author | ihse |
Wed, 10 May 2017 09:02:43 +0200 | |
changeset 45118 | e4258d800b54 |
parent 42780 | 7781326fff20 |
child 45435 | 7a91c865edd4 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
45118
e4258d800b54
8178278: Move Standard Algorithm Names document to specs directory
ihse
parents:
42780
diff
changeset
|
2 |
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package javax.crypto; |
|
27 |
||
28 |
import java.util.*; |
|
29 |
||
30 |
import java.security.*; |
|
31 |
import java.security.Provider.Service; |
|
32 |
import java.security.spec.*; |
|
33 |
||
34 |
import sun.security.jca.*; |
|
35 |
import sun.security.jca.GetInstance.Instance; |
|
26736
5a93000b26cd
8056026: Debug security logging should print Provider used for each crypto operation
vinnie
parents:
25859
diff
changeset
|
36 |
import sun.security.util.Debug; |
2 | 37 |
|
38 |
/** |
|
39 |
* This class provides the functionality of a secret (symmetric) key generator. |
|
40 |
* |
|
32275
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
41 |
* <p>Key generators are constructed using one of the {@code getInstance} |
2 | 42 |
* class methods of this class. |
43 |
* |
|
44 |
* <p>KeyGenerator objects are reusable, i.e., after a key has been |
|
45 |
* generated, the same KeyGenerator object can be re-used to generate further |
|
46 |
* keys. |
|
47 |
* |
|
48 |
* <p>There are two ways to generate a key: in an algorithm-independent |
|
49 |
* manner, and in an algorithm-specific manner. |
|
50 |
* The only difference between the two is the initialization of the object: |
|
51 |
* |
|
52 |
* <ul> |
|
53 |
* <li><b>Algorithm-Independent Initialization</b> |
|
54 |
* <p>All key generators share the concepts of a <i>keysize</i> and a |
|
55 |
* <i>source of randomness</i>. |
|
56 |
* There is an |
|
57 |
* {@link #init(int, java.security.SecureRandom) init} |
|
58 |
* method in this KeyGenerator class that takes these two universally |
|
59 |
* shared types of arguments. There is also one that takes just a |
|
32275
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
60 |
* {@code keysize} argument, and uses the SecureRandom implementation |
2 | 61 |
* of the highest-priority installed provider as the source of randomness |
62 |
* (or a system-provided source of randomness if none of the installed |
|
63 |
* providers supply a SecureRandom implementation), and one that takes just a |
|
64 |
* source of randomness. |
|
65 |
* |
|
66 |
* <p>Since no other parameters are specified when you call the above |
|
32275
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
67 |
* algorithm-independent {@code init} methods, it is up to the |
2 | 68 |
* provider what to do about the algorithm-specific parameters (if any) to be |
69 |
* associated with each of the keys. |
|
70 |
* |
|
71 |
* <li><b>Algorithm-Specific Initialization</b> |
|
72 |
* <p>For situations where a set of algorithm-specific parameters already |
|
73 |
* exists, there are two |
|
74 |
* {@link #init(java.security.spec.AlgorithmParameterSpec) init} |
|
32275
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
75 |
* methods that have an {@code AlgorithmParameterSpec} |
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
76 |
* argument. One also has a {@code SecureRandom} argument, while the |
2 | 77 |
* other uses the SecureRandom implementation |
78 |
* of the highest-priority installed provider as the source of randomness |
|
79 |
* (or a system-provided source of randomness if none of the installed |
|
80 |
* providers supply a SecureRandom implementation). |
|
81 |
* </ul> |
|
82 |
* |
|
83 |
* <p>In case the client does not explicitly initialize the KeyGenerator |
|
32275
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
84 |
* (via a call to an {@code init} method), each provider must |
2 | 85 |
* supply (and document) a default initialization. |
86 |
* |
|
8152
94e5966bdf22
5001004: Required Security Algorithms need to be defined
