Class PKCS11KeyManager

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String DEFAULT_KEY_STORE_TYPE
      The default key store type to use when accessing PKCS #11 tokens.
      static java.lang.String DEFAULT_PROVIDER_CLASS
      The fully-qualified name of the default provider class (sun.security.pkcs11.SunPKCS11) to use when accessing PKCS #11 tokens.
    • Constructor Summary

      Constructors 
      Constructor Description
      PKCS11KeyManager​(char[] keyStorePIN, java.lang.String certificateAlias)
      Creates a new instance of this PKCS #11 key manager with the provided information.
      PKCS11KeyManager​(java.lang.String providerClassName, java.io.File providerConfigFile, java.lang.String keyStoreType, char[] keyStorePIN, java.lang.String certificateAlias)
      Creates a new instance of this PKCS11 key manager with the provided information.
      PKCS11KeyManager​(java.security.Provider provider, java.lang.String keyStoreType, char[] keyStorePIN, java.lang.String certificateAlias)
      Creates a new instance of this PKCS11 key manager with the provided information.
    • Constructor Detail

      • PKCS11KeyManager

        public PKCS11KeyManager​(@Nullable
                                char[] keyStorePIN,
                                @Nullable
                                java.lang.String certificateAlias)
                         throws java.security.KeyStoreException
        Creates a new instance of this PKCS #11 key manager with the provided information.
        Parameters:
        keyStorePIN - The user PIN to use to access the PKCS #11 token. This may be null if no PIN is required.
        certificateAlias - The nickname for the key entry to use in the PKCS #11 token. It may be null if any acceptable entry may be used.
        Throws:
        java.security.KeyStoreException - If a problem occurs while initializing this key manager.
      • PKCS11KeyManager

        public PKCS11KeyManager​(@Nullable
                                java.lang.String providerClassName,
                                @Nullable
                                java.io.File providerConfigFile,
                                @Nullable
                                java.lang.String keyStoreType,
                                @Nullable
                                char[] keyStorePIN,
                                @Nullable
                                java.lang.String certificateAlias)
                         throws java.security.KeyStoreException
        Creates a new instance of this PKCS11 key manager with the provided information.
        Parameters:
        providerClassName - The fully-qualified name of the Java class that implements the provider to use to interact with the PKCS #11 module. If this is null, then the key manager will attempt to automatically identify the appropriate provider.
        providerConfigFile - A file that contains the configuration to use for the provider. This may be null if no provider configuration is needed, or if the provider is already properly instantiated.
        keyStoreType - The name of the key store type to use when interacting with the PKCS #11 token. If this is null, then a default key store type of PKCS11 will be used.
        keyStorePIN - The user PIN to use to access the PKCS #11 token. This may be null if no PIN is required.
        certificateAlias - The nickname for the key entry to use in the PKCS #11 token. It may be null if any acceptable entry may be used.
        Throws:
        java.security.KeyStoreException - If a problem occurs while initializing this key manager.
      • PKCS11KeyManager

        public PKCS11KeyManager​(@NotNull
                                java.security.Provider provider,
                                @Nullable
                                java.lang.String keyStoreType,
                                @Nullable
                                char[] keyStorePIN,
                                @Nullable
                                java.lang.String certificateAlias)
                         throws java.security.KeyStoreException
        Creates a new instance of this PKCS11 key manager with the provided information.
        Parameters:
        provider - The Java security provider to use to access the PKCS #11 token. It must not be null.
        keyStoreType - The name of the key store type to use when interacting with the PKCS #11 token. If this is null, then a default key store type of PKCS11 will be used.
        keyStorePIN - The user PIN to use to access the PKCS #11 token. This may be null if no PIN is required.
        certificateAlias - The nickname for the key entry to use in the PKCS #11 token. It may be null if any acceptable entry may be used.
        Throws:
        java.security.KeyStoreException - If a problem occurs while initializing this key manager.
    • Method Detail

      • getProvider

        @NotNull
        public static java.security.Provider getProvider​(@Nullable
                                                         java.lang.String providerClassName,
                                                         @Nullable
                                                         java.io.File providerConfigFile,
                                                         @Nullable
                                                         java.lang.String keyStoreType,
                                                         boolean alwaysCreateNewInstance)
                                                  throws java.security.KeyStoreException
        Retrieves an instance of a Java security provider that may be used to interact with a PKCS #11 token. If a suitable new provider instance is created, then it will be added to the JVM's configured list of providers.
        Parameters:
        providerClassName - The fully-qualified name of the Java class to use for the provider. If this is null, then an attempt will be made to automatically identify the appropriate provider class.
        providerConfigFile - A file that contains the configuration to use for the provider. This may be null if no provider configuration is needed, or if the provider is already properly instantiated.
        keyStoreType - The name of the key store type to use when interacting with the PKCS #11 token. If this is null, then a default key store type of PKCS11 will be used.
        alwaysCreateNewInstance - Indicates whether to always create a new instance of the provider, even
        Returns:
        The provider instance that should be used to interact with a PKCS #11 token.
        Throws:
        java.security.KeyStoreException - If a problem occurs while retrieving the
      • getPKCS11JSSESProvider

        @Nullable
        public static java.security.Provider getPKCS11JSSESProvider()
        Retrieves an instance of a Java security provider that should be used when performing JSSE-related operations in conjunction with PKCS #11 tokens. The JVM's preferred JSSE provider may not be the best choice when using a PKCS #11 token (including when operating in FIPS-compliant mode).
        Returns:
        An instance of a Java security provider that should be used when performing JSSE-related operations in conjunction with PKCS #11 tokens. It may be null if the best provider cannot be determined.