--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/javax/crypto/ExemptionMechanism.java Sat Dec 01 00:00:00 2007 +0000
@@ -0,0 +1,486 @@
+/*
+ * Copyright 1999-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package javax.crypto;
+
+import java.security.AlgorithmParameters;
+import java.security.Provider;
+import java.security.Key;
+import java.security.Security;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.InvalidKeyException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.spec.AlgorithmParameterSpec;
+
+import sun.security.jca.GetInstance.Instance;
+
+/**
+ * This class provides the functionality of an exemption mechanism, examples
+ * of which are <i>key recovery</i>, <i>key weakening</i>, and
+ * <i>key escrow</i>.
+ *
+ * <p>Applications or applets that use an exemption mechanism may be granted
+ * stronger encryption capabilities than those which don't.
+ *
+ * @since 1.4
+ */
+
+public class ExemptionMechanism {
+
+ // The provider
+ private Provider provider;
+
+ // The provider implementation (delegate)
+ private ExemptionMechanismSpi exmechSpi;
+
+ // The name of the exemption mechanism.
+ private String mechanism;
+
+ // Flag which indicates whether this ExemptionMechanism
+ // result is generated successfully.
+ private boolean done = false;
+
+ // State information
+ private boolean initialized = false;
+
+ // Store away the key at init() time for later comparison.
+ private Key keyStored = null;
+
+ /**
+ * Creates a ExemptionMechanism object.
+ *
+ * @param exmechSpi the delegate
+ * @param provider the provider
+ * @param mechanism the exemption mechanism
+ */
+ protected ExemptionMechanism(ExemptionMechanismSpi exmechSpi,
+ Provider provider,
+ String mechanism) {
+ this.exmechSpi = exmechSpi;
+ this.provider = provider;
+ this.mechanism = mechanism;
+ }
+
+ /**
+ * Returns the exemption mechanism name of this
+ * <code>ExemptionMechanism</code> object.
+ *
+ * <p>This is the same name that was specified in one of the
+ * <code>getInstance</code> calls that created this
+ * <code>ExemptionMechanism</code> object.
+ *
+ * @return the exemption mechanism name of this
+ * <code>ExemptionMechanism</code> object.
+ */
+ public final String getName() {
+ return this.mechanism;
+ }
+
+ /**
+ * Returns an <code>ExemptionMechanism</code> object that implements the
+ * specified exemption mechanism algorithm.
+ *
+ * <p> This method traverses the list of registered security Providers,
+ * starting with the most preferred Provider.
+ * A new ExemptionMechanism object encapsulating the
+ * ExemptionMechanismSpi implementation from the first
+ * Provider that supports the specified algorithm is returned.
+ *
+ * <p> Note that the list of registered providers may be retrieved via
+ * the {@link Security#getProviders() Security.getProviders()} method.
+ *
+ * @param algorithm the standard name of the requested exemption
+ * mechanism.
+ * See Appendix A in the
+ * <a href=
+ * "{@docRoot}/../technotes/guides/security/crypto/CryptoSpec.html#AppA">
+ * Java Cryptography Architecture Reference Guide</a>
+ * for information about standard exemption mechanism names.
+ *
+ * @return the new <code>ExemptionMechanism</code> object.
+ *
+ * @exception NullPointerException if <code>algorithm</code>
+ * is null.
+ *
+ * @exception NoSuchAlgorithmException if no Provider supports an
+ * ExemptionMechanismSpi implementation for the
+ * specified algorithm.
+ *
+ * @see java.security.Provider
+ */
+ public static final ExemptionMechanism getInstance(String algorithm)
+ throws NoSuchAlgorithmException {
+ Instance instance = JceSecurity.getInstance("ExemptionMechanism",
+ ExemptionMechanismSpi.class, algorithm);
+ return new ExemptionMechanism((ExemptionMechanismSpi)instance.impl,
+ instance.provider, algorithm);
+ }
+
+
+ /**
+ * Returns an <code>ExemptionMechanism</code> object that implements the
+ * specified exemption mechanism algorithm.
+ *
+ * <p> A new ExemptionMechanism object encapsulating the
+ * ExemptionMechanismSpi implementation from the specified provider
+ * is returned. The specified provider must be registered
+ * in the security provider list.