mullan
parents:
5506
diff
changeset
|
87 |
* <p> Every implementation of the Java platform is required to support the |
32275
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
88 |
* following standard {@code KeyGenerator} algorithms with the keysizes in |
8152
94e5966bdf22
5001004: Required Security Algorithms need to be defined
mullan
parents:
5506
diff
changeset
|
89 |
* parentheses: |
94e5966bdf22
5001004: Required Security Algorithms need to be defined
mullan
parents:
5506
diff
changeset
|
90 |
* <ul> |
32275
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
91 |
* <li>{@code AES} (128)</li> |
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
92 |
* <li>{@code DES} (56)</li> |
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
93 |
* <li>{@code DESede} (168)</li> |
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
94 |
* <li>{@code HmacSHA1}</li> |
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
95 |
* <li>{@code HmacSHA256}</li> |
8152
94e5966bdf22
5001004: Required Security Algorithms need to be defined
mullan
parents:
5506
diff
changeset
|
96 |
* </ul> |
94e5966bdf22
5001004: Required Security Algorithms need to be defined
mullan
parents:
5506
diff
changeset
|
97 |
* These algorithms are described in the <a href= |
45118
e4258d800b54
8178278: Move Standard Algorithm Names document to specs directory
ihse
parents:
42780
diff
changeset
|
98 |
* "{@docRoot}/../specs/security/standard-names.html#keygenerator-algorithms"> |
8152
94e5966bdf22
5001004: Required Security Algorithms need to be defined
mullan
parents:
5506
diff
changeset
|
99 |
* KeyGenerator section</a> of the |
45118
e4258d800b54
8178278: Move Standard Algorithm Names document to specs directory
ihse
parents:
42780
diff
changeset
|
100 |
* Java Security Standard Algorithm Names Specification. |
8152
94e5966bdf22
5001004: Required Security Algorithms need to be defined
mullan
parents:
5506
diff
changeset
|
101 |
* Consult the release documentation for your implementation to see if any |
94e5966bdf22
5001004: Required Security Algorithms need to be defined
mullan
parents:
5506
diff
changeset
|
102 |
* other algorithms are supported. |
94e5966bdf22
5001004: Required Security Algorithms need to be defined
mullan
parents:
5506
diff
changeset
|
103 |
* |
2 | 104 |
* @author Jan Luehe |
105 |
* |
|
106 |
* @see SecretKey |
|
107 |
* @since 1.4 |
|
108 |
*/ |
|
109 |
||
110 |
public class KeyGenerator { |
|
111 |
||
26736
5a93000b26cd
8056026: Debug security logging should print Provider used for each crypto operation
vinnie
parents:
25859
diff
changeset
|
112 |
private static final Debug pdebug = |
5a93000b26cd
8056026: Debug security logging should print Provider used for each crypto operation
vinnie
parents:
25859
diff
changeset
|
113 |
Debug.getInstance("provider", "Provider"); |
5a93000b26cd
8056026: Debug security logging should print Provider used for each crypto operation
vinnie
parents:
25859
diff
changeset
|
114 |
private static final boolean skipDebug = |
5a93000b26cd
8056026: Debug security logging should print Provider used for each crypto operation
vinnie
parents:
25859
diff
changeset
|
115 |
Debug.isOn("engine=") && !Debug.isOn("keygenerator"); |
5a93000b26cd
8056026: Debug security logging should print Provider used for each crypto operation
vinnie
parents:
25859
diff
changeset
|
116 |
|
2 | 117 |
// see java.security.KeyPairGenerator for failover notes |
118 |
||
32649
2ee9017c7597
8136583: Core libraries should use blessed modifier order
martin
parents:
32275
diff
changeset
|
119 |
private static final int I_NONE = 1; |
2ee9017c7597
8136583: Core libraries should use blessed modifier order
martin
parents:
32275
diff
changeset
|
120 |
private static final int I_RANDOM = 2; |
2ee9017c7597
8136583: Core libraries should use blessed modifier order
martin
parents:
32275
diff
changeset
|
121 |
private static final int I_PARAMS = 3; |
