1 module hunt.security.KeyStoreSpi; 2 3 4 5 /** 6 * This class defines the <i>Service Provider Interface</i> (<b>SPI</b>) 7 * for the {@code KeyStore} class. 8 * All the abstract methods in this class must be implemented by each 9 * cryptographic service provider who wishes to supply the implementation 10 * of a keystore for a particular keystore type. 11 * 12 * @author Jan Luehe 13 * 14 * 15 * @see KeyStore 16 * 17 * @since 1.2 18 */ 19 20 public abstract class KeyStoreSpi { 21 22 // /** 23 // * Returns the key associated with the given alias, using the given 24 // * password to recover it. The key must have been associated with 25 // * the alias by a call to {@code setKeyEntry}, 26 // * or by a call to {@code setEntry} with a 27 // * {@code PrivateKeyEntry} or {@code SecretKeyEntry}. 28 // * 29 // * @param alias the alias name 30 // * @param password the password for recovering the key 31 // * 32 // * @return the requested key, or null if the given alias does not exist 33 // * or does not identify a key-related entry. 34 // * 35 // * @exception NoSuchAlgorithmException if the algorithm for recovering the 36 // * key cannot be found 37 // * @exception UnrecoverableKeyException if the key cannot be recovered 38 // * (e.g., the given password is wrong). 39 // */ 40 // public abstract Key engineGetKey(String alias, char[] password) 41 // throws NoSuchAlgorithmException, UnrecoverableKeyException; 42 43 // /** 44 // * Returns the certificate chain associated with the given alias. 45 // * The certificate chain must have been associated with the alias 46 // * by a call to {@code setKeyEntry}, 47 // * or by a call to {@code setEntry} with a 48 // * {@code PrivateKeyEntry}. 49 // * 50 // * @param alias the alias name 51 // * 52 // * @return the certificate chain (ordered with the user's certificate first 53 // * and the root certificate authority last), or null if the given alias 54 // * does not exist or does not contain a certificate chain 55 // */ 56 // public abstract Certificate[] engineGetCertificateChain(String alias); 57 58 // /** 59 // * Returns the certificate associated with the given alias. 60 // * 61 // * <p> If the given alias name identifies an entry 62 // * created by a call to {@code setCertificateEntry}, 63 // * or created by a call to {@code setEntry} with a 64 // * {@code TrustedCertificateEntry}, 65 // * then the trusted certificate contained in that entry is returned. 66 // * 67 // * <p> If the given alias name identifies an entry 68 // * created by a call to {@code setKeyEntry}, 69 // * or created by a call to {@code setEntry} with a 70 // * {@code PrivateKeyEntry}, 71 // * then the first element of the certificate chain in that entry 72 // * (if a chain exists) is returned. 73 // * 74 // * @param alias the alias name 75 // * 76 // * @return the certificate, or null if the given alias does not exist or 77 // * does not contain a certificate. 78 // */ 79 // public abstract Certificate engineGetCertificate(String alias); 80 81 // /** 82 // * Returns the creation date of the entry identified by the given alias. 83 // * 84 // * @param alias the alias name 85 // * 86 // * @return the creation date of this entry, or null if the given alias does 87 // * not exist 88 // */ 89 // public abstract Date engineGetCreationDate(String alias); 90 91 // /** 92 // * Assigns the given key to the given alias, protecting it with the given 93 // * password. 94 // * 95 // * <p>If the given key is of type {@code java.security.PrivateKey}, 96 // * it must be accompanied by a certificate chain certifying the 97 // * corresponding public key. 98 // * 99 // * <p>If the given alias already exists, the keystore information 100 // * associated with it is overridden by the given key (and possibly 101 // * certificate chain). 102 // * 103 // * @param alias the alias name 104 // * @param key the key to be associated with the alias 105 // * @param password the password to protect the key 106 // * @param chain the certificate chain for the corresponding public 107 // * key (only required if the given key is of type 108 // * {@code java.security.PrivateKey}). 