|
2
|
1 |
/*
|
|
5506
|
2 |
* Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
|
|
2
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
4 |
*
|
|
|
5 |
* This code is free software; you can redistribute it and/or modify it
|
|
|
6 |
* under the terms of the GNU General Public License version 2 only, as
|
|
5506
|
7 |
* published by the Free Software Foundation. Oracle designates this
|
|
2
|
8 |
* particular file as subject to the "Classpath" exception as provided
|
|
5506
|
9 |
* by Oracle in the LICENSE file that accompanied this code.
|
|
2
|
10 |
*
|
|
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that
|
|
|
15 |
* accompanied this code).
|
|
|
16 |
*
|
|
|
17 |
* You should have received a copy of the GNU General Public License version
|
|
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
20 |
*
|
|
5506
|
21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
|
22 |
* or visit www.oracle.com if you need additional information or have any
|
|
|
23 |
* questions.
|
|
2
|
24 |
*/
|
|
|
25 |
|
|
|
26 |
package java.security;
|
|
|
27 |
|
|
|
28 |
import java.io.*;
|
|
|
29 |
|
|
|
30 |
import java.security.spec.PKCS8EncodedKeySpec;
|
|
|
31 |
import java.security.spec.X509EncodedKeySpec;
|
|
|
32 |
import java.security.spec.InvalidKeySpecException;
|
|
|
33 |
|
|
|
34 |
import javax.crypto.SecretKeyFactory;
|
|
|
35 |
import javax.crypto.spec.SecretKeySpec;
|
|
|
36 |
|
|
|
37 |
/**
|
|
|
38 |
* Standardized representation for serialized Key objects.
|
|
|
39 |
*
|
|
|
40 |
* <p>
|
|
|
41 |
*
|
|
|
42 |
* Note that a serialized Key may contain sensitive information
|
|
|
43 |
* which should not be exposed in untrusted environments. See the
|
|
|
44 |
* <a href="../../../platform/serialization/spec/security.html">
|
|
|
45 |
* Security Appendix</a>
|
|
|
46 |
* of the Serialization Specification for more information.
|
|
|
47 |
*
|
|
|
48 |
* @see Key
|
|
|
49 |
* @see KeyFactory
|
|
|
50 |
* @see javax.crypto.spec.SecretKeySpec
|
|
|
51 |
* @see java.security.spec.X509EncodedKeySpec
|
|
|
52 |
* @see java.security.spec.PKCS8EncodedKeySpec
|
|
|
53 |
*
|
|
|
54 |
* @since 1.5
|
|
|
55 |
*/
|
|
|
56 |
|
|
|
57 |
public class KeyRep implements Serializable {
|
|
|
58 |
|
|
|
59 |
private static final long serialVersionUID = -4757683898830641853L;
|
|
|
60 |
|
|
|
61 |
/**
|
|
|
62 |
* Key type.
|
|
|
63 |
*
|
|
|
64 |
* @since 1.5
|
|
|
65 |
*/
|
|
|
66 |
public static enum Type {
|
|
|
67 |
|
|
|
68 |
/** Type for secret keys. */
|
|
|
69 |
SECRET,
|
|
|
70 |
|
|
|
71 |
/** Type for public keys. */
|
|
|
72 |
PUBLIC,
|
|
|
73 |
|
|
|
74 |
/** Type for private keys. */
|
|
|
75 |
PRIVATE,
|
|
|
76 |
|
|
|
77 |
}
|
|
|
78 |
|
|
|
79 |
private static final String PKCS8 = "PKCS#8";
|
|
|
80 |
private static final String X509 = "X.509";
|
|
|
81 |
private static final String RAW = "RAW";
|
|
|
82 |
|
|
|
83 |
/**
|
|
|
84 |
* Either one of Type.SECRET, Type.PUBLIC, or Type.PRIVATE
|
|
|
85 |
*
|
|
|
86 |
* @serial
|
|
|
87 |
*/
|
|
|
88 |
private Type type;
|
|
|
89 |
|
|
|
90 |
/**
|
|
|
91 |
* The Key algorithm
|
|
|
92 |
*
|
|
|
93 |
* @serial
|
|
|
94 |
*/
|
|
|
95 |
private String algorithm;
|
|
|
96 |
|
|
|
97 |
/**
|
|
|
98 |
* The Key encoding format
|
|
|
99 |
*
|
|
|
100 |
* @serial
|
|
|
101 |
*/
|
|
|
102 |
private String format;
|
|
|
103 |
|
|
|
104 |
/**
|
|
|
105 |
* The encoded Key bytes
|
|
|
106 |
*
|
|
|
107 |
* @serial
|
|
|
108 |
*/
|
|
|
109 |
private byte[] encoded;
|
|
|
110 |
|
|
|
111 |
/**
|
|
|
112 |
* Construct the alternate Key class.