2ee9017c7597
8136583: Core libraries should use blessed modifier order
martin
parents:
32275
diff
changeset
|
122 |
private static final int I_SIZE = 4; |
2 | 123 |
|
124 |
// The provider |
|
125 |
private Provider provider; |
|
126 |
||
127 |
// The provider implementation (delegate) |
|
128 |
private volatile KeyGeneratorSpi spi; |
|
129 |
||
130 |
// The algorithm |
|
131 |
private final String algorithm; |
|
132 |
||
133 |
private final Object lock = new Object(); |
|
134 |
||
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9035
diff
changeset
|
135 |
private Iterator<Service> serviceIterator; |
2 | 136 |
|
137 |
private int initType; |
|
138 |
private int initKeySize; |
|
139 |
private AlgorithmParameterSpec initParams; |
|
140 |
private SecureRandom initRandom; |
|
141 |
||
142 |
/** |
|
143 |
* Creates a KeyGenerator object. |
|
144 |
* |
|
145 |
* @param keyGenSpi the delegate |
|
146 |
* @param provider the provider |
|
147 |
* @param algorithm the algorithm |
|
148 |
*/ |
|
149 |
protected KeyGenerator(KeyGeneratorSpi keyGenSpi, Provider provider, |
|
150 |
String algorithm) { |
|
151 |
this.spi = keyGenSpi; |
|
152 |
this.provider = provider; |
|
153 |
this.algorithm = algorithm; |
|
26736
5a93000b26cd
8056026: Debug security logging should print Provider used for each crypto operation
vinnie
parents:
25859
diff
changeset
|
154 |
|
5a93000b26cd
8056026: Debug security logging should print Provider used for each crypto operation
vinnie
parents:
25859
diff
changeset
|
155 |
if (!skipDebug && pdebug != null) { |
5a93000b26cd
8056026: Debug security logging should print Provider used for each crypto operation
vinnie
parents:
25859
diff
changeset
|
156 |
pdebug.println("KeyGenerator." + algorithm + " algorithm from: " + |
42780
7781326fff20
8170876: NPE in JCE engine classes with java.security.debug=provider
mullan
parents:
41826
diff
changeset
|
157 |
getProviderName()); |
26736
5a93000b26cd
8056026: Debug security logging should print Provider used for each crypto operation
vinnie
parents:
25859
diff
changeset
|
158 |
} |
2 | 159 |
} |
160 |
||
161 |
private KeyGenerator(String algorithm) throws NoSuchAlgorithmException { |
|
162 |
this.algorithm = algorithm; |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9035
diff
changeset
|
163 |
List<Service> list = |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9035
diff
changeset
|
164 |
GetInstance.getServices("KeyGenerator", algorithm); |
2 | 165 |
serviceIterator = list.iterator(); |
166 |
initType = I_NONE; |
|
167 |
// fetch and instantiate initial spi |
|
168 |
if (nextSpi(null, false) == null) { |
|
169 |
throw new NoSuchAlgorithmException |
|
170 |
(algorithm + " KeyGenerator not available"); |
|
171 |
} |
|
26736
5a93000b26cd
8056026: Debug security logging should print Provider used for each crypto operation
vinnie
parents:
25859
diff
changeset
|
172 |
|
5a93000b26cd
8056026: Debug security logging should print Provider used for each crypto operation
vinnie
parents:
25859
diff
changeset
|
173 |
if (!skipDebug && pdebug != null) { |
5a93000b26cd
8056026: Debug security logging should print Provider used for each crypto operation
vinnie
parents:
25859
diff
changeset
|
174 |
pdebug.println("KeyGenerator." + algorithm + " algorithm from: " + |
42780
7781326fff20
8170876: NPE in JCE engine classes with java.security.debug=provider
mullan
parents:
41826
diff
changeset
|
175 |
getProviderName()); |
26736
5a93000b26cd
8056026: Debug security logging should print Provider used for each crypto operation
vinnie
parents:
25859
diff
changeset
|
176 |
} |
2 | 177 |
} |
178 |
||
42780
7781326fff20
8170876: NPE in JCE engine classes with java.security.debug=provider
mullan
parents:
41826
diff
changeset
|
179 |
private String getProviderName() { |
7781326fff20
8170876: NPE in JCE engine classes with java.security.debug=provider
mullan
parents:
41826
diff
changeset
|
180 |
