This
class
represents a mapping of names, or aliases, to Key
and java.security.cert.Certificate objects. Obtain
a KeyStore object by calling one of the static
getInstance( ) methods, specifying the desired key
store type and, optionally, the desired provider. Use
"JKS" to specify the
"Java Key Store" type defined by
Sun. Because of U.S. export regulations, this default
KeyStore supports only weak encryption of private
keys. If you have the Java Cryptography Extension installed, use the
type "JCEKS" and
provider "SunJCE" to obtain a
KeyStore implementation that offers much stronger
password-based encryption of keys. Once you have created a
KeyStore, use load( ) to read
its contents from a stream, supplying an optional password that
verifies the integrity of the stream data. Keystores are typically
read from a file named .keystore in the
user's home directory.
The KeyStore API
has been substantially enhanced in Java 5.0. We describe pre-5.0
methods first, and then cover Java 5.0 enhancements below. A
KeyStore may contain both public and private key
entries. A public key entry is represented by a
Certificate object. Use getCertificate(
) to look up a named public key certificate and
setCertificateEntry( ) to add a new public key
certificate to the keystore. A private key entry in the keystore
contains both a password-protected Key and an
array of Certificate objects that represent the
certificate chain for the public key that corresponds to the private
key. Use getKey( ) and
getCertificateChain( ) to look up the key and
certificate chain. Use setKeyEntry(
) to create a new private key entry.
You must provide a password when reading or writing a private key
from the keystore; this password encrypts the key data, and each
private key entry should have a different password. If you are using
the JCE, you may also store javax.crypto.SecretKey
objects in a KeyStore. Secret keys are stored like
private keys, except that they do not have a certificate chain
associated with them. To delete an entry from a
KeyStore, use deleteEntry(
). If you modify the contents of a
KeyStore, use store(
) to save the keystore to a specified
stream. You may specify a password that is used to validate the
integrity of the data, but it is not used to encrypt the keystore.
In Java 5.0 the
KeyStore.Entry interface defines a keystore entry.
Implementations include the nested types
PrivateKeyEntry,
SecretKeyEntry, and
trustedCertificateEntry. You can get or set an
entry of any type with the new methods getEntry(
)
and
setEntry( ). These methods accept a
KeyStore.ProtectionParameter object, such as a
password represented as a
KeyStore.PasswordProtection object. Java 5.0 also
defines new load( ) and
store( ) methods that specify a password
indirectly through a KeyStore.LoadStoreParameter.
public class KeyStore {
// Protected Constructors
protected KeyStore(KeyStoreSpi keyStoreSpi, Provider provider, String type);
// Nested Types
5.0 public abstract static class Builder;
5.0 public static class CallbackHandlerProtection
implements KeyStore.ProtectionParameter;
5.0 public interface Entry;
5.0 public interface LoadStoreParameter;
5.0 public static class PasswordProtection
implements javax.security.auth.Destroyable, KeyStore.ProtectionParameter;
5.0 public static final class PrivateKeyEntry
implements KeyStore.Entry;
5.0 public interface ProtectionParameter;
5.0 public static final class SecretKeyEntry implements KeyStore.Entry;
5.0 public static final class TrustedCertificateEntry implements KeyStore.Entry;
// Public Class Methods
public static final String getDefaultType( );
public static KeyStore getInstance(String type) throws KeyStoreException;
public static KeyStore getInstance(String type, String provider)
throws KeyStoreException, NoSuchProviderException;
1.4 public static KeyStore getInstance(String type, Provider provider)
throws KeyStoreException;
// Public Instance Methods
public final java.util.Enumeration<String> aliases( )
throws KeyStoreException;
public final boolean containsAlias(String alias) throws KeyStoreException;
public final void deleteEntry(String alias) throws KeyStoreException;
5.0 public final boolean entryInstanceOf(String alias,
Class<? extends KeyStore.Entry> entryClass)
throws KeyStoreException;
public final java.security.cert.Certificate getCertificate(String alias)
throws KeyStoreException;
public final String getCertificateAlias(java.security.cert.Certificate cert)
throws KeyStoreException;
public final java.security.cert.Certificate[ ] getCertificateChain
(String alias) throws KeyStoreException;
public final java.util.Date getCreationDate(String alias)
throws KeyStoreException;
5.0 public final KeyStore.Entry getEntry(String alias, KeyStore.
ProtectionParameter protParam)
throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException;
public final Key getKey(String alias, char[ ] password)
throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException;
public final Provider getProvider( );
public final String getType( );
public final boolean isCertificateEntry(String alias)
throws KeyStoreException;
public final boolean isKeyEntry(String alias) throws KeyStoreException;
5.0 public final void load(KeyStore.LoadStoreParameter param)
throws java.io.IOException, NoSuchAlgorithmException,
java.security.cert.CertificateException;
public final void load(java.io.InputStream stream, char[ ] password)
throws java.io.IOException, NoSuchAlgorithmException,
java.security.cert.CertificateException;
public final void setCertificateEntry(String alias, java.security.cert.
Certificate cert) throws KeyStoreException;
5.0 public final void setEntry(String alias, KeyStore.Entry entry,
KeyStore.ProtectionParameter protParam)
throws KeyStoreException;
public final void setKeyEntry(String alias, byte[ ] key,
java.security.cert.Certificate[ ] chain)
throws KeyStoreException;
public final void setKeyEntry(String alias, Key key, char[ ] password,
java.security.cert.Certificate[ ] chain)
throws KeyStoreException;
public final int size( ) throws KeyStoreException;
5.0 public final void store(KeyStore.LoadStoreParameter param)
throws KeyStoreException, java.io.IOException, NoSuchAlgorithmException,
java.security.cert.CertificateException;
public final void store(java.io.OutputStream stream, char[ ] password)
throws KeyStoreException, java.io.IOException, NoSuchAlgorithmException,
java.security.cert.CertificateException;
}
