Class Pkcs11Credential

All Implemented Interfaces:
DisposableBean, InitializingBean, PkiCredential, ReloadablePkiCredential

public class Pkcs11Credential extends AbstractReloadablePkiCredential
A PKCS#11 credential implementation of the PkiCredential and ReloadablePkiCredential interfaces.
Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
  • Constructor Details

    • Pkcs11Credential

      public Pkcs11Credential()
      Default constructor.
    • Pkcs11Credential

      public Pkcs11Credential(Pkcs11Configuration configuration, String alias, char[] pin) throws IllegalArgumentException, SecurityException
      Constructor.
      Parameters:
      configuration - the PKCS#11 configuration
      alias - the token entry from where to load the private key and certificate
      pin - the PIN to unlock the token
      Throws:
      IllegalArgumentException - for missing parameters
      SecurityException - if loading of the private key and/or certificate fails
    • Pkcs11Credential

      public Pkcs11Credential(Pkcs11Configuration configuration, String alias, char[] pin, X509Certificate certificate)
      Constructor that takes a X.509 certificate as an argument. This constructor should be used if we know that the certificate is not placed on the device (only the private key).
      Parameters:
      configuration - the PKCS#11 configuration
      alias - the token entry from where to load the private key
      pin - the PIN to unlock the token
      certificate - the certificate
    • Pkcs11Credential

      public Pkcs11Credential(Pkcs11Configuration configuration, String alias, char[] pin, List<X509Certificate> certificates)
      Constructor that takes a list of X.509 certificates as an argument. This constructor should be used if we know that the certificate chain is not placed on the device (only the private key).
      Parameters:
      configuration - the PKCS#11 configuration
      alias - the token entry from where to load the private key
      pin - the PIN to unlock the token
      certificates - the certificate chain (entity certificate placed first)
  • Method Details