8047223: Add algorithm parameter to EncodedKeySpec class and its two subclasses
Reviewed-by: mullan
--- a/jdk/src/java.base/share/classes/java/security/spec/EncodedKeySpec.java Thu Sep 18 16:25:50 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/security/spec/EncodedKeySpec.java Tue Sep 16 13:20:51 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -43,13 +43,14 @@
public abstract class EncodedKeySpec implements KeySpec {
private byte[] encodedKey;
+ private String algorithmName;
/**
- * Creates a new EncodedKeySpec with the given encoded key.
+ * Creates a new {@code EncodedKeySpec} with the given encoded key.
*
* @param encodedKey the encoded key. The contents of the
* array are copied to protect against subsequent modification.
- * @exception NullPointerException if {@code encodedKey}
+ * @throws NullPointerException if {@code encodedKey}
* is null.
*/
public EncodedKeySpec(byte[] encodedKey) {
@@ -57,6 +58,48 @@
}
/**
+ * Creates a new {@code EncodedKeySpec} with the given encoded key.
+ * This constructor is useful when subsequent callers of the
+ * {@code EncodedKeySpec} object might not know the algorithm
+ * of the key.
+ *
+ * @param encodedKey the encoded key. The contents of the
+ * array are copied to protect against subsequent modification.
+ * @param algorithm the algorithm name of the encoded key
+ * See the KeyFactory section in the <a href=
+ * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyFactory">
+ * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
+ * for information about standard algorithm names.
+ * @throws NullPointerException if {@code encodedKey}
+ * or {@code algorithm} is null.
+ * @throws IllegalArgumentException if {@code algorithm} is
+ * the empty string {@code ""}
+ * @since 1.9
+ */
+ protected EncodedKeySpec(byte[] encodedKey, String algorithm) {
+ if (algorithm == null) {
+ throw new NullPointerException("algorithm name may not be null");
+ }
+ if (algorithm.isEmpty()) {
+ throw new IllegalArgumentException("algorithm name "
+ + "may not be empty");
+ }
+ this.encodedKey = encodedKey.clone();
+ this.algorithmName = algorithm;
+
+ }
+
+ /**
+ * Returns the name of the algorithm of the encoded key.
+ *
+ * @return the name of the algorithm, or null if not specified
+ * @since 1.9
+ */
+ public String getAlgorithm() {
+ return algorithmName;
+ }
+
+ /**
* Returns the encoded key.
*
* @return the encoded key. Returns a new array each time
--- a/jdk/src/java.base/share/classes/java/security/spec/PKCS8EncodedKeySpec.java Thu Sep 18 16:25:50 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/security/spec/PKCS8EncodedKeySpec.java Tue Sep 16 13:20:51 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -62,12 +62,12 @@
public class PKCS8EncodedKeySpec extends EncodedKeySpec {
/**
- * Creates a new PKCS8EncodedKeySpec with the given encoded key.
+ * Creates a new {@code PKCS8EncodedKeySpec} with the given encoded key.
*
* @param encodedKey the key, which is assumed to be
* encoded according to the PKCS #8 standard. The contents of
* the array are copied to protect against subsequent modification.
- * @exception NullPointerException if {@code encodedKey}
+ * @throws NullPointerException if {@code encodedKey}
* is null.
*/
public PKCS8EncodedKeySpec(byte[] encodedKey) {
@@ -75,6 +75,30 @@
}
/**
+ * Creates a new {@code PKCS8EncodedKeySpec} with the given encoded key and
+ * algorithm. This constructor is useful when subsequent callers of
+ * the {@code PKCS8EncodedKeySpec} object might not know the
+ * algorithm of the private key.
+ *
+ * @param encodedKey the key, which is assumed to be
+ * encoded according to the PKCS #8 standard. The contents of
+ * the array are copied to protect against subsequent modification.
+ * @param algorithm the algorithm name of the encoded private key
+ * See the KeyFactory section in the <a href=
+ * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyFactory">
+ * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
+ * for information about standard algorithm names.
+ * @throws NullPointerException if {@code encodedKey}
+ * or {@algorithm} is null.
