public class

PKCS11KeyStoreKeyingDataProvider

extends KeyStoreKeyingDataProvider
java.lang.Object
   ↳ xades4j.providers.impl.KeyStoreKeyingDataProvider
     ↳ xades4j.providers.impl.PKCS11KeyStoreKeyingDataProvider

Class Overview

A specification of KeyStoreKeyingDataProvider for PKCS#11 keystores. This class uses the SUN's PKCS#11 provider, which brigdes with the native PKCS#11 library. Note that this provider is not included in some versions of the JRE, namely the 64 bits Windows version. On those scenarios this class will fail at runtime.

The KeyStorePasswordProvider and KeyEntryPasswordProvider may be null. In that case the keystore protection has to be handled by the native library. If the KeyEntryPasswordProvider is supplied, the protection used to access an entry is a CallbackHandlerProtection that invokes the KeyEntryPasswordProvider exactly when when the password is requested.

See Also

Summary

Public Constructors
PKCS11KeyStoreKeyingDataProvider(String nativeLibraryPath, String providerName, KeyStoreKeyingDataProvider.SigningCertSelector certificateSelector, KeyStoreKeyingDataProvider.KeyStorePasswordProvider keyStorePasswordProvider, KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider, boolean returnFullChain)
The provider name is used has a key to search for installed providers.
PKCS11KeyStoreKeyingDataProvider(String nativeLibraryPath, String providerName, Integer slotId, KeyStoreKeyingDataProvider.SigningCertSelector certificateSelector, KeyStoreKeyingDataProvider.KeyStorePasswordProvider keyStorePasswordProvider, KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider, boolean returnFullChain)
The provider name is used as a key to search for installed providers.
PKCS11KeyStoreKeyingDataProvider(String nativeLibraryPath, String providerName, Integer slotId, KeyStoreKeyingDataProvider.SigningCertSelector certificateSelector)
Shortcut constructor using null for the password providers and slot and false for the returnFullChain parameter.
PKCS11KeyStoreKeyingDataProvider(String nativeLibraryPath, String providerName, KeyStoreKeyingDataProvider.SigningCertSelector certificateSelector)
Shortcut constructor using null for the password providers and slot, and false for the returnFullChain parameter.
Protected Methods
final KeyStore.ProtectionParameter getKeyProtection(String entryAlias, X509Certificate entryCert, KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider)
Gets a protection parameter to access the specified entry.
[Expand]
Inherited Methods
From class xades4j.providers.impl.KeyStoreKeyingDataProvider
From class java.lang.Object
From interface xades4j.providers.KeyingDataProvider

Public Constructors

public PKCS11KeyStoreKeyingDataProvider (String nativeLibraryPath, String providerName, KeyStoreKeyingDataProvider.SigningCertSelector certificateSelector, KeyStoreKeyingDataProvider.KeyStorePasswordProvider keyStorePasswordProvider, KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider, boolean returnFullChain)

The provider name is used has a key to search for installed providers. If a provider exists with the same name, it will be used even if it relies on a different native library.

Parameters
nativeLibraryPath the path for the native library of the specific PKCS#11 provider
providerName this string is concatenated with the prefix SunPKCS11- to produce this provider instance's name
certificateSelector the selector of signing certificate
keyStorePasswordProvider the provider of the keystore loading password (may be null)
entryPasswordProvider the provider of entry passwords (may be null)
returnFullChain indicates of the full certificate chain should be returned, if available
Throws
KeyStoreException

public PKCS11KeyStoreKeyingDataProvider (String nativeLibraryPath, String providerName, Integer slotId, KeyStoreKeyingDataProvider.SigningCertSelector certificateSelector, KeyStoreKeyingDataProvider.KeyStorePasswordProvider keyStorePasswordProvider, KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider, boolean returnFullChain)

The provider name is used as a key to search for installed providers. If a provider exists with the same name, it will be used even if it relies on a different native library.

Parameters
nativeLibraryPath the path for the native library of the specific PKCS#11 provider
providerName this string is concatenated with the prefix SunPKCS11- to produce this provider instance's name
slotId the id of the slot that this provider instance is to be associated with (can be null)
certificateSelector the selector of signing certificate
keyStorePasswordProvider the provider of the keystore loading password (can be null)
entryPasswordProvider the provider of entry passwords (may be null)
returnFullChain indicates of the full certificate chain should be returned, if available
Throws
KeyStoreException

public PKCS11KeyStoreKeyingDataProvider (String nativeLibraryPath, String providerName, Integer slotId, KeyStoreKeyingDataProvider.SigningCertSelector certificateSelector)

Shortcut constructor using null for the password providers and slot and false for the returnFullChain parameter.

Throws
KeyStoreException

public PKCS11KeyStoreKeyingDataProvider (String nativeLibraryPath, String providerName, KeyStoreKeyingDataProvider.SigningCertSelector certificateSelector)

Shortcut constructor using null for the password providers and slot, and false for the returnFullChain parameter.

Throws
KeyStoreException

Protected Methods

protected final KeyStore.ProtectionParameter getKeyProtection (String entryAlias, X509Certificate entryCert, KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider)

Gets a protection parameter to access the specified entry.

Parameters
entryAlias the alias of the entry that is being accessed
entryCert the cerificate in the entry
entryPasswordProvider the password provider that should be used to get the actual password (may be null)
Returns
  • the protection