1 /* |
1 /* |
2 * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
64 * @param password the password for recovering the key |
64 * @param password the password for recovering the key |
65 * |
65 * |
66 * @return the requested key, or null if the given alias does not exist |
66 * @return the requested key, or null if the given alias does not exist |
67 * or does not identify a key-related entry. |
67 * or does not identify a key-related entry. |
68 * |
68 * |
69 * @exception NoSuchAlgorithmException if the algorithm for recovering the |
69 * @throws NoSuchAlgorithmException if the algorithm for recovering the |
70 * key cannot be found |
70 * key cannot be found |
71 * @exception UnrecoverableKeyException if the key cannot be recovered |
71 * @throws UnrecoverableKeyException if the key cannot be recovered |
72 * (e.g., the given password is wrong). |
72 * (e.g., the given password is wrong). |
73 */ |
73 */ |
74 public abstract Key engineGetKey(String alias, char[] password) |
74 public abstract Key engineGetKey(String alias, char[] password) |
75 throws NoSuchAlgorithmException, UnrecoverableKeyException; |
75 throws NoSuchAlgorithmException, UnrecoverableKeyException; |
76 |
76 |
139 * @param password the password to protect the key |
139 * @param password the password to protect the key |
140 * @param chain the certificate chain for the corresponding public |
140 * @param chain the certificate chain for the corresponding public |
141 * key (only required if the given key is of type |
141 * key (only required if the given key is of type |
142 * {@code java.security.PrivateKey}). |
142 * {@code java.security.PrivateKey}). |
143 * |
143 * |
144 * @exception KeyStoreException if the given key cannot be protected, or |
144 * @throws KeyStoreException if the given key cannot be protected, or |
145 * this operation fails for some other reason |
145 * this operation fails for some other reason |
146 */ |
146 */ |
147 public abstract void engineSetKeyEntry(String alias, Key key, |
147 public abstract void engineSetKeyEntry(String alias, Key key, |
148 char[] password, |
148 char[] password, |
149 Certificate[] chain) |
149 Certificate[] chain) |
166 * @param key the key (in protected format) to be associated with the alias |
166 * @param key the key (in protected format) to be associated with the alias |
167 * @param chain the certificate chain for the corresponding public |
167 * @param chain the certificate chain for the corresponding public |
168 * key (only useful if the protected key is of type |
168 * key (only useful if the protected key is of type |
169 * {@code java.security.PrivateKey}). |
169 * {@code java.security.PrivateKey}). |
170 * |
170 * |
171 * @exception KeyStoreException if this operation fails. |
171 * @throws KeyStoreException if this operation fails. |
172 */ |
172 */ |
173 public abstract void engineSetKeyEntry(String alias, byte[] key, |
173 public abstract void engineSetKeyEntry(String alias, byte[] key, |
174 Certificate[] chain) |
174 Certificate[] chain) |
175 throws KeyStoreException; |
175 throws KeyStoreException; |
176 |
176 |
185 * is overridden by the given certificate. |
185 * is overridden by the given certificate. |
186 * |
186 * |
187 * @param alias the alias name |
187 * @param alias the alias name |
188 * @param cert the certificate |
188 * @param cert the certificate |
189 * |
189 * |
190 * @exception KeyStoreException if the given alias already exists and does |
190 * @throws KeyStoreException if the given alias already exists and does |
191 * not identify an entry containing a trusted certificate, |
191 * not identify an entry containing a trusted certificate, |
192 * or this operation fails for some other reason. |
192 * or this operation fails for some other reason. |
193 */ |
193 */ |
194 public abstract void engineSetCertificateEntry(String alias, |
194 public abstract void engineSetCertificateEntry(String alias, |
195 Certificate cert) |
195 Certificate cert) |
198 /** |
198 /** |
199 * Deletes the entry identified by the given alias from this keystore. |
199 * Deletes the entry identified by the given alias from this keystore. |
200 * |
200 * |
201 * @param alias the alias name |
201 * @param alias the alias name |
202 * |
202 * |
203 * @exception KeyStoreException if the entry cannot be removed. |
203 * @throws KeyStoreException if the entry cannot be removed. |
204 */ |
204 */ |
205 public abstract void engineDeleteEntry(String alias) |
205 public abstract void engineDeleteEntry(String alias) |
206 throws KeyStoreException; |
