-
EncryptedPrivateKeyInfo
-
algid: AlgorithmId
-
keyAlg: String
-
encryptedData: byte[]
-
encoded: byte[]
-
EncryptedPrivateKeyInfo(byte[]): void
-
EncryptedPrivateKeyInfo(String, byte[]): void
-
EncryptedPrivateKeyInfo(AlgorithmParameters, byte[]): void
-
getAlgName(): String
-
getAlgParameters(): AlgorithmParameters
-
getEncryptedData(): byte[]
-
getKeySpec(Cipher): PKCS8EncodedKeySpec
-
getKeySpecImpl(Key, Provider): PKCS8EncodedKeySpec
-
getKeySpec(Key): PKCS8EncodedKeySpec
-
getKeySpec(Key, String): PKCS8EncodedKeySpec
-
getKeySpec(Key, Provider): PKCS8EncodedKeySpec
-
getEncoded(): byte[]
-
checkTag(DerValue, byte, String): void
-
checkPKCS8Encoding(byte[]): void
-
/*
* Copyright (c) 2001, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package javax.crypto;
import java.io.*;
import java.security.*;
import java.security.spec.*;
import sun.security.x509.AlgorithmId;
import sun.security.util.DerValue;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
This class implements the EncryptedPrivateKeyInfo type
as defined in PKCS #8.
Its ASN.1 definition is as follows:
EncryptedPrivateKeyInfo ::= SEQUENCE {
encryptionAlgorithm AlgorithmIdentifier,
encryptedData OCTET STRING }
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
Author: Valerie Peng See Also: Since: 1.4
/**
* This class implements the <code>EncryptedPrivateKeyInfo</code> type
* as defined in PKCS #8.
* <p>Its ASN.1 definition is as follows:
*
* <pre>
* EncryptedPrivateKeyInfo ::= SEQUENCE {
* encryptionAlgorithm AlgorithmIdentifier,
* encryptedData OCTET STRING }
*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL }
* </pre>
*
* @author Valerie Peng
*
* @see java.security.spec.PKCS8EncodedKeySpec
*
* @since 1.4
*/
public class EncryptedPrivateKeyInfo {
// the "encryptionAlgorithm" field
private AlgorithmId algid;
// the algorithm name of the encrypted private key
private String keyAlg;
// the "encryptedData" field
private byte[] encryptedData;
// the ASN.1 encoded contents of this class
private byte[] encoded = null;
Constructs (i.e., parses) an EncryptedPrivateKeyInfo from
its ASN.1 encoding.
Params: - encoded – the ASN.1 encoding of this object. The contents of
the array are copied to protect against subsequent modification.
Throws: - NullPointerException – if the
encoded is null. - IOException – if error occurs when parsing the ASN.1 encoding.
/**
* Constructs (i.e., parses) an <code>EncryptedPrivateKeyInfo</code> from
* its ASN.1 encoding.
* @param encoded the ASN.1 encoding of this object. The contents of
* the array are copied to protect against subsequent modification.
* @exception NullPointerException if the <code>encoded</code> is null.
* @exception IOException if error occurs when parsing the ASN.1 encoding.
*/
public EncryptedPrivateKeyInfo(byte[] encoded)
throws IOException {
if (encoded == null) {
throw new NullPointerException("the encoded parameter " +
"must be non-null");
}
this.encoded = encoded.clone();
DerValue val = new DerValue(this.encoded);
DerValue[] seq = new DerValue[2];
seq[0] = val.data.getDerValue();
seq[1] = val.data.getDerValue();
if (val.data.available() != 0) {
throw new IOException("overrun, bytes = " + val.data.available());
}
this.algid = AlgorithmId.parse(seq[0]);
if (seq[0].data.available() != 0) {
throw new IOException("encryptionAlgorithm field overrun");
}
this.encryptedData = seq[1].getOctetString();
if (seq[1].data.available() != 0) {
throw new IOException("encryptedData field overrun");
}
}
Constructs an EncryptedPrivateKeyInfo from the
encryption algorithm name and the encrypted data.