|
|
|
113 |
*
|
|
|
114 |
* <p>
|
|
|
115 |
*
|
|
|
116 |
* @param type either one of Type.SECRET, Type.PUBLIC, or Type.PRIVATE
|
|
|
117 |
* @param algorithm the algorithm returned from
|
|
|
118 |
* <code>Key.getAlgorithm()</code>
|
|
|
119 |
* @param format the encoding format returned from
|
|
|
120 |
* <code>Key.getFormat()</code>
|
|
|
121 |
* @param encoded the encoded bytes returned from
|
|
|
122 |
* <code>Key.getEncoded()</code>
|
|
|
123 |
*
|
|
|
124 |
* @exception NullPointerException
|
|
|
125 |
* if type is <code>null</code>,
|
|
|
126 |
* if algorithm is <code>null</code>,
|
|
|
127 |
* if format is <code>null</code>,
|
|
|
128 |
* or if encoded is <code>null</code>
|
|
|
129 |
*/
|
|
|
130 |
public KeyRep(Type type, String algorithm,
|
|
|
131 |
String format, byte[] encoded) {
|
|
|
132 |
|
|
|
133 |
if (type == null || algorithm == null ||
|
|
|
134 |
format == null || encoded == null) {
|
|
|
135 |
throw new NullPointerException("invalid null input(s)");
|
|
|
136 |
}
|
|
|
137 |
|
|
|
138 |
this.type = type;
|
|
|
139 |
this.algorithm = algorithm;
|
|
|
140 |
this.format = format.toUpperCase();
|
|
|
141 |
this.encoded = encoded.clone();
|
|
|
142 |
}
|
|
|
143 |
|
|
|
144 |
/**
|
|
|
145 |
* Resolve the Key object.
|
|
|
146 |
*
|
|
|
147 |
* <p> This method supports three Type/format combinations:
|
|
|
148 |
* <ul>
|
|
|
149 |
* <li> Type.SECRET/"RAW" - returns a SecretKeySpec object
|
|
|
150 |
* constructed using encoded key bytes and algorithm
|
|
|
151 |
* <li> Type.PUBLIC/"X.509" - gets a KeyFactory instance for
|
|
|
152 |
* the key algorithm, constructs an X509EncodedKeySpec with the
|
|
|
153 |
* encoded key bytes, and generates a public key from the spec
|
|
|
154 |
* <li> Type.PRIVATE/"PKCS#8" - gets a KeyFactory instance for
|
|
|
155 |
* the key algorithm, constructs a PKCS8EncodedKeySpec with the
|
|
|
156 |
* encoded key bytes, and generates a private key from the spec
|
|
|
157 |
* </ul>
|
|
|
158 |
*
|
|
|
159 |
* <p>
|
|
|
160 |
*
|
|
|
161 |
* @return the resolved Key object
|
|
|
162 |
*
|
|
|
163 |
* @exception ObjectStreamException if the Type/format
|
|
|
164 |
* combination is unrecognized, if the algorithm, key format, or
|
|
|
165 |
* encoded key bytes are unrecognized/invalid, of if the
|
|
|
166 |
* resolution of the key fails for any reason
|
|
|
167 |
*/
|
|
|
168 |
protected Object readResolve() throws ObjectStreamException {
|
|
|
169 |
try {
|
|
|
170 |
if (type == Type.SECRET && RAW.equals(format)) {
|
|
|
171 |
return new SecretKeySpec(encoded, algorithm);
|
|
|
172 |
} else if (type == Type.PUBLIC && X509.equals(format)) {
|
|
|
173 |
KeyFactory f = KeyFactory.getInstance(algorithm);
|
|
|
174 |
return f.generatePublic(new X509EncodedKeySpec(encoded));
|
|
|
175 |
} else if (type == Type.PRIVATE && PKCS8.equals(format)) {
|
|
|
176 |
KeyFactory f = KeyFactory.getInstance(algorithm);
|
|
|
177 |
return f.generatePrivate(new PKCS8EncodedKeySpec(encoded));
|
|
|
178 |
} else {
|
|
|
179 |
throw new NotSerializableException
|
|
|
180 |
("unrecognized type/format combination: " +
|
|
|
181 |
type + "/" + format);
|
|
|
182 |
}
|
|
|
183 |
} catch (NotSerializableException nse) {
|
|
|
184 |
throw nse;
|
|
|
185 |
} catch (Exception e) {
|
|
|
186 |
NotSerializableException nse = new NotSerializableException
|
|
|
187 |
("java.security.Key: " +
|
|
|
188 |
"[" + type + "] " +
|
|
|
189 |
"[" + algorithm + "] " +
|
|
|
190 |
"[" + format + "]");
|
|
|
191 |
nse.initCause(e);
|
|
|
192 |
throw nse;
|
|
|
193 |
}
|
|
|
194 |
}
|
|
|
195 |
}
|