206 throws KeyStoreException; |
207 |
207 |
208 /** |
208 /** |
284 * integrity with the given password. |
284 * integrity with the given password. |
285 * |
285 * |
286 * @param stream the output stream to which this keystore is written. |
286 * @param stream the output stream to which this keystore is written. |
287 * @param password the password to generate the keystore integrity check |
287 * @param password the password to generate the keystore integrity check |
288 * |
288 * |
289 * @exception IOException if there was an I/O problem with data |
289 * @throws IOException if there was an I/O problem with data |
290 * @exception NoSuchAlgorithmException if the appropriate data integrity |
290 * @throws NoSuchAlgorithmException if the appropriate data integrity |
291 * algorithm could not be found |
291 * algorithm could not be found |
292 * @exception CertificateException if any of the certificates included in |
292 * @throws CertificateException if any of the certificates included in |
293 * the keystore data could not be stored |
293 * the keystore data could not be stored |
294 */ |
294 */ |
295 public abstract void engineStore(OutputStream stream, char[] password) |
295 public abstract void engineStore(OutputStream stream, char[] password) |
296 throws IOException, NoSuchAlgorithmException, CertificateException; |
296 throws IOException, NoSuchAlgorithmException, CertificateException; |
297 |
297 |
301 * |
301 * |
302 * @param param the {@code KeyStore.LoadStoreParmeter} |
302 * @param param the {@code KeyStore.LoadStoreParmeter} |
303 * that specifies how to store the keystore, |
303 * that specifies how to store the keystore, |
304 * which may be {@code null} |
304 * which may be {@code null} |
305 * |
305 * |
306 * @exception IllegalArgumentException if the given |
306 * @throws IllegalArgumentException if the given |
307 * {@code KeyStore.LoadStoreParmeter} |
307 * {@code KeyStore.LoadStoreParmeter} |
308 * input is not recognized |
308 * input is not recognized |
309 * @exception IOException if there was an I/O problem with data |
309 * @throws IOException if there was an I/O problem with data |
310 * @exception NoSuchAlgorithmException if the appropriate data integrity |
310 * @throws NoSuchAlgorithmException if the appropriate data integrity |
311 * algorithm could not be found |
311 * algorithm could not be found |
312 * @exception CertificateException if any of the certificates included in |
312 * @throws CertificateException if any of the certificates included in |
313 * the keystore data could not be stored |
313 * the keystore data could not be stored |
314 * |
314 * |
315 * @since 1.5 |
315 * @since 1.5 |
316 */ |
316 */ |
317 public void engineStore(KeyStore.LoadStoreParameter param) |
317 public void engineStore(KeyStore.LoadStoreParameter param) |
333 * or {@code null} |
333 * or {@code null} |
334 * @param password the password used to check the integrity of |
334 * @param password the password used to check the integrity of |
335 * the keystore, the password used to unlock the keystore, |
335 * the keystore, the password used to unlock the keystore, |
336 * or {@code null} |
336 * or {@code null} |
337 * |
337 * |
338 * @exception IOException if there is an I/O or format problem with the |
338 * @throws IOException if there is an I/O or format problem with the |
339 * keystore data, if a password is required but not given, |
339 * keystore data, if a password is required but not given, |
340 * or if the given password was incorrect. If the error is due to a |
340 * or if the given password was incorrect. If the error is due to a |
341 * wrong password, the {@link Throwable#getCause cause} of the |
341 * wrong password, the {@link Throwable#getCause cause} of the |
342 * {@code IOException} should be an |
342 * {@code IOException} should be an |
343 * {@code UnrecoverableKeyException} |
343 * {@code UnrecoverableKeyException} |
344 * @exception NoSuchAlgorithmException if the algorithm used to check |
344 * @throws NoSuchAlgorithmException if the algorithm used to check |
345 * the integrity of the keystore cannot be found |
345 * the integrity of the keystore cannot be found |
346 * @exception CertificateException if any of the certificates in the |
346 * @throws CertificateException if any of the certificates in the |
347 * keystore could not be loaded |
347 * keystore could not be loaded |
348 */ |
348 */ |
349 public abstract void engineLoad(InputStream stream, char[] password) |
349 public abstract void engineLoad(InputStream stream, char[] password) |