Note: This constructor will use null as the value of the
algorithm parameters. If the encryption algorithm has
parameters whose value is not null, a different constructor,
e.g. EncryptedPrivateKeyInfo(AlgorithmParameters, byte[]),
should be used.
Params: - algName – encryption algorithm name. See the
Java Security Standard Algorithm Names document
for information about standard Cipher algorithm names.
- encryptedData – encrypted data. The contents of
encrypedData are copied to protect against subsequent
modification when constructing this object.
Throws: - NullPointerException – if
algName or
encryptedData is null. - IllegalArgumentException – if
encryptedData
is empty, i.e. 0-length. - NoSuchAlgorithmException – if the specified algName is
not supported.
/**
* Constructs an <code>EncryptedPrivateKeyInfo</code> from the
* encryption algorithm name and the encrypted data.
*
* <p>Note: This constructor will use null as the value of the
* algorithm parameters. If the encryption algorithm has
* parameters whose value is not null, a different constructor,
* e.g. EncryptedPrivateKeyInfo(AlgorithmParameters, byte[]),
* should be used.
*
* @param algName encryption algorithm name. See the
* <a href="{@docRoot}/../specs/security/standard-names.html">
* Java Security Standard Algorithm Names</a> document
* for information about standard Cipher algorithm names.
* @param encryptedData encrypted data. The contents of
* <code>encrypedData</code> are copied to protect against subsequent
* modification when constructing this object.
* @exception NullPointerException if <code>algName</code> or
* <code>encryptedData</code> is null.
* @exception IllegalArgumentException if <code>encryptedData</code>
* is empty, i.e. 0-length.
* @exception NoSuchAlgorithmException if the specified algName is
* not supported.
*/
public EncryptedPrivateKeyInfo(String algName, byte[] encryptedData)
throws NoSuchAlgorithmException {
if (algName == null)
throw new NullPointerException("the algName parameter " +
"must be non-null");
this.algid = AlgorithmId.get(algName);
if (encryptedData == null) {
throw new NullPointerException("the encryptedData " +
"parameter must be non-null");
} else if (encryptedData.length == 0) {
throw new IllegalArgumentException("the encryptedData " +
"parameter must not be empty");
} else {
this.encryptedData = encryptedData.clone();
}
// delay the generation of ASN.1 encoding until
// getEncoded() is called
this.encoded = null;
}
Constructs an EncryptedPrivateKeyInfo from the
encryption algorithm parameters and the encrypted data.
Params: - algParams – the algorithm parameters for the encryption
algorithm.
algParams.getEncoded() should return
the ASN.1 encoded bytes of the parameters field
of the AlgorithmIdentifer component of the
EncryptedPrivateKeyInfo type. - encryptedData – encrypted data. The contents of
encrypedData are copied to protect against
subsequent modification when constructing this object.
Throws: - NullPointerException – if
algParams or
encryptedData is null. - IllegalArgumentException – if
encryptedData
is empty, i.e. 0-length. - NoSuchAlgorithmException – if the specified algName of
the specified
algParams parameter is not supported.
/**
* Constructs an <code>EncryptedPrivateKeyInfo</code> from the
* encryption algorithm parameters and the encrypted data.
*
* @param algParams the algorithm parameters for the encryption
* algorithm. <code>algParams.getEncoded()</code> should return
* the ASN.1 encoded bytes of the <code>parameters</code> field
* of the <code>AlgorithmIdentifer</code> component of the
* <code>EncryptedPrivateKeyInfo</code> type.
* @param encryptedData encrypted data. The contents of
* <code>encrypedData</code> are copied to protect against
* subsequent modification when constructing this object.
* @exception NullPointerException if <code>algParams</code> or
* <code>encryptedData</code> is null.
