public class

KeyStore

extends Object
java.lang.Object
   ↳ java.security.KeyStore

Class Overview

KeyStore is responsible for maintaining cryptographic keys and their owners.

The type of the system key store can be changed by setting the 'keystore.type' property in the file named JAVA_HOME/lib/security/java.security.

See Also

Summary

Nested Classes
class KeyStore.Builder Builder is used to construct new instances of KeyStore
class KeyStore.CallbackHandlerProtection CallbackHandlerProtection is a ProtectionParameter that encapsulates a CallbackHandler
interface KeyStore.Entry Entry is the common marker interface for a KeyStore entry. 
interface KeyStore.LoadStoreParameter LoadStoreParameter represents a parameter that specifies how a KeyStore can be loaded and stored. 
class KeyStore.PasswordProtection PasswordProtection is a ProtectionParameter that protects a KeyStore using a password. 
class KeyStore.PrivateKeyEntry PrivateKeyEntry represents a KeyStore entry that holds a private key. 
interface KeyStore.ProtectionParameter ProtectionParameter is a marker interface for protection parameters. 
class KeyStore.SecretKeyEntry SecretKeyEntry represents a KeyStore entry that holds a secret key. 
class KeyStore.TrustedCertificateEntry TrustedCertificateEntry represents a KeyStore entry that holds a trusted certificate. 
Protected Constructors
KeyStore(KeyStoreSpi keyStoreSpi, Provider provider, String type)
Constructs a new instance of KeyStore with the given arguments.
Public Methods
final Enumeration<String> aliases()
Returns an Enumeration over all alias names stored in this KeyStore.
final boolean containsAlias(String alias)
Indicates whether the given alias is present in this KeyStore.
final void deleteEntry(String alias)
Deletes the entry identified with the given alias from this KeyStore.
final boolean entryInstanceOf(String alias, Class<? extends KeyStore.Entry> entryClass)
Indicates whether the entry for the given alias is assignable to the provided Class.
final Certificate getCertificate(String alias)
Returns the trusted certificate for the entry with the given alias.
final String getCertificateAlias(Certificate cert)
Returns the alias associated with the first entry whose certificate matches the specified certificate.
final Certificate[] getCertificateChain(String alias)
Returns the certificate chain for the entry with the given alias.
final Date getCreationDate(String alias)
Returns the creation date of the entry with the given alias.
final static String getDefaultType()
Returns the default type for KeyStore instances.
final KeyStore.Entry getEntry(String alias, KeyStore.ProtectionParameter param)
Returns the Entry with the given alias, using the specified ProtectionParameter.
static KeyStore getInstance(String type, String provider)
Returns a new instance of KeyStore from the specified provider with the given type.
static KeyStore getInstance(String type, Provider provider)
Returns a new instance of KeyStore from the specified provider with the given type.
static KeyStore getInstance(String type)
Returns a new instance of KeyStore with the specified type.
final Key getKey(String alias, char[] password)
Returns the key with the given alias, using the password to recover the key from the store.
final Provider getProvider()
Returns the provider associated with this KeyStore.
final String getType()
Returns the type of this KeyStore.
final boolean isCertificateEntry(String alias)
Indicates whether the specified alias is associated with a KeyStore.TrustedCertificateEntry.
final boolean isKeyEntry(String alias)
Indicates whether the specified alias is associated with either a KeyStore.PrivateKeyEntry or a KeyStore.SecretKeyEntry.
final void load(InputStream stream, char[] password)
Initializes this KeyStore from the provided InputStream.
final void load(KeyStore.LoadStoreParameter param)
Loads this KeyStore using the specified LoadStoreParameter.
final void setCertificateEntry(String alias, Certificate cert)
Associates the given alias with a certificate.
final void setEntry(String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter param)
Stores the given Entry in this KeyStore and associates the entry with the given alias.
final void setKeyEntry(String alias, Key key, char[] password, Certificate[] chain)
Associates the given alias with the key, password and certificate chain.
final void setKeyEntry(String alias, byte[] key, Certificate[] chain)
Associates the given alias with a key and a certificate chain.
final int size()
Returns the number of entries stored in this KeyStore.
final void store(OutputStream stream, char[] password)
Writes this KeyStore to the specified OutputStream.
final void store(KeyStore.LoadStoreParameter param)
Stores this KeyStore using the specified LoadStoreParameter.
[Expand]
Inherited Methods
From class java.lang.Object

Protected Constructors

protected KeyStore (KeyStoreSpi keyStoreSpi, Provider provider, String type)

Since: API Level 1

Constructs a new instance of KeyStore with the given arguments.

Parameters
keyStoreSpi the concrete key store.
provider the provider.
type the type of the KeyStore to be constructed.

Public Methods

public final Enumeration<String> aliases ()

Since: API Level 1

Returns an Enumeration over all alias names stored in this KeyStore.

Returns
  • an Enumeration over all alias names stored in this KeyStore.
Throws
KeyStoreException if this KeyStore is not initialized.

public final boolean containsAlias (String alias)

Since: API Level 1

Indicates whether the given alias is present in this KeyStore.

