org.mozilla.jss.provider.java.security

Class JSSKeyStoreSpi

public class JSSKeyStoreSpi extends KeyStoreSpi

The JSS implementation of the JCA KeyStore SPI.

Implementation notes

  1. deleteEntry will delete all entries with that label. If the entry is a cert with a matching private key, it will also delete the private key.
  2. getCertificate returns first cert with matching nickname. Converts it into a java.security.cert.X509Certificate (not a JSS cert).
  3. getCertificateChain only returns a single certificate. That's because we don't have a way to build a chain from a specific slot--only from the set of all slots.
  4. getCreationDate is unsupported because NSS doesn't store that information.
  5. getKey first looks for a private/symmetric key with the given label. It returns the first one it finds. If it doesn't find one, it looks for a cert with the given nickname. If it finds one, it returns the private key for that cert.
  6. isCertificateEntry returns true if there is a cert with this nickname, but it doesn't have a private key. isKeyEntry returns true if there is a key with this nickname, or if there is a cert with this nickname and the cert has an associated private key.
  7. load and store are no-ops.
  8. setCertificateEntry doesn't work.NSS doesn't have a way of storing a certificate on a specific token unless it has an associated private key. That rules out trusted certificate entries.
  9. setKeyEntry not supported yet. Need to convert a temporary key into a permanent key.
Field Summary
protected TokenProxyproxy
Constructor Summary
JSSKeyStoreSpi()
Method Summary
EnumerationengineAliases()
Returns a list of unique aliases.
booleanengineContainsAlias(String alias)
voidengineDeleteEntry(String alias)
CertificateengineGetCertificate(String alias)
StringengineGetCertificateAlias(Certificate cert)
Certificate[]engineGetCertificateChain(String alias)
DateengineGetCreationDate(String alias)
KeyengineGetKey(String alias, char[] password)
ObjectengineGetKeyNative(String alias, char[] password)
booleanengineIsCertificateEntry(String alias)
Returns true if there is a cert with this nickname but there is no key associated with the cert.
booleanengineIsKeyEntry(String alias)
Returns true if there is a key with this alias, or if there is a cert with this alias that has an associated key.
voidengineLoad(InputStream stream, char[] password)
voidengineSetCertificateEntry(String alias, Certificate cert)
NSS doesn't have a way of storing a certificate on a specific token unless it has an associated private key.
voidengineSetKeyEntry(String alias, byte[] key, Certificate[] chain)
voidengineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain)
intengineSize()
voidengineStore(OutputStream stream, char[] password)

Field Detail

proxy

protected TokenProxy proxy

Constructor Detail

JSSKeyStoreSpi

public JSSKeyStoreSpi()

Method Detail

engineAliases

public Enumeration engineAliases()
Returns a list of unique aliases.

engineContainsAlias

public boolean engineContainsAlias(String alias)

engineDeleteEntry

public void engineDeleteEntry(String alias)

engineGetCertificate

public Certificate engineGetCertificate(String alias)

engineGetCertificateAlias

public String engineGetCertificateAlias(Certificate cert)

engineGetCertificateChain

public Certificate[] engineGetCertificateChain(String alias)

engineGetCreationDate

public Date engineGetCreationDate(String alias)

engineGetKey

public Key engineGetKey(String alias, char[] password)

engineGetKeyNative

public Object engineGetKeyNative(String alias, char[] password)

engineIsCertificateEntry

public boolean engineIsCertificateEntry(String alias)
Returns true if there is a cert with this nickname but there is no key associated with the cert.

engineIsKeyEntry

public boolean engineIsKeyEntry(String alias)
Returns true if there is a key with this alias, or if there is a cert with this alias that has an associated key.

engineLoad

public void engineLoad(InputStream stream, char[] password)

engineSetCertificateEntry

public void engineSetCertificateEntry(String alias, Certificate cert)
NSS doesn't have a way of storing a certificate on a specific token unless it has an associated private key. That rules out trusted certificate entries, so we can't supply this method currently.

engineSetKeyEntry

public void engineSetKeyEntry(String alias, byte[] key, Certificate[] chain)

engineSetKeyEntry

public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain)

engineSize

public int engineSize()

engineStore

public void engineStore(OutputStream stream, char[] password)