return (provider == null) ? "(no provider)" : provider.getName(); |
7781326fff20
8170876: NPE in JCE engine classes with java.security.debug=provider
mullan
parents:
41826
diff
changeset
|
181 |
} |
7781326fff20
8170876: NPE in JCE engine classes with java.security.debug=provider
mullan
parents:
41826
diff
changeset
|
182 |
|
2 | 183 |
/** |
32275
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
184 |
* Returns the algorithm name of this {@code KeyGenerator} object. |
2 | 185 |
* |
186 |
* <p>This is the same name that was specified in one of the |
|
32275
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
187 |
* {@code getInstance} calls that created this |
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
188 |
* {@code KeyGenerator} object. |
2 | 189 |
* |
32275
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
190 |
* @return the algorithm name of this {@code KeyGenerator} object. |
2 | 191 |
*/ |
192 |
public final String getAlgorithm() { |
|
193 |
return this.algorithm; |
|
194 |
} |
|
195 |
||
196 |
/** |
|
32275
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
197 |
* Returns a {@code KeyGenerator} object that generates secret keys |
2 | 198 |
* for the specified algorithm. |
199 |
* |
|
200 |
* <p> This method traverses the list of registered security Providers, |
|
201 |
* starting with the most preferred Provider. |
|
202 |
* A new KeyGenerator object encapsulating the |
|
203 |
* KeyGeneratorSpi implementation from the first |
|
204 |
* Provider that supports the specified algorithm is returned. |
|
205 |
* |
|
206 |
* <p> Note that the list of registered providers may be retrieved via |
|
207 |
* the {@link Security#getProviders() Security.getProviders()} method. |
|
208 |
* |
|
33241
27eb2d6abda9
8133151: Preferred provider configuration for JCE
ascarpino
parents:
32649
diff
changeset
|
209 |
* @implNote |
27eb2d6abda9
8133151: Preferred provider configuration for JCE
ascarpino
parents:
32649
diff
changeset
|
210 |
* The JDK Reference Implementation additionally uses the |
37348
9ccec3170d5e
8152205: jdk.security.provider.preferred is ambiguously documented
ascarpino
parents:
33241
diff
changeset
|
211 |
* {@code jdk.security.provider.preferred} |
9ccec3170d5e
8152205: jdk.security.provider.preferred is ambiguously documented
ascarpino
parents:
33241
diff
changeset
|
212 |
* {@link Security#getProperty(String) Security} property to determine |
33241
27eb2d6abda9
8133151: Preferred provider configuration for JCE
ascarpino
parents:
32649
diff
changeset
|
213 |
* the preferred provider order for the specified algorithm. This |
27eb2d6abda9
8133151: Preferred provider configuration for JCE
ascarpino
parents:
32649
diff
changeset
|
214 |
* may be different than the order of providers returned by |
27eb2d6abda9
8133151: Preferred provider configuration for JCE
ascarpino
parents:
32649
diff
changeset
|
215 |
* {@link Security#getProviders() Security.getProviders()}. |
27eb2d6abda9
8133151: Preferred provider configuration for JCE
ascarpino
parents:
32649
diff
changeset
|
216 |
* |
2 | 217 |
* @param algorithm the standard name of the requested key algorithm. |
8152
94e5966bdf22
5001004: Required Security Algorithms need to be defined
mullan
parents:
5506
diff
changeset
|
218 |
* See the KeyGenerator section in the <a href= |
45118
e4258d800b54
8178278: Move Standard Algorithm Names document to specs directory
ihse
parents:
42780
diff
changeset
|
219 |
* "{@docRoot}/../specs/security/standard-names.html#keygenerator-algorithms"> |
e4258d800b54
8178278: Move Standard Algorithm Names document to specs directory
ihse
parents:
42780
diff
changeset
|
220 |
* Java Security Standard Algorithm Names Specification</a> |
2 | 221 |
* for information about standard algorithm names. |
222 |
* |
|
41826
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
223 |
* @return the new {@code KeyGenerator} object |
2 | 224 |
* |
41826
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
