This
class
represents a mapping of names, or aliases, to Key
and java.security.cert.Certificate objects. Obtain
a KeyStore object by calling one of the static
getInstance( ) methods, specifying the desired key
store type and, optionally, the desired provider. Use
"JKS" to specify the
"Java Key Store" type defined by
Sun. Because of U.S. export regulations, this default
KeyStore supports only weak encryption of private
keys. If you have the Java Cryptography Extension installed, use the
type "JCEKS" and
provider "SunJCE" to obtain a
KeyStore implementation that offers much stronger
password-based encryption of keys. Once you have created a
KeyStore, use load( ) to read
its contents from a stream, supplying an optional password that
verifies the integrity of the stream data. Keystores are typically
read from a file named
.keystore in the
user's home directory.
The KeyStore API
has been substantially enhanced in Java 5.0. We describe pre-5.0
methods first, and then cover Java 5.0 enhancements below. A
KeyStore may contain both public and private key
entries. A public key entry is represented by a
Certificate object. Use getCertificate(
) to look up a named public key certificate and
setCertificateEntry( ) to add a new public key
certificate to the keystore. A private key entry in the keystore
contains both a password-protected Key and an
array of Certificate objects that represent the
certificate chain for the public key that corresponds to the private
key. Use getKey( ) and
getCertificateChain( ) to look up the key and
certificate chain. Use setKeyEntry(
) to create a new private key entry.
You must provide a password when reading or writing a private key
from the keystore; this password encrypts the key data, and each
private key entry should have a different password. If you are using
the JCE, you may also store javax.crypto.SecretKey
objects in a KeyStore. Secret keys are stored like
private keys, except that they do not have a certificate chain
associated with them. To delete an entry from a
KeyStore, use deleteEntry(
). If you modify the contents of a
KeyStore, use store(
) to save the keystore to a specified
stream. You may specify a password that is used to validate the
integrity of the data, but it is not used to encrypt the keystore.
In Java 5.0 the
KeyStore.Entry interface defines a keystore entry.
Implementations include the nested types
PrivateKeyEntry,
SecretKeyEntry, and
trustedCertificateEntry. You can get or set an
entry of any type with the new methods getEntry(
)
and
setEntry( ). These methods accept a
KeyStore.ProtectionParameter object, such as a
password represented as a
KeyStore.PasswordProtection object. Java 5.0 also
defines new load( ) and
store( ) methods that specify a password
indirectly through a KeyStore.LoadStoreParameter.
public class
KeyStore {
// Protected Constructors
protected
KeyStore (KeyStoreSpi
keyStoreSpi , Provider
provider , String
type );
// Nested Types
5.0 public abstract static class
Builder ;
5.0 public static class
CallbackHandlerProtection
implements KeyStore.ProtectionParameter;
5.0 public interface
Entry ;
5.0 public interface
LoadStoreParameter ;
5.0 public static class
PasswordProtection
implements javax.security.auth.Destroyable, KeyStore.ProtectionParameter;
5.0 public static final class
PrivateKeyEntry
implements KeyStore.Entry;
5.0 public interface
ProtectionParameter ;
5.0 public static final class
SecretKeyEntry implements KeyStore.Entry;
5.0 public static final class
TrustedCertificateEntry implements KeyStore.Entry;
// Public Class Methods
public static final String
getDefaultType ( );
public static KeyStore
getInstance (String
type ) throws KeyStoreException;
public static KeyStore
getInstance (String
type , String
provider )
throws KeyStoreException, NoSuchProviderException;
1.4 public static KeyStore
getInstance (String
type , Provider
provider )
throws KeyStoreException;
// Public Instance Methods
public final java.util.Enumeration<String>
aliases ( )
throws KeyStoreException;
public final boolean
containsAlias (String
alias ) throws KeyStoreException;
public final void
deleteEntry (String
alias ) throws KeyStoreException;
5.0 public final boolean
entryInstanceOf (String
alias ,
Class<? extends KeyStore.Entry>
entryClass )
throws KeyStoreException;
public final java.security.cert.Certificate
getCertificate (String
alias )
throws KeyStoreException;
public final String
getCertificateAlias (java.security.cert.Certificate
cert )
throws KeyStoreException;
public final java.security.cert.Certificate[ ]
getCertificateChain
(String
alias ) throws KeyStoreException;
public final java.util.Date
getCreationDate (String
alias )
throws KeyStoreException;
5.0 public final KeyStore.Entry
getEntry (String
alias , KeyStore.
ProtectionParameter
protParam )
throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException;
public final Key
getKey (String
alias , char[ ]
password )
throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException;
public final Provider
getProvider ( );
public final String
getType ( );
public final boolean
isCertificateEntry (String
alias )
throws KeyStoreException;
public final boolean
isKeyEntry (String
alias ) throws KeyStoreException;
5.0 public final void
load (KeyStore.LoadStoreParameter
param )
throws java.io.IOException, NoSuchAlgorithmException,
java.security.cert.CertificateException;
public final void
load (java.io.InputStream
stream , char[ ]
password )
throws java.io.IOException, NoSuchAlgorithmException,
java.security.cert.CertificateException;
public final void
setCertificateEntry (String
alias , java.security.cert.
Certificate
cert ) throws KeyStoreException;
5.0 public final void
setEntry (String
alias , KeyStore.Entry
entry ,
KeyStore.ProtectionParameter
protParam )
throws KeyStoreException;
public final void
setKeyEntry (String
alias , byte[ ]
key ,
java.security.cert.Certificate[ ]
chain )
throws KeyStoreException;
public final void
setKeyEntry (String
alias , Key
key , char[ ]
password ,
java.security.cert.Certificate[ ]
chain )
throws KeyStoreException;
public final int
size ( ) throws KeyStoreException;
5.0 public final void
store (KeyStore.LoadStoreParameter
param )
throws KeyStoreException, java.io.IOException, NoSuchAlgorithmException,
java.security.cert.CertificateException;
public final void
store (java.io.OutputStream
stream , char[ ]
password )
throws KeyStoreException, java.io.IOException, NoSuchAlgorithmException,
java.security.cert.CertificateException;
}
KeyStore.Builder.newInstance( ),
java.security.cert.PKIXBuilderParameters.PKIXBuilderParameters(
),
java.security.cert.PKIXParameters.PKIXParameters(
), javax.net.ssl.KeyManagerFactory.init(
), javax.net.ssl.KeyManagerFactorySpi.engineInit(
), javax.net.ssl.TrustManagerFactory.init(
),
javax.net.ssl.TrustManagerFactorySpi.engineInit( )