Package com.unboundid.util.ssl

Class PKCS11KeyManager

java.lang.Object
javax.net.ssl.X509ExtendedKeyManager
com.unboundid.util.ssl.WrapperKeyManager
com.unboundid.util.ssl.PKCS11KeyManager
All Implemented Interfaces:
KeyManager, X509KeyManager
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class PKCS11KeyManager extends WrapperKeyManager
This class provides an SSL key manager that may be used to interact with PKCS #11 tokens.

  • Field Details

  • Constructor Details

    • PKCS11KeyManager

      public PKCS11KeyManager(@Nullable char[] keyStorePIN, @Nullable String certificateAlias) throws KeyStoreException
      Creates a new instance of this PKCS #11 key manager with the provided information.
      Parameters:
      keyStorePIN - The user PIN to use to access the PKCS #11 token. This may be null if no PIN is required.
      certificateAlias - The nickname for the key entry to use in the PKCS #11 token. It may be null if any acceptable entry may be used.
      Throws:
      KeyStoreException - If a problem occurs while initializing this key manager.

    • PKCS11KeyManager

      public PKCS11KeyManager(@Nullable String providerClassName, @Nullable File providerConfigFile, @Nullable String keyStoreType, @Nullable char[] keyStorePIN, @Nullable String certificateAlias) throws KeyStoreException
      Creates a new instance of this PKCS11 key manager with the provided information.
      Parameters:
      providerClassName - The fully-qualified name of the Java class that implements the provider to use to interact with the PKCS #11 module. If this is null, then the key manager will attempt to automatically identify the appropriate provider.
      providerConfigFile - A file that contains the configuration to use for the provider. This may be null if no provider configuration is needed, or if the provider is already properly instantiated.
      keyStoreType - The name of the key store type to use when interacting with the PKCS #11 token. If this is null, then a default key store type of PKCS11 will be used.
      keyStorePIN - The user PIN to use to access the PKCS #11 token. This may be null if no PIN is required.
      certificateAlias - The nickname for the key entry to use in the PKCS #11 token. It may be null if any acceptable entry may be used.
      Throws:
      KeyStoreException - If a problem occurs while initializing this key manager.

    • PKCS11KeyManager

      public PKCS11KeyManager(@NotNull Provider provider, @Nullable String keyStoreType, @Nullable char[] keyStorePIN, @Nullable String certificateAlias) throws KeyStoreException
      Creates a new instance of this PKCS11 key manager with the provided information.
      Parameters:
      provider - The Java security provider to use to access the PKCS #11 token. It must not be null.
      keyStoreType - The name of the key store type to use when interacting with the PKCS #11 token. If this is null, then a default key store type of PKCS11 will be used.
      keyStorePIN - The user PIN to use to access the PKCS #11 token. This may be null if no PIN is required.
      certificateAlias - The nickname for the key entry to use in the PKCS #11 token. It may be null if any acceptable entry may be used.
      Throws:
      KeyStoreException - If a problem occurs while initializing this key manager.

  • Method Details

    • getProvider

      @NotNull public static Provider getProvider(@Nullable String providerClassName, @Nullable File providerConfigFile, @Nullable String keyStoreType, boolean alwaysCreateNewInstance) throws KeyStoreException
      Retrieves an instance of a Java security provider that may be used to interact with a PKCS #11 token. If a suitable new provider instance is created, then it will be added to the JVM's configured list of providers.
      Parameters:
      providerClassName - The fully-qualified name of the Java class to use for the provider. If this is null, then an attempt will be made to automatically identify the appropriate provider class.
      providerConfigFile - A file that contains the configuration to use for the provider. This may be null if no provider configuration is needed, or if the provider is already properly instantiated.
      keyStoreType - The name of the key store type to use when interacting with the PKCS #11 token. If this is null, then a default key store type of PKCS11 will be used.
      alwaysCreateNewInstance - Indicates whether to always create a new instance of the provider, even
      Returns:
      The provider instance that should be used to interact with a PKCS #11 token.
      Throws:
      KeyStoreException - If a problem occurs while retrieving the

    • getPKCS11JSSESProvider

      @Nullable public static Provider getPKCS11JSSESProvider()
      Retrieves an instance of a Java security provider that should be used when performing JSSE-related operations in conjunction with PKCS #11 tokens. The JVM's preferred JSSE provider may not be the best choice when using a PKCS #11 token (including when operating in FIPS-compliant mode).
      Returns:
      An instance of a Java security provider that should be used when performing JSSE-related operations in conjunction with PKCS #11 tokens. It may be null if the best provider cannot be determined.