109 // * 110 // * @exception KeyStoreException if the given key cannot be protected, or 111 // * this operation fails for some other reason 112 // */ 113 // public abstract void engineSetKeyEntry(String alias, Key key, 114 // char[] password, 115 // Certificate[] chain) 116 // throws KeyStoreException; 117 118 // /** 119 // * Assigns the given key (that has already been protected) to the given 120 // * alias. 121 // * 122 // * <p>If the protected key is of type 123 // * {@code java.security.PrivateKey}, 124 // * it must be accompanied by a certificate chain certifying the 125 // * corresponding public key. 126 // * 127 // * <p>If the given alias already exists, the keystore information 128 // * associated with it is overridden by the given key (and possibly 129 // * certificate chain). 130 // * 131 // * @param alias the alias name 132 // * @param key the key (in protected format) to be associated with the alias 133 // * @param chain the certificate chain for the corresponding public 134 // * key (only useful if the protected key is of type 135 // * {@code java.security.PrivateKey}). 136 // * 137 // * @exception KeyStoreException if this operation fails. 138 // */ 139 // public abstract void engineSetKeyEntry(String alias, byte[] key, 140 // Certificate[] chain) 141 // throws KeyStoreException; 142 143 // /** 144 // * Assigns the given certificate to the given alias. 145 // * 146 // * <p> If the given alias identifies an existing entry 147 // * created by a call to {@code setCertificateEntry}, 148 // * or created by a call to {@code setEntry} with a 149 // * {@code TrustedCertificateEntry}, 150 // * the trusted certificate in the existing entry 151 // * is overridden by the given certificate. 152 // * 153 // * @param alias the alias name 154 // * @param cert the certificate 155 // * 156 // * @exception KeyStoreException if the given alias already exists and does 157 // * not identify an entry containing a trusted certificate, 158 // * or this operation fails for some other reason. 159 // */ 160 // public abstract void engineSetCertificateEntry(String alias, 161 // Certificate cert) 162 // throws KeyStoreException; 163 164 // /** 165 // * Deletes the entry identified by the given alias from this keystore. 166 // * 167 // * @param alias the alias name 168 // * 169 // * @exception KeyStoreException if the entry cannot be removed. 170 // */ 171 // public abstract void engineDeleteEntry(String alias) 172 // throws KeyStoreException; 173 174 // /** 175 // * Lists all the alias names of this keystore. 176 // * 177 // * @return enumeration of the alias names 178 // */ 179 // public abstract Enumeration<String> engineAliases(); 180 181 // /** 182 // * Checks if the given alias exists in this keystore. 183 // * 184 // * @param alias the alias name 185 // * 186 // * @return true if the alias exists, false otherwise 187 // */ 188 // public abstract boolean engineContainsAlias(String alias); 189 190 // /** 191 // * Retrieves the number of entries in this keystore. 192 // * 193 // * @return the number of entries in this keystore 194 // */ 195 // public abstract int engineSize(); 196 197 // /** 198 // * Returns true if the entry identified by the given alias 199 // * was created by a call to {@code setKeyEntry}, 200 // * or created by a call to {@code setEntry} with a 201 // * {@code PrivateKeyEntry} or a {@code SecretKeyEntry}. 202 // * 203 // * @param alias the alias for the keystore entry to be checked 204 // * 205 // * @return true if the entry identified by the given alias is a 206 // * key-related, false otherwise. 207 // */ 208 // public abstract boolean engineIsKeyEntry(String alias); 209 210 // /** 211 // * Returns true if the entry identified by the given alias 212 // * was created by a call to {@code setCertificateEntry}, 213 // * or created by a call to {@code setEntry} with a 214 // * {@code TrustedCertificateEntry}. 215 // * 216 // * @param alias the alias for the keystore entry to be checked 217 // * 218 // * @return true if the entry identified by the given alias contains a 219 // * trusted certificate, false otherwise. 220 // */ 221 // public abstract boolean engineIsCertificateEntry(String alias); 222 223 // /** 224 // * Returns the (alias) name of the first keystore entry whose certificate 225 // * matches the given certificate. 226 // * 227 // * <p>This method attempts to match the given certificate with each 228 // * keystore entry. If the entry being considered was 229 // * created by a call to {@code setCertificateEntry}, 230 // * or created by a call to {@code setEntry} with a 231 // * {@code TrustedCertificateEntry}, 232 // * then the given certificate is compared to that entry's certificate. 