org.opensaml.security.crypto

Class KeySupport

java.lang.Object

org.opensaml.security.crypto.KeySupport

public final class KeySupport
extends java.lang.Object

Helper methods for cryptographic keys and key pairs.

Field Summary

Fields

Modifier and Type	Field and Description
private static java.util.Map<java.lang.String,java.lang.String>	keyMatchAlgorithms Maps key algorithms to the signing algorithm used in the key matching function.

Constructor Summary

Constructors

Modifier	Constructor and Description
private	KeySupport() Constructor.

Method Summary

Modifier and Type	Method and Description
static java.security.interfaces.DSAPrivateKey	buildJavaDSAPrivateKey(java.lang.String base64EncodedKey) Build Java DSA private key from base64 encoding.
static java.security.interfaces.DSAPublicKey	buildJavaDSAPublicKey(java.lang.String base64EncodedKey) Build Java DSA public key from base64 encoding.
static java.security.interfaces.ECPrivateKey	buildJavaECPrivateKey(java.lang.String base64EncodedKey) Build Java EC private key from base64 encoding.
static java.security.interfaces.ECPublicKey	buildJavaECPublicKey(java.lang.String base64EncodedKey) Build Java EC public key from base64 encoding.
static java.security.PrivateKey	buildJavaPrivateKey(java.lang.String base64EncodedKey) Build Java private key from base64 encoding.
static java.security.interfaces.RSAPrivateKey	buildJavaRSAPrivateKey(java.lang.String base64EncodedKey) Build Java RSA private key from base64 encoding.
static java.security.interfaces.RSAPublicKey	buildJavaRSAPublicKey(java.lang.String base64EncodedKey) Build Java RSA public key from base64 encoding.
static java.security.PublicKey	buildKey(java.security.spec.KeySpec keySpec, java.lang.String keyAlgorithm) Generates a public key from the given key spec.
static java.security.PrivateKey	decodePrivateKey(byte[] key, char[] password) Decodes RSA/DSA private keys in DER, PEM, or PKCS#8 (encrypted or unencrypted) formats.
static java.security.PrivateKey	decodePrivateKey(java.io.File key, char[] password) Decodes RSA/DSA private keys in DER, PEM, or PKCS#8 (encrypted or unencrypted) formats.
static java.security.PublicKey	decodePublicKey(byte[] key) Decodes RSA/DSA public keys in DER-encoded "SubjectPublicKeyInfo" format.
static javax.crypto.SecretKey	decodeSecretKey(byte[] key, java.lang.String algorithm) Produces SecretKey instances specified as a raw byte[] plus a JCA key algorithm.
static java.security.PublicKey	derivePublicKey(java.security.PrivateKey key) Derives the public key from either a DSA or RSA private key.
static javax.crypto.SecretKey	generateKey(java.lang.String algo, int keyLength, java.lang.String provider) Generate a random symmetric key.
static java.security.KeyPair	generateKeyPair(java.lang.String algo, int keyLength, java.lang.String provider) Generate a random asymmetric key pair.
static java.lang.Integer	getKeyLength(java.security.Key key) Get the key length in bits of the specified key.
private static org.slf4j.Logger	getLogger() Get an SLF4J Logger.
static boolean	matchKeyPair(java.security.PublicKey pubKey, java.security.PrivateKey privKey) Compare the supplied public and private keys, and determine if they correspond to the same key pair.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

keyMatchAlgorithms

private static java.util.Map<java.lang.String,java.lang.String> keyMatchAlgorithms

Maps key algorithms to the signing algorithm used in the key matching function.

Constructor Detail

KeySupport

private KeySupport()

Constructor.

Method Detail

getKeyLength

@Nullable
public static java.lang.Integer getKeyLength(@Nonnull
                                                       java.security.Key key)

Get the key length in bits of the specified key.

