Save This Page
Home » openjdk-7 » javax » crypto » [javadoc | source]
    1   /*
    2    * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
    3    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
    4    *
    5    * This code is free software; you can redistribute it and/or modify it
    6    * under the terms of the GNU General Public License version 2 only, as
    7    * published by the Free Software Foundation.  Oracle designates this
    8    * particular file as subject to the "Classpath" exception as provided
    9    * by Oracle in the LICENSE file that accompanied this code.
   10    *
   11    * This code is distributed in the hope that it will be useful, but WITHOUT
   12    * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
   13    * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
   14    * version 2 for more details (a copy is included in the LICENSE file that
   15    * accompanied this code).
   16    *
   17    * You should have received a copy of the GNU General Public License version
   18    * 2 along with this work; if not, write to the Free Software Foundation,
   19    * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
   20    *
   21    * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
   22    * or visit www.oracle.com if you need additional information or have any
   23    * questions.
   24    */
   25   
   26   package javax.crypto;
   27   
   28   import java.util;
   29   
   30   import java.security;
   31   import java.security.Provider.Service;
   32   import java.security.spec;
   33   
   34   import sun.security.util.Debug;
   35   import sun.security.jca;
   36   import sun.security.jca.GetInstance.Instance;
   37   
   38   /**
   39    * This class provides the functionality of a key agreement (or key
   40    * exchange) protocol.
   41    * <p>
   42    * The keys involved in establishing a shared secret are created by one of the
   43    * key generators (<code>KeyPairGenerator</code> or
   44    * <code>KeyGenerator</code>), a <code>KeyFactory</code>, or as a result from
   45    * an intermediate phase of the key agreement protocol.
   46    *
   47    * <p> For each of the correspondents in the key exchange, <code>doPhase</code>
   48    * needs to be called. For example, if this key exchange is with one other
   49    * party, <code>doPhase</code> needs to be called once, with the
   50    * <code>lastPhase</code> flag set to <code>true</code>.
   51    * If this key exchange is
   52    * with two other parties, <code>doPhase</code> needs to be called twice,
   53    * the first time setting the <code>lastPhase</code> flag to
   54    * <code>false</code>, and the second time setting it to <code>true</code>.
   55    * There may be any number of parties involved in a key exchange.
   56    *
   57    * <p> Every implementation of the Java platform is required to support the
   58    * following standard <code>KeyAgreement</code> algorithm:
   59    * <ul>
   60    * <li><tt>DiffieHellman</tt></li>
   61    * </ul>
   62    * This algorithm is described in the <a href=
   63    * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyAgreement">
   64    * KeyAgreement section</a> of the
   65    * Java Cryptography Architecture Standard Algorithm Name Documentation.
   66    * Consult the release documentation for your implementation to see if any
   67    * other algorithms are supported.
   68    *
   69    * @author Jan Luehe
   70    *
   71    * @see KeyGenerator
   72    * @see SecretKey
   73    * @since 1.4
   74    */
   75   
   76   public class KeyAgreement {
   77   
   78       private static final Debug debug =
   79                           Debug.getInstance("jca", "KeyAgreement");
   80   
   81       // The provider
   82       private Provider provider;
   83   
   84       // The provider implementation (delegate)
   85       private KeyAgreementSpi spi;
   86   
   87       // The name of the key agreement algorithm.
   88       private final String algorithm;
   89   
   90       // next service to try in provider selection
   91       // null once provider is selected
   92       private Service firstService;
   93   
   94       // remaining services to try in provider selection
   95       // null once provider is selected
   96       private Iterator serviceIterator;
   97   
   98       private final Object lock;
   99   
  100       /**
  101        * Creates a KeyAgreement object.
