1 /* KeyStore.java --- Key Store Class
2 Copyright (C) 1999, 2002, 2003, 2004 Free Software Foundation, Inc.
4 This file is part of GNU Classpath.
6 GNU Classpath is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2, or (at your option)
11 GNU Classpath is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with GNU Classpath; see the file COPYING. If not, write to the
18 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21 Linking this library statically or dynamically with other modules is
22 making a combined work based on this library. Thus, the terms and
23 conditions of the GNU General Public License cover the whole
26 As a special exception, the copyright holders of this library give you
27 permission to link this library with independent modules to produce an
28 executable, regardless of the license terms of these independent
29 modules, and to copy and distribute the resulting executable under
30 terms of your choice, provided that you also meet, for each linked
31 independent module, the terms and conditions of the license of that
32 module. An independent module is a module which is not derived from
33 or based on this library. If you modify this library, you may extend
34 this exception to your version of the library, but you are not
35 obligated to do so. If you do not wish to do so, delete this
36 exception statement from your version. */
39 package java.security;
41 import gnu.java.security.Engine;
43 import java.io.IOException;
44 import java.io.InputStream;
45 import java.io.OutputStream;
46 import java.lang.reflect.InvocationTargetException;
47 import java.security.cert.CertificateException;
48 import java.util.Date;
49 import java.util.Enumeration;
52 * Keystore represents an in-memory collection of keys and
53 * certificates. There are two types of entries:
58 * <dd><p>This type of keystore entry store sensitive crytographic key
59 * information in a protected format.Typically this is a secret
60 * key or a private key with a certificate chain.</p></dd>
62 * <dt>Trusted Ceritificate Entry</dt>
64 * <dd><p>This type of keystore entry contains a single public key
65 * certificate belonging to annother entity. It is called trusted
66 * because the keystore owner trusts that the certificates
67 * belongs to the subject (owner) of the certificate.</p></dd>
70 * <p>Entries in a key store are referred to by their "alias": a simple
73 * <p>The structure and persistentence of the key store is not
74 * specified. Any method could be used to protect sensitive
75 * (private or secret) keys. Smart cards or integrated
76 * cryptographic engines could be used or the keystore could
77 * be simply stored in a file.</p>
79 * @see java.security.cert.Certificate
85 // Constants and fields.
86 // ------------------------------------------------------------------------
88 /** Service name for key stores. */
89 private static final String KEY_STORE = "KeyStore";
91 private KeyStoreSpi keyStoreSpi;
92 private Provider provider;
96 // ------------------------------------------------------------------------
99 Creates an instance of KeyStore
101 @param keyStoreSpi A KeyStore engine to use
102 @param provider A provider to use
103 @param type The type of KeyStore
105 protected KeyStore(KeyStoreSpi keyStoreSpi, Provider provider, String type)
107 this.keyStoreSpi = keyStoreSpi;
108 this.provider = provider;
113 * Returns an instance of a <code>KeyStore</code> representing the specified
114 * type, from the first provider that implements it.
116 * @param type the type of keystore to create.
117 * @return a <code>KeyStore</code> repesenting the desired type.
118 * @throws KeyStoreException if the designated type of is not implemented by
119 * any provider, or the implementation could not be instantiated.
120 * @throws IllegalArgumentException if <code>type</code> is
121 * <code>null</code> or is an empty string.
123 public static KeyStore getInstance(String type) throws KeyStoreException
125 Provider[] p = Security.getProviders();
126 KeyStoreException lastException = null;
127 for (int i = 0; i < p.length; i++)
130 return getInstance(type, p[i]);
132 catch (KeyStoreException x)
136 if (lastException != null)
138 throw new KeyStoreException(type);
142 * Returns an instance of a <code>KeyStore</code> representing the specified
143 * type, from the named provider.
145 * @param type the type of keystore to create.
146 * @param provider the name of the provider to use.
147 * @return a <code>KeyStore</code> repesenting the desired type.
148 * @throws KeyStoreException if the designated type is not implemented by the
150 * @throws NoSuchProviderException if the provider is not found.
