Package se.swedenconnect.security.credential

Class KeyStoreCredential

java.lang.Object
se.swedenconnect.security.credential.AbstractPkiCredential
se.swedenconnect.security.credential.AbstractReloadablePkiCredential
se.swedenconnect.security.credential.KeyStoreCredential
All Implemented Interfaces:
PkiCredential, ReloadablePkiCredential
public class KeyStoreCredential extends AbstractReloadablePkiCredential
A KeyStore implementation of the PkiCredential and ReloadablePkiCredential interfaces.

The constructors expect a loaded, and unlocked, KeyStore. See KeyStoreFactory for methods to load a KeyStore.

Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

  • Constructor Details

    • KeyStoreCredential

      public KeyStoreCredential(@Nonnull KeyStore keyStore, @Nonnull String alias, @Nullable char[] keyPassword) throws KeyStoreException
      Constructor taking a KeyStore and the key entry alias and a key password.
      Parameters:
      keyStore - the keystore to read the key pair from
      alias - the alias to the entry holding the key pair
      keyPassword - the password to unlock the key pair (may be null)
      Throws:
      KeyStoreException - for errors loading the contents

    • KeyStoreCredential

      public KeyStoreCredential(@Nonnull KeyStore keyStore, @Nonnull String alias, @Nullable char[] keyPassword, @Nullable List<X509Certificate> certificateChain) throws KeyStoreException
      When using a PKCS#11 KeyStore a variant is to only access the private key from the HSM, and have the corresponding certificate stored outside the HSM. This constructor creates an instance where certificates are not read from the KeyStore.
      Parameters:
      keyStore - the keystore to read the key pair from
      alias - the alias to the entry holding the key pair
      keyPassword - the password to unlock the key pair (may be null)
      certificateChain - a non-empty list of certificates, where the entity certificate must be placed first in the list
      Throws:
      KeyStoreException - for errors loading the contents

  • Method Details

    • getKeyStore

      @Nonnull public KeyStore getKeyStore()
      Returns the underlying KeyStore.
      Returns:
      the KeyStore

    • getPrivateKey

      @Nonnull public PrivateKey getPrivateKey()
      Gets the private key.
      Returns:
      the private key

    • getCertificateChain

      @Nonnull public List<X509Certificate> getCertificateChain()
      Gets a certificate chain for the credential, where the first element is the entity certificate (PkiCredential.getCertificate()). If no certificate is configured for the credential an empty list is returned.
      Returns:
      a list of certificates, or an empty list

    • destroy

      @PreDestroy public void destroy()
      Description copied from interface: PkiCredential
      Optional destroy method for credentials that need to perform cleaning up.

    • isHardwareCredential

      public boolean isHardwareCredential()
      Predicate that tells whether this credential resides in a hardware module.
      Returns:
      true if the credential resides in a hardware module and false otherwise

    • setReloader

      public void setReloader(@Nonnull KeyStoreReloader reloader)
      Assigns a KeyStoreReloader for supporting reload of a hardware based credential.
      Parameters:
      reloader - the reloader instance

    • reload

      public void reload() throws Exception
      If the KeyStoreCredential is of PKCS#11 type, and a KeyStoreReloader has been installed, the method will reload the private key.
      Throws:
      Exception - for reloading errors

    • getDefaultName

      @Nonnull protected String getDefaultName()
      If the credential name property is not explicitly assigned using AbstractPkiCredential.setName(String) a name is calculated based on a credential's properties.
      Specified by:
      getDefaultName in class AbstractPkiCredential
      Returns:
      the credential name