225 |
* @throws NoSuchAlgorithmException if no {@code Provider} supports a |
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
226 |
* {@code KeyGeneratorSpi} implementation for the |
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
227 |
* specified algorithm |
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
228 |
* |
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
229 |
* @throws NullPointerException if {@code algorithm} is {@code null} |
2 | 230 |
* |
231 |
* @see java.security.Provider |
|
232 |
*/ |
|
233 |
public static final KeyGenerator getInstance(String algorithm) |
|
234 |
throws NoSuchAlgorithmException { |
|
41826
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
235 |
Objects.requireNonNull(algorithm, "null algorithm name"); |
2 | 236 |
return new KeyGenerator(algorithm); |
237 |
} |
|
238 |
||
239 |
/** |
|
32275
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
240 |
* Returns a {@code KeyGenerator} object that generates secret keys |
2 | 241 |
* for the specified algorithm. |
242 |
* |
|
243 |
* <p> A new KeyGenerator object encapsulating the |
|
244 |
* KeyGeneratorSpi implementation from the specified provider |
|
245 |
* is returned. The specified provider must be registered |
|
246 |
* in the security provider list. |
|
247 |
* |
|
248 |
* <p> Note that the list of registered providers may be retrieved via |
|
249 |
* the {@link Security#getProviders() Security.getProviders()} method. |
|
250 |
* |
|
251 |
* @param algorithm the standard name of the requested key algorithm. |
|
8152
94e5966bdf22
5001004: Required Security Algorithms need to be defined
mullan
parents:
5506
diff
changeset
|
252 |
* See the KeyGenerator section in the <a href= |
45118
e4258d800b54
8178278: Move Standard Algorithm Names document to specs directory
ihse
parents:
42780
diff
changeset
|
253 |
* "{@docRoot}/../specs/security/standard-names.html#keygenerator-algorithms"> |
e4258d800b54
8178278: Move Standard Algorithm Names document to specs directory
ihse
parents:
42780
diff
changeset
|
254 |
* Java Security Standard Algorithm Names Specification</a> |
2 | 255 |
* for information about standard algorithm names. |
256 |
* |
|
257 |
* @param provider the name of the provider. |
|
258 |
* |
|
41826
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
259 |
* @return the new {@code KeyGenerator} object |
2 | 260 |
* |
41826
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
261 |
* @throws IllegalArgumentException if the {@code provider} |
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
262 |
* is {@code null} or empty |
2 | 263 |
* |
41826
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
264 |
* @throws NoSuchAlgorithmException if a {@code KeyGeneratorSpi} |
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
265 |
* implementation for the specified algorithm is not |
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
266 |
* available from the specified provider |
2 | 267 |
* |
41826
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
268 |
* @throws NoSuchProviderException if the specified provider is not |
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
269 |
* registered in the security provider list |
2 | 270 |
* |
41826
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
271 |
* @throws NullPointerException if {@code algorithm} is {@code null} |
2 | 272 |
* |
273 |
* @see java.security.Provider |
|
274 |
*/ |
|
275 |
public static final KeyGenerator getInstance(String algorithm, |
|
276 |
String provider) throws NoSuchAlgorithmException, |
|
277 |
NoSuchProviderException { |
|
41826
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
278 |
Objects.requireNonNull(algorithm, "null algorithm name"); |
2 | 279 |
Instance instance = JceSecurity.getInstance("KeyGenerator", |
280 |
KeyGeneratorSpi.class, algorithm, provider); |
|
281 |
return new KeyGenerator((KeyGeneratorSpi)instance.impl, |
