Package org.opensaml.security.crypto.ec

Class ECSupport

java.lang.Object
org.opensaml.security.crypto.ec.ECSupport
public final class ECSupport extends Object
Cryptography support related to Elliptic Curve.

  • Field Details

    • LOG

      @Nonnull private static final org.slf4j.Logger LOG
      Logger.

  • Constructor Details

    • ECSupport

      private ECSupport()
      Constructor.

  • Method Details

    • performKeyAgreement

      @Nonnull public static byte[] performKeyAgreement(@Nonnull ECPublicKey publicKey, @Nonnull ECPrivateKey privateKey, @Nullable String provider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
      Perform ECDH key agreement between the given public and private keys.
      Parameters:
      publicKey - the public key
      privateKey - the private key
      provider - the optional security provider to use
      Returns:
      the secret produced by key agreement
      Throws:
      NoSuchAlgorithmException - if algorithm is unknown
      NoSuchProviderException - if provider is unknown
      InvalidKeyException - if supplied key is invalid

    • generateCompatibleKeyPair

      @Nonnull public static KeyPair generateCompatibleKeyPair(@Nonnull ECPublicKey publicKey, @Nullable String provider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException
      Generate a key pair whose parameters are compatible with those of the specified EC public key.
      Parameters:
      publicKey - the public key
      provider - the optional security provider to use
      Returns:
      the generated key pair
      Throws:
      NoSuchAlgorithmException - if algorithm is unknown
      NoSuchProviderException - if provider is unknown
      InvalidAlgorithmParameterException - if the public key's ECParameterSpec is not supported

    • getGlobalNamedCurveRegistry

      @Nullable public static NamedCurveRegistry getGlobalNamedCurveRegistry()
      Get the global NamedCurveRegistry instance.
      Returns:
      the global named curve registry, or null if nothing registered

    • getNamedCurve

      @Nullable public static NamedCurve getNamedCurve(@Nonnull ECPublicKey publicKey)
      Get the NamedCurve for the specified ECPublicKey.
      Parameters:
      publicKey - the ECPublicKey
      Returns:
      the NamedCurve instance, or null if can not be determined, possibly because the key's domain parameters do not correspond to a named curve

    • getNamedCurve

      @Nullable public static NamedCurve getNamedCurve(@Nonnull String uri)
      Get the NamedCurve for the specified URI.
      Parameters:
      uri - the URI
      Returns:
      the NamedCurve instance, or null if can not be determined,

    • getNamedCurveURI

      @Nullable public static String getNamedCurveURI(@Nonnull ECPublicKey publicKey)
      Get the URI of the named curve for the specified ECPublicKey.
      Parameters:
      publicKey - the ECPublicKey
      Returns:
      the URI or null if can not be determined, possibly because is not a named curve

    • getParameterSpecForURI

      @Nullable public static ECParameterSpec getParameterSpecForURI(@Nonnull String uri)
      Get an ECParameterSpec instance which corresponds to the specified named curve URI.
      Parameters:
      uri - the URI of the named curve
      Returns:
      the ECParameterSpec instance

    • decodeECPoint

      @Nonnull public static ECPoint decodeECPoint(@Nonnull byte[] data, @Nonnull EllipticCurve curve) throws KeyException
      Decode the ECPoint from the byte representation.

      Only uncompressed point types (0x04) are supported.

      Parameters:
      data - the EC point byte representation
      curve - the EllipticCurve
      Returns:
      the ECPoint
      Throws:
      KeyException - if point is not in uncompressed format, or point does not match curve's field size

    • encodeECPointUncompressed

      @Nonnull public static byte[] encodeECPointUncompressed(@Nonnull ECPoint point, @Nonnull EllipticCurve curve)
      Encode the uncompressed byte representation of the specified ECPoint.
      Parameters:
      point - the ECPoint
      curve - the EllipticCurve
      Returns:
      the uncompressed byte representation

    • trimZeroes

      @Nonnull private static byte[] trimZeroes(@Nonnull byte[] b)
      Trim leading zero bytes from the byte array.
      Parameters:
      b - the byte array
      Returns:
      the byte array without leading zero bytes

    • convert

      @Nullable public static ECParameterSpec convert(@Nullable org.bouncycastle.jce.spec.ECNamedCurveParameterSpec bcSpec)
      Convert a Bouncy Castle ECNamedCurveParameterSpec, such as obtained from the ECNamedCurveTable, to a standard JCA ECParameterSpec.
      Parameters:
      bcSpec - the Bouncy Castle parameter spec instance
      Returns:
      the standard parameter spec instance

    • getCurvesFromBouncyCastle

      @Nonnull @Unmodifiable @NotLive public static Set<NamedCurve> getCurvesFromBouncyCastle()
      Return a set of all curves known to Bouncy Castle as instances of NamedCurve.
      Returns:
      the set of curves known to Bouncy Castle