changeset 10695:7aca109497bf

8047223: Add algorithm parameter to EncodedKeySpec class and its two subclasses Reviewed-by: mullan
author juh
date Tue, 16 Sep 2014 13:20:51 -0700
parents 419e730c34da
children ef539b8808f1
files src/java.base/share/classes/java/security/spec/EncodedKeySpec.java src/java.base/share/classes/java/security/spec/PKCS8EncodedKeySpec.java src/java.base/share/classes/java/security/spec/X509EncodedKeySpec.java src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java test/java/security/spec/PKCS8EncodedKeySpec/Algorithm.java
diffstat 5 files changed, 187 insertions(+), 18 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/java/security/spec/EncodedKeySpec.java	Thu Sep 18 16:25:50 2014 -0700
+++ b/src/java.base/share/classes/java/security/spec/EncodedKeySpec.java	Tue Sep 16 13:20:51 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,13 +43,14 @@
 public abstract class EncodedKeySpec implements KeySpec {
 
     private byte[] encodedKey;
+    private String algorithmName;
 
     /**
-     * Creates a new EncodedKeySpec with the given encoded key.
+     * Creates a new {@code EncodedKeySpec} with the given encoded key.
      *
      * @param encodedKey the encoded key. The contents of the
      * array are copied to protect against subsequent modification.
-     * @exception NullPointerException if {@code encodedKey}
+     * @throws NullPointerException if {@code encodedKey}
      * is null.
      */
     public EncodedKeySpec(byte[] encodedKey) {
@@ -57,6 +58,48 @@
     }
 
     /**
+     * Creates a new {@code EncodedKeySpec} with the given encoded key.
+     * This constructor is useful when subsequent callers of the
+     * {@code EncodedKeySpec} object might not know the algorithm
+     * of the key.
+     *
+     * @param encodedKey the encoded key. The contents of the
+     * array are copied to protect against subsequent modification.
+     * @param algorithm the algorithm name of the encoded key
+     * See the KeyFactory section in the <a href=
+     * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyFactory">
+     * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
+     * for information about standard algorithm names.
+     * @throws NullPointerException if {@code encodedKey}
+     * or {@code algorithm} is null.
+     * @throws IllegalArgumentException if {@code algorithm} is
+     * the empty string {@code ""}
+     * @since 1.9
+     */
+    protected EncodedKeySpec(byte[] encodedKey, String algorithm) {
+        if (algorithm == null) {
+            throw new NullPointerException("algorithm name may not be null");
+        }
+        if (algorithm.isEmpty()) {
+            throw new IllegalArgumentException("algorithm name "
+                                             + "may not be empty");
+        }
+        this.encodedKey = encodedKey.clone();
+        this.algorithmName = algorithm;
+
+    }
+
+    /**
+     * Returns the name of the algorithm of the encoded key.
+     *
+     * @return the name of the algorithm, or null if not specified
+     * @since 1.9
+     */
+    public String getAlgorithm() {
+        return algorithmName;
+    }
+
+    /**
      * Returns the encoded key.
      *
      * @return the encoded key. Returns a new array each time
--- a/src/java.base/share/classes/java/security/spec/PKCS8EncodedKeySpec.java	Thu Sep 18 16:25:50 2014 -0700
+++ b/src/java.base/share/classes/java/security/spec/PKCS8EncodedKeySpec.java	Tue Sep 16 13:20:51 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -62,12 +62,12 @@
 public class PKCS8EncodedKeySpec extends EncodedKeySpec {
 
     /**
-     * Creates a new PKCS8EncodedKeySpec with the given encoded key.
+     * Creates a new {@code PKCS8EncodedKeySpec} with the given encoded key.
      *
      * @param encodedKey the key, which is assumed to be
      * encoded according to the PKCS #8 standard. The contents of
      * the array are copied to protect against subsequent modification.
-     * @exception NullPointerException if {@code encodedKey}
+     * @throws NullPointerException if {@code encodedKey}
      * is null.
      */
     public PKCS8EncodedKeySpec(byte[] encodedKey) {
@@ -75,6 +75,30 @@
     }
 
