Save This Page
Home » openjdk-7 » com.sun.crypto » provider » [javadoc | source]
    1   /*
    2    * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
    3    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
    4    *
    5    * This code is free software; you can redistribute it and/or modify it
    6    * under the terms of the GNU General Public License version 2 only, as
    7    * published by the Free Software Foundation.  Oracle designates this
    8    * particular file as subject to the "Classpath" exception as provided
    9    * by Oracle in the LICENSE file that accompanied this code.
   10    *
   11    * This code is distributed in the hope that it will be useful, but WITHOUT
   12    * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
   13    * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
   14    * version 2 for more details (a copy is included in the LICENSE file that
   15    * accompanied this code).
   16    *
   17    * You should have received a copy of the GNU General Public License version
   18    * 2 along with this work; if not, write to the Free Software Foundation,
   19    * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
   20    *
   21    * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
   22    * or visit www.oracle.com if you need additional information or have any
   23    * questions.
   24    */
   25   
   26   package com.sun.crypto.provider;
   27   
   28   import java.io.UnsupportedEncodingException;
   29   import java.security.InvalidKeyException;
   30   import java.security.spec.KeySpec;
   31   import java.security.spec.InvalidKeySpecException;
   32   import javax.crypto.SecretKey;
   33   import javax.crypto.SecretKeyFactorySpi;
   34   import javax.crypto.spec.PBEKeySpec;
   35   import java.util.HashSet;
   36   
   37   /**
   38    * This class implements a key factory for PBE keys according to PKCS#5,
   39    * meaning that the password must consist of printable ASCII characters
   40    * (values 32 to 126 decimal inclusive) and only the low order 8 bits
   41    * of each password character are used.
   42    *
   43    * @author Jan Luehe
   44    *
   45    */
   46   abstract class PBEKeyFactory extends SecretKeyFactorySpi {
   47   
   48       private String type;
   49       private static HashSet<String> validTypes;
   50   
   51       /**
   52        * Simple constructor
   53        */
   54       private PBEKeyFactory(String keytype) {
   55           type = keytype;
   56       }
   57   
   58       static {
   59           validTypes = new HashSet<String>(4);
   60           validTypes.add("PBEWithMD5AndDES".toUpperCase());
   61           validTypes.add("PBEWithSHA1AndDESede".toUpperCase());
   62           validTypes.add("PBEWithSHA1AndRC2_40".toUpperCase());
   63           // Proprietary algorithm.
   64           validTypes.add("PBEWithMD5AndTripleDES".toUpperCase());
   65       }
   66   
   67       public static final class PBEWithMD5AndDES
   68               extends PBEKeyFactory {
   69           public PBEWithMD5AndDES()  {
   70               super("PBEWithMD5AndDES");
   71           }
   72       }
   73   
   74       public static final class PBEWithSHA1AndDESede
   75               extends PBEKeyFactory {
   76           public PBEWithSHA1AndDESede()  {
   77               super("PBEWithSHA1AndDESede");
   78           }
   79       }
   80   
   81       public static final class PBEWithSHA1AndRC2_40
   82               extends PBEKeyFactory {
   83           public PBEWithSHA1AndRC2_40()  {
   84               super("PBEWithSHA1AndRC2_40");
   85           }
   86       }
   87   
   88       /*
   89        * Private proprietary algorithm for supporting JCEKS.
   90        */
   91       public static final class PBEWithMD5AndTripleDES
   92               extends PBEKeyFactory {
   93           public PBEWithMD5AndTripleDES()  {
   94               super("PBEWithMD5AndTripleDES");
   95           }
   96       }
   97   
   98   
   99       /**
  100        * Generates a <code>SecretKey</code> object from the provided key
  101        * specification (key material).
  102        *
  103        * @param keySpec the specification (key material) of the secret key
  104        *
  105        * @return the secret key
  106        *
  107        * @exception InvalidKeySpecException if the given key specification
  108        * is inappropriate for this key factory to produce a public key.
