| /* |
| * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. Oracle designates this |
| * particular file as subject to the "Classpath" exception as provided |
| * by Oracle in the LICENSE file that accompanied this code. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| package java.security; |
| |
| import java.util.*; |
| |
| import java.security.Provider.Service; |
| import java.security.spec.KeySpec; |
| import java.security.spec.InvalidKeySpecException; |
| |
| import sun.security.util.Debug; |
| import sun.security.jca.*; |
| import sun.security.jca.GetInstance.Instance; |
| |
| /** |
| * Key factories are used to convert <I>keys</I> (opaque |
| * cryptographic keys of type {@code Key}) into <I>key specifications</I> |
| * (transparent representations of the underlying key material), and vice |
| * versa. |
| * |
| * <P> Key factories are bi-directional. That is, they allow you to build an |
| * opaque key object from a given key specification (key material), or to |
| * retrieve the underlying key material of a key object in a suitable format. |
| * |
| * <P> Multiple compatible key specifications may exist for the same key. |
| * For example, a DSA public key may be specified using |
| * {@code DSAPublicKeySpec} or |
| * {@code X509EncodedKeySpec}. A key factory can be used to translate |
| * between compatible key specifications. |
| * |
| * <P> The following is an example of how to use a key factory in order to |
| * instantiate a DSA public key from its encoding. |
| * Assume Alice has received a digital signature from Bob. |
| * Bob also sent her his public key (in encoded format) to verify |
| * his signature. Alice then performs the following actions: |
| * |
| * <pre> |
| * X509EncodedKeySpec bobPubKeySpec = new X509EncodedKeySpec(bobEncodedPubKey); |
| * KeyFactory keyFactory = KeyFactory.getInstance("DSA"); |
| * PublicKey bobPubKey = keyFactory.generatePublic(bobPubKeySpec); |
| * Signature sig = Signature.getInstance("DSA"); |
| * sig.initVerify(bobPubKey); |
| * sig.update(data); |
| * sig.verify(signature); |
| * </pre> |
| * |
| * <p> Every implementation of the Java platform is required to support the |
| * following standard {@code KeyFactory} algorithms: |
| * <ul> |
| * <li>{@code DiffieHellman}</li> |
| * <li>{@code DSA}</li> |
| * <li>{@code RSA}</li> |
| * </ul> |
| * These algorithms are described in the <a href= |
| * "{@docRoot}/../specs/security/standard-names.html#keyfactory-algorithms"> |
| * KeyFactory section</a> of the |
| * Java Security Standard Algorithm Names Specification. |
| * Consult the release documentation for your implementation to see if any |
| * other algorithms are supported. |
| * |
| * @author Jan Luehe |
| * |
| * @see Key |
| * @see PublicKey |
| * @see PrivateKey |
| * @see java.security.spec.KeySpec |
| * @see java.security.spec.DSAPublicKeySpec |
| * @see java.security.spec.X509EncodedKeySpec |
| * |
| * @since 1.2 |
| */ |
| |
| public class KeyFactory { |
| |
| private static final Debug debug = |
| Debug.getInstance("jca", "KeyFactory"); |
| |
| // The algorithm associated with this key factory |
| private final String algorithm; |
| |
| // The provider |
| private Provider provider; |
| |
| // The provider implementation (delegate) |
| private volatile KeyFactorySpi spi; |
| |
| // lock for mutex during provider selection |
| private final Object lock = new Object(); |
| |
| // remaining services to try in provider selection |
| // null once provider is selected |
| private Iterator<Service> serviceIterator; |
| |
| /** |
| * Creates a KeyFactory object. |
| * |
| * @param keyFacSpi the delegate |
| * @param provider the provider |
| * @param algorithm the name of the algorithm |
| * to associate with this {@code KeyFactory} |
| */ |
| protected KeyFactory(KeyFactorySpi keyFacSpi, Provider provider, |
| String algorithm) { |
| this.spi = keyFacSpi; |
| this.provider = provider; |
| this.algorithm = algorithm; |
| } |
| |
| private KeyFactory(String algorithm) throws NoSuchAlgorithmException { |
