Class HsmPkiCredentialContainer
java.lang.Object
se.swedenconnect.security.credential.container.AbstractPkiCredentialContainer
se.swedenconnect.security.credential.container.AbstractKeyStorePkiCredentialContainer
se.swedenconnect.security.credential.container.HsmPkiCredentialContainer
- All Implemented Interfaces:
PkiCredentialContainer
Implements a
PkiCredentialContainer
based on an HSM.- Author:
- Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
-
Field Summary
Fields inherited from class se.swedenconnect.security.credential.container.AbstractPkiCredentialContainer
DEFAULT_SUPPORTED_KEY_TYPES
-
Constructor Summary
ConstructorDescriptionHsmPkiCredentialContainer
(String p11ConfigurationFile, String hsmPin) Constructor accepting a PKCS#11 configuration file for getting the PKCS#11 provider.HsmPkiCredentialContainer
(Provider p11Provider, String hsmPin) Constructor for the default PKCS11 credential container where keys are stored in an HSM slot.HsmPkiCredentialContainer
(Pkcs11Configuration p11Configuration, String hsmPin) Constructor accepting aPkcs11Configuration
object for getting the PKCS#11 provider. -
Method Summary
Modifier and TypeMethodDescriptionprotected KeyStore
createKeyStore
(Provider provider, char[] password) Creates the key store used to store generated keys.getCredentialFromAlias
(String alias) Gets the credential for a specific alias from the credential container.Methods inherited from class se.swedenconnect.security.credential.container.AbstractKeyStorePkiCredentialContainer
deleteCredential, generateCredential, getAlgorithmName, getCredential, getExpiryTime, getKeyStore, getPassword, getX500Name, listCredentials
Methods inherited from class se.swedenconnect.security.credential.container.AbstractPkiCredentialContainer
cleanup, generateAlias, getKeyGeneratorFactory, getKeyValidity, getProvider, isExpired, setKeyValidity, setSupportedKeyTypes
-
Constructor Details
-
HsmPkiCredentialContainer
public HsmPkiCredentialContainer(@Nonnull Provider p11Provider, @Nonnull String hsmPin) throws KeyStoreException Constructor for the default PKCS11 credential container where keys are stored in an HSM slot.- Parameters:
p11Provider
- the provider that provides access to the HSM key slot used to generate and store keyshsmPin
- the PIN for the associated HSM slot- Throws:
KeyStoreException
- error initiating the HSM slot key store
-
HsmPkiCredentialContainer
public HsmPkiCredentialContainer(@Nonnull Pkcs11Configuration p11Configuration, @Nonnull String hsmPin) throws KeyStoreException Constructor accepting aPkcs11Configuration
object for getting the PKCS#11 provider.- Parameters:
p11Configuration
- the PKCS#11 configurationhsmPin
- the PIN for the HSM slot- Throws:
KeyStoreException
- error initiating the HSM slot key store
-
HsmPkiCredentialContainer
public HsmPkiCredentialContainer(@Nonnull String p11ConfigurationFile, @Nonnull String hsmPin) throws KeyStoreException Constructor accepting a PKCS#11 configuration file for getting the PKCS#11 provider.- Parameters:
p11ConfigurationFile
- the full path to the PKCS#11 configuration filehsmPin
- the PIN for the HSM slot- Throws:
KeyStoreException
- error initiating the HSM slot key store
-
-
Method Details
-
createKeyStore
@Nonnull protected KeyStore createKeyStore(@Nonnull Provider provider, @Nullable char[] password) throws KeyStoreException Creates the key store used to store generated keys.- Specified by:
createKeyStore
in classAbstractKeyStorePkiCredentialContainer
- Parameters:
provider
- the provider for the key storepassword
- the password for the key store- Returns:
- key store
- Throws:
KeyStoreException
- error creating the key store
-
getCredentialFromAlias
@Nonnull public PkiCredential getCredentialFromAlias(@Nonnull String alias) throws PkiCredentialContainerException Gets the credential for a specific alias from the credential container.- Specified by:
getCredentialFromAlias
in classAbstractKeyStorePkiCredentialContainer
- Parameters:
alias
- the alias of the credential to get- Returns:
- credential for the specified alias
- Throws:
PkiCredentialContainerException
- for errors obtaining the requested credential
-