  109        */
  110       protected SecretKey engineGenerateSecret(KeySpec keySpec)
  111           throws InvalidKeySpecException
  112       {
  113           if (!(keySpec instanceof PBEKeySpec)) {
  114               throw new InvalidKeySpecException("Invalid key spec");
  115           }
  116           return new PBEKey((PBEKeySpec)keySpec, type);
  117       }
  118   
  119       /**
  120        * Returns a specification (key material) of the given key
  121        * in the requested format.
  122        *
  123        * @param key the key
  124        *
  125        * @param keySpec the requested format in which the key material shall be
  126        * returned
  127        *
  128        * @return the underlying key specification (key material) in the
  129        * requested format
  130        *
  131        * @exception InvalidKeySpecException if the requested key specification is
  132        * inappropriate for the given key, or the given key cannot be processed
  133        * (e.g., the given key has an unrecognized algorithm or format).
  134        */
  135       protected KeySpec engineGetKeySpec(SecretKey key, Class keySpecCl)
  136           throws InvalidKeySpecException {
  137           if ((key instanceof SecretKey)
  138               && (validTypes.contains(key.getAlgorithm().toUpperCase()))
  139               && (key.getFormat().equalsIgnoreCase("RAW"))) {
  140   
  141               // Check if requested key spec is amongst the valid ones
  142               if ((keySpecCl != null)
  143                   && PBEKeySpec.class.isAssignableFrom(keySpecCl)) {
  144                   byte[] passwdBytes = key.getEncoded();
  145                   char[] passwdChars = new char[passwdBytes.length];
  146                   for (int i=0; i<passwdChars.length; i++)
  147                       passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
  148                   PBEKeySpec ret = new PBEKeySpec(passwdChars);
  149                   // password char[] was cloned in PBEKeySpec constructor,
  150                   // so we can zero it out here
  151                   java.util.Arrays.fill(passwdChars, ' ');
  152                   java.util.Arrays.fill(passwdBytes, (byte)0x00);
  153                   return ret;
  154               } else {
  155                   throw new InvalidKeySpecException("Invalid key spec");
  156               }
  157           } else {
  158               throw new InvalidKeySpecException("Invalid key "
  159                                                 + "format/algorithm");
  160           }
  161       }
  162   
  163       /**
  164        * Translates a <code>SecretKey</code> object, whose provider may be
  165        * unknown or potentially untrusted, into a corresponding
  166        * <code>SecretKey</code> object of this key factory.
  167        *
  168        * @param key the key whose provider is unknown or untrusted
  169        *
  170        * @return the translated key
  171        *
  172        * @exception InvalidKeyException if the given key cannot be processed by
  173        * this key factory.
  174        */
  175       protected SecretKey engineTranslateKey(SecretKey key)
  176           throws InvalidKeyException
  177       {
  178           try {
  179               if ((key != null) &&
  180                   (validTypes.contains(key.getAlgorithm().toUpperCase())) &&
  181                   (key.getFormat().equalsIgnoreCase("RAW"))) {
  182   
  183                   // Check if key originates from this factory
  184                   if (key instanceof com.sun.crypto.provider.PBEKey) {
  185                       return key;
  186                   }
  187   
  188                   // Convert key to spec
  189                   PBEKeySpec pbeKeySpec = (PBEKeySpec)engineGetKeySpec
  190                       (key, PBEKeySpec.class);
  191   
  192                   // Create key from spec, and return it
  193                   return engineGenerateSecret(pbeKeySpec);
  194               } else {
  195                   throw new InvalidKeyException("Invalid key format/algorithm");
  196               }
  197   
  198           } catch (InvalidKeySpecException ikse) {
  199               throw new InvalidKeyException("Cannot translate key: "
  200                                             + ikse.getMessage());
  201           }
  202       }
  203   }

Save This Page
Home » openjdk-7 » com.sun.crypto » provider » [javadoc | source]