Package com.azure.security.keyvault.jca

Class KeyVaultKeyStore

java.lang.Object
java.security.KeyStoreSpi
com.azure.security.keyvault.jca.KeyVaultKeyStore
public final class KeyVaultKeyStore extends KeyStoreSpi
The Azure Key Vault implementation of the KeyStoreSpi.
See Also:

  • Field Details

  • Constructor Details

    • KeyVaultKeyStore

      public KeyVaultKeyStore()
      Constructor.

      The constructor uses System.getProperty for azure.keyvault.uri, azure.keyvault.aadAuthenticationUrl, azure.keyvault.tenantId, azure.keyvault.clientId, azure.keyvault.clientSecret and azure.keyvault.managedIdentity to initialize the Key Vault client.

  • Method Details

    • getKeyVaultKeyStoreBySystemProperty

      public static KeyStore getKeyVaultKeyStoreBySystemProperty() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException
      get key vault key store by system property
      Returns:
      KeyVault key store
      Throws:
      CertificateException - if any of the certificates in the keystore could not be loaded
      NoSuchAlgorithmException - when algorithm is unavailable.
      KeyStoreException - when no Provider supports a KeyStoreSpi implementation for the specified type
      IOException - when an I/O error occurs.

    • engineAliases

      public Enumeration<String> engineAliases()
      Lists all the alias names of this keystore.
      Specified by:
      engineAliases in class KeyStoreSpi
      Returns:
      enumeration of the alias names

    • engineContainsAlias

      public boolean engineContainsAlias(String alias)
      Checks if the given alias exists in this keystore.
      Specified by:
      engineContainsAlias in class KeyStoreSpi
      Parameters:
      alias - the alias name
      Returns:
      true if the alias exists, false otherwise

    • engineDeleteEntry

      public void engineDeleteEntry(String alias)
      Deletes the entry identified by the given alias from this keystore.
      Specified by:
      engineDeleteEntry in class KeyStoreSpi
      Parameters:
      alias - the alias name

    • engineEntryInstanceOf

      public boolean engineEntryInstanceOf(String alias, Class<? extends KeyStore.Entry> entryClass)
      Determines if the keystore Entry for the specified alias is an instance or subclass of the specified entryClass.
      Overrides:
      engineEntryInstanceOf in class KeyStoreSpi
      Parameters:
      alias - the alias name
      entryClass - the entry class
      Returns:
      true if the keystore Entry for the specified alias is an instance or subclass of the specified entryClass, false otherwise

    • engineGetCertificate

      public Certificate engineGetCertificate(String alias)
      Get the certificate associated with the given alias.
      Specified by:
      engineGetCertificate in class KeyStoreSpi
      Parameters:
      alias - the alias name
      Returns:
      the certificate, or null if the given alias does not exist or does not contain a certificate

    • engineGetCertificateAlias

      public String engineGetCertificateAlias(Certificate cert)
      Get the (alias) name of the first keystore entry whose certificate matches the given certificate.
      Specified by:
      engineGetCertificateAlias in class KeyStoreSpi
      Parameters:
      cert - the certificate to match with.
      Returns:
      the alias name of the first entry with matching certificate, or null if no such entry exists in this keystore

    • engineGetCertificateChain

      public Certificate[] engineGetCertificateChain(String alias)
      Get the certificate chain associated with the given alias.
      Specified by:
      engineGetCertificateChain in class KeyStoreSpi
      Parameters:
      alias - the alias name
      Returns:
      the certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the given alias does not exist or does not contain a certificate chain

    • engineGetCreationDate

      public Date engineGetCreationDate(String alias)
      Get the creation date of the entry identified by the given alias.
      Specified by:
      engineGetCreationDate in class KeyStoreSpi
      Parameters:
      alias - the alias name
      Returns:
      the creation date of this entry, or null if the given alias does not exist

