Package java.security

Class KeyStore

java.lang.Object
java.security.KeyStore
public class KeyStore
extends Object
KeyStore is responsible for maintaining cryptographic keys and their owners.

The type of the system key store can be changed by setting the 'keystore.type' property in the file named JAVA_HOME/lib/security/java.security.

See Also:
Certificate, PrivateKey

  • Constructor Details

    • KeyStore

      protected KeyStore​(KeyStoreSpi keyStoreSpi, Provider provider, String type)
      Constructs a new instance of KeyStore with the given arguments.
      Parameters:
      keyStoreSpi - the concrete key store.
      provider - the provider.
      type - the type of the KeyStore to be constructed.

  • Method Details

    • getInstance

      public static KeyStore getInstance​(String type) throws KeyStoreException
      Returns a new instance of KeyStore with the specified type.
      Parameters:
      type - the type of the returned KeyStore.
      Returns:
      a new instance of KeyStore with the specified type.
      Throws:
      KeyStoreException - if an error occurred during the creation of the new KeyStore.
      NullPointerException - if type == null
      See Also:
      getDefaultType()

    • getInstance

      public static KeyStore getInstance​(String type, String provider) throws KeyStoreException, NoSuchProviderException
      Returns a new instance of KeyStore from the specified provider with the given type.
      Parameters:
      type - the type of the returned KeyStore.
      provider - name of the provider of the KeyStore.
      Returns:
      a new instance of KeyStore from the specified provider with the given type.
      Throws:
      KeyStoreException - if an error occurred during the creation of the new KeyStore.
      NoSuchProviderException - if the specified provider is not available.
      IllegalArgumentException - if provider == null || provider.isEmpty()
      NullPointerException - if type is null (instead of NoSuchAlgorithmException) as in 1.4 release
      See Also:
      getDefaultType()

    • getInstance

      public static KeyStore getInstance​(String type, Provider provider) throws KeyStoreException
      Returns a new instance of KeyStore from the specified provider with the given type.
      Parameters:
      type - the type of the returned KeyStore.
      provider - the provider of the KeyStore.
      Returns:
      a new instance of KeyStore from the specified provider with the given type.
      Throws:
      KeyStoreException - if an error occurred during the creation of the new KeyStore.
      IllegalArgumentException - if provider is null or the empty string.
      NullPointerException - if type == null (instead of NoSuchAlgorithmException) as in 1.4 release
      See Also:
      getDefaultType()

    • getDefaultType

      public static final String getDefaultType()
      Returns the default type for KeyStore instances.

      The default is specified in the 'keystore.type' property in the file named java.security properties file. If this property is not set, "jks" will be used.

      Returns:
      the default type for KeyStore instances

    • getProvider

      public final Provider getProvider()
      Returns the provider associated with this KeyStore.
      Returns:
      the provider associated with this KeyStore.

    • getType

      public final String getType()
      Returns the type of this KeyStore.
      Returns:
      the type of this KeyStore.

    • getKey

      public final Key getKey​(String alias, char[] password) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException
      Returns the key with the given alias, using the password to recover the key from the store.
      Parameters:
      alias - the alias for the entry.
      password - the password used to recover the key.
      Returns:
      the key with the specified alias, or null if the specified alias is not bound to an entry.
      Throws:
      KeyStoreException - if this KeyStore is not initialized.
      NoSuchAlgorithmException - if the algorithm for recovering the key is not available.
      UnrecoverableKeyException - if the key can not be recovered.

    • getCertificateChain

      public final Certificate[] getCertificateChain​(String alias) throws KeyStoreException
      Returns the certificate chain for the entry with the given alias.
      Parameters:
      alias - the alias for the entry.
      Returns:
      the certificate chain for the entry with the given alias, or null if the specified alias is not bound to an entry.
      Throws:
      KeyStoreException - if this KeyStore is not initialized.

    • getCertificate

      public final Certificate getCertificate​(String alias) throws KeyStoreException
      Returns the trusted certificate for the entry with the given alias.
      Parameters:
      alias - the alias for the entry.
      Returns:
      the trusted certificate for the entry with the given alias, or null if the specified alias is not bound to an entry.
      Throws:
      KeyStoreException - if this KeyStore is not initialized.

