Package de.christofreichardt.jca.shamir
Class ShamirsKeystore
- java.lang.Object
-
- java.security.KeyStoreSpi
-
- de.christofreichardt.jca.shamir.ShamirsKeystore
-
- All Implemented Interfaces:
de.christofreichardt.diagnosis.Traceable
public class ShamirsKeystore extends KeyStoreSpi implements de.christofreichardt.diagnosis.Traceable
The actual implementation of the JCA engine classKeyStoreSpi. This interpretation uses some specificKeyStore.LoadStoreParameterandKeyStore.ProtectionParameterclasses, seeShamirsLoadParameterandShamirsProtection. The idea is that the password required to load the KeyStore has been splitted by Shamirs Secret Sharing algorithm into several secret shares. Some subset of these shares is needed to recover the original password. Those methods which aren't expecting one of the protection parameter simply delegate to the underlying PKCS#12 KeyStore implementation of the JDK.- Author:
- Christof Reichardt
-
-
Constructor Summary
Constructors Constructor Description ShamirsKeystore()Creates a PKCS#12 KeyStore instance provided by the Java platform.
-
Method Summary
-
Methods inherited from class java.security.KeyStoreSpi
engineProbe
-
-
-
-
Method Detail
-
engineGetKey
public Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException, UnrecoverableKeyException
- Specified by:
engineGetKeyin classKeyStoreSpi- Throws:
NoSuchAlgorithmExceptionUnrecoverableKeyException
-
engineGetCertificateChain
public Certificate[] engineGetCertificateChain(String alias)
- Specified by:
engineGetCertificateChainin classKeyStoreSpi
-
engineGetCertificate
public Certificate engineGetCertificate(String alias)
- Specified by:
engineGetCertificatein classKeyStoreSpi
-
engineGetCreationDate
public Date engineGetCreationDate(String alias)
- Specified by:
engineGetCreationDatein classKeyStoreSpi
-
engineSetKeyEntry
public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException
- Specified by:
engineSetKeyEntryin classKeyStoreSpi- Throws:
KeyStoreException
-
engineSetKeyEntry
public void engineSetKeyEntry(String alias, byte[] key, Certificate[] chain) throws KeyStoreException
- Specified by:
engineSetKeyEntryin classKeyStoreSpi- Throws:
KeyStoreException
-
engineGetEntry
public KeyStore.Entry engineGetEntry(String alias, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException
This method expects aShamirsProtectioninstance asKeyStore.ProtectionParameter. Otherwise anIllegalArgumentExceptionwill be thrown. After the recovering of the password the underlying PKCS#12 Keystore of the JDK will be called.- Overrides:
engineGetEntryin classKeyStoreSpi- Parameters:
alias- get theKeyStore.Entryfor this aliasprotectionParameter- theShamirsProtectionused to protect this entry- Returns:
- the
KeyStore.Entryfor the specified alias, or null if there is no such entry - Throws:
KeyStoreException- if the operation failedNoSuchAlgorithmException- if the algorithm for recovering the entry cannot be found, that would be an algorithm for password based encryptionUnrecoverableEntryException- if the key entry cannot be recovered, e.g. the specifiedprotectionParameterwere insufficient or invalid
-
engineSetEntry
public void engineSetEntry(String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException
This method expects aShamirsProtectioninstance asKeyStore.ProtectionParameter. Otherwise anIllegalArgumentExceptionwill be thrown. After the recovering of the password the underlying PKCS#12 Keystore of the JDK will be called.- Overrides:
engineSetEntryin classKeyStoreSpi- Parameters:
alias- save theKeyStore.Entryunder this aliasentry- theKeyStore.Entryto saveprotectionParameter- theShamirsProtectionused to protect the Entry- Throws:
KeyStoreException- if this operation fails
-
engineSetCertificateEntry
public void engineSetCertificateEntry(String alias, Certificate cert) throws KeyStoreException
- Specified by:
engineSetCertificateEntryin classKeyStoreSpi- Throws:
KeyStoreException
-
engineDeleteEntry
public void engineDeleteEntry(String alias) throws KeyStoreException
- Specified by:
engineDeleteEntryin classKeyStoreSpi- Throws:
KeyStoreException
-
engineAliases
public Enumeration<String> engineAliases()
- Specified by:
engineAliasesin classKeyStoreSpi
-
engineContainsAlias
public boolean engineContainsAlias(String alias)
- Specified by:
engineContainsAliasin classKeyStoreSpi
-
engineSize
public int engineSize()
- Specified by:
engineSizein classKeyStoreSpi
-
engineIsKeyEntry
public boolean engineIsKeyEntry(String alias)
- Specified by:
engineIsKeyEntryin classKeyStoreSpi
-
engineIsCertificateEntry
public boolean engineIsCertificateEntry(String alias)
- Specified by:
engineIsCertificateEntryin classKeyStoreSpi
-
engineGetCertificateAlias
public String engineGetCertificateAlias(Certificate cert)
- Specified by:
engineGetCertificateAliasin classKeyStoreSpi
-
engineStore
public void engineStore(OutputStream stream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException
- Specified by:
engineStorein classKeyStoreSpi- Throws:
IOExceptionNoSuchAlgorithmExceptionCertificateException
-
engineStore
public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, NoSuchAlgorithmException, CertificateException
This method expects aShamirsLoadParameterinstance asKeyStore.LoadStoreParameter. Otherwise anIllegalArgumentExceptionwill be thrown. After the recovering of the password the underlying PKCS#12 Keystore of the JDK will be called.- Overrides:
engineStorein classKeyStoreSpi- Parameters:
loadStoreParameter- theShamirsLoadParameterthat specifies how to store the keystore- Throws:
IOException- if there was an I/O problem with dataNoSuchAlgorithmException- if the appropriate data integrity algorithm could not be foundCertificateException- if any of the certificates included in the keystore data could not be stored
-
engineLoad
public void engineLoad(InputStream stream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException
- Specified by:
engineLoadin classKeyStoreSpi- Throws:
IOExceptionNoSuchAlgorithmExceptionCertificateException
-
engineLoad
public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, NoSuchAlgorithmException, CertificateException
This method expects aShamirsLoadParameterinstance asKeyStore.LoadStoreParameter. Otherwise anIllegalArgumentExceptionwill be thrown. After the recovering of the password the underlying PKCS#12 Keystore of the JDK will be called.- Overrides:
engineLoadin classKeyStoreSpi- Parameters:
loadStoreParameter- theShamirsLoadParameterthat specifies how to load the keystore- Throws:
IOException- if there is an I/O or format problem with the keystore data or if the recovered password was incorrectNoSuchAlgorithmException- if the algorithm used to check the integrity of the keystore cannot be foundCertificateException- if any of the certificates in the keystore could not be loaded
-
engineEntryInstanceOf
public boolean engineEntryInstanceOf(String alias, Class<? extends KeyStore.Entry> entryClass)
- Overrides:
engineEntryInstanceOfin classKeyStoreSpi
-
getCurrentTracer
public de.christofreichardt.diagnosis.AbstractTracer getCurrentTracer()
Switched off.- Specified by:
getCurrentTracerin interfacede.christofreichardt.diagnosis.Traceable- Returns:
- the NullTracer
-
-