| this.algorithm = algorithm; |
| List<Service> list = GetInstance.getServices("KeyFactory", algorithm); |
| serviceIterator = list.iterator(); |
| // fetch and instantiate initial spi |
| if (nextSpi(null) == null) { |
| throw new NoSuchAlgorithmException |
| (algorithm + " KeyFactory not available"); |
| } |
| } |
| |
| /** |
| * Returns a KeyFactory object that converts |
| * public/private keys of the specified algorithm. |
| * |
| * <p> This method traverses the list of registered security Providers, |
| * starting with the most preferred Provider. |
| * A new KeyFactory object encapsulating the |
| * KeyFactorySpi implementation from the first |
| * Provider that supports the specified algorithm is returned. |
| * |
| * <p> Note that the list of registered providers may be retrieved via |
| * the {@link Security#getProviders() Security.getProviders()} method. |
| * |
| * @implNote |
| * The JDK Reference Implementation additionally uses the |
| * {@code jdk.security.provider.preferred} |
| * {@link Security#getProperty(String) Security} property to determine |
| * the preferred provider order for the specified algorithm. This |
| * may be different than the order of providers returned by |
| * {@link Security#getProviders() Security.getProviders()}. |
| * |
| * @param algorithm the name of the requested key algorithm. |
| * See the KeyFactory section in the <a href= |
| * "{@docRoot}/../specs/security/standard-names.html#keyfactory-algorithms"> |
| * Java Security Standard Algorithm Names Specification</a> |
| * for information about standard algorithm names. |
| * |
| * @return the new {@code KeyFactory} object |
| * |
| * @throws NoSuchAlgorithmException if no {@code Provider} supports a |
| * {@code KeyFactorySpi} implementation for the |
| * specified algorithm |
| * |
| * @throws NullPointerException if {@code algorithm} is {@code null} |
| * |
| * @see Provider |
| */ |
| public static KeyFactory getInstance(String algorithm) |
| throws NoSuchAlgorithmException { |
| Objects.requireNonNull(algorithm, "null algorithm name"); |
| return new KeyFactory(algorithm); |
| } |
| |
| /** |
| * Returns a KeyFactory object that converts |
| * public/private keys of the specified algorithm. |
| * |
| * <p> A new KeyFactory object encapsulating the |
| * KeyFactorySpi implementation from the specified provider |
| * is returned. The specified provider must be registered |
| * in the security provider list. |
| * |
| * <p> Note that the list of registered providers may be retrieved via |
| * the {@link Security#getProviders() Security.getProviders()} method. |
| * |
| * @param algorithm the name of the requested key algorithm. |
| * See the KeyFactory section in the <a href= |
| * "{@docRoot}/../specs/security/standard-names.html#keyfactory-algorithms"> |
| * Java Security Standard Algorithm Names Specification</a> |
| * for information about standard algorithm names. |
| * |
| * @param provider the name of the provider. |
| * |
| * @return the new {@code KeyFactory} object |
| * |
| * @throws IllegalArgumentException if the provider name is {@code null} |
| * or empty |
| * |
| * @throws NoSuchAlgorithmException if a {@code KeyFactorySpi} |
| * implementation for the specified algorithm is not |
| * available from the specified provider |
| * |
| * @throws NoSuchProviderException if the specified provider is not |
| * registered in the security provider list |
| * |
| * @throws NullPointerException if {@code algorithm} is {@code null} |
| * |
| * @see Provider |
| */ |
| public static KeyFactory getInstance(String algorithm, String provider) |
| throws NoSuchAlgorithmException, NoSuchProviderException { |
| Objects.requireNonNull(algorithm, "null algorithm name"); |
| Instance instance = GetInstance.getInstance("KeyFactory", |
| KeyFactorySpi.class, algorithm, provider); |
| return new KeyFactory((KeyFactorySpi)instance.impl, |
| instance.provider, algorithm); |
| } |
| |
| /** |
| * Returns a KeyFactory object that converts |