350 throws IOException, NoSuchAlgorithmException, CertificateException; |
350 throws IOException, NoSuchAlgorithmException, CertificateException; |
351 |
351 |
374 * {@code KeyStore.CallbackHandlerProtection} that supports |
374 * {@code KeyStore.CallbackHandlerProtection} that supports |
375 * {@code PasswordCallback} so that the password parameter can be |
375 * {@code PasswordCallback} so that the password parameter can be |
376 * extracted. If the {@code KeyStore.ProtectionParameter} is neither |
376 * extracted. If the {@code KeyStore.ProtectionParameter} is neither |
377 * of those classes then a {@code NoSuchAlgorithmException} is thrown. |
377 * of those classes then a {@code NoSuchAlgorithmException} is thrown. |
378 * |
378 * |
379 * @exception IllegalArgumentException if the given |
379 * @throws IllegalArgumentException if the given |
380 * {@code KeyStore.LoadStoreParameter} |
380 * {@code KeyStore.LoadStoreParameter} |
381 * input is not recognized |
381 * input is not recognized |
382 * @exception IOException if there is an I/O or format problem with the |
382 * @throws IOException if there is an I/O or format problem with the |
383 * keystore data. If the error is due to an incorrect |
383 * keystore data. If the error is due to an incorrect |
384 * {@code ProtectionParameter} (e.g. wrong password) |
384 * {@code ProtectionParameter} (e.g. wrong password) |
385 * the {@link Throwable#getCause cause} of the |
385 * the {@link Throwable#getCause cause} of the |
386 * {@code IOException} should be an |
386 * {@code IOException} should be an |
387 * {@code UnrecoverableKeyException} |
387 * {@code UnrecoverableKeyException} |
388 * @exception NoSuchAlgorithmException if the algorithm used to check |
388 * @throws NoSuchAlgorithmException if the algorithm used to check |
389 * the integrity of the keystore cannot be found |
389 * the integrity of the keystore cannot be found |
390 * @exception CertificateException if any of the certificates in the |
390 * @throws CertificateException if any of the certificates in the |
391 * keystore could not be loaded |
391 * keystore could not be loaded |
392 * |
392 * |
393 * @since 1.5 |
393 * @since 1.5 |
394 */ |
394 */ |
395 public void engineLoad(KeyStore.LoadStoreParameter param) |
395 public void engineLoad(KeyStore.LoadStoreParameter param) |
445 * which may be {@code null} |
445 * which may be {@code null} |
446 * |
446 * |
447 * @return the {@code KeyStore.Entry} for the specified alias, |
447 * @return the {@code KeyStore.Entry} for the specified alias, |
448 * or {@code null} if there is no such entry |
448 * or {@code null} if there is no such entry |
449 * |
449 * |
450 * @exception KeyStoreException if the operation failed |
450 * @throws KeyStoreException if the operation failed |
451 * @exception NoSuchAlgorithmException if the algorithm for recovering the |
451 * @throws NoSuchAlgorithmException if the algorithm for recovering the |
452 * entry cannot be found |
452 * entry cannot be found |
453 * @exception UnrecoverableEntryException if the specified |
453 * @throws UnrecoverableEntryException if the specified |
454 * {@code protParam} were insufficient or invalid |
454 * {@code protParam} were insufficient or invalid |
455 * @exception UnrecoverableKeyException if the entry is a |
455 * @throws UnrecoverableKeyException if the entry is a |
456 * {@code PrivateKeyEntry} or {@code SecretKeyEntry} |
456 * {@code PrivateKeyEntry} or {@code SecretKeyEntry} |
457 * and the specified {@code protParam} does not contain |
457 * and the specified {@code protParam} does not contain |
458 * the information needed to recover the key (e.g. wrong password) |
458 * the information needed to recover the key (e.g. wrong password) |
459 * |
459 * |
460 * @since 1.5 |
460 * @since 1.5 |
516 * @param entry the {@code Entry} to save |
516 * @param entry the {@code Entry} to save |
517 * @param protParam the {@code ProtectionParameter} |
517 * @param protParam the {@code ProtectionParameter} |
518 * used to protect the {@code Entry}, |
518 * used to protect the {@code Entry}, |
519 * which may be {@code null} |
519 * which may be {@code null} |
520 * |
520 * |
521 * @exception KeyStoreException if this operation fails |
521 * @throws KeyStoreException if this operation fails |
522 * |
522 * |
523 * @since 1.5 |
523 * @since 1.5 |
524 */ |
524 */ |
525 public void engineSetEntry(String alias, KeyStore.Entry entry, |
525 public void engineSetEntry(String alias, KeyStore.Entry entry, |
526 KeyStore.ProtectionParameter protParam) |
526 KeyStore.ProtectionParameter protParam) |