Java in a Nutshell, 5th Edition [Electronic resources]

نسخه متنی -صفحه : 1191/ 518
نمايش فراداده

KeyStorejava.security

Java 1.2

This class represents a mapping of names, or aliases, to Key and java.security.cert.Certificate objects. Obtain a KeyStore object by calling one of the static getInstance( ) methods, specifying the desired key store type and, optionally, the desired provider. Use "JKS" to specify the "Java Key Store" type defined by Sun. Because of U.S. export regulations, this default KeyStore supports only weak encryption of private keys. If you have the Java Cryptography Extension installed, use the type "JCEKS" and provider "SunJCE" to obtain a KeyStore implementation that offers much stronger password-based encryption of keys. Once you have created a KeyStore, use load( ) to read its contents from a stream, supplying an optional password that verifies the integrity of the stream data. Keystores are typically read from a file named

.keystore in the user's home directory.

The KeyStore API has been substantially enhanced in Java 5.0. We describe pre-5.0 methods first, and then cover Java 5.0 enhancements below. A KeyStore may contain both public and private key entries. A public key entry is represented by a Certificate object. Use getCertificate( ) to look up a named public key certificate and setCertificateEntry( ) to add a new public key certificate to the keystore. A private key entry in the keystore contains both a password-protected Key and an array of Certificate objects that represent the certificate chain for the public key that corresponds to the private key. Use getKey( ) and getCertificateChain( ) to look up the key and certificate chain. Use setKeyEntry( ) to create a new private key entry. You must provide a password when reading or writing a private key from the keystore; this password encrypts the key data, and each private key entry should have a different password. If you are using the JCE, you may also store javax.crypto.SecretKey objects in a KeyStore. Secret keys are stored like private keys, except that they do not have a certificate chain associated with them. To delete an entry from a KeyStore, use deleteEntry( ). If you modify the contents of a KeyStore, use store( ) to save the keystore to a specified stream. You may specify a password that is used to validate the integrity of the data, but it is not used to encrypt the keystore.

In Java 5.0 the KeyStore.Entry interface defines a keystore entry. Implementations include the nested types PrivateKeyEntry, SecretKeyEntry, and trustedCertificateEntry. You can get or set an entry of any type with the new methods getEntry( ) and setEntry( ). These methods accept a KeyStore.ProtectionParameter object, such as a password represented as a KeyStore.PasswordProtection object. Java 5.0 also defines new load( ) and store( ) methods that specify a password indirectly through a KeyStore.LoadStoreParameter.

public class

KeyStore { // Protected Constructors protected

KeyStore (KeyStoreSpi

keyStoreSpi , Provider

provider , String

type ); // Nested Types

5.0 public abstract static class

Builder ;

5.0 public static class

CallbackHandlerProtection implements KeyStore.ProtectionParameter;

5.0 public interface

Entry ;

5.0 public interface

LoadStoreParameter ;

5.0 public static class

PasswordProtection implements javax.security.auth.Destroyable, KeyStore.ProtectionParameter;

5.0 public static final class

PrivateKeyEntry implements KeyStore.Entry;

5.0 public interface

ProtectionParameter ;

5.0 public static final class

SecretKeyEntry implements KeyStore.Entry;

5.0 public static final class

TrustedCertificateEntry implements KeyStore.Entry; // Public Class Methods public static final String

getDefaultType ( ); public static KeyStore

getInstance (String

type ) throws KeyStoreException; public static KeyStore

getInstance (String

type , String

provider ) throws KeyStoreException, NoSuchProviderException;

1.4 public static KeyStore

getInstance (String

type , Provider

provider ) throws KeyStoreException; // Public Instance Methods public final java.util.Enumeration<String>

aliases ( ) throws KeyStoreException; public final boolean

containsAlias (String

alias ) throws KeyStoreException; public final void

deleteEntry (String

alias ) throws KeyStoreException;

5.0 public final boolean

entryInstanceOf (String

alias , Class<? extends KeyStore.Entry>

entryClass ) throws KeyStoreException; public final java.security.cert.Certificate

getCertificate (String

alias ) throws KeyStoreException; public final String

getCertificateAlias (java.security.cert.Certificate

cert ) throws KeyStoreException; public final java.security.cert.Certificate[ ]

getCertificateChain (String

alias ) throws KeyStoreException; public final java.util.Date

getCreationDate (String

alias ) throws KeyStoreException;

5.0 public final KeyStore.Entry

getEntry (String

alias , KeyStore. ProtectionParameter

protParam ) throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException; public final Key

getKey (String

alias , char[ ]

password ) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException; public final Provider

getProvider ( ); public final String

getType ( ); public final boolean

isCertificateEntry (String

alias ) throws KeyStoreException; public final boolean

isKeyEntry (String

alias ) throws KeyStoreException;

5.0 public final void

load (KeyStore.LoadStoreParameter

param ) throws java.io.IOException, NoSuchAlgorithmException, java.security.cert.CertificateException; public final void

load (java.io.InputStream

stream , char[ ]

password ) throws java.io.IOException, NoSuchAlgorithmException, java.security.cert.CertificateException; public final void

setCertificateEntry (String

alias , java.security.cert. Certificate

cert ) throws KeyStoreException;

5.0 public final void

setEntry (String

alias , KeyStore.Entry

entry , KeyStore.ProtectionParameter

protParam ) throws KeyStoreException; public final void

setKeyEntry (String

alias , byte[ ]

key , java.security.cert.Certificate[ ]

chain ) throws KeyStoreException; public final void

setKeyEntry (String

alias , Key

key , char[ ]

password , java.security.cert.Certificate[ ]

chain ) throws KeyStoreException; public final int

size ( ) throws KeyStoreException;

5.0 public final void

store (KeyStore.LoadStoreParameter

param ) throws KeyStoreException, java.io.IOException, NoSuchAlgorithmException, java.security.cert.CertificateException; public final void

store (java.io.OutputStream

stream , char[ ]

password ) throws KeyStoreException, java.io.IOException, NoSuchAlgorithmException, java.security.cert.CertificateException; }

Passed To

KeyStore.Builder.newInstance( ), java.security.cert.PKIXBuilderParameters.PKIXBuilderParameters( ), java.security.cert.PKIXParameters.PKIXParameters( ), javax.net.ssl.KeyManagerFactory.init( ), javax.net.ssl.KeyManagerFactorySpi.engineInit( ), javax.net.ssl.TrustManagerFactory.init( ), javax.net.ssl.TrustManagerFactorySpi.engineInit( )

Returned By

KeyStore.Builder.getKeyStore( )