     /**
+     * Creates a new {@code PKCS8EncodedKeySpec} with the given encoded key and
+     * algorithm. This constructor is useful when subsequent callers of
+     * the {@code PKCS8EncodedKeySpec} object might not know the
+     * algorithm of the private key.
+     *
+     * @param encodedKey the key, which is assumed to be
+     * encoded according to the PKCS #8 standard. The contents of
+     * the array are copied to protect against subsequent modification.
+     * @param algorithm the algorithm name of the encoded private key
+     * See the KeyFactory section in the <a href=
+     * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyFactory">
+     * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
+     * for information about standard algorithm names.
+     * @throws NullPointerException if {@code encodedKey}
+     * or {@algorithm} is null.
+     * @throws IllegalArgumentException if {@code algorithm} is
+     * the empty string {@code ""}
+     * @since 1.9
+     */
+    public PKCS8EncodedKeySpec(byte[] encodedKey, String algorithm) {
+        super(encodedKey, algorithm);
+    }
+
+    /**
      * Returns the key bytes, encoded according to the PKCS #8 standard.
      *
      * @return the PKCS #8 encoding of the key. Returns a new array
--- a/src/java.base/share/classes/java/security/spec/X509EncodedKeySpec.java	Thu Sep 18 16:25:50 2014 -0700
+++ b/src/java.base/share/classes/java/security/spec/X509EncodedKeySpec.java	Tue Sep 16 13:20:51 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -52,12 +52,12 @@
 public class X509EncodedKeySpec extends EncodedKeySpec {
 
     /**
-     * Creates a new X509EncodedKeySpec with the given encoded key.
+     * Creates a new {@code X509EncodedKeySpec} with the given encoded key.
      *
      * @param encodedKey the key, which is assumed to be
      * encoded according to the X.509 standard. The contents of the
      * array are copied to protect against subsequent modification.
-     * @exception NullPointerException if {@code encodedKey}
+     * @throws NullPointerException if {@code encodedKey}
      * is null.
      */
     public X509EncodedKeySpec(byte[] encodedKey) {
@@ -65,6 +65,30 @@
     }
 
     /**
+     * Creates a new {@code X509EncodedKeySpec} with the given encoded key.
+     * This constructor is useful when subsequent callers of the
+     * {@code X509EncodedKeySpec} object might not know the algorithm
+     * of the key.
+     *
+     * @param encodedKey the key, which is assumed to be
+     * encoded according to the X.509 standard. The contents of the
+     * array are copied to protect against subsequent modification.
+     * @param algorithm the algorithm name of the encoded public key
+     * See the KeyFactory section in the <a href=
+     * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyFactory">
+     * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
+     * for information about standard algorithm names.
+     * @throws NullPointerException if {@code encodedKey}
+     * or {@code algorithm} is null.
+     * @throws IllegalArgumentException if {@code algorithm} is
+     * the empty string {@code ""}
+     * @since 1.9
+     */
+    public X509EncodedKeySpec(byte[] encodedKey, String algorithm) {
+        super(encodedKey, algorithm);
+    }
+
+    /**
      * Returns the key bytes, encoded according to the X.509 standard.
      *
      * @return the X.509 encoding of the key. Returns a new array
--- a/src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java	Thu Sep 18 16:25:50 2014 -0700
+++ b/src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java	Tue Sep 16 13:20:51 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -60,6 +60,9 @@
     // the "encryptionAlgorithm" field
     private AlgorithmId algid;
 
+    // the algorithm name of the encrypted private key
+    private String keyAlg;
+
     // the "encryptedData" field
     private byte[] encryptedData;
 
@@ -255,7 +258,7 @@
             throw new InvalidKeySpecException(
                     "Cannot retrieve the PKCS8EncodedKeySpec", ex);
         }
-        return new PKCS8EncodedKeySpec(encoded);
+        return new PKCS8EncodedKeySpec(encoded, keyAlg);
     }
 
     private PKCS8EncodedKeySpec getKeySpecImpl(Key decryptKey,
@@ -280,7 +283,7 @@
             throw new InvalidKeyException(
                     "Cannot retrieve the PKCS8EncodedKeySpec", ex);
         }
-        return new PKCS8EncodedKeySpec(encoded);
+        return new PKCS8EncodedKeySpec(encoded, keyAlg);
     }
 