    • getCreationDate

      public final Date getCreationDate​(String alias) throws KeyStoreException
      Returns the creation date of the entry with the given alias.
      Parameters:
      alias - the alias for the entry.
      Returns:
      the creation date, or null if the specified alias is not bound to an entry.
      Throws:
      KeyStoreException - if this KeyStore is not initialized.

    • setKeyEntry

      public final void setKeyEntry​(String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException
      Associates the given alias with the key, password and certificate chain.

      If the specified alias already exists, it will be reassigned.

      Parameters:
      alias - the alias for the key.
      key - the key.
      password - the password.
      chain - the certificate chain.
      Throws:
      KeyStoreException - if this KeyStore is not initialized.
      IllegalArgumentException - if key is a PrivateKey and chain does not contain any certificates.
      NullPointerException - if alias is null.

    • setKeyEntry

      public final void setKeyEntry​(String alias, byte[] key, Certificate[] chain) throws KeyStoreException
      Associates the given alias with a key and a certificate chain.

      If the specified alias already exists, it will be reassigned.

      If this KeyStore is of type "jks", key must be encoded conform to the PKS#8 standard as an EncryptedPrivateKeyInfo.

      Parameters:
      alias - the alias for the key.
      key - the key in an encoded format.
      chain - the certificate chain.
      Throws:
      KeyStoreException - if this KeyStore is not initialized or if key is null.
      IllegalArgumentException - if key is a PrivateKey and chain does.
      NullPointerException - if alias is null.

    • setCertificateEntry

      public final void setCertificateEntry​(String alias, Certificate cert) throws KeyStoreException
      Associates the given alias with a certificate.

      If the specified alias already exists, it will be reassigned.

      Parameters:
      alias - the alias for the certificate.
      cert - the certificate.
      Throws:
      KeyStoreException - if this KeyStore is not initialized, or an existing alias is not associated to an entry containing a trusted certificate, or this method fails for any other reason.
      NullPointerException - if alias is null.

    • deleteEntry

      public final void deleteEntry​(String alias) throws KeyStoreException
      Deletes the entry identified with the given alias from this KeyStore.
      Parameters:
      alias - the alias for the entry.
      Throws:
      KeyStoreException - if this KeyStore is not initialized, or if the entry can not be deleted.

    • aliases

      public final Enumeration<String> aliases() throws KeyStoreException
      Returns an Enumeration over all alias names stored in this KeyStore.
      Returns:
      an Enumeration over all alias names stored in this KeyStore.
      Throws:
      KeyStoreException - if this KeyStore is not initialized.

    • containsAlias

      public final boolean containsAlias​(String alias) throws KeyStoreException
      Indicates whether the given alias is present in this KeyStore.
      Parameters:
      alias - the alias of an entry.
      Returns:
      true if the alias exists, false otherwise.
      Throws:
      KeyStoreException - if this KeyStore is not initialized.

    • size

      public final int size() throws KeyStoreException
      Returns the number of entries stored in this KeyStore.
      Returns:
      the number of entries stored in this KeyStore.
      Throws:
      KeyStoreException - if this KeyStore is not initialized.

    • isKeyEntry

      public final boolean isKeyEntry​(String alias) throws KeyStoreException
      Indicates whether the specified alias is associated with either a KeyStore.PrivateKeyEntry or a KeyStore.SecretKeyEntry.
      Parameters:
      alias - the alias of an entry.
      Returns:
      true if the given alias is associated with a key entry.
      Throws:
      KeyStoreException - if this KeyStore is not initialized.

    • isCertificateEntry

      public final boolean isCertificateEntry​(String alias) throws KeyStoreException
      Indicates whether the specified alias is associated with a KeyStore.TrustedCertificateEntry.
      Parameters:
      alias - the alias of an entry.
      Returns:
      true if the given alias is associated with a certificate entry.
      Throws:
      KeyStoreException - if this KeyStore is not initialized.

