TokenKeyStore (IAIK PKCS#11 Provider API Documentation)

java.lang.Object
- java.security.KeyStore
- - iaik.pkcs.pkcs11.provider.TokenKeyStore

```
public class TokenKeyStore
extends java.security.KeyStore
```
An adapter class to gain the possibility to instantiate an object that is an instance of KeyStore. In the original KeyStore from SUN, all instance methods are final, which prohibits any extension.

Author:

Karl Scheibelhofer

Nested Class Summary
- Nested classes/interfaces inherited from class java.security.KeyStore
  java.security.KeyStore.Builder, java.security.KeyStore.CallbackHandlerProtection, java.security.KeyStore.Entry, java.security.KeyStore.LoadStoreParameter, java.security.KeyStore.PasswordProtection, java.security.KeyStore.PrivateKeyEntry, java.security.KeyStore.ProtectionParameter, java.security.KeyStore.SecretKeyEntry, java.security.KeyStore.TrustedCertificateEntry

Field Summary

Fields
Modifier and Type	Field and Description
`protected TokenKeyStoreSpi`	`iaikPKCS11KeyStoreSPI_` The reference to the TokenKeyStoreSpi, if the underlying SPI class is of this type.
`static java.lang.String`	`KEYSTORE_TYPE` The JCA standard type name of this key store.

Constructor Summary

Constructors
Constructor and Description
`TokenKeyStore(TokenKeyStoreSpi cardKeyStore, IAIKPkcs11 keystoreProvider, java.lang.String keystoreType)` Construct a new KeyStore that forwards all calls to the cardKeyStore object.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`getReadProtectedKeyOnDemand()` This property causes this object to search for objects using only a not explicitely logged-in session.
`TokenManager`	`getTokenManager()` Return the token that is associated wtih this keystore.
`protected void`	`initialize()` This method just calls load(null, null) to ensure that the KeyStore super-class recognizes this key store as initialized.
`void`	`logout()` This method logs out the session of this key sotre.
`void`	`setReadProtectedKeyOnDemand(boolean onDemand)` Setting this property causes this object to search for objects using only a not explicitely logged-in session.
`void`	`updateKeystore()` This method updates the key and certificate tables even if token did not change.

Methods inherited from class java.security.KeyStore
aliases, containsAlias, deleteEntry, entryInstanceOf, getCertificate, getCertificateAlias, getCertificateChain, getCreationDate, getDefaultType, getEntry, getInstance, getInstance, getInstance, getKey, getProvider, getType, isCertificateEntry, isKeyEntry, load, load, setCertificateEntry, setEntry, setKeyEntry, setKeyEntry, size, store, store

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - KEYSTORE_TYPE
```
public static final java.lang.String KEYSTORE_TYPE
```
    The JCA standard type name of this key store.
    
    See Also:
    
    Constant Field Values
  - iaikPKCS11KeyStoreSPI_
```
protected TokenKeyStoreSpi iaikPKCS11KeyStoreSPI_
```
    The reference to the TokenKeyStoreSpi, if the underlying SPI class is of this type.
- Constructor Detail
  - TokenKeyStore
```
public TokenKeyStore(TokenKeyStoreSpi cardKeyStore,
                     IAIKPkcs11 keystoreProvider,
                     java.lang.String keystoreType)
```
    Construct a new KeyStore that forwards all calls to the cardKeyStore object. This constructor calls initialize() to ensure that JCA recognizes this key store as initialized.
    
    Parameters:
    
    cardKeyStore - The object that holds the actual implementation for this key store.
    
    keystoreProvider - The (JCE) provider of this key store.
    
    keystoreType - The type name this key store will be known by JCA.
- Method Detail
  - initialize
```
protected void initialize()
```
    This method just calls load(null, null) to ensure that the KeyStore super-class recognizes this key store as initialized. The super-class forwards this call to the underlaying KeyStoreSpi (cardKeyStore) object, which can react accordingly if required.
    
    Throws:
    
    IAIKPkcs11Exception - If the load(null, null) call fails.
  - getTokenManager
```
public TokenManager getTokenManager()
```
    Return the token that is associated wtih this keystore.
    
    Returns:
    
    The token that is associated with this key store.
  - getReadProtectedKeyOnDemand
```
public boolean getReadProtectedKeyOnDemand()
```
    This property causes this object to search for objects using only a not explicitely logged-in session. This may result in using a public session, in which the find operation will only find public objects. The key store will assume an existing private key for each end-user certificate on the token. It will log-in the session, when the applicaiton tries to get this corresponding key. However, this may result in the situation that private keys without certificate are not listed in the keystore, before the session is logged in.
    
    Returns:
    
    True, if the key store shall not explicitely log-in the session for search keys and certificates. It will log-in only, if the aplication tries to access such a key.
  - setReadProtectedKeyOnDemand
```
public void setReadProtectedKeyOnDemand(boolean onDemand)
```
    Setting this property causes this object to search for objects using only a not explicitely logged-in session. This may result in using a public session, in which the find operation will only find public objects. The key store will assume an existing private key for each end-user certificate on the token. It will log-in the session, when the applicaiton tries to get this corresponding key. However, this may result in the situation that private keys without certificate are not listed in the keystore, before the session is logged in.
    
    Parameters:
    
    onDemand - True, if the key store shall not explicitely log-in the session for search keys and certificates. It will log-in only, if the aplication tries to access such a key.
  - updateKeystore
```
public void updateKeystore()
                    throws IAIKPkcs11Exception
```
    This method updates the key and certificate tables even if token did not change.
    
    Throws:
    
    IAIKPkcs11Exception - If the update fails.
  - logout
```
public void logout()
```
    This method logs out the session of this key sotre. If the key store has no cached session, it will request the TokenManager to logout using any session. Attention! This causes all sessions of this token to be logged out. Any currently active operations on this token like signing may be interupted. This method is provided to provide means to force a logout after certain operations; e.g. after a qualified signature creation.

IAIK JavaSecurity Website https://jce.iaik.tugraz.at/

IAIK at Graz University of Technology, Austria, Europe
Copyright 2001-2023 IAIK, Graz University of Technology, Inffeldgasse 16a, 8010 Graz, Austria. All Rights Reserved. Version 1.9.4

Class TokenKeyStore

Nested Class Summary

Nested classes/interfaces inherited from class java.security.KeyStore

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.security.KeyStore

Methods inherited from class java.lang.Object

Field Detail

KEYSTORE_TYPE

iaikPKCS11KeyStoreSPI_

Constructor Detail

TokenKeyStore

Method Detail

initialize

getTokenManager

getReadProtectedKeyOnDemand

setReadProtectedKeyOnDemand

updateKeystore

logout