8047223: Add algorithm parameter to EncodedKeySpec class and its two subclasses

Reviewed-by: mullan
2014-09-16 13:20:51 -07:00 · 2014-09-16 13:20:51 -07:00 · 1f56f49cd0
commit 1f56f49cd0
parent 865fe20405
5 changed files with 187 additions and 18 deletions
--- a/jdk/src/java.base/share/classes/java/security/spec/EncodedKeySpec.java
+++ b/jdk/src/java.base/share/classes/java/security/spec/EncodedKeySpec.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -43,19 +43,62 @@ package java.security.spec;
 public abstract class EncodedKeySpec implements KeySpec {

    private byte[] encodedKey;
+    private String algorithmName;

    /**
-     * Creates a new EncodedKeySpec with the given encoded key.
+     * Creates a new {@code EncodedKeySpec} with the given encoded key.
     *
     * @param encodedKey the encoded key. The contents of the
     * array are copied to protect against subsequent modification.
-     * @exception NullPointerException if {@code encodedKey}
+     * @throws NullPointerException if {@code encodedKey}
     * is null.
     */
    public EncodedKeySpec(byte[] encodedKey) {
        this.encodedKey = encodedKey.clone();
    }

+    /**
+     * Creates a new {@code EncodedKeySpec} with the given encoded key.
+     * This constructor is useful when subsequent callers of the
+     * {@code EncodedKeySpec} object might not know the algorithm
+     * of the key.
+     *
+     * @param encodedKey the encoded key. The contents of the
+     * array are copied to protect against subsequent modification.
+     * @param algorithm the algorithm name of the encoded key
+     * See the KeyFactory section in the <a href=
+     * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyFactory">
+     * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
+     * for information about standard algorithm names.
+     * @throws NullPointerException if {@code encodedKey}
+     * or {@code algorithm} is null.
+     * @throws IllegalArgumentException if {@code algorithm} is
+     * the empty string {@code ""}
+     * @since 1.9
+     */
+    protected EncodedKeySpec(byte[] encodedKey, String algorithm) {
+        if (algorithm == null) {
+            throw new NullPointerException("algorithm name may not be null");
+        }
+        if (algorithm.isEmpty()) {
+            throw new IllegalArgumentException("algorithm name "
+                                             + "may not be empty");
+        }
+        this.encodedKey = encodedKey.clone();
+        this.algorithmName = algorithm;
+
+    }
+
+    /**
+     * Returns the name of the algorithm of the encoded key.
+     *
+     * @return the name of the algorithm, or null if not specified
+     * @since 1.9
+     */
+    public String getAlgorithm() {
+        return algorithmName;
+    }
+
    /**
     * Returns the encoded key.
     *
--- a/jdk/src/java.base/share/classes/java/security/spec/PKCS8EncodedKeySpec.java
+++ b/jdk/src/java.base/share/classes/java/security/spec/PKCS8EncodedKeySpec.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -62,18 +62,42 @@ package java.security.spec;
 public class PKCS8EncodedKeySpec extends EncodedKeySpec {

    /**
-     * Creates a new PKCS8EncodedKeySpec with the given encoded key.
+     * Creates a new {@code PKCS8EncodedKeySpec} with the given encoded key.
     *
     * @param encodedKey the key, which is assumed to be
     * encoded according to the PKCS #8 standard. The contents of
     * the array are copied to protect against subsequent modification.
-     * @exception NullPointerException if {@code encodedKey}
+     * @throws NullPointerException if {@code encodedKey}
     * is null.
     */
    public PKCS8EncodedKeySpec(byte[] encodedKey) {
        super(encodedKey);
    }

