Package org.opensaml.security.crypto

Class KeySupport

java.lang.Object
org.opensaml.security.crypto.KeySupport
public final class KeySupport extends Object
Helper methods for cryptographic keys and key pairs.

  • Field Details

    • LOG

      @Nonnull private static final org.slf4j.Logger LOG
      Logger.

    • keyMatchAlgorithms

      private static Map<String,String> keyMatchAlgorithms
      Maps key algorithms to the signing algorithm used in the key matching function.

  • Constructor Details

    • KeySupport

      private KeySupport()
      Constructor.

  • Method Details

    • getKeyLength

      @Nullable public static Integer getKeyLength(@Nonnull Key key)
      Get the key length in bits of the specified key.
      Parameters:
      key - the key to evaluate
      Returns:
      length of the key in bits, or null if the length cannot be determined

    • decodeSecretKey

      @Nonnull public static SecretKey decodeSecretKey(@Nonnull byte[] key, @Nonnull String algorithm) throws KeyException
      Produces SecretKey instances specified as a raw byte[] plus a JCA key algorithm.
      Parameters:
      key - the raw secret key bytes
      algorithm - the JCA key algorithm
      Returns:
      the decoded key
      Throws:
      KeyException - thrown if the key can not be decoded

    • decodePublicKey

      @Nonnull public static PublicKey decodePublicKey(@Nonnull byte[] key) throws KeyException
      Decodes RSA/DSA public keys in DER-encoded "SubjectPublicKeyInfo" format.
      Parameters:
      key - encoded key
      Returns:
      decoded key
      Throws:
      KeyException - thrown if the key cannot be decoded

    • decodePrivateKey

      @Nonnull public static PrivateKey decodePrivateKey(@Nonnull File key, @Nullable char[] password) throws KeyException
      Decodes RSA/DSA private keys in DER, PEM, or PKCS#8 (encrypted or unencrypted) formats.
      Parameters:
      key - encoded key
      password - decryption password or null if the key is not encrypted
      Returns:
      decoded private key
      Throws:
      KeyException - thrown if the key cannot be decoded

    • decodePrivateKey

      @Nonnull public static PrivateKey decodePrivateKey(@Nonnull InputStream key, @Nullable char[] password) throws KeyException
      Decodes RSA/DSA private keys in DER, PEM, or PKCS#8 (encrypted or unencrypted) formats. Note that this does not close the input stream.
      Parameters:
      key - encoded key
      password - decryption password or null if the key is not encrypted
      Returns:
      decoded private key
      Throws:
      KeyException - thrown if the key cannot be decoded

    • decodePrivateKey

      @Nonnull public static PrivateKey decodePrivateKey(@Nonnull byte[] key, @Nullable char[] password) throws KeyException
      Decodes RSA/DSA private keys in DER, PEM, or PKCS#8 (encrypted or unencrypted) formats.
      Parameters:
      key - encoded key
      password - decryption password or null if the key is not encrypted
      Returns:
      decoded private key
      Throws:
      KeyException - thrown if the key cannot be decoded

    • derivePublicKey

      @Nonnull public static PublicKey derivePublicKey(@Nonnull PrivateKey key) throws KeyException
      Derives the public key from either a DSA or RSA private key.
      Parameters:
      key - the private key to derive the public key from
      Returns:
      the derived public key
      Throws:
      KeyException - thrown if the given private key is not a DSA or RSA key or there is a problem generating the public key

    • buildJavaDSAPublicKey

      @Nonnull public static DSAPublicKey buildJavaDSAPublicKey(@Nonnull String base64EncodedKey) throws KeyException
      Build Java DSA public key from base64 encoding.
      Parameters:
      base64EncodedKey - base64-encoded DSA public key
      Returns:
      a native Java DSAPublicKey
      Throws:
      KeyException - thrown if there is an error constructing key

    • buildJavaDHPublicKey

      @Nonnull public static DHPublicKey buildJavaDHPublicKey(@Nonnull String base64EncodedKey) throws KeyException
      Build Java DH public key from base64 encoding.
      Parameters:
      base64EncodedKey - base64-encoded DH public key
      Returns:
      a native Java DHPublicKey
      Throws:
      KeyException - thrown if there is an error constructing key

    • buildJavaRSAPublicKey

      @Nonnull public static RSAPublicKey buildJavaRSAPublicKey(@Nonnull String base64EncodedKey) throws KeyException
      Build Java RSA public key from base64 encoding.
      Parameters:
      base64EncodedKey - base64-encoded RSA public key
      Returns:
      a native Java RSAPublicKey
      Throws:
      KeyException - thrown if there is an error constructing key

    • buildJavaECPublicKey

      @Nonnull public static ECPublicKey buildJavaECPublicKey(@Nonnull String base64EncodedKey) throws KeyException
      Build Java EC public key from base64 encoding.
      Parameters:
      base64EncodedKey - base64-encoded EC public key
      Returns:
      a native Java ECPublicKey
      Throws:
      KeyException - thrown if there is an error constructing key

    • base64DecodeOrThrow

      @Nonnull private static byte[] base64DecodeOrThrow(@Nonnull String base64EncodedKey) throws KeyException
      Base64 decode the input string, if it fails to decode throw a KeyException wrapping the original exception.
      Parameters:
      base64EncodedKey - base64-encoded key
      Returns:
      a base64 decoded byte array. Never null.
      Throws:
      KeyException - if there is an error decoding the string.