+ *
+ * <p> Note that the list of registered providers may be retrieved via
+ * the {@link Security#getProviders() Security.getProviders()} method.
+
+ * @param algorithm the standard name of the requested exemption mechanism.
+ * See Appendix A in the
+ * <a href=
+ * "{@docRoot}/../technotes/guides/security/crypto/CryptoSpec.html#AppA">
+ * Java Cryptography Architecture Reference Guide</a>
+ * for information about standard exemption mechanism names.
+ *
+ * @param provider the name of the provider.
+ *
+ * @return the new <code>ExemptionMechanism</code> object.
+ *
+ * @exception NullPointerException if <code>algorithm</code>
+ * is null.
+ *
+ * @exception NoSuchAlgorithmException if an ExemptionMechanismSpi
+ * implementation for the specified algorithm is not
+ * available from the specified provider.
+ *
+ * @exception NoSuchProviderException if the specified provider is not
+ * registered in the security provider list.
+ *
+ * @exception IllegalArgumentException if the <code>provider</code>
+ * is null or empty.
+ *
+ * @see java.security.Provider
+ */
+ public static final ExemptionMechanism getInstance(String algorithm,
+ String provider) throws NoSuchAlgorithmException,
+ NoSuchProviderException {
+ Instance instance = JceSecurity.getInstance("ExemptionMechanism",
+ ExemptionMechanismSpi.class, algorithm, provider);
+ return new ExemptionMechanism((ExemptionMechanismSpi)instance.impl,
+ instance.provider, algorithm);
+ }
+
+ /**
+ * Returns an <code>ExemptionMechanism</code> object that implements the
+ * specified exemption mechanism algorithm.
+ *
+ * <p> A new ExemptionMechanism object encapsulating the
+ * ExemptionMechanismSpi implementation from the specified Provider
+ * object is returned. Note that the specified Provider object
+ * does not have to be registered in the provider list.
+ *
+ * @param algorithm the standard name of the requested exemption mechanism.
+ * See Appendix A in the
+ * <a href=
+ * "{@docRoot}/../technotes/guides/security/crypto/CryptoSpec.html#AppA">
+ * Java Cryptography Architecture Reference Guide</a>
+ * for information about standard exemption mechanism names.
+ *
+ * @param provider the provider.
+ *
+ * @return the new <code>ExemptionMechanism</code> object.
+ *
+ * @exception NullPointerException if <code>algorithm</code>
+ * is null.
+ *
+ * @exception NoSuchAlgorithmException if an ExemptionMechanismSpi
+ * implementation for the specified algorithm is not available
+ * from the specified Provider object.
+ *
+ * @exception IllegalArgumentException if the <code>provider</code>
+ * is null.
+ *
+ * @see java.security.Provider
+ */
+ public static final ExemptionMechanism getInstance(String algorithm,
+ Provider provider) throws NoSuchAlgorithmException {
+ Instance instance = JceSecurity.getInstance("ExemptionMechanism",
+ ExemptionMechanismSpi.class, algorithm, provider);
+ return new ExemptionMechanism((ExemptionMechanismSpi)instance.impl,
+ instance.provider, algorithm);
+ }
+
+ /**
+ * Returns the provider of this <code>ExemptionMechanism</code> object.
+ *
+ * @return the provider of this <code>ExemptionMechanism</code> object.
+ */
+ public final Provider getProvider() {
+ return this.provider;
+ }
+
+ /**
+ * Returns whether the result blob has been generated successfully by this
+ * exemption mechanism.
+ *
+ * <p>The method also makes sure that the key passed in is the same as
+ * the one this exemption mechanism used in initializing and generating
+ * phases.
+ *
+ * @param key the key the crypto is going to use.
+ *
+ * @return whether the result blob of the same key has been generated
+ * successfully by this exemption mechanism; false if <code>key</code>
+ * is null.
+ *
+ * @exception ExemptionMechanismException if problem(s) encountered
+ * while determining whether the result blob has been generated successfully
+ * by this exemption mechanism object.