  102        *
  103        * @param keyAgreeSpi the delegate
  104        * @param provider the provider
  105        * @param algorithm the algorithm
  106        */
  107       protected KeyAgreement(KeyAgreementSpi keyAgreeSpi, Provider provider,
  108                              String algorithm) {
  109           this.spi = keyAgreeSpi;
  110           this.provider = provider;
  111           this.algorithm = algorithm;
  112           lock = null;
  113       }
  114   
  115       private KeyAgreement(Service s, Iterator t, String algorithm) {
  116           firstService = s;
  117           serviceIterator = t;
  118           this.algorithm = algorithm;
  119           lock = new Object();
  120       }
  121   
  122       /**
  123        * Returns the algorithm name of this <code>KeyAgreement</code> object.
  124        *
  125        * <p>This is the same name that was specified in one of the
  126        * <code>getInstance</code> calls that created this
  127        * <code>KeyAgreement</code> object.
  128        *
  129        * @return the algorithm name of this <code>KeyAgreement</code> object.
  130        */
  131       public final String getAlgorithm() {
  132           return this.algorithm;
  133       }
  134   
  135       /**
  136        * Returns a <code>KeyAgreement</code> object that implements the
  137        * specified key agreement algorithm.
  138        *
  139        * <p> This method traverses the list of registered security Providers,
  140        * starting with the most preferred Provider.
  141        * A new KeyAgreement object encapsulating the
  142        * KeyAgreementSpi implementation from the first
  143        * Provider that supports the specified algorithm is returned.
  144        *
  145        * <p> Note that the list of registered providers may be retrieved via
  146        * the {@link Security#getProviders() Security.getProviders()} method.
  147        *
  148        * @param algorithm the standard name of the requested key agreement
  149        * algorithm.
  150        * See the KeyAgreement section in the <a href=
  151        * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyAgreement">
  152        * Java Cryptography Architecture Standard Algorithm Name Documentation
  153        * for information about standard algorithm names.
  154        *
  155        * @return the new <code>KeyAgreement</code> object.
  156        *
  157        * @exception NullPointerException if the specified algorithm
  158        *          is null.
  159        *
  160        * @exception NoSuchAlgorithmException if no Provider supports a
  161        *          KeyAgreementSpi implementation for the
  162        *          specified algorithm.
  163        *
  164        * @see java.security.Provider
  165        */
  166       public static final KeyAgreement getInstance(String algorithm)
  167               throws NoSuchAlgorithmException {
  168           List services = GetInstance.getServices("KeyAgreement", algorithm);
  169           // make sure there is at least one service from a signed provider
  170           Iterator t = services.iterator();
  171           while (t.hasNext()) {
  172               Service s = (Service)t.next();
  173               if (JceSecurity.canUseProvider(s.getProvider()) == false) {
  174                   continue;
  175               }
  176               return new KeyAgreement(s, t, algorithm);
  177           }
  178           throw new NoSuchAlgorithmException
  179                                   ("Algorithm " + algorithm + " not available");
  180       }
  181   
  182       /**
  183        * Returns a <code>KeyAgreement</code> object that implements the
  184        * specified key agreement algorithm.
  185        *
  186        * <p> A new KeyAgreement object encapsulating the
  187        * KeyAgreementSpi implementation from the specified provider
  188        * is returned.  The specified provider must be registered
  189        * in the security provider list.
  190        *
  191        * <p> Note that the list of registered providers may be retrieved via
  192        * the {@link Security#getProviders() Security.getProviders()} method.
  193        *
  194        * @param algorithm the standard name of the requested key agreement
  195        * algorithm.
  196        * See the KeyAgreement section in the <a href=
  197        * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyAgreement">
  198        * Java Cryptography Architecture Standard Algorithm Name Documentation
  199        * for information about standard algorithm names.
  200        *
  201        * @param provider the name of the provider.
  202        *
  203        * @return the new <code>KeyAgreement</code> object.
  204        *
  205        * @exception NullPointerException if the specified algorithm
  206        *          is null.
  207        *
  208        * @exception NoSuchAlgorithmException if a KeyAgreementSpi
  209        *          implementation for the specified algorithm is not
  210        *          available from the specified provider.
  211        *
  212        * @exception NoSuchProviderException if the specified provider is not
  213        *          registered in the security provider list.
  214        *
  215        * @exception IllegalArgumentException if the <code>provider</code>
  216        *          is null or empty.
