/* |
|
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. |
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
* |
|
* This code is free software; you can redistribute it and/or modify it |
|
* under the terms of the GNU General Public License version 2 only, as |
|
* published by the Free Software Foundation. Oracle designates this |
|
* particular file as subject to the "Classpath" exception as provided |
|
* by Oracle in the LICENSE file that accompanied this code. |
|
* |
|
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
* version 2 for more details (a copy is included in the LICENSE file that |
|
* accompanied this code). |
|
* |
|
* You should have received a copy of the GNU General Public License version |
|
* 2 along with this work; if not, write to the Free Software Foundation, |
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
* |
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
* or visit www.oracle.com if you need additional information or have any |
|
* questions. |
|
*/ |
|
package com.sun.crypto.provider; |
|
import java.security.Key; |
|
import java.security.PublicKey; |
|
import java.security.PrivateKey; |
|
import java.security.KeyFactory; |
|
import java.security.InvalidKeyException; |
|
import java.security.NoSuchProviderException; |
|
import java.security.NoSuchAlgorithmException; |
|
import java.security.spec.PKCS8EncodedKeySpec; |
|
import java.security.spec.X509EncodedKeySpec; |
|
import java.security.spec.InvalidKeySpecException; |
|
import javax.crypto.Cipher; |
|
import javax.crypto.CipherSpi; |
|
import javax.crypto.SecretKey; |
|
import javax.crypto.IllegalBlockSizeException; |
|
import javax.crypto.BadPaddingException; |
|
import javax.crypto.spec.SecretKeySpec; |
|
/** |
|
* This class entends the javax.crypto.CipherSpi class with a concrete |
|
* implementation of the methods for wrapping and unwrapping |
|
* keys. |
|
* |
|
* @author Sharon Liu |
|
* |
|
* |
|
* @see javax.crypto.CipherSpi |
|
* @see BlowfishCipher |
|
* @see DESCipher |
|
* @see PBEWithMD5AndDESCipher |
|
*/ |
|
public abstract class CipherWithWrappingSpi extends CipherSpi { |
|
/** |
|
* Wrap a key. |
|
* |
|
* @param key the key to be wrapped. |
|
* |
|
* @return the wrapped key. |
|
* |
|
* @exception IllegalBlockSizeException if this cipher is a block |
|
* cipher, no padding has been requested, and the length of the |
|
* encoding of the key to be wrapped is not a |
|
* multiple of the block size. |
|
* |
|
* @exception InvalidKeyException if it is impossible or unsafe to |
|
* wrap the key with this cipher (e.g., a hardware protected key is |
|
* being passed to a software only cipher). |
|
*/ |
|
protected final byte[] engineWrap(Key key) |
|
throws IllegalBlockSizeException, InvalidKeyException |
|
{ |
|
byte[] result = null; |
|
try { |
|
byte[] encodedKey = key.getEncoded(); |
|
if ((encodedKey == null) || (encodedKey.length == 0)) { |
|
throw new InvalidKeyException("Cannot get an encoding of " + |
|
"the key to be wrapped"); |
|
} |
|
result = engineDoFinal(encodedKey, 0, encodedKey.length); |
|
} catch (BadPaddingException e) { |
|
// Should never happen |
|
} |
|
return result; |
|
} |
|
/** |
|
* Unwrap a previously wrapped key. |
|
* |
|
* @param wrappedKey the key to be unwrapped. |
|
* |
|
* @param wrappedKeyAlgorithm the algorithm the wrapped key is for. |
|
* |
|
* @param wrappedKeyType the type of the wrapped key. |
|
* This is one of <code>Cipher.SECRET_KEY</code>, |
|
* <code>Cipher.PRIVATE_KEY</code>, or <code>Cipher.PUBLIC_KEY</code>. |
|
* |
|
* @return the unwrapped key. |
|
* |
|
* @exception InvalidKeyException if <code>wrappedKey</code> does not |
|
* represent a wrapped key, or if the algorithm associated with the |
|
* wrapped key is different from <code>wrappedKeyAlgorithm</code> |
|
* and/or its key type is different from <code>wrappedKeyType</code>. |
|
* |
|
* @exception NoSuchAlgorithmException if no installed providers |
|
* can create keys for the <code>wrappedKeyAlgorithm</code>. |
|
*/ |
|
protected final Key engineUnwrap(byte[] wrappedKey, |