Parameters
alias the alias of an entry.
Returns
  • true if the alias exists, false otherwise.
Throws
KeyStoreException if this KeyStore is not initialized.

public final void deleteEntry (String alias)

Since: API Level 1

Deletes the entry identified with the given alias from this KeyStore.

Parameters
alias the alias for the entry.
Throws
KeyStoreException if this KeyStore is not initialized, or if the entry can not be deleted.

public final boolean entryInstanceOf (String alias, Class<? extends KeyStore.Entry> entryClass)

Since: API Level 1

Indicates whether the entry for the given alias is assignable to the provided Class.

Parameters
alias the alias for the entry.
entryClass the type of the entry.
Returns
  • true if the Entry for the alias is assignable to the specified entryClass.
Throws
KeyStoreException if this KeyStore is not initialized.

public final Certificate getCertificate (String alias)

Since: API Level 1

Returns the trusted certificate for the entry with the given alias.

Parameters
alias the alias for the entry.
Returns
  • the trusted certificate for the entry with the given alias, or null if the specified alias is not bound to an entry.
Throws
KeyStoreException if this KeyStore is not initialized.

public final String getCertificateAlias (Certificate cert)

Since: API Level 1

Returns the alias associated with the first entry whose certificate matches the specified certificate.

Parameters
cert the certificate to find the associated entry's alias for.
Returns
  • the alias or null if no entry with the specified certificate can be found.
Throws
KeyStoreException if this KeyStore is not initialized.

public final Certificate[] getCertificateChain (String alias)

Since: API Level 1

Returns the certificate chain for the entry with the given alias.

Parameters
alias the alias for the entry.
Returns
  • the certificate chain for the entry with the given alias, or null if the specified alias is not bound to an entry.
Throws
KeyStoreException if this KeyStore is not initialized.

public final Date getCreationDate (String alias)

Since: API Level 1

Returns the creation date of the entry with the given alias.

Parameters
alias the alias for the entry.
Returns
  • the creation date, or null if the specified alias is not bound to an entry.
Throws
KeyStoreException if this KeyStore is not initialized.

public static final String getDefaultType ()

Since: API Level 1

Returns the default type for KeyStore instances.

The default is specified in the 'keystore.type' property in the file named JAVA_HOME/lib/security/java.security. If this property is not set, "jks" will be used.

Returns
  • the default type for KeyStore instances

public final KeyStore.Entry getEntry (String alias, KeyStore.ProtectionParameter param)

Since: API Level 1

Returns the Entry with the given alias, using the specified ProtectionParameter.

Parameters
alias the alias of the requested entry.
param the ProtectionParameter used to protect the requested entry, maybe null.
Returns
  • he Entry with the given alias, using the specified ProtectionParameter.
Throws
NoSuchAlgorithmException if the required algorithm is not available.
UnrecoverableEntryException if the entry can not be recovered.
KeyStoreException if this KeyStore is not initialized.
NullPointerException if alias is null.

public static KeyStore getInstance (String type, String provider)

Since: API Level 1

Returns a new instance of KeyStore from the specified provider with the given type.

Parameters
type the type of the returned KeyStore.
provider name of the provider of the KeyStore.
Returns
  • a new instance of KeyStore from the specified provider with the given type.
Throws
KeyStoreException if an error occurred during the creation of the new KeyStore.
NoSuchProviderException if the specified provider is not available.
IllegalArgumentException if provider == null || provider.isEmpty()
NullPointerException if type is null (instead of NoSuchAlgorithmException) as in 1.4 release
See Also

public static KeyStore getInstance (String type, Provider provider)

Since: API Level 1

Returns a new instance of KeyStore from the specified provider with the given type.

Parameters
type the type of the returned KeyStore.
provider the provider of the KeyStore.
Returns
  • a new instance of KeyStore from the specified provider with the given type.
Throws
KeyStoreException if an error occurred during the creation of the new KeyStore.
IllegalArgumentException if provider is null or the empty string.
NullPointerException if type == null (instead of NoSuchAlgorithmException) as in 1.4 release
See Also

public static KeyStore getInstance (String type)

Since: API Level 1

Returns a new instance of KeyStore with the specified type.

Parameters
type the type of the returned KeyStore.
Returns
  • a new instance of KeyStore with the specified type.
Throws
KeyStoreException if an error occurred during the creation of the new KeyStore.
NullPointerException if type == null
See Also

public final Key getKey (String alias, char[] password)

Since: API Level 1

Returns the key with the given alias, using the password to recover the key from the store.

Parameters
alias the alias for the entry.
password the password used to recover the key.
Returns
  • the key with the specified alias, or null if the specified alias is not bound to an entry.
Throws
KeyStoreException if this KeyStore is not initialized.
NoSuchAlgorithmException if the algorithm for recovering the key is not available.
UnrecoverableKeyException if the key can not be recovered.

public final Provider getProvider ()

Since: API Level 1

Returns the provider associated with this KeyStore.

