Package com.unboundid.util.ssl
Class PKCS11KeyManager
- java.lang.Object
-
- javax.net.ssl.X509ExtendedKeyManager
-
- com.unboundid.util.ssl.WrapperKeyManager
-
- com.unboundid.util.ssl.PKCS11KeyManager
-
- All Implemented Interfaces:
javax.net.ssl.KeyManager
,javax.net.ssl.X509KeyManager
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class PKCS11KeyManager extends WrapperKeyManager
This class provides an SSL key manager that may be used to interact with PKCS #11 tokens.
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
DEFAULT_KEY_STORE_TYPE
The default key store type to use when accessing PKCS #11 tokens.static java.lang.String
DEFAULT_PROVIDER_CLASS
The fully-qualified name of the default provider class (sun.security.pkcs11.SunPKCS11
) to use when accessing PKCS #11 tokens.
-
Constructor Summary
Constructors Constructor Description PKCS11KeyManager(char[] keyStorePIN, java.lang.String certificateAlias)
Creates a new instance of this PKCS #11 key manager with the provided information.PKCS11KeyManager(java.lang.String providerClassName, java.io.File providerConfigFile, java.lang.String keyStoreType, char[] keyStorePIN, java.lang.String certificateAlias)
Creates a new instance of this PKCS11 key manager with the provided information.PKCS11KeyManager(java.security.Provider provider, java.lang.String keyStoreType, char[] keyStorePIN, java.lang.String certificateAlias)
Creates a new instance of this PKCS11 key manager with the provided information.
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static java.security.Provider
getPKCS11JSSESProvider()
Retrieves an instance of a Java security provider that should be used when performing JSSE-related operations in conjunction with PKCS #11 tokens.static java.security.Provider
getProvider(java.lang.String providerClassName, java.io.File providerConfigFile, java.lang.String keyStoreType, boolean alwaysCreateNewInstance)
Retrieves an instance of a Java security provider that may be used to interact with a PKCS #11 token.-
Methods inherited from class com.unboundid.util.ssl.WrapperKeyManager
chooseClientAlias, chooseEngineClientAlias, chooseEngineServerAlias, chooseServerAlias, getCertificateAlias, getCertificateChain, getClientAliases, getPrivateKey, getServerAliases
-
-
-
-
Field Detail
-
DEFAULT_KEY_STORE_TYPE
@NotNull public static final java.lang.String DEFAULT_KEY_STORE_TYPE
The default key store type to use when accessing PKCS #11 tokens.- See Also:
- Constant Field Values
-
DEFAULT_PROVIDER_CLASS
@NotNull public static final java.lang.String DEFAULT_PROVIDER_CLASS
The fully-qualified name of the default provider class (sun.security.pkcs11.SunPKCS11
) to use when accessing PKCS #11 tokens.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
PKCS11KeyManager
public PKCS11KeyManager(@Nullable char[] keyStorePIN, @Nullable java.lang.String certificateAlias) throws java.security.KeyStoreException
Creates a new instance of this PKCS #11 key manager with the provided information.- Parameters:
keyStorePIN
- The user PIN to use to access the PKCS #11 token. This may benull
if no PIN is required.certificateAlias
- The nickname for the key entry to use in the PKCS #11 token. It may benull
if any acceptable entry may be used.- Throws:
java.security.KeyStoreException
- If a problem occurs while initializing this key manager.
-
PKCS11KeyManager
public PKCS11KeyManager(@Nullable java.lang.String providerClassName, @Nullable java.io.File providerConfigFile, @Nullable java.lang.String keyStoreType, @Nullable char[] keyStorePIN, @Nullable java.lang.String certificateAlias) throws java.security.KeyStoreException
Creates a new instance of this PKCS11 key manager with the provided information.- Parameters:
providerClassName
- The fully-qualified name of the Java class that implements the provider to use to interact with the PKCS #11 module. If this isnull
, then the key manager will attempt to automatically identify the appropriate provider.providerConfigFile
- A file that contains the configuration to use for the provider. This may benull
if no provider configuration is needed, or if the provider is already properly instantiated.keyStoreType
- The name of the key store type to use when interacting with the PKCS #11 token. If this isnull
, then a default key store type ofPKCS11
will be used.keyStorePIN
- The user PIN to use to access the PKCS #11 token. This may benull
if no PIN is required.certificateAlias
- The nickname for the key entry to use in the PKCS #11 token. It may benull
if any acceptable entry may be used.- Throws:
java.security.KeyStoreException
- If a problem occurs while initializing this key manager.
-
PKCS11KeyManager
public PKCS11KeyManager(@NotNull java.security.Provider provider, @Nullable java.lang.String keyStoreType, @Nullable char[] keyStorePIN, @Nullable java.lang.String certificateAlias) throws java.security.KeyStoreException
Creates a new instance of this PKCS11 key manager with the provided information.- Parameters:
provider
- The Java security provider to use to access the PKCS #11 token. It must not benull
.keyStoreType
- The name of the key store type to use when interacting with the PKCS #11 token. If this isnull
, then a default key store type ofPKCS11
will be used.keyStorePIN
- The user PIN to use to access the PKCS #11 token. This may benull
if no PIN is required.certificateAlias
- The nickname for the key entry to use in the PKCS #11 token. It may benull
if any acceptable entry may be used.- Throws:
java.security.KeyStoreException
- If a problem occurs while initializing this key manager.
-
-
Method Detail
-
getProvider
@NotNull public static java.security.Provider getProvider(@Nullable java.lang.String providerClassName, @Nullable java.io.File providerConfigFile, @Nullable java.lang.String keyStoreType, boolean alwaysCreateNewInstance) throws java.security.KeyStoreException
Retrieves an instance of a Java security provider that may be used to interact with a PKCS #11 token. If a suitable new provider instance is created, then it will be added to the JVM's configured list of providers.- Parameters:
providerClassName
- The fully-qualified name of the Java class to use for the provider. If this isnull
, then an attempt will be made to automatically identify the appropriate provider class.providerConfigFile
- A file that contains the configuration to use for the provider. This may benull
if no provider configuration is needed, or if the provider is already properly instantiated.keyStoreType
- The name of the key store type to use when interacting with the PKCS #11 token. If this isnull
, then a default key store type ofPKCS11
will be used.alwaysCreateNewInstance
- Indicates whether to always create a new instance of the provider, even- Returns:
- The provider instance that should be used to interact with a PKCS #11 token.
- Throws:
java.security.KeyStoreException
- If a problem occurs while retrieving the
-
getPKCS11JSSESProvider
@Nullable public static java.security.Provider getPKCS11JSSESProvider()
Retrieves an instance of a Java security provider that should be used when performing JSSE-related operations in conjunction with PKCS #11 tokens. The JVM's preferred JSSE provider may not be the best choice when using a PKCS #11 token (including when operating in FIPS-compliant mode).- Returns:
- An instance of a Java security provider that should be used when
performing JSSE-related operations in conjunction with PKCS #11
tokens. It may be
null
if the best provider cannot be determined.
-
-