* @exception IllegalArgumentException if <code>encryptedData</code>
* is empty, i.e. 0-length.
* @exception NoSuchAlgorithmException if the specified algName of
* the specified <code>algParams</code> parameter is not supported.
*/
public EncryptedPrivateKeyInfo(AlgorithmParameters algParams,
byte[] encryptedData) throws NoSuchAlgorithmException {
if (algParams == null) {
throw new NullPointerException("algParams must be non-null");
}
this.algid = AlgorithmId.get(algParams);
if (encryptedData == null) {
throw new NullPointerException("encryptedData must be non-null");
} else if (encryptedData.length == 0) {
throw new IllegalArgumentException("the encryptedData " +
"parameter must not be empty");
} else {
this.encryptedData = encryptedData.clone();
}
// delay the generation of ASN.1 encoding until
// getEncoded() is called
this.encoded = null;
}
Returns the encryption algorithm.
Note: Standard name is returned instead of the specified one
in the constructor when such mapping is available.
See the
Java Security Standard Algorithm Names document
for information about standard Cipher algorithm names.
Returns: the encryption algorithm name.
/**
* Returns the encryption algorithm.
* <p>Note: Standard name is returned instead of the specified one
* in the constructor when such mapping is available.
* See the <a href="{@docRoot}/../specs/security/standard-names.html">
* Java Security Standard Algorithm Names</a> document
* for information about standard Cipher algorithm names.
*
* @return the encryption algorithm name.
*/
public String getAlgName() {
return this.algid.getName();
}
Returns the algorithm parameters used by the encryption algorithm.
Returns: the algorithm parameters.
/**
* Returns the algorithm parameters used by the encryption algorithm.
* @return the algorithm parameters.
*/
public AlgorithmParameters getAlgParameters() {
return this.algid.getParameters();
}
Returns the encrypted data.
Returns: the encrypted data. Returns a new array
each time this method is called.
/**
* Returns the encrypted data.
* @return the encrypted data. Returns a new array
* each time this method is called.
*/
public byte[] getEncryptedData() {
return this.encryptedData.clone();
}
Extract the enclosed PKCS8EncodedKeySpec object from the
encrypted data and return it.
Note: In order to successfully retrieve the enclosed
PKCS8EncodedKeySpec object, cipher needs
to be initialized to either Cipher.DECRYPT_MODE or
Cipher.UNWRAP_MODE, with the same key and parameters used
for generating the encrypted data.
Params: - cipher – the initialized cipher object which will be
used for decrypting the encrypted data.
Throws: - NullPointerException – if
cipher
is null. - InvalidKeySpecException – if the given cipher is
inappropriate for the encrypted data or the encrypted
data is corrupted and cannot be decrypted.
Returns: the PKCS8EncodedKeySpec object.
/**
* Extract the enclosed PKCS8EncodedKeySpec object from the
* encrypted data and return it.
* <br>Note: In order to successfully retrieve the enclosed
* PKCS8EncodedKeySpec object, <code>cipher</code> needs
* to be initialized to either Cipher.DECRYPT_MODE or
* Cipher.UNWRAP_MODE, with the same key and parameters used
* for generating the encrypted data.
*
* @param cipher the initialized cipher object which will be
* used for decrypting the encrypted data.
* @return the PKCS8EncodedKeySpec object.
* @exception NullPointerException if <code>cipher</code>
* is null.
* @exception InvalidKeySpecException if the given cipher is
* inappropriate for the encrypted data or the encrypted
* data is corrupted and cannot be decrypted.