+    /**
+     * Creates a new {@code PKCS8EncodedKeySpec} with the given encoded key and
+     * algorithm. This constructor is useful when subsequent callers of
+     * the {@code PKCS8EncodedKeySpec} object might not know the
+     * algorithm of the private key.
+     *
+     * @param encodedKey the key, which is assumed to be
+     * encoded according to the PKCS #8 standard. The contents of
+     * the array are copied to protect against subsequent modification.
+     * @param algorithm the algorithm name of the encoded private key
+     * See the KeyFactory section in the <a href=
+     * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyFactory">
+     * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
+     * for information about standard algorithm names.
+     * @throws NullPointerException if {@code encodedKey}
+     * or {@algorithm} is null.
+     * @throws IllegalArgumentException if {@code algorithm} is
+     * the empty string {@code ""}
+     * @since 1.9
+     */
+    public PKCS8EncodedKeySpec(byte[] encodedKey, String algorithm) {
+        super(encodedKey, algorithm);
+    }
+
    /**
     * Returns the key bytes, encoded according to the PKCS #8 standard.
     *
--- a/jdk/src/java.base/share/classes/java/security/spec/X509EncodedKeySpec.java
+++ b/jdk/src/java.base/share/classes/java/security/spec/X509EncodedKeySpec.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -52,18 +52,42 @@ package java.security.spec;
 public class X509EncodedKeySpec extends EncodedKeySpec {

    /**
-     * Creates a new X509EncodedKeySpec with the given encoded key.
+     * Creates a new {@code X509EncodedKeySpec} with the given encoded key.
     *
     * @param encodedKey the key, which is assumed to be
     * encoded according to the X.509 standard. The contents of the
     * array are copied to protect against subsequent modification.
-     * @exception NullPointerException if {@code encodedKey}
+     * @throws NullPointerException if {@code encodedKey}
     * is null.
     */
    public X509EncodedKeySpec(byte[] encodedKey) {
        super(encodedKey);
    }

+    /**
+     * Creates a new {@code X509EncodedKeySpec} with the given encoded key.
+     * This constructor is useful when subsequent callers of the
+     * {@code X509EncodedKeySpec} object might not know the algorithm
+     * of the key.
+     *
+     * @param encodedKey the key, which is assumed to be
+     * encoded according to the X.509 standard. The contents of the
+     * array are copied to protect against subsequent modification.
+     * @param algorithm the algorithm name of the encoded public key
+     * See the KeyFactory section in the <a href=
+     * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyFactory">
+     * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
+     * for information about standard algorithm names.
+     * @throws NullPointerException if {@code encodedKey}
+     * or {@code algorithm} is null.
+     * @throws IllegalArgumentException if {@code algorithm} is
+     * the empty string {@code ""}
+     * @since 1.9
+     */
+    public X509EncodedKeySpec(byte[] encodedKey, String algorithm) {
+        super(encodedKey, algorithm);
+    }
+
    /**
     * Returns the key bytes, encoded according to the X.509 standard.
     *
--- a/jdk/src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java
+++ b/jdk/src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -60,6 +60,9 @@ public class EncryptedPrivateKeyInfo {
    // the "encryptionAlgorithm" field
    private AlgorithmId algid;

+    // the algorithm name of the encrypted private key
+    private String keyAlg;
+
    // the "encryptedData" field
    private byte[] encryptedData;

@ -255,7 +258,7 @@ public class EncryptedPrivateKeyInfo {
            throw new InvalidKeySpecException(
                    "Cannot retrieve the PKCS8EncodedKeySpec", ex);
        }
-        return new PKCS8EncodedKeySpec(encoded);
+        return new PKCS8EncodedKeySpec(encoded, keyAlg);
    }

    private PKCS8EncodedKeySpec getKeySpecImpl(Key decryptKey,
@ -280,7 +283,7 @@ public class EncryptedPrivateKeyInfo {
            throw new InvalidKeyException(
                    "Cannot retrieve the PKCS8EncodedKeySpec", ex);
        }
-        return new PKCS8EncodedKeySpec(encoded);
+        return new PKCS8EncodedKeySpec(encoded, keyAlg);
    }

