com.unboundid.util.ssl

Class PKCS11KeyManager

java.lang.Object

javax.net.ssl.X509ExtendedKeyManager

com.unboundid.util.ssl.WrapperKeyManager

com.unboundid.util.ssl.PKCS11KeyManager

All Implemented Interfaces:

javax.net.ssl.KeyManager, javax.net.ssl.X509KeyManager

@NotMutable
@ThreadSafety(level=COMPLETELY_THREADSAFE)
public final class PKCS11KeyManager
extends WrapperKeyManager

This class provides an SSL key manager that may be used to interact with PKCS #11 tokens.

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	DEFAULT_KEY_STORE_TYPE The default key store type to use when accessing PKCS #11 tokens.
static java.lang.String	DEFAULT_PROVIDER_CLASS The fully-qualified name of the default provider class (sun.security.pkcs11.SunPKCS11) to use when accessing PKCS #11 tokens.

Constructor Summary

Constructors

Constructor and Description
PKCS11KeyManager(char[] keyStorePIN, java.lang.String certificateAlias) Creates a new instance of this PKCS #11 key manager with the provided information.
PKCS11KeyManager(java.security.Provider provider, java.lang.String keyStoreType, char[] keyStorePIN, java.lang.String certificateAlias) Creates a new instance of this PKCS11 key manager with the provided information.
PKCS11KeyManager(java.lang.String providerClassName, java.io.File providerConfigFile, java.lang.String keyStoreType, char[] keyStorePIN, java.lang.String certificateAlias) Creates a new instance of this PKCS11 key manager with the provided information.

Method Summary

Methods

Modifier and Type	Method and Description
static java.security.Provider	getPKCS11JSSESProvider() Retrieves an instance of a Java security provider that should be used when performing JSSE-related operations in conjunction with PKCS #11 tokens.
static java.security.Provider	getProvider(java.lang.String providerClassName, java.io.File providerConfigFile, java.lang.String keyStoreType, boolean alwaysCreateNewInstance) Retrieves an instance of a Java security provider that may be used to interact with a PKCS #11 token.

Methods inherited from class com.unboundid.util.ssl.WrapperKeyManager

chooseClientAlias, chooseEngineClientAlias, chooseEngineServerAlias, chooseServerAlias, getCertificateAlias, getCertificateChain, getClientAliases, getPrivateKey, getServerAliases

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_KEY_STORE_TYPE

@NotNull
public static final java.lang.String DEFAULT_KEY_STORE_TYPE

The default key store type to use when accessing PKCS #11 tokens.

See Also:

Constant Field Values

DEFAULT_PROVIDER_CLASS

@NotNull
public static final java.lang.String DEFAULT_PROVIDER_CLASS

The fully-qualified name of the default provider class (sun.security.pkcs11.SunPKCS11) to use when accessing PKCS #11 tokens.

See Also:

Constant Field Values

Constructor Detail

PKCS11KeyManager

public PKCS11KeyManager(@Nullable
                char[] keyStorePIN,
                @Nullable
                java.lang.String certificateAlias)
                 throws java.security.KeyStoreException

Creates a new instance of this PKCS #11 key manager with the provided information.

Parameters:

keyStorePIN - The user PIN to use to access the PKCS #11 token. This may be null if no PIN is required.

certificateAlias - The nickname for the key entry to use in the PKCS #11 token. It may be null if any acceptable entry may be used.

Throws:

java.security.KeyStoreException - If a problem occurs while initializing this key manager.

PKCS11KeyManager

public PKCS11KeyManager(@Nullable
                java.lang.String providerClassName,
                @Nullable
                java.io.File providerConfigFile,
                @Nullable
                java.lang.String keyStoreType,
                @Nullable
                char[] keyStorePIN,
                @Nullable
                java.lang.String certificateAlias)
                 throws java.security.KeyStoreException

Creates a new instance of this PKCS11 key manager with the provided information.

Parameters:

providerClassName - The fully-qualified name of the Java class that implements the provider to use to interact with the PKCS #11 module. If this is null, then the key manager will attempt to automatically identify the appropriate provider.

providerConfigFile - A file that contains the configuration to use for the provider. This may be null if no provider configuration is needed, or if the provider is already properly instantiated.

keyStoreType - The name of the key store type to use when interacting with the PKCS #11 token. If this is null, then a default key store type of PKCS11 will be used.

keyStorePIN - The user PIN to use to access the PKCS #11 token. This may be null if no PIN is required.

certificateAlias - The nickname for the key entry to use in the PKCS #11 token. It may be null if any acceptable entry may be used.

Throws:

java.security.KeyStoreException - If a problem occurs while initializing this key manager.

PKCS11KeyManager

public PKCS11KeyManager(@NotNull
                java.security.Provider provider,
                @Nullable
                java.lang.String keyStoreType,
                @Nullable
                char[] keyStorePIN,
                @Nullable
                java.lang.String certificateAlias)
                 throws java.security.KeyStoreException

Creates a new instance of this PKCS11 key manager with the provided information.

Parameters:

provider - The Java security provider to use to access the PKCS #11 token. It must not be null.

keyStoreType - The name of the key store type to use when interacting with the PKCS #11 token. If this is null, then a default key store type of PKCS11 will be used.

keyStorePIN - The user PIN to use to access the PKCS #11 token. This may be null if no PIN is required.

certificateAlias - The nickname for the key entry to use in the PKCS #11 token. It may be null if any acceptable entry may be used.

Throws:

java.security.KeyStoreException - If a problem occurs while initializing this key manager.

Method Detail

getProvider

@NotNull
public static java.security.Provider getProvider(@Nullable
                                         java.lang.String providerClassName,
                                         @Nullable
                                         java.io.File providerConfigFile,
                                         @Nullable
                                         java.lang.String keyStoreType,
                                         boolean alwaysCreateNewInstance)
                                          throws java.security.KeyStoreException

Retrieves an instance of a Java security provider that may be used to interact with a PKCS #11 token. If a suitable new provider instance is created, then it will be added to the JVM's configured list of providers.

Parameters:

providerClassName - The fully-qualified name of the Java class to use for the provider. If this is null, then an attempt will be made to automatically identify the appropriate provider class.

providerConfigFile - A file that contains the configuration to use for the provider. This may be null if no provider configuration is needed, or if the provider is already properly instantiated.

keyStoreType - The name of the key store type to use when interacting with the PKCS #11 token. If this is null, then a default key store type of PKCS11 will be used.

alwaysCreateNewInstance - Indicates whether to always create a new instance of the provider, even

Returns:

The provider instance that should be used to interact with a PKCS #11 token.

Throws:

java.security.KeyStoreException - If a problem occurs while retrieving the

getPKCS11JSSESProvider

@Nullable
public static java.security.Provider getPKCS11JSSESProvider()

Retrieves an instance of a Java security provider that should be used when performing JSSE-related operations in conjunction with PKCS #11 tokens. The JVM's preferred JSSE provider may not be the best choice when using a PKCS #11 token (including when operating in FIPS-compliant mode).

Returns:

An instance of a Java security provider that should be used when performing JSSE-related operations in conjunction with PKCS #11 tokens. It may be null if the best provider cannot be determined.