Class OpenSSLKey

java.lang.Object

org.globus.gsi.OpenSSLKey

All Implemented Interfaces:

Serializable

Direct Known Subclasses:

BouncyCastleOpenSSLKey

public abstract class OpenSSLKey
extends Object
implements Serializable

Represents a OpenSSL-style PEM-formatted private key. It supports encryption and decryption of the key. Currently, only RSA keys are supported, and only TripleDES encryption is supported.

This is based on work done by Ming Yung at DSTC.

Since:

1.0

Version:

${version}

See Also:

• Serialized Form

Field Summary

Fields

Modifier and Type	Field	Description
private String	encAlg
private String	encAlgStr
private byte[]	encodedKey
private static final String	HEADER
private IvParameterSpec	initializationVector
private PrivateKey	intKey
private boolean	isEncrypted
private byte[]	ivData
private int	ivLength
private String	keyAlg
private byte[]	keyData
private int	keyLength

Constructor Summary

Constructors

Constructor	Description
OpenSSLKey(InputStream is)	Reads a OpenSSL private key from the specified input stream.
OpenSSLKey(String file)	Reads a OpenSSL private key from the specified file.
OpenSSLKey(String algorithm, byte[] data)	Initializes the OpenSSL key from raw byte array.
OpenSSLKey(PrivateKey key)	Converts a RSAPrivateCrtKey into OpenSSL key.

Method Summary

Modifier and Type	Method	Description
void	decrypt(byte[] password)	Decrypts the private key with given password.
void	decrypt(String password)	Decrypts the private key with given password.
void	encrypt(byte[] password)	Encrypts the private key with given password.
void	encrypt(String password)	Encrypts the private key with given password.
boolean	equals(Object other)
private String	extractEncryptionInfo(BufferedReader in)
private String	extractKey(BufferedReader in)
private void	generateIV()
private Cipher	getCipher()
protected byte[]	getEncoded()
protected abstract byte[]	getEncoded(PrivateKey key)
protected abstract PrivateKey	getKey(String alg, byte[] data)
private String	getKeyAlgorithm(String line)
PrivateKey	getPrivateKey()	Returns the JCE (RSAPrivateCrtKey) key.
protected String	getProvider()
private SecretKeySpec	getSecretKey(byte[] pwd, byte[] keyInitializationVector)
int	hashCode()
boolean	isEncrypted()	Check if the key was encrypted or not.
private static boolean	objectsEquals(Object a, Object b)
private void	parseEncryptionInfo(String line)
private void	parseKeyAlgorithm(BufferedReader in)
private void	readObject(ObjectInputStream s)
private void	readPEM(Reader rd)
private void	setAlgorithmSettings(String alg)
void	setEncryptionAlgorithm(String alg)	Sets algorithm for encryption.
private void	setIV(byte[] data)
private void	setIV(String s)
private String	toPEM()
void	writeTo(OutputStream output)	Writes the private key to the specified output stream in PEM format.
void	writeTo(Writer w)	Writes the private key to the specified writer in PEM format.
void	writeTo(String file)	Writes the private key to the specified file in PEM format.

Methods inherited from class Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Field Details

HEADER

private static final String HEADER

See Also:

• Constant Field Values

keyAlg

private String keyAlg

isEncrypted

private boolean isEncrypted

encodedKey

private byte[] encodedKey

intKey

private PrivateKey intKey

ivData

private byte[] ivData

initializationVector

private transient IvParameterSpec initializationVector

encAlgStr

private String encAlgStr

encAlg

private String encAlg

keyLength

private int keyLength

ivLength

private int ivLength

keyData

private byte[] keyData

Constructor Details

OpenSSLKey

public OpenSSLKey(InputStream is)
           throws IOException,
GeneralSecurityException

Reads a OpenSSL private key from the specified input stream. The private key must be PEM encoded and can be encrypted.

Parameters:

is - input stream with OpenSSL key in PEM format.

Throws:

IOException - if I/O problems.

GeneralSecurityException - if problems with the key

OpenSSLKey

public OpenSSLKey(String file)
           throws IOException,
GeneralSecurityException

Reads a OpenSSL private key from the specified file. The private key must be PEM encoded and can be encrypted.

Parameters:

file - file containing the OpenSSL key in PEM format.

Throws:

IOException - if I/O problems.

GeneralSecurityException - if problems with the key

OpenSSLKey

public OpenSSLKey(PrivateKey key)

Converts a RSAPrivateCrtKey into OpenSSL key.

Parameters:

key - private key - must be a RSAPrivateCrtKey

OpenSSLKey

public OpenSSLKey(String algorithm,
 byte[] data)
           throws GeneralSecurityException

Initializes the OpenSSL key from raw byte array.

Parameters:

algorithm - the algorithm of the key. Currently only RSA algorithm is supported.

data - the DER encoded key data. If RSA algorithm, the key must be in PKCS#1 format.

