Class PKCS12KeyStoreSpi
- java.lang.Object
-
- java.security.KeyStoreSpi
-
- org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi
-
- All Implemented Interfaces:
PKCSObjectIdentifiers
,X509ObjectIdentifiers
,BCKeyStore
- Direct Known Subclasses:
PKCS12KeyStoreSpi.BCPKCS12KeyStore
,PKCS12KeyStoreSpi.BCPKCS12KeyStore3DES
,PKCS12KeyStoreSpi.DefPKCS12KeyStore
,PKCS12KeyStoreSpi.DefPKCS12KeyStore3DES
public class PKCS12KeyStoreSpi extends KeyStoreSpi implements PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
PKCS12KeyStoreSpi.BCPKCS12KeyStore
static class
PKCS12KeyStoreSpi.BCPKCS12KeyStore3DES
static class
PKCS12KeyStoreSpi.DefPKCS12KeyStore
static class
PKCS12KeyStoreSpi.DefPKCS12KeyStore3DES
-
Field Summary
Fields Modifier and Type Field Description protected SecureRandom
random
-
Fields inherited from interface org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers
bagtypes, canNotDecryptAny, certBag, certTypes, crlBag, crlTypes, data, des_EDE3_CBC, dhKeyAgreement, digestAlgorithm, digestedData, encryptedData, encryptionAlgorithm, envelopedData, id_aa, id_aa_asymmDecryptKeyID, id_aa_cmsAlgorithmProtect, id_aa_commitmentType, id_aa_communityIdentifiers, id_aa_contentHint, id_aa_contentIdentifier, id_aa_contentReference, id_aa_decryptKeyID, id_aa_encrypKeyPref, id_aa_ets_archiveTimestamp, id_aa_ets_certCRLTimestamp, id_aa_ets_certificateRefs, id_aa_ets_certValues, id_aa_ets_commitmentType, id_aa_ets_contentTimestamp, id_aa_ets_escTimeStamp, id_aa_ets_otherSigCert, id_aa_ets_revocationRefs, id_aa_ets_revocationValues, id_aa_ets_signerAttr, id_aa_ets_signerLocation, id_aa_ets_sigPolicyId, id_aa_implCompressAlgs, id_aa_implCryptoAlgs, id_aa_msgSigDigest, id_aa_otherSigCert, id_aa_receiptRequest, id_aa_signatureTimeStampToken, id_aa_signerLocation, id_aa_signingCertificate, id_aa_signingCertificateV2, id_aa_sigPolicyId, id_alg, id_alg_AEADChaCha20Poly1305, id_alg_CMS3DESwrap, id_alg_CMSRC2wrap, id_alg_ESDH, id_alg_hkdf_with_sha256, id_alg_hkdf_with_sha384, id_alg_hkdf_with_sha512, id_alg_hss_lms_hashsig, id_alg_PWRI_KEK, id_alg_SSDH, id_ct, id_ct_authData, id_ct_authEnvelopedData, id_ct_compressedData, id_ct_timestampedData, id_ct_TSTInfo, id_cti, id_cti_ets_proofOfApproval, id_cti_ets_proofOfCreation, id_cti_ets_proofOfDelivery, id_cti_ets_proofOfOrigin, id_cti_ets_proofOfReceipt, id_cti_ets_proofOfSender, id_hmacWithSHA1, id_hmacWithSHA224, id_hmacWithSHA256, id_hmacWithSHA384, id_hmacWithSHA512, id_mgf1, id_PBES2, id_PBKDF2, id_pSpecified, id_rsa_KEM, id_RSAES_OAEP, id_RSASSA_PSS, id_smime, id_spq, id_spq_ets_unotice, id_spq_ets_uri, keyBag, md2, md2WithRSAEncryption, md4, md4WithRSAEncryption, md5, md5WithRSAEncryption, pbeWithMD2AndDES_CBC, pbeWithMD2AndRC2_CBC, pbeWithMD5AndDES_CBC, pbeWithMD5AndRC2_CBC, pbeWithSHA1AndDES_CBC, pbeWithSHA1AndRC2_CBC, pbeWithSHAAnd128BitRC2_CBC, pbeWithSHAAnd128BitRC4, pbeWithSHAAnd2_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC, pbewithSHAAnd40BitRC2_CBC, pbeWithSHAAnd40BitRC2_CBC, pbeWithSHAAnd40BitRC4, pkcs_1, pkcs_12, pkcs_12PbeIds, pkcs_3, pkcs_5, pkcs_7, pkcs_9, pkcs_9_at_challengePassword, pkcs_9_at_contentType, pkcs_9_at_counterSignature, pkcs_9_at_emailAddress, pkcs_9_at_extendedCertificateAttributes, pkcs_9_at_extensionRequest, pkcs_9_at_friendlyName, pkcs_9_at_localKeyId, pkcs_9_at_messageDigest, pkcs_9_at_signingDescription, pkcs_9_at_signingTime, pkcs_9_at_smimeCapabilities, pkcs_9_at_unstructuredAddress, pkcs_9_at_unstructuredName, pkcs8ShroudedKeyBag, preferSignedData, RC2_CBC, rc4, rsaEncryption, safeContentsBag, sdsiCertificate, secretBag, sha1WithRSAEncryption, sha224WithRSAEncryption, sha256WithRSAEncryption, sha384WithRSAEncryption, sha512_224WithRSAEncryption, sha512_256WithRSAEncryption, sha512WithRSAEncryption, signedAndEnvelopedData, signedData, sMIMECapabilitiesVersions, srsaOAEPEncryptionSET, x509Certificate, x509certType, x509Crl
-
Fields inherited from interface org.bouncycastle.asn1.x509.X509ObjectIdentifiers
commonName, countryName, crlAccessMethod, id_ad, id_ad_caIssuers, id_ad_ocsp, id_at_name, id_at_organizationIdentifier, id_at_telephoneNumber, id_ce, id_ea_rsa, id_ecdsa_with_shake128, id_ecdsa_with_shake256, id_pe, id_pkix, id_rsassa_pss_shake128, id_rsassa_pss_shake256, id_SHA1, localityName, ocspAccessMethod, organization, organizationalUnitName, ripemd160, ripemd160WithRSAEncryption, stateOrProvinceName
-
-
Constructor Summary
Constructors Constructor Description PKCS12KeyStoreSpi(JcaJceHelper helper, ASN1ObjectIdentifier keyAlgorithm, ASN1ObjectIdentifier certAlgorithm)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected byte[]
cryptData(boolean forEncryption, AlgorithmIdentifier algId, char[] password, boolean wrongPKCS12Zero, byte[] data)
Enumeration
engineAliases()
boolean
engineContainsAlias(String alias)
void
engineDeleteEntry(String alias)
this is not quite complete - we should follow up on the chain, a bit tricky if a certificate appears in more than one chain...Certificate
engineGetCertificate(String alias)
simply return the cert for the private keyString
engineGetCertificateAlias(Certificate cert)
Certificate[]
engineGetCertificateChain(String alias)
Date
engineGetCreationDate(String alias)
Key
engineGetKey(String alias, char[] password)
boolean
engineIsCertificateEntry(String alias)
boolean
engineIsKeyEntry(String alias)
void
engineLoad(InputStream stream, char[] password)
void
engineSetCertificateEntry(String alias, Certificate cert)
void
engineSetKeyEntry(String alias, byte[] key, Certificate[] chain)
void
engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain)
int
engineSize()
void
engineStore(OutputStream stream, char[] password)
void
engineStore(KeyStore.LoadStoreParameter param)
void
setRandom(SecureRandom rand)
set the random source for the key storeprotected PrivateKey
unwrapKey(AlgorithmIdentifier algId, byte[] data, char[] password, boolean wrongPKCS12Zero)
protected byte[]
wrapKey(String algorithm, Key key, PKCS12PBEParams pbeParams, char[] password)
-
Methods inherited from class java.security.KeyStoreSpi
engineEntryInstanceOf, engineGetEntry, engineLoad, engineProbe, engineSetEntry
-
-
-
-
Field Detail
-
random
protected SecureRandom random
-
-
Constructor Detail
-
PKCS12KeyStoreSpi
public PKCS12KeyStoreSpi(JcaJceHelper helper, ASN1ObjectIdentifier keyAlgorithm, ASN1ObjectIdentifier certAlgorithm)
-
-
Method Detail
-
setRandom
public void setRandom(SecureRandom rand)
Description copied from interface:BCKeyStore
set the random source for the key store- Specified by:
setRandom
in interfaceBCKeyStore
-
engineAliases
public Enumeration engineAliases()
- Specified by:
engineAliases
in classKeyStoreSpi
-
engineContainsAlias