  217        *
  218        * @see java.security.Provider
  219        */
  220       public static final KeyAgreement getInstance(String algorithm,
  221               String provider) throws NoSuchAlgorithmException,
  222               NoSuchProviderException {
  223           Instance instance = JceSecurity.getInstance
  224                   ("KeyAgreement", KeyAgreementSpi.class, algorithm, provider);
  225           return new KeyAgreement((KeyAgreementSpi)instance.impl,
  226                   instance.provider, algorithm);
  227       }
  228   
  229       /**
  230        * Returns a <code>KeyAgreement</code> object that implements the
  231        * specified key agreement algorithm.
  232        *
  233        * <p> A new KeyAgreement object encapsulating the
  234        * KeyAgreementSpi implementation from the specified Provider
  235        * object is returned.  Note that the specified Provider object
  236        * does not have to be registered in the provider list.
  237        *
  238        * @param algorithm the standard name of the requested key agreement
  239        * algorithm.
  240        * See the KeyAgreement section in the <a href=
  241        * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyAgreement">
  242        * Java Cryptography Architecture Standard Algorithm Name Documentation
  243        * for information about standard algorithm names.
  244        *
  245        * @param provider the provider.
  246        *
  247        * @return the new <code>KeyAgreement</code> object.
  248        *
  249        * @exception NullPointerException if the specified algorithm
  250        *          is null.
  251        *
  252        * @exception NoSuchAlgorithmException if a KeyAgreementSpi
  253        *          implementation for the specified algorithm is not available
  254        *          from the specified Provider object.
  255        *
  256        * @exception IllegalArgumentException if the <code>provider</code>
  257        *          is null.
  258        *
  259        * @see java.security.Provider
  260        */
  261       public static final KeyAgreement getInstance(String algorithm,
  262               Provider provider) throws NoSuchAlgorithmException {
  263           Instance instance = JceSecurity.getInstance
  264                   ("KeyAgreement", KeyAgreementSpi.class, algorithm, provider);
  265           return new KeyAgreement((KeyAgreementSpi)instance.impl,
  266                   instance.provider, algorithm);
  267       }
  268   
  269       // max number of debug warnings to print from chooseFirstProvider()
  270       private static int warnCount = 10;
  271   
  272       /**
  273        * Choose the Spi from the first provider available. Used if
  274        * delayed provider selection is not possible because init()
  275        * is not the first method called.
  276        */
  277       void chooseFirstProvider() {
  278           if (spi != null) {
  279               return;
  280           }
  281           synchronized (lock) {
  282               if (spi != null) {
  283                   return;
  284               }
  285               if (debug != null) {
  286                   int w = --warnCount;
  287                   if (w >= 0) {
  288                       debug.println("KeyAgreement.init() not first method "
  289                           + "called, disabling delayed provider selection");
  290                       if (w == 0) {
  291                           debug.println("Further warnings of this type will "
  292                               + "be suppressed");
  293                       }
  294                       new Exception("Call trace").printStackTrace();
  295                   }
  296               }
  297               Exception lastException = null;
  298               while ((firstService != null) || serviceIterator.hasNext()) {
  299                   Service s;
  300                   if (firstService != null) {
  301                       s = firstService;
  302                       firstService = null;
  303                   } else {
  304                       s = (Service)serviceIterator.next();
  305                   }
  306                   if (JceSecurity.canUseProvider(s.getProvider()) == false) {
  307                       continue;
  308                   }
  309                   try {
  310                       Object obj = s.newInstance(null);
  311                       if (obj instanceof KeyAgreementSpi == false) {
  312                           continue;
  313                       }
  314                       spi = (KeyAgreementSpi)obj;
  315                       provider = s.getProvider();
  316                       // not needed any more
  317                       firstService = null;
  318                       serviceIterator = null;
  319                       return;
  320                   } catch (Exception e) {
  321                       lastException = e;
  322                   }
  323               }
  324               ProviderException e = new ProviderException
  325                       ("Could not construct KeyAgreementSpi instance");