|
String wrappedKeyAlgorithm, |
|
int wrappedKeyType) |
|
throws InvalidKeyException, NoSuchAlgorithmException |
|
{ |
|
byte[] encodedKey; |
|
Key result = null; |
|
try { |
|
encodedKey = engineDoFinal(wrappedKey, 0, |
|
wrappedKey.length); |
|
} catch (BadPaddingException ePadding) { |
|
throw new InvalidKeyException(); |
|
} catch (IllegalBlockSizeException eBlockSize) { |
|
throw new InvalidKeyException(); |
|
} |
|
switch (wrappedKeyType) { |
|
case Cipher.SECRET_KEY: |
|
result = constructSecretKey(encodedKey, |
|
wrappedKeyAlgorithm); |
|
break; |
|
case Cipher.PRIVATE_KEY: |
|
result = constructPrivateKey(encodedKey, |
|
wrappedKeyAlgorithm); |
|
break; |
|
case Cipher.PUBLIC_KEY: |
|
result = constructPublicKey(encodedKey, |
|
wrappedKeyAlgorithm); |
|
break; |
|
} |
|
return result; |
|
} |
|
/** |
|
* Construct a public key from its encoding. |
|
* |
|
* @param encodedKey the encoding of a public key. |
|
* |
|
* @param encodedKeyAlgorithm the algorithm the encodedKey is for. |
|
* |
|
* @return a public key constructed from the encodedKey. |
|
*/ |
|
private final PublicKey constructPublicKey(byte[] encodedKey, |
|
String encodedKeyAlgorithm) |
|
throws InvalidKeyException, NoSuchAlgorithmException |
|
{ |
|
PublicKey key = null; |
|
try { |
|
KeyFactory keyFactory = |
|
KeyFactory.getInstance(encodedKeyAlgorithm, |
|
SunJCE.getInstance()); |
|
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encodedKey); |
|
key = keyFactory.generatePublic(keySpec); |
|
} catch (NoSuchAlgorithmException nsae) { |
|
// Try to see whether there is another |
|
// provider which supports this algorithm |
|
try { |
|
KeyFactory keyFactory = |
|
KeyFactory.getInstance(encodedKeyAlgorithm); |
|
X509EncodedKeySpec keySpec = |
|
new X509EncodedKeySpec(encodedKey); |
|
key = keyFactory.generatePublic(keySpec); |
|
} catch (NoSuchAlgorithmException nsae2) { |
|
throw new NoSuchAlgorithmException("No installed providers " + |
|
"can create keys for the " + |
|
encodedKeyAlgorithm + |
|
"algorithm"); |
|
} catch (InvalidKeySpecException ikse2) { |
|
// Should never happen. |
|
} |
|
} catch (InvalidKeySpecException ikse) { |
|
// Should never happen. |
|
} |
|
return key; |
|
} |
|
/** |
|
* Construct a private key from its encoding. |
|
* |
|
* @param encodedKey the encoding of a private key. |
|
* |
|
* @param encodedKeyAlgorithm the algorithm the wrapped key is for. |
|
* |
|
* @return a private key constructed from the encodedKey. |
|
*/ |
|
private final PrivateKey constructPrivateKey(byte[] encodedKey, |
|
String encodedKeyAlgorithm) |
|
throws InvalidKeyException, NoSuchAlgorithmException |
|
{ |
|
PrivateKey key = null; |
|
try { |
|
KeyFactory keyFactory = |
|
KeyFactory.getInstance(encodedKeyAlgorithm, |
|
SunJCE.getInstance()); |
|
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedKey); |
|
return keyFactory.generatePrivate(keySpec); |
|
} catch (NoSuchAlgorithmException nsae) { |
|
// Try to see whether there is another |
|
// provider which supports this algorithm |
|
try { |
|
KeyFactory keyFactory = |
|
KeyFactory.getInstance(encodedKeyAlgorithm); |
|
PKCS8EncodedKeySpec keySpec = |
|
new PKCS8EncodedKeySpec(encodedKey); |
|
key = keyFactory.generatePrivate(keySpec); |
|
} catch (NoSuchAlgorithmException nsae2) { |
|
throw new NoSuchAlgorithmException("No installed providers " + |
|
"can create keys for the " + |
|
encodedKeyAlgorithm + |
|
"algorithm"); |
|
} catch (InvalidKeySpecException ikse2) { |
|
// Should never happen. |
|
} |
|
} catch (InvalidKeySpecException ikse) { |
|
// Should never happen. |
|
} |
|
return key; |
|
} |
|
/** |
|
* Construct a secret key from its encoding. |
|
* |
|
* @param encodedKey the encoding of a secret key. |
|
* |
|
* @param encodedKeyAlgorithm the algorithm the secret key is for. |
|
* |
|
* @return a secret key constructed from the encodedKey. |
|
*/ |
|
private final SecretKey constructSecretKey(byte[] encodedKey, |
|
String encodedKeyAlgorithm) |
|
{ |
|
return (new SecretKeySpec(encodedKey, encodedKeyAlgorithm)); |
|
} |
|
} |