Parameters:

key - the key to evaluate

Returns:

length of the key in bits, or null if the length cannot be determined

decodeSecretKey

@Nonnull
public static javax.crypto.SecretKey decodeSecretKey(@Nonnull
                                                              byte[] key,
                                                              @Nonnull
                                                              java.lang.String algorithm)
                                                       throws java.security.KeyException

Produces SecretKey instances specified as a raw byte[] plus a JCA key algorithm.

Parameters:

key - the raw secret key bytes

algorithm - the JCA key algorithm

Returns:

the decoded key

Throws:

java.security.KeyException - thrown if the key can not be decoded

decodePublicKey

@Nonnull
public static java.security.PublicKey decodePublicKey(@Nonnull
                                                               byte[] key)
                                                        throws java.security.KeyException

Decodes RSA/DSA public keys in DER-encoded "SubjectPublicKeyInfo" format.

Parameters:

key - encoded key

Returns:

decoded key

Throws:

java.security.KeyException - thrown if the key cannot be decoded

decodePrivateKey

@Nonnull
public static java.security.PrivateKey decodePrivateKey(@Nonnull
                                                                 java.io.File key,
                                                                 @Nullable
                                                                 char[] password)
                                                          throws java.security.KeyException

Decodes RSA/DSA private keys in DER, PEM, or PKCS#8 (encrypted or unencrypted) formats.

Parameters:

key - encoded key

password - decryption password or null if the key is not encrypted

Returns:

decoded private key

Throws:

java.security.KeyException - thrown if the key cannot be decoded

decodePrivateKey

@Nonnull
public static java.security.PrivateKey decodePrivateKey(@Nonnull
                                                                 byte[] key,
                                                                 @Nullable
                                                                 char[] password)
                                                          throws java.security.KeyException

Decodes RSA/DSA private keys in DER, PEM, or PKCS#8 (encrypted or unencrypted) formats.

Parameters:

key - encoded key

password - decryption password or null if the key is not encrypted

Returns:

decoded private key

Throws:

java.security.KeyException - thrown if the key cannot be decoded

derivePublicKey

@Nonnull
public static java.security.PublicKey derivePublicKey(@Nonnull
                                                               java.security.PrivateKey key)
                                                        throws java.security.KeyException

Derives the public key from either a DSA or RSA private key.

Parameters:

key - the private key to derive the public key from

Returns:

the derived public key

Throws:

java.security.KeyException - thrown if the given private key is not a DSA or RSA key or there is a problem generating the public key

buildJavaDSAPublicKey

@Nonnull
public static java.security.interfaces.DSAPublicKey buildJavaDSAPublicKey(@Nonnull
                                                                                   java.lang.String base64EncodedKey)
                                                                            throws java.security.KeyException

Build Java DSA public key from base64 encoding.

Parameters:

base64EncodedKey - base64-encoded DSA public key

Returns:

a native Java DSAPublicKey

Throws:

java.security.KeyException - thrown if there is an error constructing key

buildJavaRSAPublicKey

@Nonnull
public static java.security.interfaces.RSAPublicKey buildJavaRSAPublicKey(@Nonnull
                                                                                   java.lang.String base64EncodedKey)
                                                                            throws java.security.KeyException

Build Java RSA public key from base64 encoding.

Parameters:

base64EncodedKey - base64-encoded RSA public key

Returns:

a native Java RSAPublicKey

Throws:

java.security.KeyException - thrown if there is an error constructing key

buildJavaECPublicKey

@Nonnull
public static java.security.interfaces.ECPublicKey buildJavaECPublicKey(@Nonnull
                                                                                 java.lang.String base64EncodedKey)
                                                                          throws java.security.KeyException

Build Java EC public key from base64 encoding.

Parameters:

base64EncodedKey - base64-encoded EC public key

Returns:

a native Java ECPublicKey

Throws:

java.security.KeyException - thrown if there is an error constructing key

buildJavaRSAPrivateKey

@Nonnull
public static java.security.interfaces.RSAPrivateKey buildJavaRSAPrivateKey(@Nonnull
                                                                                     java.lang.String base64EncodedKey)
                                                                              throws java.security.KeyException

Build Java RSA private key from base64 encoding.