    • buildJavaRSAPrivateKey

      @Nonnull public static RSAPrivateKey buildJavaRSAPrivateKey(@Nonnull String base64EncodedKey) throws KeyException
      Build Java RSA private key from base64 encoding.
      Parameters:
      base64EncodedKey - base64-encoded RSA private key
      Returns:
      a native Java RSAPrivateKey
      Throws:
      KeyException - thrown if there is an error constructing key

    • buildJavaDSAPrivateKey

      @Nonnull public static DSAPrivateKey buildJavaDSAPrivateKey(@Nonnull String base64EncodedKey) throws KeyException
      Build Java DSA private key from base64 encoding.
      Parameters:
      base64EncodedKey - base64-encoded DSA private key
      Returns:
      a native Java DSAPrivateKey
      Throws:
      KeyException - thrown if there is an error constructing key

    • buildJavaDHPrivateKey

      @Nonnull public static DHPrivateKey buildJavaDHPrivateKey(@Nonnull String base64EncodedKey) throws KeyException
      Build Java DH private key from base64 encoding.
      Parameters:
      base64EncodedKey - base64-encoded DH private key
      Returns:
      a native Java DHPrivateKey
      Throws:
      KeyException - thrown if there is an error constructing key

    • buildJavaECPrivateKey

      public static ECPrivateKey buildJavaECPrivateKey(String base64EncodedKey) throws KeyException
      Build Java EC private key from base64 encoding.
      Parameters:
      base64EncodedKey - base64-encoded EC private key
      Returns:
      a native Java ECPrivateKey
      Throws:
      KeyException - thrown if there is an error constructing key

    • buildJavaPrivateKey

      @Nonnull public static PrivateKey buildJavaPrivateKey(@Nonnull String base64EncodedKey) throws KeyException
      Build Java private key from base64 encoding. The key should have no password.
      Parameters:
      base64EncodedKey - base64-encoded private key
      Returns:
      a native Java PrivateKey
      Throws:
      KeyException - thrown if there is an error constructing key

    • buildKey

      @Nonnull public static PublicKey buildKey(@Nullable KeySpec keySpec, @Nonnull String keyAlgorithm) throws KeyException
      Generates a public key from the given key spec.
      Parameters:
      keySpec - KeySpec specification for the key
      keyAlgorithm - key generation algorithm, only DSA, RSA, and EC supported
      Returns:
      the generated PublicKey
      Throws:
      KeyException - thrown if the key algorithm is not supported by the JCA or the key spec does not contain valid information

    • generateKey

      @Nonnull public static SecretKey generateKey(@Nonnull String algo, int keyLength, @Nullable String provider) throws NoSuchAlgorithmException, NoSuchProviderException
      Generate a random symmetric key.
      Parameters:
      algo - key algorithm
      keyLength - key length
      provider - JCA provider
      Returns:
      randomly generated symmetric key
      Throws:
      NoSuchAlgorithmException - algorithm not found
      NoSuchProviderException - provider not found

    • generateKey

      @Nonnull public static SecretKey generateKey(@Nonnull String algo, @Nonnull AlgorithmParameterSpec paramSpec, @Nullable String provider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException
      Generate a random symmetric key.
      Parameters:
      algo - key algorithm
      paramSpec - the algorithm parameter specification
      provider - JCA provider
      Returns:
      randomly generated symmetric key
      Throws:
      NoSuchAlgorithmException - algorithm not found
      NoSuchProviderException - provider not found
      InvalidAlgorithmParameterException - invalid parameter specification

    • generateKeyPair

      @Nonnull public static KeyPair generateKeyPair(@Nonnull String algo, int keyLength, @Nullable String provider) throws NoSuchAlgorithmException, NoSuchProviderException
      Generate a random asymmetric key pair.
      Parameters:
      algo - key algorithm
      keyLength - key length
      provider - JCA provider
      Returns:
      randomly generated key
      Throws:
      NoSuchAlgorithmException - algorithm not found
      NoSuchProviderException - provider not found

    • generateKeyPair

      @Nonnull public static KeyPair generateKeyPair(@Nonnull String algo, @Nonnull AlgorithmParameterSpec paramSpec, @Nullable String provider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException
      Generate a random asymmetric key pair.
      Parameters:
      algo - key algorithm
      paramSpec - the algorithm parameter specification
      provider - JCA provider
      Returns:
      randomly generated key
      Throws:
      NoSuchAlgorithmException - algorithm not found
      NoSuchProviderException - provider not found
      InvalidAlgorithmParameterException - invalid parameter specification

    • matchKeyPair

      public static boolean matchKeyPair(@Nonnull PublicKey pubKey, @Nonnull PrivateKey privKey) throws SecurityException
      Compare the supplied public and private keys, and determine if they correspond to the same key pair.
      Parameters:
      pubKey - the public key
      privKey - the private key
      Returns:
      true if the public and private are from the same key pair, false if not
      Throws:
      SecurityException - if the keys can not be evaluated, or if the key algorithm is unsupported or unknown