Package org.globus.gsi.stores
Class PEMKeyStore
- java.lang.Object
-
- java.security.KeyStoreSpi
-
- org.globus.gsi.stores.PEMKeyStore
-
public class PEMKeyStore extends KeyStoreSpi
This class provides a KeyStore implementation that supports trusted certificates stored in PEM format and proxy certificates stored in PEM format. It reads trusted certificates from multiple directories and a proxy certificate from a file.- Since:
- 1.0
- Version:
- ${version}
-
-
Field Summary
Fields Modifier and Type Field Description static String
CERTIFICATE_FILENAME
static String
DEFAULT_DIRECTORY_KEY
static String
DIRECTORY_LIST_KEY
static String
KEY_FILENAME
static String
PROXY_FILENAME
-
Constructor Summary
Constructors Constructor Description PEMKeyStore()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Enumeration<String>
engineAliases()
Get an enumertion of all of the aliases in this keystore.boolean
engineContainsAlias(String s)
Does the specified alias exist in this keystore?void
engineDeleteEntry(String s)
Delete a security object from this keystore.Certificate
engineGetCertificate(String s)
Get the certificate referenced by the supplied alias.String
engineGetCertificateAlias(Certificate certificate)
Get the alias associated with the supplied certificate.Certificate[]
engineGetCertificateChain(String s)
Get the certificateChain for the key referenced by the alias.Date
engineGetCreationDate(String s)
Get the creation date for the object referenced by the alias.Key
engineGetKey(String s, char[] chars)
Get the key referenced by the specified alias.boolean
engineIsCertificateEntry(String s)
Does the supplied alias refer to a certificate in this keystore?boolean
engineIsKeyEntry(String s)
Does the supplied alias refer to a key in this key store.void
engineLoad(InputStream inputStream, char[] chars)
Load the keystore from the supplied input stream.void
engineLoad(KeyStore.LoadStoreParameter loadStoreParameter)
Load the keystore based on parameters in the LoadStoreParameter.void
engineSetCertificateEntry(String alias, Certificate certificate)
Add a certificate to the keystore.void
engineSetKeyEntry(String s, byte[] bytes, Certificate[] certificates)
currently unsupported.void
engineSetKeyEntry(String s, Key key, char[] chars, Certificate[] certificates)
Add a new private key to the keystore.int
engineSize()
Get the number of security objects stored in this keystore.void
engineStore(OutputStream outputStream, char[] chars)
Persist the security material in this keystore.void
setCACertStore(ResourceSecurityWrapperStore<ResourceTrustAnchor,TrustAnchor> caCertStore)
void
setProxyDelegate(ResourceSecurityWrapperStore<ResourceProxyCredential,X509Credential> proxyDelegate)
-
Methods inherited from class java.security.KeyStoreSpi
engineEntryInstanceOf, engineGetEntry, engineProbe, engineSetEntry, engineStore
-
-
-
-
Field Detail
-
DEFAULT_DIRECTORY_KEY
public static final String DEFAULT_DIRECTORY_KEY
- See Also:
- Constant Field Values
-
DIRECTORY_LIST_KEY
public static final String DIRECTORY_LIST_KEY
- See Also:
- Constant Field Values
-
CERTIFICATE_FILENAME
public static final String CERTIFICATE_FILENAME
- See Also:
- Constant Field Values
-
KEY_FILENAME
public static final String KEY_FILENAME
- See Also:
- Constant Field Values
-
PROXY_FILENAME
public static final String PROXY_FILENAME
- See Also:
- Constant Field Values
-
-
Method Detail
-
setCACertStore
public void setCACertStore(ResourceSecurityWrapperStore<ResourceTrustAnchor,TrustAnchor> caCertStore)
-
setProxyDelegate
public void setProxyDelegate(ResourceSecurityWrapperStore<ResourceProxyCredential,X509Credential> proxyDelegate)
-
engineGetKey
public Key engineGetKey(String s, char[] chars) throws NoSuchAlgorithmException, UnrecoverableKeyException
Get the key referenced by the specified alias.- Specified by:
engineGetKey
in classKeyStoreSpi
- Parameters:
s
- The key's alias.chars
- The key's password.- Returns:
- The key reference by the alias or null.
- Throws:
NoSuchAlgorithmException
- If the key is encoded with an invalid algorithm.UnrecoverableKeyException
- If the key can not be retrieved.
-
engineIsKeyEntry
public boolean engineIsKeyEntry(String s)
Does the supplied alias refer to a key in this key store.- Specified by:
engineIsKeyEntry
in classKeyStoreSpi
- Parameters:
s
- The alias.- Returns:
- True if the alias refers to a key.