|
282 |
instance.provider, algorithm); |
|
283 |
} |
|
284 |
||
285 |
/** |
|
32275
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
286 |
* Returns a {@code KeyGenerator} object that generates secret keys |
2 | 287 |
* for the specified algorithm. |
288 |
* |
|
289 |
* <p> A new KeyGenerator object encapsulating the |
|
290 |
* KeyGeneratorSpi implementation from the specified Provider |
|
291 |
* object is returned. Note that the specified Provider object |
|
292 |
* does not have to be registered in the provider list. |
|
293 |
* |
|
294 |
* @param algorithm the standard name of the requested key algorithm. |
|
8152
94e5966bdf22
5001004: Required Security Algorithms need to be defined
mullan
parents:
5506
diff
changeset
|
295 |
* See the KeyGenerator section in the <a href= |
45118
e4258d800b54
8178278: Move Standard Algorithm Names document to specs directory
ihse
parents:
42780
diff
changeset
|
296 |
* "{@docRoot}/../specs/security/standard-names.html#keygenerator-algorithms"> |
e4258d800b54
8178278: Move Standard Algorithm Names document to specs directory
ihse
parents:
42780
diff
changeset
|
297 |
* Java Security Standard Algorithm Names Specification</a> |
2 | 298 |
* for information about standard algorithm names. |
299 |
* |
|
300 |
* @param provider the provider. |
|
301 |
* |
|
41826
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
302 |
* @return the new {@code KeyGenerator} object |
2 | 303 |
* |
41826
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
304 |
* @throws IllegalArgumentException if the {@code provider} |
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
305 |
* is {@code null} |
2 | 306 |
* |
41826
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
307 |
* @throws NoSuchAlgorithmException if a {@code KeyGeneratorSpi} |
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
308 |
* implementation for the specified algorithm is not available |
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
309 |
* from the specified {@code Provider} object |
2 | 310 |
* |
41826
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
311 |
* @throws NullPointerException if {@code algorithm} is {@code null} |
2 | 312 |
* |
313 |
* @see java.security.Provider |
|
314 |
*/ |
|
315 |
public static final KeyGenerator getInstance(String algorithm, |
|
316 |
Provider provider) throws NoSuchAlgorithmException { |
|
41826
b35ee9b35b09
4985694: Incomplete spec for most of the getInstances
wetmore
parents:
37348
diff
changeset
|
317 |
Objects.requireNonNull(algorithm, "null algorithm name"); |
2 | 318 |
Instance instance = JceSecurity.getInstance("KeyGenerator", |
319 |
KeyGeneratorSpi.class, algorithm, provider); |
|
320 |
return new KeyGenerator((KeyGeneratorSpi)instance.impl, |
|
321 |
instance.provider, algorithm); |
|
322 |
} |
|
323 |
||
324 |
/** |
|
32275
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
325 |
* Returns the provider of this {@code KeyGenerator} object. |
2 | 326 |
* |
32275
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
327 |
* @return the provider of this {@code KeyGenerator} object |
2 | 328 |
*/ |
329 |
public final Provider getProvider() { |
|
330 |
synchronized (lock) { |
|
331 |
disableFailover(); |
|
332 |
return provider; |
|
333 |
} |
|
334 |
} |
|
335 |
||
336 |
/** |
|
337 |
* Update the active spi of this class and return the next |
|
26861
47dde7f5cf36
8058845: Update JCE environment for build improvements
wetmore
parents:
26736
diff
changeset
|
338 |
* implementation for failover. If no more implementations are |
2 | 339 |
* available, this method returns null. However, the active spi of |
340 |
* this class is never set to null. |
|
341 |
*/ |
|
342 |
private KeyGeneratorSpi nextSpi(KeyGeneratorSpi oldSpi, |
|
343 |
boolean reinit) { |
|
344 |
synchronized (lock) { |
|
345 |
// somebody else did a failover concurrently |
|
346 |
// try that spi now |
|
347 |