*/
public PKCS8EncodedKeySpec getKeySpec(Cipher cipher)
throws InvalidKeySpecException {
byte[] encoded = null;
try {
encoded = cipher.doFinal(encryptedData);
checkPKCS8Encoding(encoded);
} catch (GeneralSecurityException |
IOException |
IllegalStateException ex) {
throw new InvalidKeySpecException(
"Cannot retrieve the PKCS8EncodedKeySpec", ex);
}
return new PKCS8EncodedKeySpec(encoded, keyAlg);
}
private PKCS8EncodedKeySpec getKeySpecImpl(Key decryptKey,
Provider provider) throws NoSuchAlgorithmException,
InvalidKeyException {
byte[] encoded = null;
Cipher c;
try {
if (provider == null) {
// use the most preferred one
c = Cipher.getInstance(algid.getName());
} else {
c = Cipher.getInstance(algid.getName(), provider);
}
c.init(Cipher.DECRYPT_MODE, decryptKey, algid.getParameters());
encoded = c.doFinal(encryptedData);
checkPKCS8Encoding(encoded);
} catch (NoSuchAlgorithmException nsae) {
// rethrow
throw nsae;
} catch (GeneralSecurityException | IOException ex) {
throw new InvalidKeyException(
"Cannot retrieve the PKCS8EncodedKeySpec", ex);
}
return new PKCS8EncodedKeySpec(encoded, keyAlg);
}
Extract the enclosed PKCS8EncodedKeySpec object from the
encrypted data and return it.
Params: - decryptKey – key used for decrypting the encrypted data.
Throws: - NullPointerException – if
decryptKey
is null. - NoSuchAlgorithmException – if cannot find appropriate
cipher to decrypt the encrypted data.
- InvalidKeyException – if
decryptKey
cannot be used to decrypt the encrypted data or the decryption
result is not a valid PKCS8KeySpec.
Returns: the PKCS8EncodedKeySpec object. Since: 1.5
/**
* Extract the enclosed PKCS8EncodedKeySpec object from the
* encrypted data and return it.
* @param decryptKey key used for decrypting the encrypted data.
* @return the PKCS8EncodedKeySpec object.
* @exception NullPointerException if <code>decryptKey</code>
* is null.
* @exception NoSuchAlgorithmException if cannot find appropriate
* cipher to decrypt the encrypted data.
* @exception InvalidKeyException if <code>decryptKey</code>
* cannot be used to decrypt the encrypted data or the decryption
* result is not a valid PKCS8KeySpec.
*
* @since 1.5
*/
public PKCS8EncodedKeySpec getKeySpec(Key decryptKey)
throws NoSuchAlgorithmException, InvalidKeyException {
if (decryptKey == null) {
throw new NullPointerException("decryptKey is null");
}
return getKeySpecImpl(decryptKey, null);
}
Extract the enclosed PKCS8EncodedKeySpec object from the
encrypted data and return it.
Params: - decryptKey – key used for decrypting the encrypted data.
- providerName – the name of provider whose Cipher
implementation will be used.
Throws: - NullPointerException – if
decryptKey
or providerName is null. - NoSuchProviderException – if no provider
providerName is registered. - NoSuchAlgorithmException – if cannot find appropriate
cipher to decrypt the encrypted data.
- InvalidKeyException – if
decryptKey
cannot be used to decrypt the encrypted data or the decryption
result is not a valid PKCS8KeySpec.
Returns: the PKCS8EncodedKeySpec object. Since: 1.5
/**
* Extract the enclosed PKCS8EncodedKeySpec object from the
* encrypted data and return it.
* @param decryptKey key used for decrypting the encrypted data.
* @param providerName the name of provider whose Cipher
* implementation will be used.
* @return the PKCS8EncodedKeySpec object.
* @exception NullPointerException if <code>decryptKey</code>
* or <code>providerName</code> is null.
* @exception NoSuchProviderException if no provider
* <code>providerName</code> is registered.
* @exception NoSuchAlgorithmException if cannot find appropriate
* cipher to decrypt the encrypted data.
* @exception InvalidKeyException if <code>decryptKey</code>
* cannot be used to decrypt the encrypted data or the decryption
* result is not a valid PKCS8KeySpec.