233 // * 234 // * <p> If the entry being considered was 235 // * created by a call to {@code setKeyEntry}, 236 // * or created by a call to {@code setEntry} with a 237 // * {@code PrivateKeyEntry}, 238 // * then the given certificate is compared to the first 239 // * element of that entry's certificate chain. 240 // * 241 // * @param cert the certificate to match with. 242 // * 243 // * @return the alias name of the first entry with matching certificate, 244 // * or null if no such entry exists in this keystore. 245 // */ 246 // public abstract String engineGetCertificateAlias(Certificate cert); 247 248 // /** 249 // * Stores this keystore to the given output stream, and protects its 250 // * integrity with the given password. 251 // * 252 // * @param stream the output stream to which this keystore is written. 253 // * @param password the password to generate the keystore integrity check 254 // * 255 // * @exception IOException if there was an I/O problem with data 256 // * @exception NoSuchAlgorithmException if the appropriate data integrity 257 // * algorithm could not be found 258 // * @exception CertificateException if any of the certificates included in 259 // * the keystore data could not be stored 260 // */ 261 // public abstract void engineStore(OutputStream stream, char[] password) 262 // throws IOException, NoSuchAlgorithmException, CertificateException; 263 264 // /** 265 // * Stores this keystore using the given 266 // * {@code KeyStore.LoadStoreParmeter}. 267 // * 268 // * @param param the {@code KeyStore.LoadStoreParmeter} 269 // * that specifies how to store the keystore, 270 // * which may be {@code null} 271 // * 272 // * @exception IllegalArgumentException if the given 273 // * {@code KeyStore.LoadStoreParmeter} 274 // * input is not recognized 275 // * @exception IOException if there was an I/O problem with data 276 // * @exception NoSuchAlgorithmException if the appropriate data integrity 277 // * algorithm could not be found 278 // * @exception CertificateException if any of the certificates included in 279 // * the keystore data could not be stored 280 // * 281 // * @since 1.5 282 // */ 283 // public void engineStore(KeyStore.LoadStoreParameter param) 284 // throws IOException, NoSuchAlgorithmException, 285 // CertificateException { 286 // throw new UnsupportedOperationException(); 287 // } 288 289 // /** 290 // * Loads the keystore from the given input stream. 291 // * 292 // * <p>A password may be given to unlock the keystore 293 // * (e.g. the keystore resides on a hardware token device), 294 // * or to check the integrity of the keystore data. 295 // * If a password is not given for integrity checking, 296 // * then integrity checking is not performed. 297 // * 298 // * @param stream the input stream from which the keystore is loaded, 299 // * or {@code null} 300 // * @param password the password used to check the integrity of 301 // * the keystore, the password used to unlock the keystore, 302 // * or {@code null} 303 // * 304 // * @exception IOException if there is an I/O or format problem with the 305 // * keystore data, if a password is required but not given, 306 // * or if the given password was incorrect. If the error is due to a 307 // * wrong password, the {@link Throwable#getCause cause} of the 308 // * {@code IOException} should be an 309 // * {@code UnrecoverableKeyException} 310 // * @exception NoSuchAlgorithmException if the algorithm used to check 311 // * the integrity of the keystore cannot be found 312 // * @exception CertificateException if any of the certificates in the 313 // * keystore could not be loaded 314 // */ 315 // public abstract void engineLoad(InputStream stream, char[] password) 316 // throws IOException, NoSuchAlgorithmException, CertificateException; 317 318 // /** 319 // * Loads the keystore using the given 320 // * {@code KeyStore.LoadStoreParameter}. 321 // * 322 // * <p> Note that if this KeyStore has already been loaded, it is 323 // * reinitialized and loaded again from the given parameter. 