if ((oldSpi != null) && (oldSpi != spi)) { |
|
348 |
return spi; |
|
349 |
} |
|
350 |
if (serviceIterator == null) { |
|
351 |
return null; |
|
352 |
} |
|
353 |
while (serviceIterator.hasNext()) { |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9035
diff
changeset
|
354 |
Service s = serviceIterator.next(); |
2 | 355 |
if (JceSecurity.canUseProvider(s.getProvider()) == false) { |
356 |
continue; |
|
357 |
} |
|
358 |
try { |
|
359 |
Object inst = s.newInstance(null); |
|
360 |
// ignore non-spis |
|
361 |
if (inst instanceof KeyGeneratorSpi == false) { |
|
362 |
continue; |
|
363 |
} |
|
364 |
KeyGeneratorSpi spi = (KeyGeneratorSpi)inst; |
|
365 |
if (reinit) { |
|
366 |
if (initType == I_SIZE) { |
|
367 |
spi.engineInit(initKeySize, initRandom); |
|
368 |
} else if (initType == I_PARAMS) { |
|
369 |
spi.engineInit(initParams, initRandom); |
|
370 |
} else if (initType == I_RANDOM) { |
|
371 |
spi.engineInit(initRandom); |
|
372 |
} else if (initType != I_NONE) { |
|
373 |
throw new AssertionError |
|
374 |
("KeyGenerator initType: " + initType); |
|
375 |
} |
|
376 |
} |
|
377 |
provider = s.getProvider(); |
|
378 |
this.spi = spi; |
|
379 |
return spi; |
|
380 |
} catch (Exception e) { |
|
381 |
// ignore |
|
382 |
} |
|
383 |
} |
|
384 |
disableFailover(); |
|
385 |
return null; |
|
386 |
} |
|
387 |
} |
|
388 |
||
389 |
void disableFailover() { |
|
390 |
serviceIterator = null; |
|
391 |
initType = 0; |
|
392 |
initParams = null; |
|
393 |
initRandom = null; |
|
394 |
} |
|
395 |
||
396 |
/** |
|
397 |
* Initializes this key generator. |
|
398 |
* |
|
399 |
* @param random the source of randomness for this generator |
|
400 |
*/ |
|
401 |
public final void init(SecureRandom random) { |
|
402 |
if (serviceIterator == null) { |
|
403 |
spi.engineInit(random); |
|
404 |
return; |
|
405 |
} |
|
406 |
RuntimeException failure = null; |
|
407 |
KeyGeneratorSpi mySpi = spi; |
|
408 |
do { |
|
409 |
try { |
|
410 |
mySpi.engineInit(random); |
|
411 |
initType = I_RANDOM; |
|
412 |
initKeySize = 0; |
|
413 |
initParams = null; |
|
414 |
initRandom = random; |
|
415 |
return; |
|
416 |
} catch (RuntimeException e) { |
|
417 |
if (failure == null) { |
|
418 |
failure = e; |
|
419 |
} |
|
420 |
mySpi = nextSpi(mySpi, false); |
|
421 |
} |
|
422 |
} while (mySpi != null); |
|
423 |
throw failure; |
|
424 |
} |
|
425 |
||
426 |
/** |
|
427 |
* Initializes this key generator with the specified parameter set. |
|
428 |
* |
|
429 |
* <p> If this key generator requires any random bytes, it will get them |
|
430 |
* using the |
|
18771
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
10336
diff
changeset
|
431 |
* {@link java.security.SecureRandom} |
2 | 432 |
* implementation of the highest-priority installed |
433 |
* provider as the source of randomness. |
|
434 |
* (If none of the installed providers supply an implementation of |
|
435 |
* SecureRandom, a system-provided source of randomness will be used.) |
|
436 |
* |
|
437 |
* @param params the key generation parameters |
|
438 |
* |
|
439 |
* @exception InvalidAlgorithmParameterException if the given parameters |
|
440 |
* are inappropriate for this key generator |
|
441 |
*/ |
|
442 |
public final void init(AlgorithmParameterSpec params) |
|
443 |
throws InvalidAlgorithmParameterException |
|
444 |
{ |
|
445 |
init(params, JceSecurity.RANDOM); |
|
446 |
} |
|
447 |
||
448 |
/** |
|
449 |
* Initializes this key generator with the specified parameter |
|
450 |
* set and a user-provided source of randomness. |
|
451 |
* |
|
452 |
* @param params the key generation parameters |
|
453 |
* @param random the source of randomness for this key generator |
|
454 |
* |
|
32275
17eeb583a331
8133802: replace some <tt> tags (obsolete in html5) in security-libs docs
avstepan
parents:
26861
diff
changeset
|
455 |
* @exception InvalidAlgorithmParameterException if {@code params} is |
2 | 456 |
* inappropriate for this key generator |