*
* @since 1.5
*/
public PKCS8EncodedKeySpec getKeySpec(Key decryptKey,
String providerName) throws NoSuchProviderException,
NoSuchAlgorithmException, InvalidKeyException {
if (decryptKey == null) {
throw new NullPointerException("decryptKey is null");
}
if (providerName == null) {
throw new NullPointerException("provider is null");
}
Provider provider = Security.getProvider(providerName);
if (provider == null) {
throw new NoSuchProviderException("provider " +
providerName + " not found");
}
return getKeySpecImpl(decryptKey, provider);
}
Extract the enclosed PKCS8EncodedKeySpec object from the
encrypted data and return it.
Params: - decryptKey – key used for decrypting the encrypted data.
- provider – the name of provider whose Cipher implementation
will be used.
Throws: - NullPointerException – if
decryptKey
or provider is null. - NoSuchAlgorithmException – if cannot find appropriate
cipher to decrypt the encrypted data in
provider. - InvalidKeyException – if
decryptKey
cannot be used to decrypt the encrypted data or the decryption
result is not a valid PKCS8KeySpec.
Returns: the PKCS8EncodedKeySpec object. Since: 1.5
/**
* Extract the enclosed PKCS8EncodedKeySpec object from the
* encrypted data and return it.
* @param decryptKey key used for decrypting the encrypted data.
* @param provider the name of provider whose Cipher implementation
* will be used.
* @return the PKCS8EncodedKeySpec object.
* @exception NullPointerException if <code>decryptKey</code>
* or <code>provider</code> is null.
* @exception NoSuchAlgorithmException if cannot find appropriate
* cipher to decrypt the encrypted data in <code>provider</code>.
* @exception InvalidKeyException if <code>decryptKey</code>
* cannot be used to decrypt the encrypted data or the decryption
* result is not a valid PKCS8KeySpec.
*
* @since 1.5
*/
public PKCS8EncodedKeySpec getKeySpec(Key decryptKey,
Provider provider) throws NoSuchAlgorithmException,
InvalidKeyException {
if (decryptKey == null) {
throw new NullPointerException("decryptKey is null");
}
if (provider == null) {
throw new NullPointerException("provider is null");
}
return getKeySpecImpl(decryptKey, provider);
}
Returns the ASN.1 encoding of this object.
Throws: - IOException – if error occurs when constructing its
ASN.1 encoding.
Returns: the ASN.1 encoding. Returns a new array
each time this method is called.
/**
* Returns the ASN.1 encoding of this object.
* @return the ASN.1 encoding. Returns a new array
* each time this method is called.
* @exception IOException if error occurs when constructing its
* ASN.1 encoding.
*/
public byte[] getEncoded() throws IOException {
if (this.encoded == null) {
DerOutputStream out = new DerOutputStream();
DerOutputStream tmp = new DerOutputStream();
// encode encryption algorithm
algid.encode(tmp);
// encode encrypted data
tmp.putOctetString(encryptedData);
// wrap everything into a SEQUENCE
out.write(DerValue.tag_Sequence, tmp);
this.encoded = out.toByteArray();
}
return this.encoded.clone();
}
private static void checkTag(DerValue val, byte tag, String valName)
throws IOException {
if (val.getTag() != tag) {
throw new IOException("invalid key encoding - wrong tag for " +
valName);
}
}
@SuppressWarnings("fallthrough")
private void checkPKCS8Encoding(byte[] encodedKey)
throws IOException {
DerInputStream in = new DerInputStream(encodedKey);
DerValue[] values = in.getSequence(3);
switch (values.length) {
case 4:
checkTag(values[3], DerValue.TAG_CONTEXT, "attributes");
/* fall through */
case 3:
checkTag(values[0], DerValue.tag_Integer, "version");
keyAlg = AlgorithmId.parse(values[1]).getName();
checkTag(values[2], DerValue.tag_OctetString, "privateKey");
break;
default:
throw new IOException("invalid key encoding");
}
}
}