Class HsmPkiCredentialContainer
java.lang.Object
se.swedenconnect.security.credential.container.AbstractPkiCredentialContainer
se.swedenconnect.security.credential.container.AbstractKeyStorePkiCredentialContainer
se.swedenconnect.security.credential.container.HsmPkiCredentialContainer
- All Implemented Interfaces:
PkiCredentialContainer
Implements a
PkiCredentialContainer
based on a HSM.- Author:
- Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
-
Field Summary
Fields inherited from class se.swedenconnect.security.credential.container.AbstractPkiCredentialContainer
DEFAULT_SUPPORTED_KEY_TYPES
-
Constructor Summary
ConstructorDescriptionHsmPkiCredentialContainer
(String p11ConfigurationFile, String hsmPin) Constructor accepting a PKCS#11 configuration file for getting the PKCS#11 provider.HsmPkiCredentialContainer
(Provider p11Provider, String hsmPin) Constructor for the default PKCS11 credential container where keys are stored in a HSM slot.HsmPkiCredentialContainer
(Pkcs11Configuration p11Configuration, String hsmPin) Constructor accepting aPkcs11Configuration
object for getting the PKCS#11 provider. -
Method Summary
Modifier and TypeMethodDescriptionprotected KeyStore
createKeyStore
(Provider provider, char[] password) Creates the key store used to store generated keys.getCredentialFromAlias
(String alias) Gets the credential for a specific alias from the credential container.Methods inherited from class se.swedenconnect.security.credential.container.AbstractKeyStorePkiCredentialContainer
deleteCredential, generateCredential, getAlgorithmName, getCredential, getExpiryTime, getKeyStore, getPassword, getX500Name, listCredentials
Methods inherited from class se.swedenconnect.security.credential.container.AbstractPkiCredentialContainer
cleanup, generateAlias, getKeyGeneratorFactory, getKeyValidity, getProvider, isExpired, setKeyValidity, setSupportedKeyTypes
-
Constructor Details
-
HsmPkiCredentialContainer
Constructor for the default PKCS11 credential container where keys are stored in a HSM slot.- Parameters:
p11Provider
- the provider that provides access to the HSM key slot used to generate and store keyshsmPin
- the PIN for the associated HSM slot- Throws:
KeyStoreException
- error initiating the HSM slot key store
-
HsmPkiCredentialContainer
public HsmPkiCredentialContainer(Pkcs11Configuration p11Configuration, String hsmPin) throws KeyStoreException Constructor accepting aPkcs11Configuration
object for getting the PKCS#11 provider.- Parameters:
p11Configuration
- the PKCS#11 configurationhsmPin
- the PIN for the HSM slot- Throws:
KeyStoreException
- error initiating the HSM slot key store
-
HsmPkiCredentialContainer
public HsmPkiCredentialContainer(String p11ConfigurationFile, String hsmPin) throws KeyStoreException Constructor accepting a PKCS#11 configuration file for getting the PKCS#11 provider.- Parameters:
p11ConfigurationFile
- the full path to the PKCS#11 configuration filehsmPin
- the PIN for the HSM slot- Throws:
KeyStoreException
- error initiating the HSM slot key store
-
-
Method Details
-
createKeyStore
Creates the key store used to store generated keys.- Specified by:
createKeyStore
in classAbstractKeyStorePkiCredentialContainer
- Parameters:
provider
- the provider for the key storepassword
- the password for the key store- Returns:
- key store
- Throws:
KeyStoreException
- error creating the key store
-
getCredentialFromAlias
Gets the credential for a specific alias from the credential container.- Specified by:
getCredentialFromAlias
in classAbstractKeyStorePkiCredentialContainer
- Parameters:
alias
- the alias of the credential to get- Returns:
- credential for the specified alias
- Throws:
PkiCredentialContainerException
- for errors obtaining the requested credential
-