     /**
@@ -405,7 +408,7 @@
     }
 
     @SuppressWarnings("fallthrough")
-    private static void checkPKCS8Encoding(byte[] encodedKey)
+    private void checkPKCS8Encoding(byte[] encodedKey)
         throws IOException {
         DerInputStream in = new DerInputStream(encodedKey);
         DerValue[] values = in.getSequence(3);
@@ -416,11 +419,7 @@
             /* fall through */
         case 3:
             checkTag(values[0], DerValue.tag_Integer, "version");
-            DerInputStream algid = values[1].toDerInputStream();
-            algid.getOID();
-            if (algid.available() != 0) {
-                algid.getDerValue();
-            }
+            keyAlg = AlgorithmId.parse(values[1]).getName();
             checkTag(values[2], DerValue.tag_OctetString, "privateKey");
             break;
         default:
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/security/spec/PKCS8EncodedKeySpec/Algorithm.java	Tue Sep 16 13:20:51 2014 -0700
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8047223
+ * @summary Add algorithm parameter to PKCS8EncodedKeySpec class
+ */
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Base64;
+import javax.crypto.EncryptedPrivateKeyInfo;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+
+public class Algorithm {
+
+    private static String PKCS8PrivateKey =
+        "MIICoTAbBgkqhkiG9w0BBQMwDgQIqQMPwbNEhOgCAggABIICgCwRkeLXVGdO7S1h\n" +
+        "FAFUiwj1HCzqYFF2x9+FzjlXNwEWecZsor5eoKQlTtJ9dsPajQ/wFgY76lkXDQXE\n" +
+        "hdm8ndWFgCwqFBshmAp4TOvO9GlaAloDTnLMUg715D5FujiElcV7vqIY2V/7uB21\n" +
+        "YRanKUa21sZAFJGj6Hom1+5+k0Q7Xi4kHgt+ZIPNLwrNFPWVovbTJdScZuJaDp6m\n" +
+        "Q1DJUIQOzthV11VI+MU/v5SSKhj/uCaxizazEi5lgdmR7rRGgMz2YipOIjXIsKgu\n" +
+        "jKX5LYFAZ8nYq1hy8Q1JPR5VPuWMFqeyofO/teXJb8gI/4TC1ZoED8hXj07jpJqG\n" +
+        "2NVO1Dwqab31qSAjfjBkSYHKun63BvZPq2mT+frJF1YzvQhCDnWN1zbMKFNTZJfd\n" +
+        "cUaecH/fgNKwKpeKGgX7UlWxo26/lS8pBiJ5ihtbyFfMUBtlwEN5uOHqVFOeZp1Z\n" +
+        "DwCc0o1JA7yOcazA2TtNT9pc58tFZ8pEeyLj7ZchOgv06N0hZJsI6AiwII4ljd+K\n" +
+        "4WKvs/xiSZU3tcHaWzqlf+6/M5kC3Pihm9GhZbKBmvrZYiKyTlJEeVI3pFRNSqbE\n" +
+        "nZUJgkmgzNT/ZfM2WsUJm03Rq0eNCU/FDscIZnCWSA6Bf/DJDQWmhMhg2QmTGzQM\n" +
+        "hw/vy77q7jxV67s36HGxxR1oe8uoZ2zugBBxHWEdqyQyrVwZXJukdjrc2S7pvMln\n" +
+        "/VSleEf91MEcDhztyhPSqlX+H95vMnVmh5oY2gwY+P0oD5Eki6/9K+BHfuqgtS4S\n" +
+        "LIna1iSyLr17pRO1lmNtvuCMwmUjeI8w3JhLmxxx//bl/WCAekqj3nMplrJHZ7xd\n" +
+        "6k0Stxo=";
+
+    private static String keyAlg = "RSA";
+    private static String password = "password";
+
+    /*
+     * This test checks that a PKCS8EncodedKeySpec is properly constructed
+     * from an encrypted private key and that the key algorithm name can be
+     * retrieved as expected.
+     */
+    public static void main(String[] argv) throws Exception {
+        EncryptedPrivateKeyInfo epki = new EncryptedPrivateKeyInfo(
+                Base64.getMimeDecoder().decode(PKCS8PrivateKey));
+        PBEKeySpec pks = new PBEKeySpec(password.toCharArray());
+        SecretKeyFactory skf = SecretKeyFactory.getInstance(epki.getAlgName());
+        SecretKey sk = skf.generateSecret(pks);
+        PKCS8EncodedKeySpec keySpec = epki.getKeySpec(sk);
+
+        // Get the key algorithm and make sure it's what we expect
+        String alg = keySpec.getAlgorithm();
+        if (!alg.equals(keyAlg)) {
+            throw new Exception("Expected: " + keyAlg + ", Got: " + alg);
+        }
+
+        System.out.println("Test passed");
+    }
+}