This class represents a mapping of names , or aliases, to Key and java.security.cert.Certificate objects. Obtain a KeyStore object by calling one of the static getInstance( ) methods , specifying the desired key store type and, optionally , the desired provider. Use "JKS" to specify the "Java Key Store" type defined by Sun. Because of U.S. export regulations, this default KeyStore supports only weak encryption of private keys. If you have the Java Cryptography Extension installed, use the type "JCEKS" and provider "SunJCE" to obtain a KeyStore implementation that offers much stronger password-based encryption of keys. Once you have created a KeyStore , use load( ) to read its contents from a stream, supplying an optional password that verifies the integrity of the stream data. Keystores are typically read from a file named .keystore in the user 's home directory. The KeyStore API has been substantially enhanced in Java 5.0. We describe pre-5.0 methods first, and then cover Java 5.0 enhancements below. A KeyStore may contain both public and private key entries. A public key entry is represented by a Certificate object. Use getCertificate( ) to look up a named public key certificate and setCertificateEntry( ) to add a new public key certificate to the keystore. A private key entry in the keystore contains both a password-protected Key and an array of Certificate objects that represent the certificate chain for the public key that corresponds to the private key. Use getKey( ) and getCertificateChain( ) to look up the key and certificate chain. Use setKeyEntry( ) to create a new private key entry. You must provide a password when reading or writing a private key from the keystore; this password encrypts the key data, and each private key entry should have a different password. If you are using the JCE, you may also store javax.crypto.SecretKey objects in a KeyStore . Secret keys are stored like private keys, except that they do not have a certificate chain associated with them. To delete an entry from a KeyStore , use deleteEntry( ) . If you modify the contents of a KeyStore , use store( ) to save the keystore to a specified stream. You may specify a password that is used to validate the integrity of the data, but it is not used to encrypt the keystore. In Java 5.0 the KeyStore.Entry interface defines a keystore entry. Implementations include the nested types PrivateKeyEntry , SecretKeyEntry , and trustedCertificateEntry . You can get or set an entry of any type with the new methods getEntry( ) and setEntry( ) . These methods accept a KeyStore.ProtectionParameter object, such as a password represented as a KeyStore.PasswordProtection object. Java 5.0 also defines new load( ) and store( ) methods that specify a password indirectly through a KeyStore.LoadStoreParameter . public class KeyStore { // Protected Constructors protected KeyStore (KeyStoreSpi keyStoreSpi , Provider provider , String type ); // Nested Types 5.0 public abstract static class Builder ; 5.0 public static class CallbackHandlerProtection implements KeyStore.ProtectionParameter; 5.0 public interface Entry ; 5.0 public interface LoadStoreParameter ; 5.0 public static class PasswordProtection implements javax.security.auth.Destroyable, KeyStore.ProtectionParameter; 5.0 public static final class PrivateKeyEntry implements KeyStore.Entry; 5.0 public interface ProtectionParameter ; 5.0 public static final class SecretKeyEntry implements KeyStore.Entry; 5.0 public static final class TrustedCertificateEntry implements KeyStore.Entry; // Public Class Methods public static final String getDefaultType ( ); public static KeyStore getInstance (String type ) throws KeyStoreException; public static KeyStore getInstance (String type , String provider ) throws KeyStoreException, NoSuchProviderException; 1.4 public static KeyStore getInstance (String type , Provider provider ) throws KeyStoreException; // Public Instance Methods public final java.util.Enumeration<String> aliases ( ) throws KeyStoreException; public final boolean containsAlias (String alias ) throws KeyStoreException; public final void deleteEntry (String alias ) throws KeyStoreException; 5.0 public final boolean entryInstanceOf (String alias , Class<? extends KeyStore.Entry> entryClass ) throws KeyStoreException; public final java.security.cert.Certificate getCertificate (String alias ) throws KeyStoreException; public final String getCertificateAlias (java.security.cert.Certificate cert ) throws KeyStoreException; public final java.security.cert.Certificate[ ] getCertificateChain (String alias ) throws KeyStoreException; public final java.util.Date getCreationDate (String alias ) throws KeyStoreException; 5.0 public final KeyStore.Entry getEntry (String alias , KeyStore. ProtectionParameter protParam ) throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException; public final Key getKey (String alias , char[ ] password ) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException; public final Provider getProvider ( ); public final String getType ( ); public final boolean isCertificateEntry (String alias ) throws KeyStoreException; public final boolean isKeyEntry (String alias ) throws KeyStoreException; 5.0 public final void load (KeyStore.LoadStoreParameter param ) throws java.io.IOException, NoSuchAlgorithmException, java.security.cert.CertificateException; public final void load (java.io.InputStream stream , char[ ] password ) throws java.io.IOException, NoSuchAlgorithmException, java.security.cert.CertificateException; public final void setCertificateEntry (String alias , java.security.cert. Certificate cert ) throws KeyStoreException; 5.0 public final void setEntry (String alias , KeyStore.Entry entry , KeyStore.ProtectionParameter protParam ) throws KeyStoreException; public final void setKeyEntry (String alias , byte[ ] key , java.security.cert.Certificate[ ] chain ) throws KeyStoreException; public final void setKeyEntry (String alias , Key key , char[ ] password , java.security.cert.Certificate[ ] chain ) throws KeyStoreException; public final int size ( ) throws KeyStoreException; 5.0 public final void store (KeyStore.LoadStoreParameter param ) throws KeyStoreException, java.io.IOException, NoSuchAlgorithmException, java.security.cert.CertificateException; public final void store (java.io.OutputStream stream , char[ ] password ) throws KeyStoreException, java.io.IOException, NoSuchAlgorithmException, java.security.cert.CertificateException; } Passed ToKeyStore.Builder.newInstance( ) , java.security.cert.PKIXBuilderParameters.PKIXBuilderParameters( ) , java.security.cert.PKIXParameters.PKIXParameters( ) , javax.net.ssl.KeyManagerFactory.init( ) , javax.net.ssl.KeyManagerFactorySpi.engineInit( ) , javax.net.ssl.TrustManagerFactory.init( ) , javax.net.ssl.TrustManagerFactorySpi.engineInit( ) Returned ByKeyStore.Builder.getKeyStore( ) |