| * public/private keys of the specified algorithm. |
| * |
| * <p> A new KeyFactory object encapsulating the |
| * KeyFactorySpi implementation from the specified Provider |
| * object is returned. Note that the specified Provider object |
| * does not have to be registered in the provider list. |
| * |
| * @param algorithm the name of the requested key algorithm. |
| * See the KeyFactory section in the <a href= |
| * "{@docRoot}/../specs/security/standard-names.html#keyfactory-algorithms"> |
| * Java Security Standard Algorithm Names Specification</a> |
| * for information about standard algorithm names. |
| * |
| * @param provider the provider. |
| * |
| * @return the new {@code KeyFactory} object |
| * |
| * @throws IllegalArgumentException if the specified provider is |
| * {@code null} |
| * |
| * @throws NoSuchAlgorithmException if a {@code KeyFactorySpi} |
| * implementation for the specified algorithm is not available |
| * from the specified {@code Provider} object |
| * |
| * @throws NullPointerException if {@code algorithm} is {@code null} |
| * |
| * @see Provider |
| * |
| * @since 1.4 |
| */ |
| public static KeyFactory getInstance(String algorithm, Provider provider) |
| throws NoSuchAlgorithmException { |
| Objects.requireNonNull(algorithm, "null algorithm name"); |
| Instance instance = GetInstance.getInstance("KeyFactory", |
| KeyFactorySpi.class, algorithm, provider); |
| return new KeyFactory((KeyFactorySpi)instance.impl, |
| instance.provider, algorithm); |
| } |
| |
| /** |
| * Returns the provider of this key factory object. |
| * |
| * @return the provider of this key factory object |
| */ |
| public final Provider getProvider() { |
| synchronized (lock) { |
| // disable further failover after this call |
| serviceIterator = null; |
| return provider; |
| } |
| } |
| |
| /** |
| * Gets the name of the algorithm |
| * associated with this {@code KeyFactory}. |
| * |
| * @return the name of the algorithm associated with this |
| * {@code KeyFactory} |
| */ |
| public final String getAlgorithm() { |
| return this.algorithm; |
| } |
| |
| /** |
| * Update the active KeyFactorySpi of this class and return the next |
| * implementation for failover. If no more implemenations are |
| * available, this method returns null. However, the active spi of |
| * this class is never set to null. |
| */ |
| private KeyFactorySpi nextSpi(KeyFactorySpi oldSpi) { |
| synchronized (lock) { |
| // somebody else did a failover concurrently |
| // try that spi now |
| if ((oldSpi != null) && (oldSpi != spi)) { |
| return spi; |
| } |
| if (serviceIterator == null) { |
| return null; |
| } |
| while (serviceIterator.hasNext()) { |
| Service s = serviceIterator.next(); |
| try { |
| Object obj = s.newInstance(null); |
| if (obj instanceof KeyFactorySpi == false) { |
| continue; |
| } |
| KeyFactorySpi spi = (KeyFactorySpi)obj; |
| provider = s.getProvider(); |
| this.spi = spi; |
| return spi; |
| } catch (NoSuchAlgorithmException e) { |
| // ignore |
| } |
| } |
| serviceIterator = null; |
| return null; |
| } |
| } |
| |
| /** |
| * Generates a public key object from the provided key specification |
| * (key material). |
| * |
| * @param keySpec the specification (key material) of the public key. |
| * |
| * @return the public key. |
| * |
| * @exception InvalidKeySpecException if the given key specification |
| * is inappropriate for this key factory to produce a public key. |
| */ |
| public final PublicKey generatePublic(KeySpec keySpec) |
| throws InvalidKeySpecException { |
| if (serviceIterator == null) { |
| return spi.engineGeneratePublic(keySpec); |
| } |
| Exception failure = null; |
| KeyFactorySpi mySpi = spi; |
| do { |
| try { |
| return mySpi.engineGeneratePublic(keySpec); |
| } catch (Exception e) { |
| if (failure == null) { |
| failure = e; |
| } |
| mySpi = nextSpi(mySpi); |
| } |
| } while (mySpi != null); |
| if (failure instanceof RuntimeException) { |
| throw (RuntimeException)failure; |
| } |
| if (failure instanceof InvalidKeySpecException) { |