    • engineGetEntry

      public KeyStore.Entry engineGetEntry(String alias, KeyStore.ProtectionParameter protParam) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException
      Gets a KeyStore.Entry for the specified alias with the specified protection parameter.
      Overrides:
      engineGetEntry in class KeyStoreSpi
      Parameters:
      alias - the alias name
      protParam - the protParam
      Returns:
      the KeyStore.Entry for the specified alias,or null if there is no such entry
      Throws:
      KeyStoreException - if the operation failed
      NoSuchAlgorithmException - if the algorithm for recovering the entry cannot be found
      UnrecoverableEntryException - if the specified protParam were insufficient or invalid

    • engineGetKey

      public Key engineGetKey(String alias, char[] password)
      Get key associated with the given alias.
      Specified by:
      engineGetKey in class KeyStoreSpi
      Parameters:
      alias - the alias name
      password - the password for recovering the key
      Returns:
      the requested key, or null if the given alias does not exist or does not identify a key-related entry

    • engineIsCertificateEntry

      public boolean engineIsCertificateEntry(String alias)
      Check whether the entry identified by the given alias contains a trusted certificate.
      Specified by:
      engineIsCertificateEntry in class KeyStoreSpi
      Parameters:
      alias - the alias name
      Returns:
      true if the entry identified by the given alias contains a trusted certificate, false otherwise

    • engineIsKeyEntry

      public boolean engineIsKeyEntry(String alias)
      Check whether the entry identified by the given alias is a key-related.
      Specified by:
      engineIsKeyEntry in class KeyStoreSpi
      Parameters:
      alias - the alias for the keystore entry to be checked
      Returns:
      true if the entry identified by the given alias is a key-related, false otherwise

    • engineLoad

      public void engineLoad(KeyStore.LoadStoreParameter param)
      Loads the keystore using the given KeyStore.LoadStoreParameter.
      Overrides:
      engineLoad in class KeyStoreSpi
      Parameters:
      param - the KeyStore.LoadStoreParameter that specifies how to load the keystore, which may be null

    • engineLoad

      public void engineLoad(InputStream stream, char[] password)
      Loads the keystore from the given input stream.
      Specified by:
      engineLoad in class KeyStoreSpi
      Parameters:
      stream - the input stream from which the keystore is loaded,or null
      password - the password

    • engineSetCertificateEntry

      public void engineSetCertificateEntry(String alias, Certificate certificate)
      Assigns the given certificate to the given alias.
      Specified by:
      engineSetCertificateEntry in class KeyStoreSpi
      Parameters:
      alias - the alias name
      certificate - the certificate

    • engineSetEntry

      public void engineSetEntry(String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter protParam) throws KeyStoreException
      Saves a KeyStore.Entry under the specified alias. The specified protection parameter is used to protect the Entry.
      Overrides:
      engineSetEntry in class KeyStoreSpi
      Parameters:
      alias - the alias name
      entry - the entry
      protParam - the protParam
      Throws:
      KeyStoreException - if this operation fails

    • engineSetKeyEntry

      public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain)
      Assigns the given key to the given alias, protecting it with the given password.
      Specified by:
      engineSetKeyEntry in class KeyStoreSpi
      Parameters:
      alias - the alias name
      key - the key to be associated with the alias
      password - the password to protect the key
      chain - the certificate chain

    • engineSetKeyEntry

      public void engineSetKeyEntry(String alias, byte[] key, Certificate[] chain)
      Assigns the given key (that has already been protected) to the given alias.
      Specified by:
      engineSetKeyEntry in class KeyStoreSpi
      Parameters:
      alias - the alias name
      key - the key
      chain - the certificate chain

    • engineSize

      public int engineSize()
      Retrieves the number of entries in this keystore.
      Specified by:
      engineSize in class KeyStoreSpi
      Returns:
      the number of entries in this keystore

    • engineStore

      public void engineStore(OutputStream stream, char[] password)
      Stores this keystore to the given output stream, and protects its integrity with the given password.
      Specified by:
      engineStore in class KeyStoreSpi
      Parameters:
      stream - the output stream to which this keystore is written
      password - the password to generate the keystore integrity check

    • engineStore

      public void engineStore(KeyStore.LoadStoreParameter param)
      Stores this keystore using the given.
      Overrides:
      engineStore in class KeyStoreSpi
      Parameters:
      param - the param