001 /* EncryptedPrivateKeyInfo.java -- As in PKCS #8. 002 Copyright (C) 2004 Free Software Foundation, Inc. 003 004 This file is part of GNU Classpath. 005 006 GNU Classpath is free software; you can redistribute it and/or modify 007 it under the terms of the GNU General Public License as published by 008 the Free Software Foundation; either version 2, or (at your option) 009 any later version. 010 011 GNU Classpath is distributed in the hope that it will be useful, but 012 WITHOUT ANY WARRANTY; without even the implied warranty of 013 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 014 General Public License for more details. 015 016 You should have received a copy of the GNU General Public License 017 along with GNU Classpath; see the file COPYING. If not, write to the 018 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 019 02110-1301 USA. 020 021 Linking this library statically or dynamically with other modules is 022 making a combined work based on this library. Thus, the terms and 023 conditions of the GNU General Public License cover the whole 024 combination. 025 026 As a special exception, the copyright holders of this library give you 027 permission to link this library with independent modules to produce an 028 executable, regardless of the license terms of these independent 029 modules, and to copy and distribute the resulting executable under 030 terms of your choice, provided that you also meet, for each linked 031 independent module, the terms and conditions of the license of that 032 module. An independent module is a module which is not derived from 033 or based on this library. If you modify this library, you may extend 034 this exception to your version of the library, but you are not 035 obligated to do so. If you do not wish to do so, delete this 036 exception statement from your version. */ 037 038 039 package javax.crypto; 040 041 import gnu.java.security.OID; 042 import gnu.java.security.der.DER; 043 import gnu.java.security.der.DERReader; 044 import gnu.java.security.der.DERValue; 045 046 import java.io.IOException; 047 import java.security.AlgorithmParameters; 048 import java.security.NoSuchAlgorithmException; 049 import java.security.spec.InvalidKeySpecException; 050 import java.security.spec.PKCS8EncodedKeySpec; 051 import java.util.ArrayList; 052 import java.util.List; 053 054 /** 055 * An implementation of the <code>EncryptedPrivateKeyInfo</code> ASN.1 056 * type as specified in <a 057 * href="http://www.rsasecurity.com/rsalabs/pkcs/pkcs-8/">PKCS #8 - 058 * Private-Key Information Syntax Standard</a>. 059 * 060 * <p>The ASN.1 type <code>EncryptedPrivateKeyInfo</code> is: 061 * 062 * <blockquote> 063 * <pre>EncryptedPrivateKeyInfo ::= SEQUENCE { 064 * encryptionAlgorithm EncryptionAlgorithmIdentifier, 065 * encryptedData EncryptedData } 066 * 067 * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier 068 * 069 * EncrytpedData ::= OCTET STRING 070 * 071 * AlgorithmIdentifier ::= SEQUENCE { 072 * algorithm OBJECT IDENTIFIER, 073 * parameters ANY DEFINED BY algorithm OPTIONAL }</pre> 074 * </blockquote> 075 * 076 * @author Casey Marshall (csm@gnu.org) 077 * @since 1.4 078 * @see java.security.spec.PKCS8EncodedKeySpec 079 */ 080 public class EncryptedPrivateKeyInfo 081 { 082 083 // Fields. 084 // ------------------------------------------------------------------------ 085 086 /** The encrypted data. */ 087 private byte[] encryptedData; 088 089 /** The encoded, encrypted key. */ 090 private byte[] encoded; 091 092 /** The OID of the encryption algorithm. */ 093 private OID algOid; 094 095 /** The encryption algorithm name. */ 096 private String algName; 097 098 /** The encryption algorithm's parameters. */ 099 private AlgorithmParameters params; 100 101 /** The encoded ASN.1 algorithm parameters. */ 102 private byte[] encodedParams; 103 104 // Constructors. 105 // ------------------------------------------------------------------------ 106 107 /** 108 * Create a new <code>EncryptedPrivateKeyInfo</code> object from raw 109 * encrypted data and the parameters used for encryption. 110 * 111 * <p>The <code>encryptedData</code> array is cloned. 112 * 113 * @param params The encryption algorithm parameters. 114 * @param encryptedData The encrypted key data. 115 * @throws java.lang.IllegalArgumentException If the 116 * <code>encryptedData</code> array is empty (zero-length). 117 * @throws java.security.NoSuchAlgorithmException If the algorithm 118 * specified in the parameters is not supported. 119 * @throws java.lang.NullPointerException If <code>encryptedData</code> 120 * is null. 121 */ 122 public EncryptedPrivateKeyInfo(AlgorithmParameters params, 123 byte[] encryptedData) 124 throws IllegalArgumentException, NoSuchAlgorithmException 125 { 126 if (encryptedData.length == 0) 127 { 128 throw new IllegalArgumentException("0-length encryptedData"); 129 } 130 this.params = params; 131 algName = params.getAlgorithm (); 132 algOid = getOid (algName); 133 this.encryptedData = (byte[]) encryptedData.clone(); 134 } 135 136 /** 137 * Create a new <code>EncryptedPrivateKeyInfo</code> from an encoded 138 * representation, parsing the ASN.1 sequence. 