Class sun.security.jsafe.KeyStore
All Packages Class Hierarchy This Package Previous Next Index
Class sun.security.jsafe.KeyStore
java.lang.Object
|
+----sun.security.jsafe.KeyStore
- public final class KeyStore
- extends Object
Peristent storage for an RSA private key and its associated X.509
certificate chain. This key storage is currently specific to the
JSAFE provider.
This is interface will not remain in this form! Currently
recognized problems/flaws include:
- Private keys are not stored in encrypted form. This places
cryptographic security at the mercy of security for the local
machine, which is strongly undesirable given current practice.
- There's no real "issued PCKS #10 cert request" state
from which one enters a "here's the cert chain" state. In
fact, the code to process the response from that PKCS #10
request doesn't exist at all!
- This should be just one more kind of key store object,
fitting into the Java security framework like any other kind
of key store.
- This shouldn't force use of RSA keys. SSL (and SKIP)
support use of Diffie-Hellman keys; CAs can use DSS/DSA.
All are supported by JSAFE.
- Doesn't verify that the public and private keys match.
-
KeyStore(Key, CertChain)
- Initializes an in-memory key store from a private key and an X.509
certificate chain.
-
KeyStore(String)
- Initializes an in-memory key store from one stored on disk.
-
getCertChain()
- Returns the X.509 RSA public key certificate chain from
this KeyStore.
-
getPath()
- Returns the directory where the keys are stored, or null
if the keys don't yet have a persistent representation.
-
getPrivateKey()
- Returns the RSA private key from this KeyStore.
-
store(String)
- Stores the certificate chain and private key in a directory
from which they may later be retrieved.
KeyStore
public KeyStore(Key privateKey,
CertChain publicKey) throws InvalidKeyException
- Initializes an in-memory key store from a private key and an X.509
certificate chain. The keys should be explicitly stored in some
directory, after this initializes the in-memory state.
- Parameters:
- privateKey - a JSAFE RSA private key
- publicKey - the first certificate holds the RSA public key
matching privateKey, the rest are a certificate chain where each
is signed by the next and the last is signed by itself.
- See Also:
- store
KeyStore
public KeyStore(String directory) throws IOException
- Initializes an in-memory key store from one stored on disk.
- Parameters:
- directory - path to the directory holding the private
key and the associated certificate chain.
- See Also:
- store
store
public void store(String directory) throws IOException
- Stores the certificate chain and private key in a directory
from which they may later be retrieved.
- Parameters:
- directory - path to the directory holding the private
key and the associated certificate chain.
getPrivateKey
public Key getPrivateKey()
- Returns the RSA private key from this KeyStore.
getCertChain
public CertChain getCertChain()
- Returns the X.509 RSA public key certificate chain from
this KeyStore.
getPath
public String getPath()
- Returns the directory where the keys are stored, or null
if the keys don't yet have a persistent representation.
Additional files (e.g. a database of certificates issued)
may be stored in this directory.
All Packages Class Hierarchy This Package Previous Next Index