• Home
• com.google.crypto.tink
• tink-android
• 1.11.0
• source code
• Config.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.google.crypto.tink.Config Maven / Gradle / Ivy

// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////

package com.google.crypto.tink;

import com.google.crypto.tink.proto.KeyTypeEntry;
import com.google.crypto.tink.proto.RegistryConfig;
import java.security.GeneralSecurityException;

/**
 * Static methods for handling of Tink configurations.
 *
 * 
Configurations, i.e., a collection of key types and their corresponding key managers supported
 * by a specific run-time environment enable control of Tink setup via JSON-formatted config files
 * that determine which key types are supported, and provide a mechanism for deprecation of
 * obsolete/outdated cryptographic schemes (see config.proto for more
 * info).
 *
 * 
Usage
 *
 * 
{@code
 * RegistryConfig registryConfig = ...;
 * Config.register(registryConfig);
 * }
 *
 * @since 1.0.0
 */
public final class Config {
  /** Returns a {@link KeyTypeEntry} for Tink key types with the specified properties. */
  public static KeyTypeEntry getTinkKeyTypeEntry(
      String catalogueName,
      String primitiveName,
      String keyProtoName,
      int keyManagerVersion,
      boolean newKeyAllowed) {
    return KeyTypeEntry.newBuilder()
        .setPrimitiveName(primitiveName)
        .setTypeUrl("type.googleapis.com/google.crypto.tink." + keyProtoName)
        .setKeyManagerVersion(keyManagerVersion)
        .setNewKeyAllowed(newKeyAllowed)
        .setCatalogueName(catalogueName)
        .build();
  }

  /**
   * Tries to register key managers according to the specification in {@code config}.
   *
   * @throws GeneralSecurityException if cannot register this config with the {@link Registry}. This
   *     usually happens when either {@code config} contains any {@link KeyTypeEntry} that is
   *     already registered or the Registry cannot find any {@link
   *     com.google.crypto.tink.KeyManager} or {@link com.google.crypto.tink.Catalogue} that can
   *     handle the entry. In both cases the error message should show how to resolve it.
   */
  public static void register(RegistryConfig config) throws GeneralSecurityException {
    for (KeyTypeEntry entry : config.getEntryList()) {
      registerKeyType(entry);
    }
  }

  /**
   * Tries to register a key manager according to the specification in {@code entry}.
   *
   * @throws GeneralSecurityException if cannot register this config with the {@link Registry}. This
   *     usually happens when {@code entry} is already registered or the Registry cannot find any
   *     {@link com.google.crypto.tink.KeyManager} or {@link com.google.crypto.tink.Catalogue} that
   *     can handle the entry. In both cases the error message should show how to resolve it.
   */
  public static void registerKeyType(KeyTypeEntry entry) throws GeneralSecurityException {
    validate(entry);
    // Catalogues are no longer supported; we simply return on those catalogues which have been
    // removed, as the key managers will be registered already.
    if (entry.getCatalogueName().equals("TinkAead")
        || entry.getCatalogueName().equals("TinkMac")
        || entry.getCatalogueName().equals("TinkHybridDecrypt")
        || entry.getCatalogueName().equals("TinkHybridEncrypt")
        || entry.getCatalogueName().equals("TinkPublicKeySign")
        || entry.getCatalogueName().equals("TinkPublicKeyVerify")
        || entry.getCatalogueName().equals("TinkStreamingAead")
        || entry.getCatalogueName().equals("TinkDeterministicAead")) {
      return;
    }
    Catalogue catalogue = Registry.getCatalogue(entry.getCatalogueName());
    Registry.registerPrimitiveWrapper(catalogue.getPrimitiveWrapper());
    KeyManager keyManager =
        catalogue.getKeyManager(
            entry.getTypeUrl(), entry.getPrimitiveName(), entry.getKeyManagerVersion());
    Registry.registerKeyManager(keyManager, entry.getNewKeyAllowed());
  }

  private static void validate(KeyTypeEntry entry) throws GeneralSecurityException {
    if (entry.getTypeUrl().isEmpty()) {
      throw new GeneralSecurityException("Missing type_url.");
    }
    if (entry.getPrimitiveName().isEmpty()) {
      throw new GeneralSecurityException("Missing primitive_name.");
    }
    if (entry.getCatalogueName().isEmpty()) {
      throw new GeneralSecurityException("Missing catalogue_name.");
    }
  }

  private Config() {}
}