457 |
*/ |
|
458 |
public final void init(AlgorithmParameterSpec params, SecureRandom random) |
|
459 |
throws InvalidAlgorithmParameterException |
|
460 |
{ |
|
461 |
if (serviceIterator == null) { |
|
462 |
spi.engineInit(params, random); |
|
463 |
return; |
|
464 |
} |
|
465 |
Exception failure = null; |
|
466 |
KeyGeneratorSpi mySpi = spi; |
|
467 |
do { |
|
468 |
try { |
|
469 |
mySpi.engineInit(params, random); |
|
470 |
initType = I_PARAMS; |
|
471 |
initKeySize = 0; |
|
472 |
initParams = params; |
|
473 |
initRandom = random; |
|
474 |
return; |
|
475 |
} catch (Exception e) { |
|
476 |
if (failure == null) { |
|
477 |
failure = e; |
|
478 |
} |
|
479 |
mySpi = nextSpi(mySpi, false); |
|
480 |
} |
|
481 |
} while (mySpi != null); |
|
482 |
if (failure instanceof InvalidAlgorithmParameterException) { |
|
483 |
throw (InvalidAlgorithmParameterException)failure; |
|
484 |
} |
|
485 |
if (failure instanceof RuntimeException) { |
|
486 |
throw (RuntimeException)failure; |
|
487 |
} |
|
488 |
throw new InvalidAlgorithmParameterException("init() failed", failure); |
|
489 |
} |
|
490 |
||
491 |
/** |
|
492 |
* Initializes this key generator for a certain keysize. |
|
493 |
* |
|
494 |
* <p> If this key generator requires any random bytes, it will get them |
|
495 |
* using the |
|
18771
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
10336
diff
changeset
|
496 |
* {@link java.security.SecureRandom} |
2 | 497 |
* implementation of the highest-priority installed |
498 |
* provider as the source of randomness. |
|
499 |
* (If none of the installed providers supply an implementation of |
|
500 |
* SecureRandom, a system-provided source of randomness will be used.) |
|
501 |
* |
|
502 |
* @param keysize the keysize. This is an algorithm-specific metric, |
|
503 |
* specified in number of bits. |
|
504 |
* |
|
505 |
* @exception InvalidParameterException if the keysize is wrong or not |
|
506 |
* supported. |
|
507 |
*/ |
|
508 |
public final void init(int keysize) { |
|
509 |
init(keysize, JceSecurity.RANDOM); |
|
510 |
} |
|
511 |
||
512 |
/** |
|
513 |
* Initializes this key generator for a certain keysize, using a |
|
514 |
* user-provided source of randomness. |
|
515 |
* |
|
516 |
* @param keysize the keysize. This is an algorithm-specific metric, |
|
517 |
* specified in number of bits. |
|
518 |
* @param random the source of randomness for this key generator |
|
519 |
* |
|
520 |
* @exception InvalidParameterException if the keysize is wrong or not |
|
521 |
* supported. |
|
522 |
*/ |
|
523 |
public final void init(int keysize, SecureRandom random) { |
|
524 |
if (serviceIterator == null) { |
|
525 |
spi.engineInit(keysize, random); |
|
526 |
return; |
|
527 |
} |
|
528 |
RuntimeException failure = null; |
|
529 |
KeyGeneratorSpi mySpi = spi; |
|
530 |
do { |
|
531 |
try { |
|
532 |
mySpi.engineInit(keysize, random); |
|
533 |
initType = I_SIZE; |
|
534 |
initKeySize = keysize; |
|
535 |
initParams = null; |
|
536 |
initRandom = random; |
|
537 |
return; |
|
538 |
} catch (RuntimeException e) { |
|
539 |
if (failure == null) { |
|
540 |
failure = e; |
|
541 |
} |
|
542 |
mySpi = nextSpi(mySpi, false); |
|
543 |
} |
|
544 |
} while (mySpi != null); |
|
545 |
throw failure; |
|
546 |
} |
|
547 |
||
548 |
/** |
|
549 |
* Generates a secret key. |
|
550 |
* |
|
551 |
* @return the new key |
|
552 |
*/ |
|
553 |
public final SecretKey generateKey() { |
|
554 |
if (serviceIterator == null) { |
|
555 |
return spi.engineGenerateKey(); |
|
556 |
} |
|
557 |
RuntimeException failure = null; |
|
558 |
KeyGeneratorSpi mySpi = spi; |
|
559 |
do { |
|
560 |
try { |
|
561 |
return mySpi.engineGenerateKey(); |
|
562 |
} catch (RuntimeException e) { |
|
563 |
if (failure == null) { |
|
564 |
failure = e; |
|
565 |
} |
|
566 |
mySpi = nextSpi(mySpi, true); |
|
567 |
} |
|
568 |
} while (mySpi != null); |
|
569 |
throw failure; |
|
570 |
} |
|
571 |
} |