+ * @throws IllegalArgumentException if {@code algorithm} is
+ * the empty string {@code ""}
+ * @since 1.9
+ */
+ public PKCS8EncodedKeySpec(byte[] encodedKey, String algorithm) {
+ super(encodedKey, algorithm);
+ }
+
+ /**
* Returns the key bytes, encoded according to the PKCS #8 standard.
*
* @return the PKCS #8 encoding of the key. Returns a new array
--- a/jdk/src/java.base/share/classes/java/security/spec/X509EncodedKeySpec.java Thu Sep 18 16:25:50 2014 -0700
+++ b/jdk/src/java.base/share/classes/java/security/spec/X509EncodedKeySpec.java Tue Sep 16 13:20:51 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -52,12 +52,12 @@
public class X509EncodedKeySpec extends EncodedKeySpec {
/**
- * Creates a new X509EncodedKeySpec with the given encoded key.
+ * Creates a new {@code X509EncodedKeySpec} with the given encoded key.
*
* @param encodedKey the key, which is assumed to be
* encoded according to the X.509 standard. The contents of the
* array are copied to protect against subsequent modification.
- * @exception NullPointerException if {@code encodedKey}
+ * @throws NullPointerException if {@code encodedKey}
* is null.
*/
public X509EncodedKeySpec(byte[] encodedKey) {
@@ -65,6 +65,30 @@
}
/**
+ * Creates a new {@code X509EncodedKeySpec} with the given encoded key.
+ * This constructor is useful when subsequent callers of the
+ * {@code X509EncodedKeySpec} object might not know the algorithm
+ * of the key.
+ *
+ * @param encodedKey the key, which is assumed to be
+ * encoded according to the X.509 standard. The contents of the
+ * array are copied to protect against subsequent modification.
+ * @param algorithm the algorithm name of the encoded public key
+ * See the KeyFactory section in the <a href=
+ * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyFactory">
+ * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
+ * for information about standard algorithm names.
+ * @throws NullPointerException if {@code encodedKey}
+ * or {@code algorithm} is null.
+ * @throws IllegalArgumentException if {@code algorithm} is
+ * the empty string {@code ""}
+ * @since 1.9
+ */
+ public X509EncodedKeySpec(byte[] encodedKey, String algorithm) {
+ super(encodedKey, algorithm);
+ }
+
+ /**
* Returns the key bytes, encoded according to the X.509 standard.
*
* @return the X.509 encoding of the key. Returns a new array
--- a/jdk/src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java Thu Sep 18 16:25:50 2014 -0700
+++ b/jdk/src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java Tue Sep 16 13:20:51 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -60,6 +60,9 @@
// the "encryptionAlgorithm" field
private AlgorithmId algid;
+ // the algorithm name of the encrypted private key
+ private String keyAlg;
+
// the "encryptedData" field
private byte[] encryptedData;
@@ -255,7 +258,7 @@
throw new InvalidKeySpecException(
"Cannot retrieve the PKCS8EncodedKeySpec", ex);
}
- return new PKCS8EncodedKeySpec(encoded);
+ return new PKCS8EncodedKeySpec(encoded, keyAlg);
}
private PKCS8EncodedKeySpec getKeySpecImpl(Key decryptKey,
@@ -280,7 +283,7 @@
throw new InvalidKeyException(
"Cannot retrieve the PKCS8EncodedKeySpec", ex);
}