+ */
+ public final boolean isCryptoAllowed(Key key)
+ throws ExemptionMechanismException {
+ boolean ret = false;
+ if (done && (key != null)) {
+ // Check if the key passed in is the same as the one
+ // this exemption mechanism used.
+ ret = keyStored.equals(key);
+ }
+ return ret;
+ }
+
+ /**
+ * Returns the length in bytes that an output buffer would need to be in
+ * order to hold the result of the next
+ * {@link #genExemptionBlob(byte[]) genExemptionBlob}
+ * operation, given the input length <code>inputLen</code> (in bytes).
+ *
+ * <p>The actual output length of the next
+ * {@link #genExemptionBlob(byte[]) genExemptionBlob}
+ * call may be smaller than the length returned by this method.
+ *
+ * @param inputLen the input length (in bytes)
+ *
+ * @return the required output buffer size (in bytes)
+ *
+ * @exception IllegalStateException if this exemption mechanism is in a
+ * wrong state (e.g., has not yet been initialized)
+ */
+ public final int getOutputSize(int inputLen) throws IllegalStateException {
+ if (!initialized) {
+ throw new IllegalStateException(
+ "ExemptionMechanism not initialized");
+ }
+ if (inputLen < 0) {
+ throw new IllegalArgumentException(
+ "Input size must be equal to " + "or greater than zero");
+ }
+ return exmechSpi.engineGetOutputSize(inputLen);
+ }
+
+ /**
+ * Initializes this exemption mechanism with a key.
+ *
+ * <p>If this exemption mechanism requires any algorithm parameters
+ * that cannot be derived from the given <code>key</code>, the
+ * underlying exemption mechanism implementation is supposed to
+ * generate the required parameters itself (using provider-specific
+ * default values); in the case that algorithm parameters must be
+ * specified by the caller, an <code>InvalidKeyException</code> is raised.
+ *
+ * @param key the key for this exemption mechanism
+ *
+ * @exception InvalidKeyException if the given key is inappropriate for
+ * this exemption mechanism.
+ * @exception ExemptionMechanismException if problem(s) encountered in the
+ * process of initializing.
+ */
+ public final void init(Key key)
+ throws InvalidKeyException, ExemptionMechanismException {
+ done = false;
+ initialized = false;
+
+ keyStored = key;
+ exmechSpi.engineInit(key);
+ initialized = true;
+ }
+
+ /**
+ * Initializes this exemption mechanism with a key and a set of algorithm
+ * parameters.
+ *
+ * <p>If this exemption mechanism requires any algorithm parameters
+ * and <code>params</code> is null, the underlying exemption
+ * mechanism implementation is supposed to generate the required
+ * parameters itself (using provider-specific default values); in the case
+ * that algorithm parameters must be specified by the caller, an
+ * <code>InvalidAlgorithmParameterException</code> is raised.
+ *
+ * @param key the key for this exemption mechanism
+ * @param params the algorithm parameters
+ *
+ * @exception InvalidKeyException if the given key is inappropriate for
+ * this exemption mechanism.
+ * @exception InvalidAlgorithmParameterException if the given algorithm
+ * parameters are inappropriate for this exemption mechanism.
+ * @exception ExemptionMechanismException if problem(s) encountered in the
+ * process of initializing.
+ */
+ public final void init(Key key, AlgorithmParameterSpec params)
+ throws InvalidKeyException, InvalidAlgorithmParameterException,
+ ExemptionMechanismException {
+ done = false;
+ initialized = false;
+
+ keyStored = key;
+ exmechSpi.engineInit(key, params);
+ initialized = true;
+ }
+
+ /**
+ * Initializes this exemption mechanism with a key and a set of algorithm
+ * parameters.
+ *
+ * <p>If this exemption mechanism requires any algorithm parameters
+ * and <code>params</code> is null, the underlying exemption mechanism
+ * implementation is supposed to generate the required parameters itself
+ * (using provider-specific default values); in the case that algorithm
+ * parameters must be specified by the caller, an
+ * <code>InvalidAlgorithmParameterException</code> is raised.
+ *
+ * @param key the key for this exemption mechanism
+ * @param params the algorithm parameters
+ *
+ * @exception InvalidKeyException if the given key is inappropriate for
+ * this exemption mechanism.