  326               if (lastException != null) {
  327                   e.initCause(lastException);
  328               }
  329               throw e;
  330           }
  331       }
  332   
  333       private final static int I_NO_PARAMS = 1;
  334       private final static int I_PARAMS    = 2;
  335   
  336       private void implInit(KeyAgreementSpi spi, int type, Key key,
  337               AlgorithmParameterSpec params, SecureRandom random)
  338               throws InvalidKeyException, InvalidAlgorithmParameterException {
  339           if (type == I_NO_PARAMS) {
  340               spi.engineInit(key, random);
  341           } else { // I_PARAMS
  342               spi.engineInit(key, params, random);
  343           }
  344       }
  345   
  346       private void chooseProvider(int initType, Key key,
  347               AlgorithmParameterSpec params, SecureRandom random)
  348               throws InvalidKeyException, InvalidAlgorithmParameterException {
  349           synchronized (lock) {
  350               if (spi != null) {
  351                   implInit(spi, initType, key, params, random);
  352                   return;
  353               }
  354               Exception lastException = null;
  355               while ((firstService != null) || serviceIterator.hasNext()) {
  356                   Service s;
  357                   if (firstService != null) {
  358                       s = firstService;
  359                       firstService = null;
  360                   } else {
  361                       s = (Service)serviceIterator.next();
  362                   }
  363                   // if provider says it does not support this key, ignore it
  364                   if (s.supportsParameter(key) == false) {
  365                       continue;
  366                   }
  367                   if (JceSecurity.canUseProvider(s.getProvider()) == false) {
  368                       continue;
  369                   }
  370                   try {
  371                       KeyAgreementSpi spi = (KeyAgreementSpi)s.newInstance(null);
  372                       implInit(spi, initType, key, params, random);
  373                       provider = s.getProvider();
  374                       this.spi = spi;
  375                       firstService = null;
  376                       serviceIterator = null;
  377                       return;
  378                   } catch (Exception e) {
  379                       // NoSuchAlgorithmException from newInstance()
  380                       // InvalidKeyException from init()
  381                       // RuntimeException (ProviderException) from init()
  382                       if (lastException == null) {
  383                           lastException = e;
  384                       }
  385                   }
  386               }
  387               // no working provider found, fail
  388               if (lastException instanceof InvalidKeyException) {
  389                   throw (InvalidKeyException)lastException;
  390               }
  391               if (lastException instanceof InvalidAlgorithmParameterException) {
  392                   throw (InvalidAlgorithmParameterException)lastException;
  393               }
  394               if (lastException instanceof RuntimeException) {
  395                   throw (RuntimeException)lastException;
  396               }
  397               String kName = (key != null) ? key.getClass().getName() : "(null)";
  398               throw new InvalidKeyException
  399                   ("No installed provider supports this key: "
  400                   + kName, lastException);
  401           }
  402       }
  403   
  404       /**
  405        * Returns the provider of this <code>KeyAgreement</code> object.
  406        *
  407        * @return the provider of this <code>KeyAgreement</code> object
  408        */
  409       public final Provider getProvider() {
  410           chooseFirstProvider();
  411           return this.provider;
  412       }
  413   
  414       /**
  415        * Initializes this key agreement with the given key, which is required to
  416        * contain all the algorithm parameters required for this key agreement.
  417        *
  418        * <p> If this key agreement requires any random bytes, it will get
  419        * them using the
  420        * {@link SecureRandom <code>SecureRandom</code>}
  421        * implementation of the highest-priority
  422        * installed provider as the source of randomness.
  423        * (If none of the installed providers supply an implementation of
  424        * SecureRandom, a system-provided source of randomness will be used.)
  425        *
  426        * @param key the party's private information. For example, in the case
  427        * of the Diffie-Hellman key agreement, this would be the party's own
  428        * Diffie-Hellman private key.
  429        *
  430        * @exception InvalidKeyException if the given key is
  431        * inappropriate for this key agreement, e.g., is of the wrong type or
  432        * has an incompatible algorithm type.