Parameters:

base64EncodedKey - base64-encoded RSA private key

Returns:

a native Java RSAPrivateKey

Throws:

java.security.KeyException - thrown if there is an error constructing key

buildJavaDSAPrivateKey

@Nonnull
public static java.security.interfaces.DSAPrivateKey buildJavaDSAPrivateKey(@Nonnull
                                                                                     java.lang.String base64EncodedKey)
                                                                              throws java.security.KeyException

Build Java DSA private key from base64 encoding.

Parameters:

base64EncodedKey - base64-encoded DSA private key

Returns:

a native Java DSAPrivateKey

Throws:

java.security.KeyException - thrown if there is an error constructing key

buildJavaECPrivateKey

public static java.security.interfaces.ECPrivateKey buildJavaECPrivateKey(java.lang.String base64EncodedKey)
                                                                   throws java.security.KeyException

Build Java EC private key from base64 encoding.

Parameters:

base64EncodedKey - base64-encoded EC private key

Returns:

a native Java ECPrivateKey

Throws:

java.security.KeyException - thrown if there is an error constructing key

buildJavaPrivateKey

@Nonnull
public static java.security.PrivateKey buildJavaPrivateKey(@Nonnull
                                                                    java.lang.String base64EncodedKey)
                                                             throws java.security.KeyException

Build Java private key from base64 encoding. The key should have no password.

Parameters:

base64EncodedKey - base64-encoded private key

Returns:

a native Java PrivateKey

Throws:

java.security.KeyException - thrown if there is an error constructing key

buildKey

@Nonnull
public static java.security.PublicKey buildKey(@Nullable
                                                        java.security.spec.KeySpec keySpec,
                                                        @Nonnull
                                                        java.lang.String keyAlgorithm)
                                                 throws java.security.KeyException

Generates a public key from the given key spec.

Parameters:

keySpec - KeySpec specification for the key

keyAlgorithm - key generation algorithm, only DSA, RSA, and EC supported

Returns:

the generated PublicKey

Throws:

java.security.KeyException - thrown if the key algorithm is not supported by the JCA or the key spec does not contain valid information

generateKey

@Nonnull
public static javax.crypto.SecretKey generateKey(@Nonnull
                                                          java.lang.String algo,
                                                          int keyLength,
                                                          @Nullable
                                                          java.lang.String provider)
                                                   throws java.security.NoSuchAlgorithmException,
                                                          java.security.NoSuchProviderException

Generate a random symmetric key.

Parameters:

algo - key algorithm

keyLength - key length

provider - JCA provider

Returns:

randomly generated symmetric key

Throws:

java.security.NoSuchAlgorithmException - algorithm not found

java.security.NoSuchProviderException - provider not found

generateKeyPair

@Nonnull
public static java.security.KeyPair generateKeyPair(@Nonnull
                                                             java.lang.String algo,
                                                             int keyLength,
                                                             @Nullable
                                                             java.lang.String provider)
                                                      throws java.security.NoSuchAlgorithmException,
                                                             java.security.NoSuchProviderException

Generate a random asymmetric key pair.

Parameters:

algo - key algorithm

keyLength - key length

provider - JCA provider

Returns:

randomly generated key

Throws:

java.security.NoSuchAlgorithmException - algorithm not found

java.security.NoSuchProviderException - provider not found

matchKeyPair

public static boolean matchKeyPair(@Nonnull
                                   java.security.PublicKey pubKey,
                                   @Nonnull
                                   java.security.PrivateKey privKey)
                            throws SecurityException

Compare the supplied public and private keys, and determine if they correspond to the same key pair.

Parameters:

pubKey - the public key

privKey - the private key

Returns:

true if the public and private are from the same key pair, false if not

Throws:

SecurityException - if the keys can not be evaluated, or if the key algorithm is unsupported or unknown

getLogger

@Nonnull
private static org.slf4j.Logger getLogger()

Get an SLF4J Logger.

Returns:

a Logger instance