+ * @exception InvalidAlgorithmParameterException if the given algorithm
+ * parameters are inappropriate for this exemption mechanism.
+ * @exception ExemptionMechanismException if problem(s) encountered in the
+ * process of initializing.
+ */
+ public final void init(Key key, AlgorithmParameters params)
+ throws InvalidKeyException, InvalidAlgorithmParameterException,
+ ExemptionMechanismException {
+ done = false;
+ initialized = false;
+
+ keyStored = key;
+ exmechSpi.engineInit(key, params);
+ initialized = true;
+ }
+
+ /**
+ * Generates the exemption mechanism key blob.
+ *
+ * @return the new buffer with the result key blob.
+ *
+ * @exception IllegalStateException if this exemption mechanism is in
+ * a wrong state (e.g., has not been initialized).
+ * @exception ExemptionMechanismException if problem(s) encountered in the
+ * process of generating.
+ */
+ public final byte[] genExemptionBlob() throws IllegalStateException,
+ ExemptionMechanismException {
+ if (!initialized) {
+ throw new IllegalStateException(
+ "ExemptionMechanism not initialized");
+ }
+ byte[] blob = exmechSpi.engineGenExemptionBlob();
+ done = true;
+ return blob;
+ }
+
+ /**
+ * Generates the exemption mechanism key blob, and stores the result in
+ * the <code>output</code> buffer.
+ *
+ * <p>If the <code>output</code> buffer is too small to hold the result,
+ * a <code>ShortBufferException</code> is thrown. In this case, repeat this
+ * call with a larger output buffer. Use
+ * {@link #getOutputSize(int) getOutputSize} to determine how big
+ * the output buffer should be.
+ *
+ * @param output the buffer for the result
+ *
+ * @return the number of bytes stored in <code>output</code>
+ *
+ * @exception IllegalStateException if this exemption mechanism is in
+ * a wrong state (e.g., has not been initialized).
+ * @exception ShortBufferException if the given output buffer is too small
+ * to hold the result.
+ * @exception ExemptionMechanismException if problem(s) encountered in the
+ * process of generating.
+ */
+ public final int genExemptionBlob(byte[] output)
+ throws IllegalStateException, ShortBufferException,
+ ExemptionMechanismException {
+ if (!initialized) {
+ throw new IllegalStateException
+ ("ExemptionMechanism not initialized");
+ }
+ int n = exmechSpi.engineGenExemptionBlob(output, 0);
+ done = true;
+ return n;
+ }
+
+ /**
+ * Generates the exemption mechanism key blob, and stores the result in
+ * the <code>output</code> buffer, starting at <code>outputOffset</code>
+ * inclusive.
+ *
+ * <p>If the <code>output</code> buffer is too small to hold the result,
+ * a <code>ShortBufferException</code> is thrown. In this case, repeat this
+ * call with a larger output buffer. Use
+ * {@link #getOutputSize(int) getOutputSize} to determine how big
+ * the output buffer should be.
+ *
+ * @param output the buffer for the result
+ * @param outputOffset the offset in <code>output</code> where the result
+ * is stored
+ *
+ * @return the number of bytes stored in <code>output</code>
+ *
+ * @exception IllegalStateException if this exemption mechanism is in
+ * a wrong state (e.g., has not been initialized).
+ * @exception ShortBufferException if the given output buffer is too small
+ * to hold the result.
+ * @exception ExemptionMechanismException if problem(s) encountered in the
+ * process of generating.
+ */
+ public final int genExemptionBlob(byte[] output, int outputOffset)
+ throws IllegalStateException, ShortBufferException,
+ ExemptionMechanismException {
+ if (!initialized) {
+ throw new IllegalStateException
+ ("ExemptionMechanism not initialized");
+ }
+ int n = exmechSpi.engineGenExemptionBlob(output, outputOffset);
+ done = true;
+ return n;
+ }
+
+ /**
+ * Ensures that the key stored away by this ExemptionMechanism
+ * object will be wiped out when there are no more references to it.
+ */
+ protected void finalize() {
+ keyStored = null;
+ // Are there anything else we could do?
+ }
+}