324 // * 325 // * @param param the {@code KeyStore.LoadStoreParameter} 326 // * that specifies how to load the keystore, 327 // * which may be {@code null} 328 // * 329 // * @exception IllegalArgumentException if the given 330 // * {@code KeyStore.LoadStoreParameter} 331 // * input is not recognized 332 // * @exception IOException if there is an I/O or format problem with the 333 // * keystore data. If the error is due to an incorrect 334 // * {@code ProtectionParameter} (e.g. wrong password) 335 // * the {@link Throwable#getCause cause} of the 336 // * {@code IOException} should be an 337 // * {@code UnrecoverableKeyException} 338 // * @exception NoSuchAlgorithmException if the algorithm used to check 339 // * the integrity of the keystore cannot be found 340 // * @exception CertificateException if any of the certificates in the 341 // * keystore could not be loaded 342 // * 343 // * @since 1.5 344 // */ 345 // public void engineLoad(KeyStore.LoadStoreParameter param) 346 // throws IOException, NoSuchAlgorithmException, 347 // CertificateException { 348 349 // if (param == null) { 350 // engineLoad((InputStream)null, (char[])null); 351 // return; 352 // } 353 354 // if (param instanceof KeyStore.SimpleLoadStoreParameter) { 355 // ProtectionParameter protection = param.getProtectionParameter(); 356 // char[] password; 357 // if (protection instanceof PasswordProtection) { 358 // password = ((PasswordProtection)protection).getPassword(); 359 // } else if (protection instanceof CallbackHandlerProtection) { 360 // CallbackHandler handler = 361 // ((CallbackHandlerProtection)protection).getCallbackHandler(); 362 // PasswordCallback callback = 363 // new PasswordCallback("Password: ", false); 364 // try { 365 // handler.handle(new Callback[] {callback}); 366 // } catch (UnsupportedCallbackException e) { 367 // throw new NoSuchAlgorithmException 368 // ("Could not obtain password", e); 369 // } 370 // password = callback.getPassword(); 371 // callback.clearPassword(); 372 // if (password == null) { 373 // throw new NoSuchAlgorithmException 374 // ("No password provided"); 375 // } 376 // } else { 377 // throw new NoSuchAlgorithmException("ProtectionParameter must" 378 // + " be PasswordProtection or CallbackHandlerProtection"); 379 // } 380 // engineLoad(null, password); 381 // return; 382 // } 383 384 // throw new UnsupportedOperationException(); 385 // } 386 387 // /** 388 // * Gets a {@code KeyStore.Entry} for the specified alias 389 // * with the specified protection parameter. 390 // * 391 // * @param alias get the {@code KeyStore.Entry} for this alias 392 // * @param protParam the {@code ProtectionParameter} 393 // * used to protect the {@code Entry}, 394 // * which may be {@code null} 395 // * 396 // * @return the {@code KeyStore.Entry} for the specified alias, 397 // * or {@code null} if there is no such entry 398 // * 399 // * @exception KeyStoreException if the operation failed 400 // * @exception NoSuchAlgorithmException if the algorithm for recovering the 401 // * entry cannot be found 402 // * @exception UnrecoverableEntryException if the specified 403 // * {@code protParam} were insufficient or invalid 404 // * @exception UnrecoverableKeyException if the entry is a 405 // * {@code PrivateKeyEntry} or {@code SecretKeyEntry} 406 // * and the specified {@code protParam} does not contain 407 // * the information needed to recover the key (e.g. wrong password) 408 // * 409 // * @since 1.5 410 // */ 411 // public KeyStore.Entry engineGetEntry(String alias, 412 // KeyStore.ProtectionParameter protParam) 413 // throws KeyStoreException, NoSuchAlgorithmException, 414 // UnrecoverableEntryException { 415 416 // if (!engineContainsAlias(alias)) { 417 // return null; 418 // } 419 420 // if (protParam == null) { 421 // if (engineIsCertificateEntry(alias)) { 422 // return new KeyStore.TrustedCertificateEntry 423 // (engineGetCertificate(alias)); 424 // } else { 425 // throw new UnrecoverableKeyException 426 // ("requested entry requires a password"); 427 // } 428 // } 429 430 // if (protParam instanceof KeyStore.PasswordProtection) { 431 // if (engineIsCertificateEntry(alias)) { 432 // throw new UnsupportedOperationException 433 // ("trusted certificate entries are not password-protected"); 434 // } else if (engineIsKeyEntry(alias)) { 435 // KeyStore.PasswordProtection pp = 436 // (KeyStore.PasswordProtection)protParam; 437 // char[] password = pp.getPassword(); 438 439 // Key key = engineGetKey(alias, password); 440 // if (key instanceof PrivateKey) { 441 // Certificate[] chain = engineGetCertificateChain(alias); 442 // return new KeyStore.PrivateKeyEntry((PrivateKey)key, chain); 443 // } else if (key instanceof SecretKey) { 444 // return new KeyStore.SecretKeyEntry((SecretKey)key); 445 // } 446 // } 447 // } 448 449 // throw new UnsupportedOperationException(); 450 // } 451 452 // /** 453 // * Saves a {@code KeyStore.Entry} under the specified alias. 