151 * @throws IllegalArgumentException if either <code>type</code> or
152 * <code>provider</code> is <code>null</code> or empty.
154 public static KeyStore getInstance(String type, String provider)
155 throws KeyStoreException, NoSuchProviderException
157 if (provider == null)
158 throw new IllegalArgumentException("provider MUST NOT be null");
159 provider = provider.trim();
160 if (provider.length() == 0)
161 throw new IllegalArgumentException("provider MUST NOT be empty");
162 Provider p = Security.getProvider(provider);
164 throw new NoSuchProviderException(provider);
165 return getInstance(type, p);
169 * Returns an instance of a <code>KeyStore</code> representing the specified
170 * type, from the specified provider.
172 * @param type the type of keystore to create.
173 * @param provider the provider to use.
174 * @return a <code>KeyStore</code> repesenting the desired type.
175 * @throws KeyStoreException if the designated type is not implemented by the
177 * @throws IllegalArgumentException if either <code>type</code> or
178 * <code>provider</code> is <code>null</code>, or if
179 * <code>type</code> is an empty string.
182 public static KeyStore getInstance(String type, Provider provider)
183 throws KeyStoreException
188 Object spi = Engine.getInstance(KEY_STORE, type, provider);
189 return new KeyStore((KeyStoreSpi) spi, provider, type);
191 catch (NoSuchAlgorithmException x)
195 catch (InvocationTargetException x)
197 cause = x.getCause() != null ? x.getCause() : x;
199 catch (ClassCastException x)
203 KeyStoreException x = new KeyStoreException(type);
209 * Returns the default KeyStore type. This method looks up the
210 * type in <JAVA_HOME>/lib/security/java.security with the
211 * property "keystore.type" or if that fails then "gkr" .
213 public static final String getDefaultType()
215 // Security reads every property in java.security so it
216 // will return this property if it exists.
217 String tmp = Security.getProperty("keystore.type");
226 // ------------------------------------------------------------------------
229 Gets the provider that the class is from.
231 @return the provider of this class
233 public final Provider getProvider()
239 Returns the type of the KeyStore supported
241 @return A string with the type of KeyStore
243 public final String getType()
249 Returns the key associated with given alias using the
252 @param alias an alias for the key to get
253 @param password password to access key with
255 @return the requested key, or null otherwise
257 @throws NoSuchAlgorithmException if there is no algorithm
258 for recovering the key
259 @throws UnrecoverableKeyException key cannot be reocovered
262 public final Key getKey(String alias, char[]password)
263 throws KeyStoreException, NoSuchAlgorithmException,
264 UnrecoverableKeyException
266 return keyStoreSpi.engineGetKey(alias, password);
270 Gets a Certificate chain for the specified alias.
272 @param alias the alias name
274 @return a chain of Certificates ( ordered from the user's
275 certificate to the Certificate Authority's ) or
276 null if the alias does not exist or there is no
277 certificate chain for the alias ( the alias refers
278 to a trusted certificate entry or there is no entry).
280 public final java.security.cert.
281 Certificate[] getCertificateChain(String alias) throws KeyStoreException
283 return keyStoreSpi.engineGetCertificateChain(alias);
287 Gets a Certificate for the specified alias.
289 If there is a trusted certificate entry then that is returned.
290 it there is a key entry with a certificate chain then the
291 first certificate is return or else null.
293 @param alias the alias name
295 @return a Certificate or null if the alias does not exist
296 or there is no certificate for the alias
298 public final java.security.cert.Certificate getCertificate(String alias)
299 throws KeyStoreException
301 return keyStoreSpi.engineGetCertificate(alias);
305 Gets entry creation date for the specified alias.
307 @param alias the alias name
309 @returns the entry creation date or null
311 public final Date getCreationDate(String alias) throws KeyStoreException
313 return keyStoreSpi.engineGetCreationDate(alias);
317 Assign the key to the alias in the keystore, protecting it
318 with the given password. It will overwrite an existing
319 entry and if the key is a PrivateKey, also add the
320 certificate chain representing the corresponding public key.