-
engineStore
public void engineStore(OutputStream outputStream, char[] chars) throws IOException, NoSuchAlgorithmException, CertificateException
Persist the security material in this keystore. If the object has a path associated with it, the object will be persisted to that path. Otherwise it will be stored in the default certificate directory. As a result, the parameters of this method are ignored.- Specified by:
engineStore
in classKeyStoreSpi
- Parameters:
outputStream
- This parameter is ignored.chars
- This parameter is ignored.- Throws:
IOException
NoSuchAlgorithmException
CertificateException
-
engineGetCreationDate
public Date engineGetCreationDate(String s)
Get the creation date for the object referenced by the alias.- Specified by:
engineGetCreationDate
in classKeyStoreSpi
- Parameters:
s
- The alias of the security object.- Returns:
- The creation date of the security object.
-
engineGetCertificateAlias
public String engineGetCertificateAlias(Certificate certificate)
Get the alias associated with the supplied certificate.- Specified by:
engineGetCertificateAlias
in classKeyStoreSpi
- Parameters:
certificate
- The certificate to query- Returns:
- The certificate's alias or null if the certificate is not present in this keystore.
-
engineGetCertificateChain
public Certificate[] engineGetCertificateChain(String s)
Get the certificateChain for the key referenced by the alias.- Specified by:
engineGetCertificateChain
in classKeyStoreSpi
- Parameters:
s
- The key alias.- Returns:
- The key's certificate chain or a 0 length array if the key is not in the keystore.
-
engineGetCertificate
public Certificate engineGetCertificate(String s)
Get the certificate referenced by the supplied alias.- Specified by:
engineGetCertificate
in classKeyStoreSpi
- Parameters:
s
- The alias.- Returns:
- The Certificate or null if the alias does not exist in the keyStore.
-
engineLoad
public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, NoSuchAlgorithmException, CertificateException
Load the keystore based on parameters in the LoadStoreParameter. The parameter object must be an instance of FileBasedKeyStoreParameters.- Overrides:
engineLoad
in classKeyStoreSpi
- Parameters:
loadStoreParameter
- The parameters to load.- Throws:
IOException
NoSuchAlgorithmException
CertificateException
-
engineLoad
public void engineLoad(InputStream inputStream, char[] chars) throws IOException, NoSuchAlgorithmException, CertificateException
Load the keystore from the supplied input stream. Unlike many other implementations of keystore (most notably the default JKS implementation), the input stream does not hold the keystore objects. Instead, it must be a properties file defining the locations of the keystore objects. The password is not used.- Specified by:
engineLoad
in classKeyStoreSpi
- Parameters:
inputStream
- An input stream to the properties file.chars
- The password is not used.- Throws:
IOException
NoSuchAlgorithmException
CertificateException
-
engineDeleteEntry
public void engineDeleteEntry(String s) throws KeyStoreException
Delete a security object from this keystore.- Specified by:
engineDeleteEntry
in classKeyStoreSpi
- Parameters:
s
- The alias of the object to delete.- Throws:
KeyStoreException
-
engineAliases
public Enumeration<String> engineAliases()
Get an enumertion of all of the aliases in this keystore.- Specified by:
engineAliases
in classKeyStoreSpi
- Returns:
- An enumeration of the aliases in this keystore.
-
engineSetKeyEntry
public void engineSetKeyEntry(String s, Key key, char[] chars, Certificate[] certificates) throws KeyStoreException
Add a new private key to the keystore.- Specified by:
engineSetKeyEntry
in classKeyStoreSpi
- Parameters:
s
- The alias for the object.key
- The private key.chars
- The password.certificates
- The key's certificate chain.- Throws:
KeyStoreException
-
engineSetKeyEntry
public void engineSetKeyEntry(String s, byte[] bytes, Certificate[] certificates) throws KeyStoreException
currently unsupported.- Specified by:
engineSetKeyEntry
in classKeyStoreSpi
- Parameters:
s
- The key's aliasbytes
- The encoded private key.certificates
- The key's certificate chain.- Throws:
KeyStoreException
-
engineContainsAlias
public boolean engineContainsAlias(String s)
Does the specified alias exist in this keystore?- Specified by:
engineContainsAlias
in classKeyStoreSpi
- Parameters:
s
- The alias.- Returns:
- True if the alias refers to a security object in the keystore.
-
engineSize
public int engineSize()
Get the number of security objects stored in this keystore.- Specified by:
engineSize
in classKeyStoreSpi
- Returns:
- The number of security objects.
-
engineIsCertificateEntry
public boolean engineIsCertificateEntry(String s)
Does the supplied alias refer to a certificate in this keystore?- Specified by:
engineIsCertificateEntry
in classKeyStoreSpi
- Parameters:
s
- The alias.- Returns:
- True if this store contains a certificate with the specified alias.
-
engineSetCertificateEntry
public void engineSetCertificateEntry(String alias, Certificate certificate) throws KeyStoreException
Add a certificate to the keystore.- Specified by:
engineSetCertificateEntry
in classKeyStoreSpi
- Parameters:
alias
- The certificate alias.certificate
- The certificate to store.- Throws:
KeyStoreException
-
-