Back to index...

	/*
	* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	package javax.crypto.spec;

	import java.security.spec.KeySpec;
	import java.util.Arrays;

	/**
	* A user-chosen password that can be used with password-based encryption
	* (<i>PBE</i>).
	*
	* <p>The password can be viewed as some kind of raw key material, from which
	* the encryption mechanism that uses it derives a cryptographic key.
	*
	* <p>Different PBE mechanisms may consume different bits of each password
	* character. For example, the PBE mechanism defined in
	* <a href="http://www.ietf.org/rfc/rfc2898.txt">
	* PKCS #5</a> looks at only the low order 8 bits of each character, whereas
	* PKCS #12 looks at all 16 bits of each character.
	*
	* <p>You convert the password characters to a PBE key by creating an
	* instance of the appropriate secret-key factory. For example, a secret-key
	* factory for PKCS #5 will construct a PBE key from only the low order 8 bits
	* of each password character, whereas a secret-key factory for PKCS #12 will
	* take all 16 bits of each character.
	*
	* <p>Also note that this class stores passwords as char arrays instead of
	* <code>String</code> objects (which would seem more logical), because the
	* String class is immutable and there is no way to overwrite its
	* internal value when the password stored in it is no longer needed. Hence,
	* this class requests the password as a char array, so it can be overwritten
	* when done.
	*
	* @author Jan Luehe
	* @author Valerie Peng
	*
	* @see javax.crypto.SecretKeyFactory
	* @see PBEParameterSpec
	* @since 1.4
	*/
	public class PBEKeySpec implements KeySpec {

	private char[] password;
	private byte[] salt = null;
	private int iterationCount = 0;
	private int keyLength = 0;

	/**
	* Constructor that takes a password. An empty char[] is used if
	* null is specified.
	*
	* <p> Note: <code>password</code> is cloned before it is stored in
	* the new <code>PBEKeySpec</code> object.
	*
	* @param password the password.
	*/
	public PBEKeySpec(char[] password) {
	if ((password == null) \|\| (password.length == 0)) {
	this.password = new char[0];
	} else {
	this.password = password.clone();
	}
	}


	/**
	* Constructor that takes a password, salt, iteration count, and
	* to-be-derived key length for generating PBEKey of variable-key-size
	* PBE ciphers. An empty char[] is used if null is specified for
	* <code>password</code>.
	*
	* <p> Note: the <code>password</code> and <code>salt</code>
	* are cloned before they are stored in
	* the new <code>PBEKeySpec</code> object.
	*
	* @param password the password.
	* @param salt the salt.
	* @param iterationCount the iteration count.
	* @param keyLength the to-be-derived key length.
	* @exception NullPointerException if <code>salt</code> is null.
	* @exception IllegalArgumentException if <code>salt</code> is empty,
	* i.e. 0-length, <code>iterationCount</code> or
	* <code>keyLength</code> is not positive.
	*/
	public PBEKeySpec(char[] password, byte[] salt, int iterationCount,
	int keyLength) {
	if ((password == null) \|\| (password.length == 0)) {
	this.password = new char[0];
	} else {
	this.password = password.clone();
	}
	if (salt == null) {
	throw new NullPointerException("the salt parameter " +
	"must be non-null");
	} else if (salt.length == 0) {
	throw new IllegalArgumentException("the salt parameter " +
	"must not be empty");
	} else {
	this.salt = salt.clone();
	}
	if (iterationCount<=0) {
	throw new IllegalArgumentException("invalid iterationCount value");
	}
	if (keyLength<=0) {
	throw new IllegalArgumentException("invalid keyLength value");
	}
	this.iterationCount = iterationCount;
	this.keyLength = keyLength;
	}


	/**
	* Constructor that takes a password, salt, iteration count for
	* generating PBEKey of fixed-key-size PBE ciphers. An empty
	* char[] is used if null is specified for <code>password</code>.
	*
	* <p> Note: the <code>password</code> and <code>salt</code>
	* are cloned before they are stored in the new
	* <code>PBEKeySpec</code> object.
	*
	* @param password the password.
	* @param salt the salt.
	* @param iterationCount the iteration count.
	* @exception NullPointerException if <code>salt</code> is null.
	* @exception IllegalArgumentException if <code>salt</code> is empty,
	* i.e. 0-length, or <code>iterationCount</code> is not positive.
	*/
	public PBEKeySpec(char[] password, byte[] salt, int iterationCount) {
	if ((password == null) \|\| (password.length == 0)) {
	this.password = new char[0];
	} else {
	this.password = password.clone();
	}
	if (salt == null) {
	throw new NullPointerException("the salt parameter " +
	"must be non-null");
	} else if (salt.length == 0) {
	throw new IllegalArgumentException("the salt parameter " +
	"must not be empty");
	} else {
	this.salt = salt.clone();
	}
	if (iterationCount<=0) {
	throw new IllegalArgumentException("invalid iterationCount value");
	}
	this.iterationCount = iterationCount;
	}

	/**
	* Clears the internal copy of the password.
	*
	*/
	public final void clearPassword() {
	if (password != null) {
	Arrays.fill(password, ' ');
	password = null;
	}
	}

	/**
	* Returns a copy of the password.
	*
	* <p> Note: this method returns a copy of the password. It is
	* the caller's responsibility to zero out the password information after
	* it is no longer needed.
	*
	* @exception IllegalStateException if password has been cleared by
	* calling <code>clearPassword</code> method.
	* @return the password.
	*/
	public final char[] getPassword() {
	if (password == null) {
	throw new IllegalStateException("password has been cleared");
	}
	return password.clone();
	}

	/**
	* Returns a copy of the salt or null if not specified.
	*
	* <p> Note: this method should return a copy of the salt. It is
	* the caller's responsibility to zero out the salt information after
	* it is no longer needed.
	*
	* @return the salt.
	*/
	public final byte[] getSalt() {
	if (salt != null) {
	return salt.clone();
	} else {
	return null;
	}
	}

	/**
	* Returns the iteration count or 0 if not specified.
	*
	* @return the iteration count.
	*/
	public final int getIterationCount() {
	return iterationCount;
	}

	/**
	* Returns the to-be-derived key length or 0 if not specified.
	*
	* <p> Note: this is used to indicate the preference on key length
	* for variable-key-size ciphers. The actual key size depends on
	* each provider's implementation.
	*
	* @return the to-be-derived key length.
	*/
	public final int getKeyLength() {
	return keyLength;
	}
	}

Back to index...