Certificate[] chain)
public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain)
public int engineSize()
public void engineStore(OutputStream stream, char[] password)