src.javax.crypto.SecretKeyFactory Maven / Gradle / Ivy
Show all versions of android-all Show documentation
/*
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package javax.crypto;
import java.util.*;
import java.security.*;
import java.security.Provider.Service;
import java.security.spec.*;
import sun.security.jca.*;
import sun.security.jca.GetInstance.Instance;
/**
* This class represents a factory for secret keys.
*
* Key factories are used to convert keys (opaque
* cryptographic keys of type Key
) into key specifications
* (transparent representations of the underlying key material), and vice
* versa.
* Secret key factories operate only on secret (symmetric) keys.
*
*
Key factories are bi-directional, i.e., they allow to build an opaque
* key object from a given key specification (key material), or to retrieve
* the underlying key material of a key object in a suitable format.
*
*
Application developers should refer to their provider's documentation
* to find out which key specifications are supported by the
* {@link #generateSecret(java.security.spec.KeySpec) generateSecret} and
* {@link #getKeySpec(javax.crypto.SecretKey, java.lang.Class) getKeySpec}
* methods.
* For example, the DES secret-key factory supplied by the "SunJCE" provider
* supports DESKeySpec
as a transparent representation of DES
* keys, and that provider's secret-key factory for Triple DES keys supports
* DESedeKeySpec
as a transparent representation of Triple DES
* keys.
*
*
Android provides the following SecretKeyFactory
algorithms:
*
*
*
* Algorithm
* Supported API Levels
*
*
*
*
* AES
* 23+
*
*
* DES
* 1+
*
*
* DESede
* 1+
*
*
* HmacSHA1
* 23+
*
*
* HmacSHA224
* 23+
*
*
* HmacSHA256
* 23+
*
*
* HmacSHA384
* 23+
*
*
* HmacSHA512
* 23+
*
*
* PBEwithHmacSHA1
* 1+
*
*
* PBEwithHmacSHA1AndAES_128
* 26+
*
*
* PBEwithHmacSHA1AndAES_256
* 26+
*
*
* PBEwithHmacSHA224AndAES_128
* 26+
*
*
* PBEwithHmacSHA224AndAES_256
* 26+
*
*
* PBEwithHmacSHA256AndAES_128
* 26+
*
*
* PBEwithHmacSHA256AndAES_256
* 26+
*
*
* PBEwithHmacSHA384AndAES_128
* 26+
*
*
* PBEwithHmacSHA384AndAES_256
* 26+
*
*
* PBEwithHmacSHA512AndAES_128
* 26+
*
*
* PBEwithHmacSHA512AndAES_256
* 26+
*
*
* PBEwithMD5AND128BITAES-CBC-OPENSSL
* 1+
*
*
* PBEwithMD5AND192BITAES-CBC-OPENSSL
* 1+
*
*
* PBEwithMD5AND256BITAES-CBC-OPENSSL
* 1+
*
*
* PBEwithMD5ANDDES
* 1+
*
*
* PBEwithMD5ANDRC2
* 1+
*
*
* PBEwithSHA1ANDDES
* 1+
*
*
* PBEwithSHA1ANDRC2
* 1+
*
*
* PBEwithSHA256AND128BITAES-CBC-BC
* 1+
*
*
* PBEwithSHA256AND192BITAES-CBC-BC
* 1+
*
*
* PBEwithSHA256AND256BITAES-CBC-BC
* 1+
*
*
* PBEwithSHAAND128BITAES-CBC-BC
* 1+
*
*
* PBEwithSHAAND128BITRC2-CBC
* 10+
*
*
* PBEwithSHAAND128BITRC4
* 10+
*
*
* PBEwithSHAAND192BITAES-CBC-BC
* 1+
*
*
* PBEwithSHAAND2-KEYTRIPLEDES-CBC
* 1+
*
*
* PBEwithSHAAND256BITAES-CBC-BC
* 1+
*
*
* PBEwithSHAAND3-KEYTRIPLEDES-CBC
* 1+
*
*
* PBEwithSHAAND40BITRC2-CBC
* 1+
*
*
* PBEwithSHAAND40BITRC4
* 10+
*
*
* PBEwithSHAANDTWOFISH-CBC
* 10+
*
*
* PBKDF2withHmacSHA1
* 10+
*
*
* PBKDF2withHmacSHA1And8BIT
* 19+
*
*
* PBKDF2withHmacSHA224
* 26+
*
*
* PBKDF2withHmacSHA256
* 26+
*
*
* PBKDF2withHmacSHA384
* 26+
*
*
* PBKDF2withHmacSHA512
* 26+
*
*
*
*
* These algorithms are described in the
* SecretKeyFactory section of the
* Java Cryptography Architecture Standard Algorithm Name Documentation.
