org.mozilla.jss.provider.java.security

Class JSSKeyStoreSpi


public class JSSKeyStoreSpi
extends java.security.KeyStoreSpi

The JSS implementation of the JCA KeyStore SPI.

Implementation notes

  1. deleteEntry will delete all entries with that label. If the entry is a cert with a matching private key, it will also delete the private key.
  2. getCertificate returns first cert with matching nickname. Converts it into a java.security.cert.X509Certificate (not a JSS cert).
  3. getCertificateChain only returns a single certificate. That's because we don't have a way to build a chain from a specific slot--only from the set of all slots.
  4. getCreationDate is unsupported because NSS doesn't store that information.
  5. getKey first looks for a private/symmetric key with the given label. It returns the first one it finds. If it doesn't find one, it looks for a cert with the given nickname. If it finds one, it returns the private key for that cert.
  6. isCertificateEntry returns true if there is a cert with this nickname, but it doesn't have a private key. isKeyEntry returns true if there is a key with this nickname, or if there is a cert with this nickname and the cert has an associated private key.
  7. load and store are no-ops.
  8. setCertificateEntry doesn't work.NSS doesn't have a way of storing a certificate on a specific token unless it has an associated private key. That rules out trusted certificate entries.
  9. setKeyEntry not supported yet. Need to convert a temporary key into a permanent key.

Field Summary

protected TokenProxy
proxy

Constructor Summary

JSSKeyStoreSpi()

Method Summary

Enumeration
engineAliases()
Returns a list of unique aliases.
boolean
engineContainsAlias(String alias)
void
engineDeleteEntry(String alias)
Certificate
engineGetCertificate(String alias)
String
engineGetCertificateAlias(Certificate cert)
Certificate[]
engineGetCertificateChain(String alias)
java.util.Date
engineGetCreationDate(String alias)
Key
engineGetKey(String alias, char[] password)
Object
engineGetKeyNative(String alias, char[] password)
boolean
engineIsCertificateEntry(String alias)
Returns true if there is a cert with this nickname but there is no key associated with the cert.
boolean
engineIsKeyEntry(String alias)
Returns true if there is a key with this alias, or if there is a cert with this alias that has an associated key.
void
engineLoad(InputStream stream, char[] password)
void
engineSetCertificateEntry(String alias, Certificate cert)
NSS doesn't have a way of storing a certificate on a specific token unless it has an associated private key.
void
engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain)
void
engineSetKeyEntry(String alias, byte[] key, Certificate[] chain)
int
engineSize()
void
engineStore(OutputStream stream, char[] password)

Field Details

proxy

protected TokenProxy proxy

Constructor Details

JSSKeyStoreSpi

public JSSKeyStoreSpi()

Method Details

engineAliases

public Enumeration engineAliases()
Returns a list of unique aliases.

engineContainsAlias

public boolean engineContainsAlias(String alias)

engineDeleteEntry

public void engineDeleteEntry(String alias)

engineGetCertificate

public Certificate engineGetCertificate(String alias)

engineGetCertificateAlias

public String engineGetCertificateAlias(Certificate cert)

engineGetCertificateChain

public Certificate[] engineGetCertificateChain(String alias)

engineGetCreationDate

public java.util.Date engineGetCreationDate(String alias)

engineGetKey

public Key engineGetKey(String alias,
                        char[] password)

engineGetKeyNative

public Object engineGetKeyNative(String alias,
                                 char[] password)

engineIsCertificateEntry

public boolean engineIsCertificateEntry(String alias)
Returns true if there is a cert with this nickname but there is no key associated with the cert.

engineIsKeyEntry

public boolean engineIsKeyEntry(String alias)
Returns true if there is a key with this alias, or if there is a cert with this alias that has an associated key.

engineLoad

public void engineLoad(InputStream stream,
                       char[] password)
            throws IOException

engineSetCertificateEntry

public void engineSetCertificateEntry(String alias,
                                      Certificate cert)
            throws KeyStoreException
NSS doesn't have a way of storing a certificate on a specific token unless it has an associated private key. That rules out trusted certificate entries, so we can't supply this method currently.

engineSetKeyEntry

public void engineSetKeyEntry(String alias,
                              Key key,
                              char[] password,
                              Certificate[] chain)
            throws KeyStoreException

engineSetKeyEntry

public void engineSetKeyEntry(String alias,
                              byte[] key,
                              Certificate[] chain)
            throws KeyStoreException

engineSize

public int engineSize()

engineStore

public void engineStore(OutputStream stream,
                        char[] password)
            throws IOException