Returns
  • the provider associated with this KeyStore.

public final String getType ()

Since: API Level 1

Returns the type of this KeyStore.

Returns
  • the type of this KeyStore.

public final boolean isCertificateEntry (String alias)

Since: API Level 1

Indicates whether the specified alias is associated with a KeyStore.TrustedCertificateEntry.

Parameters
alias the alias of an entry.
Returns
  • true if the given alias is associated with a certificate entry.
Throws
KeyStoreException if this KeyStore is not initialized.

public final boolean isKeyEntry (String alias)

Since: API Level 1

Indicates whether the specified alias is associated with either a KeyStore.PrivateKeyEntry or a KeyStore.SecretKeyEntry.

Parameters
alias the alias of an entry.
Returns
  • true if the given alias is associated with a key entry.
Throws
KeyStoreException if this KeyStore is not initialized.

public final void load (InputStream stream, char[] password)

Since: API Level 1

Initializes this KeyStore from the provided InputStream. Pass null as the stream argument to initialize an empty KeyStore or to initialize a KeyStore which does not rely on an InputStream. This KeyStore utilizes the given password to verify the stored data.

Parameters
stream the InputStream to load this KeyStore's data from or null.
password the password to verify the stored data, maybe null.
Throws
IOException if a problem occurred while reading from the stream.
NoSuchAlgorithmException if the required algorithm is not available.
CertificateException if an exception occurred while loading the certificates of this KeyStore.

public final void load (KeyStore.LoadStoreParameter param)

Since: API Level 1

Loads this KeyStore using the specified LoadStoreParameter.

Parameters
param the LoadStoreParameter that specifies how to load this KeyStore, maybe null.
Throws
IOException if a problem occurred while reading from the stream.
NoSuchAlgorithmException if the required algorithm is not available.
CertificateException if an exception occurred while loading the certificates of this KeyStore.
IllegalArgumentException if the given KeyStore.LoadStoreParameter is not recognized.

public final void setCertificateEntry (String alias, Certificate cert)

Since: API Level 1

Associates the given alias with a certificate.

If the specified alias already exists, it will be reassigned.

Parameters
alias the alias for the certificate.
cert the certificate.
Throws
KeyStoreException if this KeyStore is not initialized, or an existing alias is not associated to an entry containing a trusted certificate, or this method fails for any other reason.
NullPointerException if alias is null.

public final void setEntry (String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter param)

Since: API Level 1

Stores the given Entry in this KeyStore and associates the entry with the given alias. The entry is protected by the specified ProtectionParameter.

If the specified alias already exists, it will be reassigned.

Parameters
alias the alias for the entry.
entry the entry to store.
param the ProtectionParameter to protect the entry.
Throws
KeyStoreException if this KeyStore is not initialized.
NullPointerException if alias is null or entry is null.

public final void setKeyEntry (String alias, Key key, char[] password, Certificate[] chain)

Since: API Level 1

Associates the given alias with the key, password and certificate chain.

If the specified alias already exists, it will be reassigned.

Parameters
alias the alias for the key.
key the key.
password the password.
chain the certificate chain.
Throws
KeyStoreException if this KeyStore is not initialized.
IllegalArgumentException if key is a PrivateKey and chain does not contain any certificates.
NullPointerException if alias is null.

public final void setKeyEntry (String alias, byte[] key, Certificate[] chain)

Since: API Level 1

Associates the given alias with a key and a certificate chain.

If the specified alias already exists, it will be reassigned.

If this KeyStore is of type "jks", key must be encoded conform to the PKS#8 standard as an EncryptedPrivateKeyInfo.

Parameters
alias the alias for the key.
key the key in an encoded format.
chain the certificate chain.
Throws
KeyStoreException if this KeyStore is not initialized or if key is null.
IllegalArgumentException if key is a PrivateKey and chain does.
NullPointerException if alias is null.

public final int size ()

Since: API Level 1

Returns the number of entries stored in this KeyStore.

Returns
  • the number of entries stored in this KeyStore.
Throws
KeyStoreException if this KeyStore is not initialized.

public final void store (OutputStream stream, char[] password)

Since: API Level 1

Writes this KeyStore to the specified OutputStream. The data written to the OutputStream is protected by the specified password.

Parameters
stream the OutputStream to write the store's data to.
password the password to protect the data.
Throws
KeyStoreException if this KeyStore is not initialized.
IOException if a problem occurred while writing to the stream.
NoSuchAlgorithmException if the required algorithm is not available.
CertificateException if an exception occurred while storing the certificates of this KeyStore.

public final void store (KeyStore.LoadStoreParameter param)

Since: API Level 1

Stores this KeyStore using the specified LoadStoreParameter.

Parameters
param the LoadStoreParameter that specifies how to store this KeyStore, maybe null.
Throws
KeyStoreException if this KeyStore is not initialized.
IOException if a problem occurred while writing to the stream.
NoSuchAlgorithmException if the required algorithm is not available.
CertificateException if an exception occurred while storing the certificates of this KeyStore.
IllegalArgumentException if the given KeyStore.LoadStoreParameter is not recognized.