454 // * The specified protection parameter is used to protect the 455 // * {@code Entry}. 456 // * 457 // * <p> If an entry already exists for the specified alias, 458 // * it is overridden. 459 // * 460 // * @param alias save the {@code KeyStore.Entry} under this alias 461 // * @param entry the {@code Entry} to save 462 // * @param protParam the {@code ProtectionParameter} 463 // * used to protect the {@code Entry}, 464 // * which may be {@code null} 465 // * 466 // * @exception KeyStoreException if this operation fails 467 // * 468 // * @since 1.5 469 // */ 470 // public void engineSetEntry(String alias, KeyStore.Entry entry, 471 // KeyStore.ProtectionParameter protParam) 472 // throws KeyStoreException { 473 474 // // get password 475 // if (protParam != null && 476 // !(protParam instanceof KeyStore.PasswordProtection)) { 477 // throw new KeyStoreException("unsupported protection parameter"); 478 // } 479 // KeyStore.PasswordProtection pProtect = null; 480 // if (protParam != null) { 481 // pProtect = (KeyStore.PasswordProtection)protParam; 482 // } 483 484 // // set entry 485 // if (entry instanceof KeyStore.TrustedCertificateEntry) { 486 // if (protParam != null && pProtect.getPassword() != null) { 487 // // pre-1.5 style setCertificateEntry did not allow password 488 // throw new KeyStoreException 489 // ("trusted certificate entries are not password-protected"); 490 // } else { 491 // KeyStore.TrustedCertificateEntry tce = 492 // (KeyStore.TrustedCertificateEntry)entry; 493 // engineSetCertificateEntry(alias, tce.getTrustedCertificate()); 494 // return; 495 // } 496 // } else if (entry instanceof KeyStore.PrivateKeyEntry) { 497 // if (pProtect == null || pProtect.getPassword() == null) { 498 // // pre-1.5 style setKeyEntry required password 499 // throw new KeyStoreException 500 // ("non-null password required to create PrivateKeyEntry"); 501 // } else { 502 // engineSetKeyEntry 503 // (alias, 504 // ((KeyStore.PrivateKeyEntry)entry).getPrivateKey(), 505 // pProtect.getPassword(), 506 // ((KeyStore.PrivateKeyEntry)entry).getCertificateChain()); 507 // return; 508 // } 509 // } else if (entry instanceof KeyStore.SecretKeyEntry) { 510 // if (pProtect == null || pProtect.getPassword() == null) { 511 // // pre-1.5 style setKeyEntry required password 512 // throw new KeyStoreException 513 // ("non-null password required to create SecretKeyEntry"); 514 // } else { 515 // engineSetKeyEntry 516 // (alias, 517 // ((KeyStore.SecretKeyEntry)entry).getSecretKey(), 518 // pProtect.getPassword(), 519 // (Certificate[])null); 520 // return; 521 // } 522 // } 523 524 // throw new KeyStoreException 525 // ("unsupported entry type: " + entry.getClass().getName()); 526 // } 527 528 // /** 529 // * Determines if the keystore {@code Entry} for the specified 530 // * {@code alias} is an instance or subclass of the specified 531 // * {@code entryClass}. 532 // * 533 // * @param alias the alias name 534 // * @param entryClass the entry class 535 // * 536 // * @return true if the keystore {@code Entry} for the specified 537 // * {@code alias} is an instance or subclass of the 538 // * specified {@code entryClass}, false otherwise 539 // * 540 // * @since 1.5 541 // */ 542 // public boolean 543 // engineEntryInstanceOf(String alias, 544 // Class<? extends KeyStore.Entry> entryClass) 545 // { 546 // if (entryClass == KeyStore.TrustedCertificateEntry.class) { 547 // return engineIsCertificateEntry(alias); 548 // } 549 // if (entryClass == KeyStore.PrivateKeyEntry.class) { 550 // return engineIsKeyEntry(alias) && 551 // engineGetCertificate(alias) != null; 552 // } 553 // if (entryClass == KeyStore.SecretKeyEntry.class) { 554 // return engineIsKeyEntry(alias) && 555 // engineGetCertificate(alias) == null; 556 // } 557 // return false; 558 // } 559 }