139 * 140 * @param encoded The encoded info. 141 * @throws java.io.IOException If parsing the encoded data fails. 142 * @throws java.lang.NullPointerException If <code>encoded</code> is 143 * null. 144 */ 145 public EncryptedPrivateKeyInfo(byte[] encoded) 146 throws IOException 147 { 148 this.encoded = (byte[]) encoded.clone(); 149 decode(); 150 } 151 152 /** 153 * Create a new <code>EncryptedPrivateKeyInfo</code> from the cipher 154 * name and the encrytpedData. 155 * 156 * <p>The <code>encryptedData</code> array is cloned. 157 * 158 * @param algName The name of the algorithm (as an object identifier). 159 * @param encryptedData The encrypted key data. 160 * @throws java.lang.IllegalArgumentException If the 161 * <code>encryptedData</code> array is empty (zero-length). 162 * @throws java.security.NoSuchAlgorithmException If algName is not 163 * the name of a supported algorithm. 164 * @throws java.lang.NullPointerException If <code>encryptedData</code> 165 * is null. 166 */ 167 public EncryptedPrivateKeyInfo(String algName, byte[] encryptedData) 168 throws IllegalArgumentException, NoSuchAlgorithmException, 169 NullPointerException 170 { 171 if (encryptedData.length == 0) 172 { 173 throw new IllegalArgumentException("0-length encryptedData"); 174 } 175 this.algName = algName.toString (); // do NP check 176 this.algOid = getOid (algName); 177 this.encryptedData = (byte[]) encryptedData.clone(); 178 } 179 180 /** 181 * Return the OID for the given cipher name. 182 * 183 * @param str The string. 184 * @throws NoSuchAlgorithmException If the OID is not known. 185 */ 186 private static OID getOid (final String str) 187 throws NoSuchAlgorithmException 188 { 189 if (str.equalsIgnoreCase ("DSA")) 190 { 191 return new OID ("1.2.840.10040.4.3"); 192 } 193 // FIXME add more 194 195 try 196 { 197 return new OID (str); 198 } 199 catch (Throwable t) 200 { 201 } 202 throw new NoSuchAlgorithmException ("cannot determine OID for '" + str + "'"); 203 } 204 205 // Instance methods. 206 // ------------------------------------------------------------------------ 207 208 /** 209 * Return the name of the cipher used to encrypt this key. 210 * 211 * @return The algorithm name. 212 */ 213 public String getAlgName() 214 { 215 return algOid.toString(); 216 } 217 218 public AlgorithmParameters getAlgParameters() 219 { 220 if (params == null && encodedParams != null) 221 { 222 try 223 { 224 params = AlgorithmParameters.getInstance(getAlgName()); 225 params.init(encodedParams); 226 } 227 catch (NoSuchAlgorithmException ignore) 228 { 229 // FIXME throw exception? 230 } 231 catch (IOException ignore) 232 { 233 } 234 } 235 return params; 236 } 237 238 public synchronized byte[] getEncoded() throws IOException 239 { 240 if (encoded == null) encode(); 241 return (byte[]) encoded.clone(); 242 } 243 244 public byte[] getEncryptedData() 245 { 246 return encryptedData; 247 } 248 249 public PKCS8EncodedKeySpec getKeySpec(Cipher cipher) 250 throws InvalidKeySpecException 251 { 252 try 253 { 254 return new PKCS8EncodedKeySpec(cipher.doFinal(encryptedData)); 255 } 256 catch (Exception x) 257 { 258 throw new InvalidKeySpecException(x.toString()); 259 } 260 } 261 262 // Own methods. 263 // ------------------------------------------------------------------------- 264 265 private void decode() throws IOException 266 { 267 DERReader der = new DERReader(encoded); 268 DERValue val = der.read(); 269 if (val.getTag() != DER.SEQUENCE) 270 throw new IOException("malformed EncryptedPrivateKeyInfo"); 271 val = der.read(); 272 if (val.getTag() != DER.SEQUENCE) 273 throw new IOException("malformed AlgorithmIdentifier"); 274 int algpLen = val.getLength(); 275 DERValue oid = der.read(); 276 if (oid.getTag() != DER.OBJECT_IDENTIFIER) 277 throw new IOException("malformed AlgorithmIdentifier"); 278 algOid = (OID) oid.getValue(); 279 if (algpLen == 0) 280 { 281 val = der.read(); 282 if (val.getTag() != 0) 283 { 284 encodedParams = val.getEncoded(); 285 der.read(); 286 } 287 } 288 else if (oid.getEncodedLength() < val.getLength()) 289 { 290 val = der.read(); 291 encodedParams = val.getEncoded(); 292 } 293 val = der.read(); 294 if (val.getTag() != DER.OCTET_STRING) 295 throw new IOException("malformed AlgorithmIdentifier"); 296 encryptedData = (byte[]) val.getValue(); 297 } 298 299 private void encode() throws IOException 300 { 301 List algId = new ArrayList(2); 302 algId.add(new DERValue(DER.OBJECT_IDENTIFIER, algOid)); 303 getAlgParameters(); 304 if (params != null) 305 { 306 algId.add (DERReader.read (params.getEncoded())); 307 } 308 else 309 { 310 algId.add (new DERValue (DER.NULL, null)); 311 } 312 List epki = new ArrayList(2); 313 epki.add(new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, algId)); 314 epki.add(new DERValue(DER.OCTET_STRING, encryptedData)); 315 encoded = new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, epki).getEncoded(); 316 } 317 }