Developing with Secure Storage
Central Classes and Interfaces
The functionality of secure storage is exposed via APIs of the org.eclipse.equinox.security bundle.
The
org.eclipse.equinox.security.storage
package contains several classes and interfaces that are likely
going to serve as a starting point.
The
SecurePreferencesFactory can be used to obtain the root node of the secure preferences. The
SecurePreferencesFactory#getDefault() method will return default secure preference root node.
If you prefer your secure storage to be isolated from the rest of the application, you can use
SecurePreferencesFactory#open(URL location, Map options) method to open a secure storage corresponding to
the location of your choice. This method also takes a map of optional hints that can be used to influence
the behavior of this instance of secure storage.
The restrictions put on the node names are similar to the
OSGi Preferences
:
no double forward slashes, no trailing forward slash. In addition, node names can only contain printable ASCII characters.
If you need to use a string that does not fit those restrictions, the
EncodingUtils class can be used to convert the string into a compliant form.
The functionality provided by the nodes is described by the
ISecurePreferences interface. You'll find this interface is very similar to the OSGi Preferences with
a few minor differences. One of the differences is that many methods use
StorageException to provide more detailed description of exceptions.
Debugging
The contents of the default secure storage can be seen in the
General > Security > Secure Storage
preferences page. To enable modifications of the contents of secure storage, enable debug options of
the org.eclipse.equinox.security.ui bundle. Enabling debug options will add context menus to the preferences
page tree and to the values table. The context menus allow removal and addition of nodes and values to be performed
directly from the preferences page.
You'll notice that context menus are disabled for the "org.eclipse.equinox.secure.storage"
node. This node and its children are reserved for secure storage use and should not be modified directly.