public boolean engineContainsAlias(String alias)
- Specified by:
engineContainsAlias
in classKeyStoreSpi
-
engineDeleteEntry
public void engineDeleteEntry(String alias) throws KeyStoreException
this is not quite complete - we should follow up on the chain, a bit tricky if a certificate appears in more than one chain... the store method now prunes out unused certificates from the chain map if they are present.- Specified by:
engineDeleteEntry
in classKeyStoreSpi
- Throws:
KeyStoreException
-
engineGetCertificate
public Certificate engineGetCertificate(String alias)
simply return the cert for the private key- Specified by:
engineGetCertificate
in classKeyStoreSpi
-
engineGetCertificateAlias
public String engineGetCertificateAlias(Certificate cert)
- Specified by:
engineGetCertificateAlias
in classKeyStoreSpi
-
engineGetCertificateChain
public Certificate[] engineGetCertificateChain(String alias)
- Specified by:
engineGetCertificateChain
in classKeyStoreSpi
-
engineGetCreationDate
public Date engineGetCreationDate(String alias)
- Specified by:
engineGetCreationDate
in classKeyStoreSpi
-
engineGetKey
public Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException, UnrecoverableKeyException
- Specified by:
engineGetKey
in classKeyStoreSpi
- Throws:
NoSuchAlgorithmException
UnrecoverableKeyException
-
engineIsCertificateEntry
public boolean engineIsCertificateEntry(String alias)
- Specified by:
engineIsCertificateEntry
in classKeyStoreSpi
-
engineIsKeyEntry
public boolean engineIsKeyEntry(String alias)
- Specified by:
engineIsKeyEntry
in classKeyStoreSpi
-
engineSetCertificateEntry
public void engineSetCertificateEntry(String alias, Certificate cert) throws KeyStoreException
- Specified by:
engineSetCertificateEntry
in classKeyStoreSpi
- Throws:
KeyStoreException
-
engineSetKeyEntry
public void engineSetKeyEntry(String alias, byte[] key, Certificate[] chain) throws KeyStoreException
- Specified by:
engineSetKeyEntry
in classKeyStoreSpi
- Throws:
KeyStoreException
-
engineSetKeyEntry
public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException
- Specified by:
engineSetKeyEntry
in classKeyStoreSpi
- Throws:
KeyStoreException
-
engineSize
public int engineSize()
- Specified by:
engineSize
in classKeyStoreSpi
-
unwrapKey
protected PrivateKey unwrapKey(AlgorithmIdentifier algId, byte[] data, char[] password, boolean wrongPKCS12Zero) throws IOException
- Throws:
IOException
-
wrapKey
protected byte[] wrapKey(String algorithm, Key key, PKCS12PBEParams pbeParams, char[] password) throws IOException
- Throws:
IOException
-
cryptData
protected byte[] cryptData(boolean forEncryption, AlgorithmIdentifier algId, char[] password, boolean wrongPKCS12Zero, byte[] data) throws IOException
- Throws:
IOException
-
engineLoad
public void engineLoad(InputStream stream, char[] password) throws IOException
- Specified by:
engineLoad
in classKeyStoreSpi
- Throws:
IOException
-
engineStore
public void engineStore(KeyStore.LoadStoreParameter param) throws IOException, NoSuchAlgorithmException, CertificateException
- Overrides:
engineStore
in classKeyStoreSpi
- Throws:
IOException
NoSuchAlgorithmException
CertificateException
-
engineStore
public void engineStore(OutputStream stream, char[] password) throws IOException
- Specified by:
engineStore
in classKeyStoreSpi
- Throws:
IOException
-
-