322 @param alias the alias name
323 @param key the key to add
324 @password the password to protect with
325 @param chain the certificate chain for the corresponding
328 @throws KeyStoreException if it fails
330 public final void setKeyEntry(String alias, Key key, char[]password,
332 Certificate[]chain) throws KeyStoreException
334 keyStoreSpi.engineSetKeyEntry(alias, key, password, chain);
338 Assign the key to the alias in the keystore. It will overwrite
339 an existing entry and if the key is a PrivateKey, also
340 add the certificate chain representing the corresponding
343 @param alias the alias name
344 @param key the key to add
345 @param chain the certificate chain for the corresponding
348 @throws KeyStoreException if it fails
350 public final void setKeyEntry(String alias, byte[]key,
352 Certificate[]chain) throws KeyStoreException
354 keyStoreSpi.engineSetKeyEntry(alias, key, chain);
358 Assign the certificate to the alias in the keystore. It
359 will overwrite an existing entry.
361 @param alias the alias name
362 @param cert the certificate to add
364 @throws KeyStoreException if it fails
366 public final void setCertificateEntry(String alias,
368 Certificate cert) throws
371 keyStoreSpi.engineSetCertificateEntry(alias, cert);
375 Deletes the entry for the specified entry.
377 @param alias the alias name
379 @throws KeyStoreException if it fails
381 public final void deleteEntry(String alias) throws KeyStoreException
383 keyStoreSpi.engineDeleteEntry(alias);
387 Generates a list of all the aliases in the keystore.
389 @return an Enumeration of the aliases
391 public final Enumeration<String> aliases() throws KeyStoreException
393 return keyStoreSpi.engineAliases();
397 Determines if the keystore contains the specified alias.
399 @param alias the alias name
401 @return true if it contains the alias, false otherwise
403 public final boolean containsAlias(String alias) throws KeyStoreException
405 return keyStoreSpi.engineContainsAlias(alias);
409 Returns the number of entries in the keystore.
411 @returns the number of keystore entries.
413 public final int size() throws KeyStoreException
415 return keyStoreSpi.engineSize();
419 Determines if the keystore contains a key entry for
422 @param alias the alias name
424 @return true if it is a key entry, false otherwise
426 public final boolean isKeyEntry(String alias) throws KeyStoreException
428 return keyStoreSpi.engineIsKeyEntry(alias);
433 Determines if the keystore contains a certificate entry for
436 @param alias the alias name
438 @return true if it is a certificate entry, false otherwise
440 public final boolean isCertificateEntry(String alias)
441 throws KeyStoreException
443 return keyStoreSpi.engineIsCertificateEntry(alias);
447 Determines if the keystore contains the specified certificate
448 entry and returns the alias.
450 It checks every entry and for a key entry checks only the
451 first certificate in the chain.
453 @param cert Certificate to look for
455 @return alias of first matching certificate, null if it
458 public final String getCertificateAlias(java.security.cert.Certificate cert)
459 throws KeyStoreException
461 return keyStoreSpi.engineGetCertificateAlias(cert);
465 Stores the keystore in the specified output stream and it
466 uses the specified key it keep it secure.
468 @param stream the output stream to save the keystore to
469 @param password the password to protect the keystore integrity with
471 @throws IOException if an I/O error occurs.
472 @throws NoSuchAlgorithmException the data integrity algorithm
473 used cannot be found.
474 @throws CertificateException if any certificates could not be
475 stored in the output stream.
477 public final void store(OutputStream stream, char[]password)
478 throws KeyStoreException, IOException, NoSuchAlgorithmException,
481 keyStoreSpi.engineStore(stream, password);
485 Loads the keystore from the specified input stream and it
486 uses the specified password to check for integrity if supplied.
488 @param stream the input stream to load the keystore from
489 @param password the password to check the keystore integrity with
491 @throws IOException if an I/O error occurs.
492 @throws NoSuchAlgorithmException the data integrity algorithm
493 used cannot be found.
494 @throws CertificateException if any certificates could not be
495 stored in the output stream.
497 public final void load(InputStream stream, char[]password)
498 throws IOException, NoSuchAlgorithmException, CertificateException
500 keyStoreSpi.engineLoad(stream, password);