| throw (InvalidKeySpecException)failure; |
| } |
| throw new InvalidKeySpecException |
| ("Could not generate public key", failure); |
| } |
| |
| /** |
| * Generates a private key object from the provided key specification |
| * (key material). |
| * |
| * @param keySpec the specification (key material) of the private key. |
| * |
| * @return the private key. |
| * |
| * @exception InvalidKeySpecException if the given key specification |
| * is inappropriate for this key factory to produce a private key. |
| */ |
| public final PrivateKey generatePrivate(KeySpec keySpec) |
| throws InvalidKeySpecException { |
| if (serviceIterator == null) { |
| return spi.engineGeneratePrivate(keySpec); |
| } |
| Exception failure = null; |
| KeyFactorySpi mySpi = spi; |
| do { |
| try { |
| return mySpi.engineGeneratePrivate(keySpec); |
| } catch (Exception e) { |
| if (failure == null) { |
| failure = e; |
| } |
| mySpi = nextSpi(mySpi); |
| } |
| } while (mySpi != null); |
| if (failure instanceof RuntimeException) { |
| throw (RuntimeException)failure; |
| } |
| if (failure instanceof InvalidKeySpecException) { |
| throw (InvalidKeySpecException)failure; |
| } |
| throw new InvalidKeySpecException |
| ("Could not generate private key", failure); |
| } |
| |
| /** |
| * Returns a specification (key material) of the given key object. |
| * {@code keySpec} identifies the specification class in which |
| * the key material should be returned. It could, for example, be |
| * {@code DSAPublicKeySpec.class}, to indicate that the |
| * key material should be returned in an instance of the |
| * {@code DSAPublicKeySpec} class. |
| * |
| * @param <T> the type of the key specification to be returned |
| * |
| * @param key the key. |
| * |
| * @param keySpec the specification class in which |
| * the key material should be returned. |
| * |
| * @return the underlying key specification (key material) in an instance |
| * of the requested specification class. |
| * |
| * @exception InvalidKeySpecException if the requested key specification is |
| * inappropriate for the given key, or the given key cannot be processed |
| * (e.g., the given key has an unrecognized algorithm or format). |
| */ |
| public final <T extends KeySpec> T getKeySpec(Key key, Class<T> keySpec) |
| throws InvalidKeySpecException { |
| if (serviceIterator == null) { |
| return spi.engineGetKeySpec(key, keySpec); |
| } |
| Exception failure = null; |
| KeyFactorySpi mySpi = spi; |
| do { |
| try { |
| return mySpi.engineGetKeySpec(key, keySpec); |
| } catch (Exception e) { |
| if (failure == null) { |
| failure = e; |
| } |
| mySpi = nextSpi(mySpi); |
| } |
| } while (mySpi != null); |
| if (failure instanceof RuntimeException) { |
| throw (RuntimeException)failure; |
| } |
| if (failure instanceof InvalidKeySpecException) { |
| throw (InvalidKeySpecException)failure; |
| } |
| throw new InvalidKeySpecException |
| ("Could not get key spec", failure); |
| } |
| |
| /** |
| * Translates a key object, whose provider may be unknown or potentially |
| * untrusted, into a corresponding key object of this key factory. |
| * |
| * @param key the key whose provider is unknown or untrusted. |
| * |
| * @return the translated key. |
| * |
| * @exception InvalidKeyException if the given key cannot be processed |
| * by this key factory. |
| */ |
| public final Key translateKey(Key key) throws InvalidKeyException { |
| if (serviceIterator == null) { |
| return spi.engineTranslateKey(key); |
| } |
| Exception failure = null; |
| KeyFactorySpi mySpi = spi; |
| do { |
| try { |
| return mySpi.engineTranslateKey(key); |
| } catch (Exception e) { |
| if (failure == null) { |
| failure = e; |
| } |
| mySpi = nextSpi(mySpi); |
| } |
| } while (mySpi != null); |
| if (failure instanceof RuntimeException) { |
| throw (RuntimeException)failure; |
| } |
| if (failure instanceof InvalidKeyException) { |
| throw (InvalidKeyException)failure; |
| } |
| throw new InvalidKeyException |
| ("Could not translate key", failure); |
| } |
| |
| } |