*
* @author Jan Luehe
*
* @see SecretKey
* @see javax.crypto.spec.DESKeySpec
* @see javax.crypto.spec.DESedeKeySpec
* @see javax.crypto.spec.PBEKeySpec
* @since 1.4
*/
public class SecretKeyFactory {
// The provider
private Provider provider;
// The algorithm associated with this factory
private final String algorithm;
// The provider implementation (delegate)
private volatile SecretKeyFactorySpi spi;
// lock for mutex during provider selection
private final Object lock = new Object();
// remaining services to try in provider selection
// null once provider is selected
private Iterator serviceIterator;
/**
* Creates a SecretKeyFactory object.
*
* @param keyFacSpi the delegate
* @param provider the provider
* @param algorithm the secret-key algorithm
*/
protected SecretKeyFactory(SecretKeyFactorySpi keyFacSpi,
Provider provider, String algorithm) {
this.spi = keyFacSpi;
this.provider = provider;
this.algorithm = algorithm;
}
private SecretKeyFactory(String algorithm) throws NoSuchAlgorithmException {
this.algorithm = algorithm;
List list =
GetInstance.getServices("SecretKeyFactory", algorithm);
serviceIterator = list.iterator();
// fetch and instantiate initial spi
if (nextSpi(null) == null) {
throw new NoSuchAlgorithmException
(algorithm + " SecretKeyFactory not available");
}
}
/**
* Returns a SecretKeyFactory
object that converts
* secret keys of the specified algorithm.
*
* This method traverses the list of registered security Providers,
* starting with the most preferred Provider.
* A new SecretKeyFactory object encapsulating the
* SecretKeyFactorySpi implementation from the first
* Provider that supports the specified algorithm is returned.
*
*
Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
* @param algorithm the standard name of the requested secret-key
* algorithm.
* See the SecretKeyFactory section in the
* Java Cryptography Architecture Standard Algorithm Name Documentation
* for information about standard algorithm names.
*
* @return the new SecretKeyFactory
object.
*
* @exception NullPointerException if the specified algorithm
* is null.
*
* @exception NoSuchAlgorithmException if no Provider supports a
* SecretKeyFactorySpi implementation for the
* specified algorithm.
*
* @see java.security.Provider
*/
public static final SecretKeyFactory getInstance(String algorithm)
throws NoSuchAlgorithmException {
return new SecretKeyFactory(algorithm);
}
/**
* Returns a SecretKeyFactory
object that converts
* secret keys of the specified algorithm.
*
*
A new SecretKeyFactory object encapsulating the
* SecretKeyFactorySpi implementation from the specified provider
* is returned. The specified provider must be registered
* in the security provider list.
*
*
Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
* @param algorithm the standard name of the requested secret-key
* algorithm.
* See the SecretKeyFactory section in the
* Java Cryptography Architecture Standard Algorithm Name Documentation
* for information about standard algorithm names.
*
* @param provider the name of the provider.
*
* @return the new SecretKeyFactory
object.
*
* @exception NoSuchAlgorithmException if a SecretKeyFactorySpi
* implementation for the specified algorithm is not
* available from the specified provider.
*
* @exception NullPointerException if the specified algorithm
* is null.
*
* @throws NoSuchProviderException if the specified provider is not
* registered in the security provider list.
*
* @exception IllegalArgumentException if the provider
* is null or empty.
*
* @see java.security.Provider
*/
public static final SecretKeyFactory getInstance(String algorithm,
String provider) throws NoSuchAlgorithmException,
NoSuchProviderException {
// Android-added: Check for Bouncy Castle deprecation
Providers.checkBouncyCastleDeprecation(provider, "SecretKeyFactory", algorithm);
Instance instance = JceSecurity.getInstance("SecretKeyFactory",
SecretKeyFactorySpi.class, algorithm, provider);
return new SecretKeyFactory((SecretKeyFactorySpi)instance.impl,
instance.provider, algorithm);
}
/**
* Returns a SecretKeyFactory
object that converts
* secret keys of the specified algorithm.
*
*
A new SecretKeyFactory object encapsulating the
* SecretKeyFactorySpi implementation from the specified Provider
* object is returned. Note that the specified Provider object
* does not have to be registered in the provider list.
*
* @param algorithm the standard name of the requested secret-key
* algorithm.
* See the SecretKeyFactory section in the
* Java Cryptography Architecture Standard Algorithm Name Documentation
* for information about standard algorithm names.
*
* @param provider the provider.
*
* @return the new SecretKeyFactory
object.
*
* @exception NullPointerException if the specified algorithm
* is null.
*
* @exception NoSuchAlgorithmException if a SecretKeyFactorySpi
* implementation for the specified algorithm is not available
* from the specified Provider object.
*
* @exception IllegalArgumentException if the provider
* is null.
*
* @see java.security.Provider
*/
public static final SecretKeyFactory getInstance(String algorithm,
Provider provider) throws NoSuchAlgorithmException {
// Android-added: Check for Bouncy Castle deprecation
Providers.checkBouncyCastleDeprecation(provider, "SecretKeyFactory", algorithm);
Instance instance = JceSecurity.getInstance("SecretKeyFactory",
SecretKeyFactorySpi.class, algorithm, provider);
return new SecretKeyFactory((SecretKeyFactorySpi)instance.impl,
instance.provider, algorithm);
}
/**
* Returns the provider of this SecretKeyFactory
object.
