se.swedenconnect.security.credential.container.HsmPkiCredentialContainer

All Implemented Interfaces:: PkiCredentialContainer

public class HsmPkiCredentialContainer extends AbstractKeyStorePkiCredentialContainer

Implements a PkiCredentialContainer based on an HSM.

Author:: Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

Field Summary

Fields inherited from class se.swedenconnect.security.credential.container.AbstractPkiCredentialContainer
DEFAULT_SUPPORTED_KEY_TYPES
Constructor Summary

Constructors

Constructor

Description

HsmPkiCredentialContainer(String p11ConfigurationFile, String hsmPin)

Constructor accepting a PKCS#11 configuration file for getting the PKCS#11 provider.

HsmPkiCredentialContainer(Provider p11Provider, String hsmPin)

Constructor for the default PKCS11 credential container where keys are stored in an HSM slot.

HsmPkiCredentialContainer(Pkcs11Configuration p11Configuration, String hsmPin)

Constructor accepting a Pkcs11Configuration object for getting the PKCS#11 provider.
Method Summary

Modifier and Type

Method

Description

protected KeyStore

createKeyStore(Provider provider, char[] password)

Creates the key store used to store generated keys.

PkiCredential

getCredentialFromAlias(String alias)

Gets the credential for a specific alias from the credential container.

Methods inherited from class se.swedenconnect.security.credential.container.AbstractKeyStorePkiCredentialContainer
deleteCredential, generateCredential, getAlgorithmName, getCredential, getExpiryTime, getKeyStore, getPassword, getX500Name, listCredentials

Methods inherited from class se.swedenconnect.security.credential.container.AbstractPkiCredentialContainer
cleanup, generateAlias, getKeyGeneratorFactory, getKeyValidity, getProvider, isExpired, setKeyValidity, setSupportedKeyTypes

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- HsmPkiCredentialContainer
  
  public HsmPkiCredentialContainer(@Nonnull Provider p11Provider, @Nonnull String hsmPin) throws KeyStoreException
  
  Constructor for the default PKCS11 credential container where keys are stored in an HSM slot.
  
  Parameters:
  
  p11Provider - the provider that provides access to the HSM key slot used to generate and store keys
  
  hsmPin - the PIN for the associated HSM slot
  
  Throws:
  
  KeyStoreException - error initiating the HSM slot key store
- HsmPkiCredentialContainer
  
  public HsmPkiCredentialContainer(@Nonnull Pkcs11Configuration p11Configuration, @Nonnull String hsmPin) throws KeyStoreException
  
  Constructor accepting a Pkcs11Configuration object for getting the PKCS#11 provider.
  
  Parameters:
  
  p11Configuration - the PKCS#11 configuration
  
  hsmPin - the PIN for the HSM slot
  
  Throws:
  
  KeyStoreException - error initiating the HSM slot key store
- HsmPkiCredentialContainer
  
  public HsmPkiCredentialContainer(@Nonnull String p11ConfigurationFile, @Nonnull String hsmPin) throws KeyStoreException
  
  Constructor accepting a PKCS#11 configuration file for getting the PKCS#11 provider.
  
  Parameters:
  
  p11ConfigurationFile - the full path to the PKCS#11 configuration file
  
  hsmPin - the PIN for the HSM slot
  
  Throws:
  
  KeyStoreException - error initiating the HSM slot key store
Method Details
- createKeyStore
  
  @Nonnull protected KeyStore createKeyStore(@Nonnull Provider provider, @Nullable char[] password) throws KeyStoreException
  
  Creates the key store used to store generated keys.
  
  Specified by:
  
  createKeyStore in class AbstractKeyStorePkiCredentialContainer
  
  Parameters:
  
  provider - the provider for the key store
  
  password - the password for the key store
  
  Returns:
  
  key store
  
  Throws:
  
  KeyStoreException - error creating the key store
- getCredentialFromAlias
  
  @Nonnull public PkiCredential getCredentialFromAlias(@Nonnull String alias) throws PkiCredentialContainerException
  
  Gets the credential for a specific alias from the credential container.
  
  Specified by:
  
  getCredentialFromAlias in class AbstractKeyStorePkiCredentialContainer
  
  Parameters:
  
  alias - the alias of the credential to get
  
  Returns:
  
  credential for the specified alias
  
  Throws:
  
  PkiCredentialContainerException - for errors obtaining the requested credential

Class HsmPkiCredentialContainer

Field Summary

Fields inherited from class se.swedenconnect.security.credential.container.AbstractPkiCredentialContainer

Constructor Summary

Method Summary

Methods inherited from class se.swedenconnect.security.credential.container.AbstractKeyStorePkiCredentialContainer

Methods inherited from class se.swedenconnect.security.credential.container.AbstractPkiCredentialContainer

Methods inherited from class java.lang.Object

Constructor Details

HsmPkiCredentialContainer

HsmPkiCredentialContainer

HsmPkiCredentialContainer

Method Details

createKeyStore

getCredentialFromAlias