/*
 * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package com.sun.crypto.provider;

import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Locale;
import javax.crypto.SecretKey;
import javax.crypto.spec.PBEKeySpec;

This class represents a PBE key.
Author:Jan Luehe
/** * This class represents a PBE key. * * @author Jan Luehe * */
final class PBEKey implements SecretKey { static final long serialVersionUID = -2234768909660948176L; private byte[] key; private String type;
Creates a PBE key from a given PBE key specification.
Params:
  • key – the given PBE key specification
/** * Creates a PBE key from a given PBE key specification. * * @param key the given PBE key specification */
PBEKey(PBEKeySpec keySpec, String keytype) throws InvalidKeySpecException { char[] passwd = keySpec.getPassword(); if (passwd == null) { // Should allow an empty password. passwd = new char[0]; } // Accept "\0" to signify "zero-length password with no terminator". if (!(passwd.length == 1 && passwd[0] == 0)) { for (int i=0; i<passwd.length; i++) { if ((passwd[i] < '\u0020') || (passwd[i] > '\u007E')) { throw new InvalidKeySpecException("Password is not ASCII"); } } } this.key = new byte[passwd.length]; for (int i=0; i<passwd.length; i++) this.key[i] = (byte) (passwd[i] & 0x7f); Arrays.fill(passwd, '\0'); type = keytype; } public synchronized byte[] getEncoded() { return this.key.clone(); } public String getAlgorithm() { return type; } public String getFormat() { return "RAW"; }
Calculates a hash code value for the object. Objects that are equal will also have the same hashcode.
/** * Calculates a hash code value for the object. * Objects that are equal will also have the same hashcode. */
public int hashCode() { int retval = 0; for (int i = 1; i < this.key.length; i++) { retval += this.key[i] * i; } return(retval ^= getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode()); } public boolean equals(Object obj) { if (obj == this) return true; if (!(obj instanceof SecretKey)) return false; SecretKey that = (SecretKey)obj; if (!(that.getAlgorithm().equalsIgnoreCase(type))) return false; byte[] thatEncoded = that.getEncoded(); boolean ret = MessageDigest.isEqual(this.key, thatEncoded); Arrays.fill(thatEncoded, (byte)0x00); return ret; }
Clears the internal copy of the key.
/** * Clears the internal copy of the key. * */
@Override public void destroy() { if (key != null) { Arrays.fill(key, (byte)0x00); key = null; } }
readObject is called to restore the state of this key from a stream.
/** * readObject is called to restore the state of this key from * a stream. */
private void readObject(java.io.ObjectInputStream s) throws java.io.IOException, ClassNotFoundException { s.defaultReadObject(); key = key.clone(); }
Replace the PBE key to be serialized.
Throws:
Returns:the standard KeyRep object to be serialized
/** * Replace the PBE key to be serialized. * * @return the standard KeyRep object to be serialized * * @throws java.io.ObjectStreamException if a new object representing * this PBE key could not be created */
private Object writeReplace() throws java.io.ObjectStreamException { return new KeyRep(KeyRep.Type.SECRET, getAlgorithm(), getFormat(), getEncoded()); }
Ensures that the password bytes of this key are set to zero when there are no more references to it.
/** * Ensures that the password bytes of this key are * set to zero when there are no more references to it. */
protected void finalize() throws Throwable { try { synchronized (this) { if (this.key != null) { java.util.Arrays.fill(this.key, (byte)0x00); this.key = null; } } } finally { super.finalize(); } } }