    /**
@ -405,7 +408,7 @@ public class EncryptedPrivateKeyInfo {
    }

    @SuppressWarnings("fallthrough")
-    private static void checkPKCS8Encoding(byte[] encodedKey)
+    private void checkPKCS8Encoding(byte[] encodedKey)
        throws IOException {
        DerInputStream in = new DerInputStream(encodedKey);
        DerValue[] values = in.getSequence(3);
@ -416,11 +419,7 @@ public class EncryptedPrivateKeyInfo {
            /* fall through */
        case 3:
            checkTag(values[0], DerValue.tag_Integer, "version");
-            DerInputStream algid = values[1].toDerInputStream();
-            algid.getOID();
-            if (algid.available() != 0) {
-                algid.getDerValue();
-            }
+            keyAlg = AlgorithmId.parse(values[1]).getName();
            checkTag(values[2], DerValue.tag_OctetString, "privateKey");
            break;
        default:
--- a/jdk/test/java/security/spec/PKCS8EncodedKeySpec/Algorithm.java
+++ b/jdk/test/java/security/spec/PKCS8EncodedKeySpec/Algorithm.java
@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8047223
+ * @summary Add algorithm parameter to PKCS8EncodedKeySpec class
+ */
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Base64;
+import javax.crypto.EncryptedPrivateKeyInfo;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+
+public class Algorithm {
+
+    private static String PKCS8PrivateKey =
+        "MIICoTAbBgkqhkiG9w0BBQMwDgQIqQMPwbNEhOgCAggABIICgCwRkeLXVGdO7S1h\n" +
+        "FAFUiwj1HCzqYFF2x9+FzjlXNwEWecZsor5eoKQlTtJ9dsPajQ/wFgY76lkXDQXE\n" +
+        "hdm8ndWFgCwqFBshmAp4TOvO9GlaAloDTnLMUg715D5FujiElcV7vqIY2V/7uB21\n" +
+        "YRanKUa21sZAFJGj6Hom1+5+k0Q7Xi4kHgt+ZIPNLwrNFPWVovbTJdScZuJaDp6m\n" +
+        "Q1DJUIQOzthV11VI+MU/v5SSKhj/uCaxizazEi5lgdmR7rRGgMz2YipOIjXIsKgu\n" +
+        "jKX5LYFAZ8nYq1hy8Q1JPR5VPuWMFqeyofO/teXJb8gI/4TC1ZoED8hXj07jpJqG\n" +
+        "2NVO1Dwqab31qSAjfjBkSYHKun63BvZPq2mT+frJF1YzvQhCDnWN1zbMKFNTZJfd\n" +
+        "cUaecH/fgNKwKpeKGgX7UlWxo26/lS8pBiJ5ihtbyFfMUBtlwEN5uOHqVFOeZp1Z\n" +
+        "DwCc0o1JA7yOcazA2TtNT9pc58tFZ8pEeyLj7ZchOgv06N0hZJsI6AiwII4ljd+K\n" +
+        "4WKvs/xiSZU3tcHaWzqlf+6/M5kC3Pihm9GhZbKBmvrZYiKyTlJEeVI3pFRNSqbE\n" +
+        "nZUJgkmgzNT/ZfM2WsUJm03Rq0eNCU/FDscIZnCWSA6Bf/DJDQWmhMhg2QmTGzQM\n" +
+        "hw/vy77q7jxV67s36HGxxR1oe8uoZ2zugBBxHWEdqyQyrVwZXJukdjrc2S7pvMln\n" +
+        "/VSleEf91MEcDhztyhPSqlX+H95vMnVmh5oY2gwY+P0oD5Eki6/9K+BHfuqgtS4S\n" +
+        "LIna1iSyLr17pRO1lmNtvuCMwmUjeI8w3JhLmxxx//bl/WCAekqj3nMplrJHZ7xd\n" +
+        "6k0Stxo=";
+
+    private static String keyAlg = "RSA";
+    private static String password = "password";
+
+    /*
+     * This test checks that a PKCS8EncodedKeySpec is properly constructed
+     * from an encrypted private key and that the key algorithm name can be
+     * retrieved as expected.
+     */
+    public static void main(String[] argv) throws Exception {
+        EncryptedPrivateKeyInfo epki = new EncryptedPrivateKeyInfo(
+                Base64.getMimeDecoder().decode(PKCS8PrivateKey));
+        PBEKeySpec pks = new PBEKeySpec(password.toCharArray());
+        SecretKeyFactory skf = SecretKeyFactory.getInstance(epki.getAlgName());
+        SecretKey sk = skf.generateSecret(pks);
+        PKCS8EncodedKeySpec keySpec = epki.getKeySpec(sk);
+
+        // Get the key algorithm and make sure it's what we expect
+        String alg = keySpec.getAlgorithm();
+        if (!alg.equals(keyAlg)) {
+            throw new Exception("Expected: " + keyAlg + ", Got: " + alg);
+        }
+
+        System.out.println("Test passed");
+    }
+}