IAIK PKCS#11 Provider API Documentation
version 1.6

iaik.pkcs.pkcs11.provider
Class TokenKeyStore

java.lang.Object
  extended by java.security.KeyStore
      extended by iaik.pkcs.pkcs11.provider.TokenKeyStore

public class TokenKeyStore
extends java.security.KeyStore

An adapter class to gain the possibility to instantiate an object that is an instance of KeyStore. In the original KeyStore from SUN, all instance methods are final, which prohibits any extension.

Author:
Karl Scheibelhofer

Nested Class Summary
 
Nested classes/interfaces inherited from class java.security.KeyStore
java.security.KeyStore.Builder, java.security.KeyStore.CallbackHandlerProtection, java.security.KeyStore.Entry, java.security.KeyStore.LoadStoreParameter, java.security.KeyStore.PasswordProtection, java.security.KeyStore.PrivateKeyEntry, java.security.KeyStore.ProtectionParameter, java.security.KeyStore.SecretKeyEntry, java.security.KeyStore.TrustedCertificateEntry
 
Field Summary
static java.lang.String KEYSTORE_TYPE
          The JCA standard type name of this key store.
 
Constructor Summary
TokenKeyStore(TokenKeyStoreSpi cardKeyStore, IAIKPkcs11 keystoreProvider, java.lang.String keystoreType)
          Construct a new KeyStore that forwards all calls to the cardKeyStore object.
 
Method Summary
 boolean getReadProtectedKeyOnDemand()
          This property causes this object to search for objects using only a not explicitely logged-in session.
 TokenManager getTokenManager()
          Return the token that is associated wtih this keystore.
 void logout()
          This method logs out the session of this key sotre.
 void setReadProtectedKeyOnDemand(boolean onDemand)
          Setting this property causes this object to search for objects using only a not explicitely logged-in session.
 void updateKeystore()
          This method updates the key and certificate tables even if token did not change.
 
Methods inherited from class java.security.KeyStore
aliases, containsAlias, deleteEntry, entryInstanceOf, getCertificate, getCertificateAlias, getCertificateChain, getCreationDate, getDefaultType, getEntry, getInstance, getInstance, getInstance, getKey, getProvider, getType, isCertificateEntry, isKeyEntry, load, load, setCertificateEntry, setEntry, setKeyEntry, setKeyEntry, size, store, store
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

KEYSTORE_TYPE

public static final java.lang.String KEYSTORE_TYPE
The JCA standard type name of this key store.

See Also:
Constant Field Values
Constructor Detail

TokenKeyStore

public TokenKeyStore(TokenKeyStoreSpi cardKeyStore,
                     IAIKPkcs11 keystoreProvider,
                     java.lang.String keystoreType)
Construct a new KeyStore that forwards all calls to the cardKeyStore object. This constructor calls initialize() to ensure that JCA recognizes this key store as initialized.

Parameters:
cardKeyStore - The object that holds the actual implementation for this key store.
keystoreProvider - The (JCE) provider of this key store.
keystoreType - The type name this key store will be known by JCA.
Method Detail

getTokenManager

public TokenManager getTokenManager()
Return the token that is associated wtih this keystore.

Returns:
The token that is associated with this key store.

getReadProtectedKeyOnDemand

public boolean getReadProtectedKeyOnDemand()
This property causes this object to search for objects using only a not explicitely logged-in session. This may result in using a public session, in which the find operation will only find public objects. The key store will assume an existing private key for each end-user certificate on the token. It will log-in the session, when the applicaiton tries to get this corresponding key. However, this may result in the situation that private keys without certificate are not listed in the keystore, before the session is logged in.

Returns:
True, if the key store shall not explicitely log-in the session for search keys and certificates. It will log-in only, if the aplication tries to access such a key.

setReadProtectedKeyOnDemand

public void setReadProtectedKeyOnDemand(boolean onDemand)
Setting this property causes this object to search for objects using only a not explicitely logged-in session. This may result in using a public session, in which the find operation will only find public objects. The key store will assume an existing private key for each end-user certificate on the token. It will log-in the session, when the applicaiton tries to get this corresponding key. However, this may result in the situation that private keys without certificate are not listed in the keystore, before the session is logged in.

Parameters:
onDemand - True, if the key store shall not explicitely log-in the session for search keys and certificates. It will log-in only, if the aplication tries to access such a key.

updateKeystore

public void updateKeystore()
                    throws IAIKPkcs11Exception
This method updates the key and certificate tables even if token did not change.

Throws:
IAIKPkcs11Exception - If the update fails.

logout

public void logout()
This method logs out the session of this key sotre. If the key store has no cached session, it will request the TokenManager to logout using any session. Attention! This causes all sessions of this token to be logged out. Any currently active operations on this token like signing may be interupted. This method is provided to provide means to force a logout after certain operations; e.g. after a qualified signature creation.


IAIK PKCS#11 Provider API Documentation
version 1.6

IAIK JavaSecurity Website http://jce.iaik.tugraz.at/

IAIK at Graz University of Technology, Austria, Europe
Copyright 2001-2004, IAIK, Graz University of Technology, Inffeldgasse 16a, 8010 Graz, Austria. All Rights Reserved.
version 1.6