: Class KeyEntry

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.iplanet.trustbase.security.store
Class KeyEntry

java.lang.Object
  |
  +--com.iplanet.trustbase.security.store.TokenKeyStoreEntry
        |
        +--com.iplanet.trustbase.security.store.KeyEntry

public abstract class KeyEntry
extends TokenKeyStoreEntry

a KeyEntry in the TokenKeyStore contains a PrivateKey and an associated certificate chain. KeyEntrys are created by TokenKeyStores to form the client interface to a PrivateKey and it's associated certificate chain, and additional attribute such as KeyUsage

A KeyPair is be created on a token, and in doing so a self-signed certificate, signed with the PrivateKey of the KeyPair, and containing the PublicKey of the KeyPair will be created.

Constructor Summary

protected KeyEntry(java.security.PrivateKey key, java.security.cert.X509Certificate[] chain, KeyUsages keyUsages)
          Creates new KeyEntry

Method Summary

byte[] generatePKCS10Request(java.lang.String subjectName, boolean base64)
          generate a PKCS#10 request for the PrivateKey in this entry.

java.security.cert.X509Certificate[] getCertificateChain()
          get the certificate chain guaranteeing the PrivateKey of this KeyEntry

KeyUsages getKeyUsages()
          get the KeyUsages to which this Key may be put

java.security.PrivateKey getPrivateKey()
          get the PrivateKey from the KeyEntry

java.security.PublicKey getPublicKey()
          get the PublicKey associated with the PrivateKey.

void setCertificateChain(java.security.cert.X509Certificate[] newchain)
          set the certificate chain associated with a PrivateKey.

protected abstract java.security.cert.X509Certificate[] setCertificateChainImpl(java.security.cert.X509Certificate[] chain)
          overridable by sub-classes to do any implementation specific stuff.

void setKeyUsages(KeyUsages usages)
          set the KeyUsages to which this Key may be put.

Methods inherited from class com.iplanet.trustbase.security.store.TokenKeyStoreEntry

addAlias, getAliases, getIssuerName, getSerialNo, getSubjectName, removeAlias, setSubject

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeyEntry

protected KeyEntry(java.security.PrivateKey key,
                   java.security.cert.X509Certificate[] chain,
                   KeyUsages keyUsages)

Creates new KeyEntry

Method Detail

getPrivateKey

public java.security.PrivateKey getPrivateKey()

get the PrivateKey from the KeyEntry

Returns:: a PrivateKey. not null

getPublicKey

public java.security.PublicKey getPublicKey()

get the PublicKey associated with the PrivateKey. equivalent to getting the PublicKey from the subject certificate [ the first certificate in the chain ]

Returns:: a PublicKey. not null

getCertificateChain

public java.security.cert.X509Certificate[] getCertificateChain()

get the certificate chain guaranteeing the PrivateKey of this KeyEntry

Returns:: a list of X509Certificates. not empty

getKeyUsages

public KeyUsages getKeyUsages()

get the KeyUsages to which this Key may be put

Returns:: a KeyUsages Object. not null

setKeyUsages

public void setKeyUsages(KeyUsages usages)

set the KeyUsages to which this Key may be put. after setting the KeyUsages, the KeyEntry should be updated in the TokenKeyStore using the TokenKeyStore.updateEntry() method

setCertificateChain

public final void setCertificateChain(java.security.cert.X509Certificate[] newchain)
                               throws IncompleteChainException,
                                      com.iplanet.trustbase.security.cert.ValidateException,
                                      TokenKeyStoreException

set the certificate chain associated with a PrivateKey. this method will normally be used to replace the temporary self-signed certificate created when a KeyPair is generated with a certificate issued by a CA

Parameters:: the - [ possibly partial ] certificate chain to set
Returns:: the [ must be complete ] certificate chain which will be set
Throws:: IncompleteChainException - thrown if the supplied chain is incomplete, or cannot be completed; TokenKeyStoreException - thrown if there is any other problem

setCertificateChainImpl

protected abstract java.security.cert.X509Certificate[] setCertificateChainImpl(java.security.cert.X509Certificate[] chain)
                                                                         throws TokenKeyStoreException

overridable by sub-classes to do any implementation specific stuff. called by setCertificateChain before it actually replaces the existing cert chain in the private members and updates the subject name

generatePKCS10Request

public byte[] generatePKCS10Request(java.lang.String subjectName,
                                    boolean base64)
                             throws TokenKeyStoreException

generate a PKCS#10 request for the PrivateKey in this entry.

Parameters:: subjectName - the subject name in the request. may be null, in which case the subject name from the existing subject cert will be used; base64 - true if the result is to be base-64 encoded