/**
* Saves a <code>KeyStore.Entry</code> under the specified alias. The specified protection
* parameter is used to protect the <code>Entry</code>.
*
* <p>If an entry already exists for the specified alias, it is overridden.
*
* @param alias save the <code>KeyStore.Entry</code> under this alias
* @param entry the <code>Entry</code> to save
* @param protParam the <code>ProtectionParameter</code> used to protect the <code>Entry</code>,
* which may be <code>null</code>
* @exception KeyStoreException if this operation fails
* @since 1.5
*/
public void engineSetEntry(
String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter protParam)
throws KeyStoreException {
// get password
if (protParam != null && !(protParam instanceof KeyStore.PasswordProtection)) {
throw new KeyStoreException("unsupported protection parameter");
}
KeyStore.PasswordProtection pProtect = null;
if (protParam != null) {
pProtect = (KeyStore.PasswordProtection) protParam;
}
// set entry
if (entry instanceof KeyStore.TrustedCertificateEntry) {
if (protParam != null && pProtect.getPassword() != null) {
// pre-1.5 style setCertificateEntry did not allow password
throw new KeyStoreException("trusted certificate entries are not password-protected");
} else {
KeyStore.TrustedCertificateEntry tce = (KeyStore.TrustedCertificateEntry) entry;
engineSetCertificateEntry(alias, tce.getTrustedCertificate());
return;
}
} else if (entry instanceof KeyStore.PrivateKeyEntry) {
if (pProtect == null || pProtect.getPassword() == null) {
// pre-1.5 style setKeyEntry required password
throw new KeyStoreException("non-null password required to create PrivateKeyEntry");
} else {
engineSetKeyEntry(
alias,
((KeyStore.PrivateKeyEntry) entry).getPrivateKey(),
pProtect.getPassword(),
((KeyStore.PrivateKeyEntry) entry).getCertificateChain());
return;
}
} else if (entry instanceof KeyStore.SecretKeyEntry) {
if (pProtect == null || pProtect.getPassword() == null) {
// pre-1.5 style setKeyEntry required password
throw new KeyStoreException("non-null password required to create SecretKeyEntry");
} else {
engineSetKeyEntry(
alias,
((KeyStore.SecretKeyEntry) entry).getSecretKey(),
pProtect.getPassword(),
(Certificate[]) null);
return;
}
}
throw new KeyStoreException("unsupported entry type: " + entry.getClass().getName());
}
/**
* Gets a <code>KeyStore.Entry</code> for the specified alias with the specified protection
* parameter.
*
* @param alias get the <code>KeyStore.Entry</code> for this alias
* @param protParam the <code>ProtectionParameter</code> used to protect the <code>Entry</code>,
* which may be <code>null</code>
* @return the <code>KeyStore.Entry</code> for the specified alias, or <code>null</code> if there
* is no such entry
* @exception KeyStoreException if the operation failed
* @exception NoSuchAlgorithmException if the algorithm for recovering the entry cannot be found
* @exception UnrecoverableEntryException if the specified <code>protParam</code> were
* insufficient or invalid
* @exception UnrecoverableKeyException if the entry is a <code>PrivateKeyEntry</code> or <code>
* SecretKeyEntry</code> and the specified <code>protParam</code> does not contain the
* information needed to recover the key (e.g. wrong password)
* @since 1.5
*/
public KeyStore.Entry engineGetEntry(String alias, KeyStore.ProtectionParameter protParam)
throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
if (!engineContainsAlias(alias)) {
return null;
}
if (protParam == null) {
if (engineIsCertificateEntry(alias)) {
return new KeyStore.TrustedCertificateEntry(engineGetCertificate(alias));
} else {
throw new UnrecoverableKeyException("requested entry requires a password");
}
}
if (protParam instanceof KeyStore.PasswordProtection) {
if (engineIsCertificateEntry(alias)) {
throw new UnsupportedOperationException(
"trusted certificate entries are not password-protected");
} else if (engineIsKeyEntry(alias)) {
KeyStore.PasswordProtection pp = (KeyStore.PasswordProtection) protParam;
char[] password = pp.getPassword();
Key key = engineGetKey(alias, password);
if (key instanceof PrivateKey) {
Certificate[] chain = engineGetCertificateChain(alias);
return new KeyStore.PrivateKeyEntry((PrivateKey) key, chain);
} else if (key instanceof SecretKey) {
return new KeyStore.SecretKeyEntry((SecretKey) key);
}
}
}
throw new UnsupportedOperationException();
}