  433        */
  434       public final void init(Key key) throws InvalidKeyException {
  435           init(key, JceSecurity.RANDOM);
  436       }
  437   
  438       /**
  439        * Initializes this key agreement with the given key and source of
  440        * randomness. The given key is required to contain all the algorithm
  441        * parameters required for this key agreement.
  442        *
  443        * <p> If the key agreement algorithm requires random bytes, it gets them
  444        * from the given source of randomness, <code>random</code>.
  445        * However, if the underlying
  446        * algorithm implementation does not require any random bytes,
  447        * <code>random</code> is ignored.
  448        *
  449        * @param key the party's private information. For example, in the case
  450        * of the Diffie-Hellman key agreement, this would be the party's own
  451        * Diffie-Hellman private key.
  452        * @param random the source of randomness
  453        *
  454        * @exception InvalidKeyException if the given key is
  455        * inappropriate for this key agreement, e.g., is of the wrong type or
  456        * has an incompatible algorithm type.
  457        */
  458       public final void init(Key key, SecureRandom random)
  459               throws InvalidKeyException {
  460           if (spi != null) {
  461               spi.engineInit(key, random);
  462           } else {
  463               try {
  464                   chooseProvider(I_NO_PARAMS, key, null, random);
  465               } catch (InvalidAlgorithmParameterException e) {
  466                   // should never occur
  467                   throw new InvalidKeyException(e);
  468               }
  469           }
  470       }
  471   
  472       /**
  473        * Initializes this key agreement with the given key and set of
  474        * algorithm parameters.
  475        *
  476        * <p> If this key agreement requires any random bytes, it will get
  477        * them using the
  478        * {@link SecureRandom <code>SecureRandom</code>}
  479        * implementation of the highest-priority
  480        * installed provider as the source of randomness.
  481        * (If none of the installed providers supply an implementation of
  482        * SecureRandom, a system-provided source of randomness will be used.)
  483        *
  484        * @param key the party's private information. For example, in the case
  485        * of the Diffie-Hellman key agreement, this would be the party's own
  486        * Diffie-Hellman private key.
  487        * @param params the key agreement parameters
  488        *
  489        * @exception InvalidKeyException if the given key is
  490        * inappropriate for this key agreement, e.g., is of the wrong type or
  491        * has an incompatible algorithm type.
  492        * @exception InvalidAlgorithmParameterException if the given parameters
  493        * are inappropriate for this key agreement.
  494        */
  495       public final void init(Key key, AlgorithmParameterSpec params)
  496           throws InvalidKeyException, InvalidAlgorithmParameterException
  497       {
  498           init(key, params, JceSecurity.RANDOM);
  499       }
  500   
  501       /**
  502        * Initializes this key agreement with the given key, set of
  503        * algorithm parameters, and source of randomness.
  504        *
  505        * @param key the party's private information. For example, in the case
  506        * of the Diffie-Hellman key agreement, this would be the party's own
  507        * Diffie-Hellman private key.
  508        * @param params the key agreement parameters
  509        * @param random the source of randomness
  510        *
  511        * @exception InvalidKeyException if the given key is
  512        * inappropriate for this key agreement, e.g., is of the wrong type or
  513        * has an incompatible algorithm type.
  514        * @exception InvalidAlgorithmParameterException if the given parameters
  515        * are inappropriate for this key agreement.
  516        */
  517       public final void init(Key key, AlgorithmParameterSpec params,
  518                              SecureRandom random)
  519           throws InvalidKeyException, InvalidAlgorithmParameterException
  520       {
  521           if (spi != null) {
  522               spi.engineInit(key, params, random);
  523           } else {
  524               chooseProvider(I_PARAMS, key, params, random);
  525           }
  526       }
  527   
  528       /**
  529        * Executes the next phase of this key agreement with the given
  530        * key that was received from one of the other parties involved in this key
  531        * agreement.
  532        *
  533        * @param key the key for this phase. For example, in the case of
  534        * Diffie-Hellman between 2 parties, this would be the other party's
  535        * Diffie-Hellman public key.
