KeyStore.PasswordProtection

public static class KeyStore.PasswordProtection extends Object
implements KeyStore.ProtectionParameter Destroyable

A password-based implementation of ProtectionParameter.

Public Constructor Summary

PasswordProtection(char[] password)
Creates a password parameter.
PasswordProtection(char[] password, String protectionAlgorithm, AlgorithmParameterSpec protectionParameters)
Creates a password parameter and specifies the protection algorithm and associated parameters to use when encrypting a keystore entry.

Public Method Summary

synchronized void
destroy()
Clears the password.
synchronized char[]
getPassword()
Gets the password.
String
getProtectionAlgorithm()
Gets the name of the protection algorithm.
AlgorithmParameterSpec
getProtectionParameters()
Gets the parameters supplied for the protection algorithm.
synchronized boolean
isDestroyed()
Determines if password has been cleared.

Inherited Method Summary

Public Constructors

public PasswordProtection (char[] password)

Creates a password parameter.

The specified password is cloned before it is stored in the new PasswordProtection object.

Parameters
password the password, which may be null

public PasswordProtection (char[] password, String protectionAlgorithm, AlgorithmParameterSpec protectionParameters)

Creates a password parameter and specifies the protection algorithm and associated parameters to use when encrypting a keystore entry.

The specified password is cloned before it is stored in the new PasswordProtection object.

Parameters
password the password, which may be null
protectionAlgorithm the encryption algorithm name, for example, PBEWithHmacSHA256AndAES_256. See the Cipher section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard encryption algorithm names.
protectionParameters the encryption algorithm parameter specification, which may be null
Throws
NullPointerException if protectionAlgorithm is null

Public Methods

public synchronized void destroy ()

Clears the password.

Throws
DestroyFailedException if this method was unable to clear the password

public synchronized char[] getPassword ()

Gets the password.

Note that this method returns a reference to the password. If a clone of the array is created it is the caller's responsibility to zero out the password information after it is no longer needed.

Returns
  • the password, which may be null
Throws
IllegalStateException if the password has been cleared (destroyed)
See Also

public String getProtectionAlgorithm ()

Gets the name of the protection algorithm. If none was set then the keystore provider will use its default protection algorithm. The name of the default protection algorithm for a given keystore type is set using the 'keystore.<type>.keyProtectionAlgorithm' security property. For example, the keystore.PKCS12.keyProtectionAlgorithm property stores the name of the default key protection algorithm used for PKCS12 keystores. If the security property is not set, an implementation-specific algorithm will be used.

Returns
  • the algorithm name, or null if none was set

public AlgorithmParameterSpec getProtectionParameters ()

Gets the parameters supplied for the protection algorithm.

Returns
  • the algorithm parameter specification, or null, if none was set

public synchronized boolean isDestroyed ()

Determines if password has been cleared.

Returns
  • true if the password has been cleared, false otherwise