- return new PKCS8EncodedKeySpec(encoded);
+ return new PKCS8EncodedKeySpec(encoded, keyAlg);
}
/**
@@ -405,7 +408,7 @@
}
@SuppressWarnings("fallthrough")
- private static void checkPKCS8Encoding(byte[] encodedKey)
+ private void checkPKCS8Encoding(byte[] encodedKey)
throws IOException {
DerInputStream in = new DerInputStream(encodedKey);
DerValue[] values = in.getSequence(3);
@@ -416,11 +419,7 @@
/* fall through */
case 3:
checkTag(values[0], DerValue.tag_Integer, "version");
- DerInputStream algid = values[1].toDerInputStream();
- algid.getOID();
- if (algid.available() != 0) {
- algid.getDerValue();
- }
+ keyAlg = AlgorithmId.parse(values[1]).getName();
checkTag(values[2], DerValue.tag_OctetString, "privateKey");
break;
default:
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/security/spec/PKCS8EncodedKeySpec/Algorithm.java Tue Sep 16 13:20:51 2014 -0700
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8047223
+ * @summary Add algorithm parameter to PKCS8EncodedKeySpec class
+ */
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Base64;
+import javax.crypto.EncryptedPrivateKeyInfo;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+
+public class Algorithm {
+
+ private static String PKCS8PrivateKey =
+ "MIICoTAbBgkqhkiG9w0BBQMwDgQIqQMPwbNEhOgCAggABIICgCwRkeLXVGdO7S1h\n" +
+ "FAFUiwj1HCzqYFF2x9+FzjlXNwEWecZsor5eoKQlTtJ9dsPajQ/wFgY76lkXDQXE\n" +
+ "hdm8ndWFgCwqFBshmAp4TOvO9GlaAloDTnLMUg715D5FujiElcV7vqIY2V/7uB21\n" +
+ "YRanKUa21sZAFJGj6Hom1+5+k0Q7Xi4kHgt+ZIPNLwrNFPWVovbTJdScZuJaDp6m\n" +
+ "Q1DJUIQOzthV11VI+MU/v5SSKhj/uCaxizazEi5lgdmR7rRGgMz2YipOIjXIsKgu\n" +
+ "jKX5LYFAZ8nYq1hy8Q1JPR5VPuWMFqeyofO/teXJb8gI/4TC1ZoED8hXj07jpJqG\n" +
+ "2NVO1Dwqab31qSAjfjBkSYHKun63BvZPq2mT+frJF1YzvQhCDnWN1zbMKFNTZJfd\n" +
+ "cUaecH/fgNKwKpeKGgX7UlWxo26/lS8pBiJ5ihtbyFfMUBtlwEN5uOHqVFOeZp1Z\n" +
+ "DwCc0o1JA7yOcazA2TtNT9pc58tFZ8pEeyLj7ZchOgv06N0hZJsI6AiwII4ljd+K\n" +
+ "4WKvs/xiSZU3tcHaWzqlf+6/M5kC3Pihm9GhZbKBmvrZYiKyTlJEeVI3pFRNSqbE\n" +
+ "nZUJgkmgzNT/ZfM2WsUJm03Rq0eNCU/FDscIZnCWSA6Bf/DJDQWmhMhg2QmTGzQM\n" +
+ "hw/vy77q7jxV67s36HGxxR1oe8uoZ2zugBBxHWEdqyQyrVwZXJukdjrc2S7pvMln\n" +
+ "/VSleEf91MEcDhztyhPSqlX+H95vMnVmh5oY2gwY+P0oD5Eki6/9K+BHfuqgtS4S\n" +
+ "LIna1iSyLr17pRO1lmNtvuCMwmUjeI8w3JhLmxxx//bl/WCAekqj3nMplrJHZ7xd\n" +
+ "6k0Stxo=";
+
+ private static String keyAlg = "RSA";
+ private static String password = "password";
+
+ /*
+ * This test checks that a PKCS8EncodedKeySpec is properly constructed
+ * from an encrypted private key and that the key algorithm name can be
+ * retrieved as expected.
+ */
+ public static void main(String[] argv) throws Exception {
+ EncryptedPrivateKeyInfo epki = new EncryptedPrivateKeyInfo(
+ Base64.getMimeDecoder().decode(PKCS8PrivateKey));
+ PBEKeySpec pks = new PBEKeySpec(password.toCharArray());
+ SecretKeyFactory skf = SecretKeyFactory.getInstance(epki.getAlgName());
+ SecretKey sk = skf.generateSecret(pks);
+ PKCS8EncodedKeySpec keySpec = epki.getKeySpec(sk);
+
+ // Get the key algorithm and make sure it's what we expect
+ String alg = keySpec.getAlgorithm();
+ if (!alg.equals(keyAlg)) {
+ throw new Exception("Expected: " + keyAlg + ", Got: " + alg);
+ }
+
+ System.out.println("Test passed");
+ }
+}