*
* @return the provider of this SecretKeyFactory
object
*/
public final Provider getProvider() {
synchronized (lock) {
// disable further failover after this call
serviceIterator = null;
return provider;
}
}
/**
* Returns the algorithm name of this SecretKeyFactory
object.
*
*
This is the same name that was specified in one of the
* getInstance
calls that created this
* SecretKeyFactory
object.
*
* @return the algorithm name of this SecretKeyFactory
* object.
*/
public final String getAlgorithm() {
return this.algorithm;
}
/**
* Update the active spi of this class and return the next
* implementation for failover. If no more implemenations are
* available, this method returns null. However, the active spi of
* this class is never set to null.
*/
private SecretKeyFactorySpi nextSpi(SecretKeyFactorySpi oldSpi) {
synchronized (lock) {
// somebody else did a failover concurrently
// try that spi now
if ((oldSpi != null) && (oldSpi != spi)) {
return spi;
}
if (serviceIterator == null) {
return null;
}
while (serviceIterator.hasNext()) {
Service s = serviceIterator.next();
if (JceSecurity.canUseProvider(s.getProvider()) == false) {
continue;
}
try {
Object obj = s.newInstance(null);
if (obj instanceof SecretKeyFactorySpi == false) {
continue;
}
SecretKeyFactorySpi spi = (SecretKeyFactorySpi)obj;
provider = s.getProvider();
this.spi = spi;
return spi;
} catch (NoSuchAlgorithmException e) {
// ignore
}
}
serviceIterator = null;
return null;
}
}
/**
* Generates a SecretKey
object from the provided key
* specification (key material).
*
* @param keySpec the specification (key material) of the secret key
*
* @return the secret key
*
* @exception InvalidKeySpecException if the given key specification
* is inappropriate for this secret-key factory to produce a secret key.
*/
public final SecretKey generateSecret(KeySpec keySpec)
throws InvalidKeySpecException {
if (serviceIterator == null) {
return spi.engineGenerateSecret(keySpec);
}
Exception failure = null;
SecretKeyFactorySpi mySpi = spi;
do {
try {
return mySpi.engineGenerateSecret(keySpec);
} catch (Exception e) {
if (failure == null) {
failure = e;
}
mySpi = nextSpi(mySpi);
}
} while (mySpi != null);
if (failure instanceof InvalidKeySpecException) {
throw (InvalidKeySpecException)failure;
}
throw new InvalidKeySpecException
("Could not generate secret key", failure);
}
/**
* Returns a specification (key material) of the given key object
* in the requested format.
*
* @param key the key
* @param keySpec the requested format in which the key material shall be
* returned
*
* @return the underlying key specification (key material) in the
* requested format
*
* @exception InvalidKeySpecException if the requested key specification is
* inappropriate for the given key (e.g., the algorithms associated with
* key
and keySpec
do not match, or
* key
references a key on a cryptographic hardware device
* whereas keySpec
is the specification of a software-based
* key), or the given key cannot be dealt with
* (e.g., the given key has an algorithm or format not supported by this
* secret-key factory).
*/
public final KeySpec getKeySpec(SecretKey key, Class> keySpec)
throws InvalidKeySpecException {
if (serviceIterator == null) {
return spi.engineGetKeySpec(key, keySpec);
}
Exception failure = null;
SecretKeyFactorySpi mySpi = spi;
do {
try {
return mySpi.engineGetKeySpec(key, keySpec);
} catch (Exception e) {
if (failure == null) {
failure = e;
}
mySpi = nextSpi(mySpi);
}
} while (mySpi != null);
if (failure instanceof InvalidKeySpecException) {
throw (InvalidKeySpecException)failure;
}
throw new InvalidKeySpecException
("Could not get key spec", failure);
}
/**
* Translates a key object, whose provider may be unknown or potentially
* untrusted, into a corresponding key object of this secret-key factory.
*
* @param key the key whose provider is unknown or untrusted
*
* @return the translated key
*
* @exception InvalidKeyException if the given key cannot be processed
* by this secret-key factory.
*/
public final SecretKey translateKey(SecretKey key)
throws InvalidKeyException {
if (serviceIterator == null) {
return spi.engineTranslateKey(key);
}
Exception failure = null;
SecretKeyFactorySpi mySpi = spi;
do {
try {
return mySpi.engineTranslateKey(key);
} catch (Exception e) {
if (failure == null) {
failure = e;
}
mySpi = nextSpi(mySpi);
}
} while (mySpi != null);
if (failure instanceof InvalidKeyException) {
throw (InvalidKeyException)failure;
}
throw new InvalidKeyException
("Could not translate key", failure);
}
}