Package com.azure.security.keyvault.jca

Class KeyVaultKeyStore

  • public final class KeyVaultKeyStore
extends KeyStoreSpi
    The Azure Key Vault implementation of the KeyStoreSpi.
    See Also:
    KeyStoreSpi

    • Constructor Detail

      • KeyVaultKeyStore

        public KeyVaultKeyStore()
        Constructor.

        The constructor uses System.getProperty for azure.keyvault.uri, azure.keyvault.aadAuthenticationUrl, azure.keyvault.tenantId, azure.keyvault.clientId, azure.keyvault.clientSecret and azure.keyvault.managedIdentity to initialize the Key Vault client.

    • Method Detail

      • engineContainsAlias

        public boolean engineContainsAlias​(String alias)
        Checks if the given alias exists in this keystore.
        Specified by:
        engineContainsAlias in class KeyStoreSpi
        Parameters:
        alias - the alias name
        Returns:
        true if the alias exists, false otherwise

      • engineDeleteEntry

        public void engineDeleteEntry​(String alias)
        Deletes the entry identified by the given alias from this keystore.
        Specified by:
        engineDeleteEntry in class KeyStoreSpi
        Parameters:
        alias - the alias name

      • engineEntryInstanceOf

        public boolean engineEntryInstanceOf​(String alias,
                                     Class<? extends KeyStore.Entry> entryClass)
        Determines if the keystore Entry for the specified alias is an instance or subclass of the specified entryClass.
        Overrides:
        engineEntryInstanceOf in class KeyStoreSpi
        Parameters:
        alias - the alias name
        entryClass - the entry class
        Returns:
        true if the keystore Entry for the specified alias is an instance or subclass of the specified entryClass, false otherwise

      • engineGetCertificate

        public Certificate engineGetCertificate​(String alias)
        Get the certificate associated with the given alias.
        Specified by:
        engineGetCertificate in class KeyStoreSpi
        Parameters:
        alias - the alias name
        Returns:
        the certificate, or null if the given alias does not exist or does not contain a certificate

      • engineGetCertificateAlias

        public String engineGetCertificateAlias​(Certificate cert)
        Get the (alias) name of the first keystore entry whose certificate matches the given certificate.
        Specified by:
        engineGetCertificateAlias in class KeyStoreSpi
        Parameters:
        cert - the certificate to match with.
        Returns:
        the alias name of the first entry with matching certificate, or null if no such entry exists in this keystore

      • engineGetCertificateChain

        public Certificate[] engineGetCertificateChain​(String alias)
        Get the certificate chain associated with the given alias.
        Specified by:
        engineGetCertificateChain in class KeyStoreSpi
        Parameters:
        alias - the alias name
        Returns:
        the certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the given alias does not exist or does not contain a certificate chain

      • engineGetCreationDate

        public Date engineGetCreationDate​(String alias)
        Get the creation date of the entry identified by the given alias.
        Specified by:
        engineGetCreationDate in class KeyStoreSpi
        Parameters:
        alias - the alias name
        Returns:
        the creation date of this entry, or null if the given alias does not exist

      • engineGetKey

        public Key engineGetKey​(String alias,
                        char[] password)
        Get key associated with the given alias.
        Specified by:
        engineGetKey in class KeyStoreSpi
        Parameters:
        alias - the alias name
        password - the password for recovering the key
        Returns:
        the requested key, or null if the given alias does not exist or does not identify a key-related entry

      • engineIsCertificateEntry

        public boolean engineIsCertificateEntry​(String alias)
        Check whether the entry identified by the given alias contains a trusted certificate.
        Specified by:
        engineIsCertificateEntry in class KeyStoreSpi
        Parameters:
        alias - the alias name
        Returns:
        true if the entry identified by the given alias contains a trusted certificate, false otherwise

      • engineIsKeyEntry

        public boolean engineIsKeyEntry​(String alias)
        Check whether the entry identified by the given alias is a key-related.
        Specified by:
        engineIsKeyEntry in class KeyStoreSpi
        Parameters:
        alias - the alias for the keystore entry to be checked
        Returns:
        true if the entry identified by the given alias is a key-related, false otherwise

      • engineLoad

        public void engineLoad​(KeyStore.LoadStoreParameter param)
        Loads the keystore using the given KeyStore.LoadStoreParameter.
        Overrides:
        engineLoad in class KeyStoreSpi
        Parameters:
        param - the KeyStore.LoadStoreParameter that specifies how to load the keystore, which may be null

      • engineLoad

        public void engineLoad​(InputStream stream,
                       char[] password)
        Loads the keystore from the given input stream.
        Specified by:
        engineLoad in class KeyStoreSpi
        Parameters:
        stream - the input stream from which the keystore is loaded,or null
        password - the password

      • engineSetCertificateEntry

        public void engineSetCertificateEntry​(String alias,
                                      Certificate certificate)
        Assigns the given certificate to the given alias.
        Specified by:
        engineSetCertificateEntry in class KeyStoreSpi
        Parameters:
        alias - the alias name
        certificate - the certificate

      • engineSetKeyEntry

        public void engineSetKeyEntry​(String alias,
                              Key key,
                              char[] password,
                              Certificate[] chain)
        Assigns the given key to the given alias, protecting it with the given password.
        Specified by:
        engineSetKeyEntry in class KeyStoreSpi
        Parameters:
        alias - the alias name
        key - the key to be associated with the alias
        password - the password to protect the key
        chain - the certificate chain

      • engineSetKeyEntry

        public void engineSetKeyEntry​(String alias,
                              byte[] key,
                              Certificate[] chain)
        Assigns the given key (that has already been protected) to the given alias.
        Specified by:
        engineSetKeyEntry in class KeyStoreSpi
        Parameters:
        alias - the alias name
        key - the key
        chain - the certificate chain

      • engineSize

        public int engineSize()
        Retrieves the number of entries in this keystore.
        Specified by:
        engineSize in class KeyStoreSpi
        Returns:
        the number of entries in this keystore

      • engineStore

        public void engineStore​(OutputStream stream,
                        char[] password)
        Stores this keystore to the given output stream, and protects its integrity with the given password.
        Specified by:
        engineStore in class KeyStoreSpi
        Parameters:
        stream - the output stream to which this keystore is written
        password - the password to generate the keystore integrity check