Throws:

GeneralSecurityException - if any security problems.

Method Details

getEncoded

protected byte[] getEncoded()

readPEM

private void readPEM(Reader rd)
              throws IOException,
GeneralSecurityException

Throws:

IOException

GeneralSecurityException

extractKey

private String extractKey(BufferedReader in)
                   throws IOException

Throws:

IOException

extractEncryptionInfo

private String extractEncryptionInfo(BufferedReader in)
                              throws IOException,
GeneralSecurityException

Throws:

IOException

GeneralSecurityException

parseKeyAlgorithm

private void parseKeyAlgorithm(BufferedReader in)
                        throws IOException,
InvalidKeyException

Throws:

IOException

InvalidKeyException

isEncrypted

public boolean isEncrypted()

Check if the key was encrypted or not.

Returns:

true if the key is encrypted, false otherwise.

decrypt

public void decrypt(String password)
             throws GeneralSecurityException

Decrypts the private key with given password. Does nothing if the key is not encrypted.

Parameters:

password - password to decrypt the key with.

Throws:

GeneralSecurityException - whenever an error occurs during decryption.

decrypt

public void decrypt(byte[] password)
             throws GeneralSecurityException

Decrypts the private key with given password. Does nothing if the key is not encrypted.

Parameters:

password - password to decrypt the key with.

Throws:

GeneralSecurityException - whenever an error occurs during decryption.

encrypt

public void encrypt(String password)
             throws GeneralSecurityException

Encrypts the private key with given password. Does nothing if the key is encrypted already.

Parameters:

password - password to encrypt the key with.

Throws:

GeneralSecurityException - whenever an error occurs during encryption.

encrypt

public void encrypt(byte[] password)
             throws GeneralSecurityException

Encrypts the private key with given password. Does nothing if the key is encrypted already.

Parameters:

password - password to encrypt the key with.

Throws:

GeneralSecurityException - whenever an error occurs during encryption.

setEncryptionAlgorithm

public void setEncryptionAlgorithm(String alg)
                            throws GeneralSecurityException

Sets algorithm for encryption.

Parameters:

alg - algorithm for encryption

Throws:

GeneralSecurityException - if algorithm is not supported

getPrivateKey

public PrivateKey getPrivateKey()

Returns the JCE (RSAPrivateCrtKey) key.

Returns:

the private key, null if the key was not decrypted yet.

writeTo

public void writeTo(OutputStream output)
             throws IOException

Writes the private key to the specified output stream in PEM format. If the key was encrypted it will be encoded as an encrypted RSA key. If not, it will be encoded as a regular RSA key.

Parameters:

output - output stream to write the key to.

Throws:

IOException - if I/O problems writing the key

writeTo

public void writeTo(Writer w)
             throws IOException

Writes the private key to the specified writer in PEM format. If the key was encrypted it will be encoded as an encrypted RSA key. If not, it will be encoded as a regular RSA key.

Parameters:

w - writer to output the key to.

Throws:

IOException - if I/O problems writing the key

writeTo

public void writeTo(String file)
             throws IOException

Writes the private key to the specified file in PEM format. If the key was encrypted it will be encoded as an encrypted RSA key. If not, it will be encoded as a regular RSA key.

Parameters:

file - file to write the key to.

Throws:

IOException - if I/O problems writing the key

getEncoded

protected abstract byte[] getEncoded(PrivateKey key)

getKey

protected abstract PrivateKey getKey(String alg,
 byte[] data)
                              throws GeneralSecurityException

Throws:

GeneralSecurityException

getProvider

protected String getProvider()

getCipher

private Cipher getCipher()
                  throws GeneralSecurityException

Throws:

GeneralSecurityException

getKeyAlgorithm

private String getKeyAlgorithm(String line)

parseEncryptionInfo

private void parseEncryptionInfo(String line)
                          throws GeneralSecurityException

Throws:

GeneralSecurityException

setAlgorithmSettings

private void setAlgorithmSettings(String alg)
                           throws GeneralSecurityException

Throws:

GeneralSecurityException

setIV

private void setIV(String s)
            throws GeneralSecurityException

Throws:

GeneralSecurityException

generateIV

private void generateIV()

setIV

private void setIV(byte[] data)

getSecretKey

private SecretKeySpec getSecretKey(byte[] pwd,
 byte[] keyInitializationVector)
                            throws GeneralSecurityException

Throws:

GeneralSecurityException

toPEM

private String toPEM()

readObject

private void readObject(ObjectInputStream s)
                 throws IOException,
ClassNotFoundException

Throws:

IOException

ClassNotFoundException

equals

public boolean equals(Object other)

Overrides:

equals in class Object

objectsEquals

private static boolean objectsEquals(Object a,
 Object b)

hashCode

public int hashCode()

Overrides:

hashCode in class Object