  536        * @param lastPhase flag which indicates whether or not this is the last
  537        * phase of this key agreement.
  538        *
  539        * @return the (intermediate) key resulting from this phase, or null
  540        * if this phase does not yield a key
  541        *
  542        * @exception InvalidKeyException if the given key is inappropriate for
  543        * this phase.
  544        * @exception IllegalStateException if this key agreement has not been
  545        * initialized.
  546        */
  547       public final Key doPhase(Key key, boolean lastPhase)
  548           throws InvalidKeyException, IllegalStateException
  549       {
  550           chooseFirstProvider();
  551           return spi.engineDoPhase(key, lastPhase);
  552       }
  553   
  554       /**
  555        * Generates the shared secret and returns it in a new buffer.
  556        *
  557        * <p>This method resets this <code>KeyAgreement</code> object, so that it
  558        * can be reused for further key agreements. Unless this key agreement is
  559        * reinitialized with one of the <code>init</code> methods, the same
  560        * private information and algorithm parameters will be used for
  561        * subsequent key agreements.
  562        *
  563        * @return the new buffer with the shared secret
  564        *
  565        * @exception IllegalStateException if this key agreement has not been
  566        * completed yet
  567        */
  568       public final byte[] generateSecret() throws IllegalStateException {
  569           chooseFirstProvider();
  570           return spi.engineGenerateSecret();
  571       }
  572   
  573       /**
  574        * Generates the shared secret, and places it into the buffer
  575        * <code>sharedSecret</code>, beginning at <code>offset</code> inclusive.
  576        *
  577        * <p>If the <code>sharedSecret</code> buffer is too small to hold the
  578        * result, a <code>ShortBufferException</code> is thrown.
  579        * In this case, this call should be repeated with a larger output buffer.
  580        *
  581        * <p>This method resets this <code>KeyAgreement</code> object, so that it
  582        * can be reused for further key agreements. Unless this key agreement is
  583        * reinitialized with one of the <code>init</code> methods, the same
  584        * private information and algorithm parameters will be used for
  585        * subsequent key agreements.
  586        *
  587        * @param sharedSecret the buffer for the shared secret
  588        * @param offset the offset in <code>sharedSecret</code> where the
  589        * shared secret will be stored
  590        *
  591        * @return the number of bytes placed into <code>sharedSecret</code>
  592        *
  593        * @exception IllegalStateException if this key agreement has not been
  594        * completed yet
  595        * @exception ShortBufferException if the given output buffer is too small
  596        * to hold the secret
  597        */
  598       public final int generateSecret(byte[] sharedSecret, int offset)
  599           throws IllegalStateException, ShortBufferException
  600       {
  601           chooseFirstProvider();
  602           return spi.engineGenerateSecret(sharedSecret, offset);
  603       }
  604   
  605       /**
  606        * Creates the shared secret and returns it as a <code>SecretKey</code>
  607        * object of the specified algorithm.
  608        *
  609        * <p>This method resets this <code>KeyAgreement</code> object, so that it
  610        * can be reused for further key agreements. Unless this key agreement is
  611        * reinitialized with one of the <code>init</code> methods, the same
  612        * private information and algorithm parameters will be used for
  613        * subsequent key agreements.
  614        *
  615        * @param algorithm the requested secret-key algorithm
  616        *
  617        * @return the shared secret key
  618        *
  619        * @exception IllegalStateException if this key agreement has not been
  620        * completed yet
  621        * @exception NoSuchAlgorithmException if the specified secret-key
  622        * algorithm is not available
  623        * @exception InvalidKeyException if the shared secret-key material cannot
  624        * be used to generate a secret key of the specified algorithm (e.g.,
  625        * the key material is too short)
  626        */
  627       public final SecretKey generateSecret(String algorithm)
  628           throws IllegalStateException, NoSuchAlgorithmException,
  629               InvalidKeyException
  630       {
  631           chooseFirstProvider();
  632           return spi.engineGenerateSecret(algorithm);
  633       }
  634   }

Save This Page
Home » openjdk-7 » javax » crypto » [javadoc | source]