    • getCertificateAlias

      public final String getCertificateAlias​(Certificate cert) throws KeyStoreException
      Returns the alias associated with the first entry whose certificate matches the specified certificate.
      Parameters:
      cert - the certificate to find the associated entry's alias for.
      Returns:
      the alias or null if no entry with the specified certificate can be found.
      Throws:
      KeyStoreException - if this KeyStore is not initialized.

    • store

      public final void store​(OutputStream stream, char[] password) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException
      Writes this KeyStore to the specified OutputStream. The data written to the OutputStream is protected by the specified password.
      Parameters:
      stream - the OutputStream to write the store's data to.
      password - the password to protect the data.
      Throws:
      KeyStoreException - if this KeyStore is not initialized.
      IOException - if a problem occurred while writing to the stream.
      NoSuchAlgorithmException - if the required algorithm is not available.
      CertificateException - if an exception occurred while storing the certificates of this KeyStore.

    • store

      public final void store​(KeyStore.LoadStoreParameter param) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException
      Stores this KeyStore using the specified LoadStoreParameter.
      Parameters:
      param - the LoadStoreParameter that specifies how to store this KeyStore, maybe null.
      Throws:
      KeyStoreException - if this KeyStore is not initialized.
      IOException - if a problem occurred while writing to the stream.
      NoSuchAlgorithmException - if the required algorithm is not available.
      CertificateException - if an exception occurred while storing the certificates of this KeyStore.
      IllegalArgumentException - if the given KeyStore.LoadStoreParameter is not recognized.

    • load

      public final void load​(InputStream stream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException
      Initializes this KeyStore from the provided InputStream. Pass null as the stream argument to initialize an empty KeyStore or to initialize a KeyStore which does not rely on an InputStream. This KeyStore utilizes the given password to verify the stored data.
      Parameters:
      stream - the InputStream to load this KeyStore's data from or null.
      password - the password to verify the stored data, maybe null.
      Throws:
      IOException - if a problem occurred while reading from the stream.
      NoSuchAlgorithmException - if the required algorithm is not available.
      CertificateException - if an exception occurred while loading the certificates of this KeyStore.

    • load

      public final void load​(KeyStore.LoadStoreParameter param) throws IOException, NoSuchAlgorithmException, CertificateException
      Loads this KeyStore using the specified LoadStoreParameter.
      Parameters:
      param - the LoadStoreParameter that specifies how to load this KeyStore, maybe null.
      Throws:
      IOException - if a problem occurred while reading from the stream.
      NoSuchAlgorithmException - if the required algorithm is not available.
      CertificateException - if an exception occurred while loading the certificates of this KeyStore.
      IllegalArgumentException - if the given KeyStore.LoadStoreParameter is not recognized.

    • getEntry

      public final KeyStore.Entry getEntry​(String alias, KeyStore.ProtectionParameter param) throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException
      Returns the Entry with the given alias, using the specified ProtectionParameter.
      Parameters:
      alias - the alias of the requested entry.
      param - the ProtectionParameter used to protect the requested entry, maybe null.
      Returns:
      he Entry with the given alias, using the specified ProtectionParameter.
      Throws:
      NoSuchAlgorithmException - if the required algorithm is not available.
      UnrecoverableEntryException - if the entry can not be recovered.
      KeyStoreException - if this KeyStore is not initialized.
      NullPointerException - if alias is null.

    • setEntry

      public final void setEntry​(String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter param) throws KeyStoreException
      Stores the given Entry in this KeyStore and associates the entry with the given alias. The entry is protected by the specified ProtectionParameter.

      If the specified alias already exists, it will be reassigned.

      Parameters:
      alias - the alias for the entry.
      entry - the entry to store.
      param - the ProtectionParameter to protect the entry.
      Throws:
      KeyStoreException - if this KeyStore is not initialized.
      NullPointerException - if alias is null or entry is null.

    • entryInstanceOf

      public final boolean entryInstanceOf​(String alias, Class<? extends KeyStore.Entry> entryClass) throws KeyStoreException
      Indicates whether the entry for the given alias is assignable to the provided Class.
      Parameters:
      alias - the alias for the entry.
      entryClass - the type of the entry.
      Returns:
      true if the Entry for the alias is assignable to the specified entryClass.
      Throws:
      KeyStoreException - if this KeyStore is not initialized.