Package org.opensaml.security.crypto

Class KeySupport

  • public final class KeySupport
extends Object
    Helper methods for cryptographic keys and key pairs.

    • Field Detail

      • keyMatchAlgorithms

        private static Map<String,​String> keyMatchAlgorithms
        Maps key algorithms to the signing algorithm used in the key matching function.

    • Constructor Detail

      • KeySupport

        private KeySupport()
        Constructor.

    • Method Detail

      • getKeyLength

        @Nullable
public static Integer getKeyLength​(@Nonnull
                                   Key key)
        Get the key length in bits of the specified key.
        Parameters:
        key - the key to evaluate
        Returns:
        length of the key in bits, or null if the length cannot be determined

      • decodeSecretKey

        @Nonnull
public static SecretKey decodeSecretKey​(@Nonnull
                                        byte[] key,
                                        @Nonnull
                                        String algorithm)
                                 throws KeyException
        Produces SecretKey instances specified as a raw byte[] plus a JCA key algorithm.
        Parameters:
        key - the raw secret key bytes
        algorithm - the JCA key algorithm
        Returns:
        the decoded key
        Throws:
        KeyException - thrown if the key can not be decoded

      • decodePublicKey

        @Nonnull
public static PublicKey decodePublicKey​(@Nonnull
                                        byte[] key)
                                 throws KeyException
        Decodes RSA/DSA public keys in DER-encoded "SubjectPublicKeyInfo" format.
        Parameters:
        key - encoded key
        Returns:
        decoded key
        Throws:
        KeyException - thrown if the key cannot be decoded

      • decodePrivateKey

        @Nonnull
public static PrivateKey decodePrivateKey​(@Nonnull
                                          File key,
                                          @Nullable
                                          char[] password)
                                   throws KeyException
        Decodes RSA/DSA private keys in DER, PEM, or PKCS#8 (encrypted or unencrypted) formats.
        Parameters:
        key - encoded key
        password - decryption password or null if the key is not encrypted
        Returns:
        decoded private key
        Throws:
        KeyException - thrown if the key cannot be decoded

      • decodePrivateKey

        @Nonnull
public static PrivateKey decodePrivateKey​(@Nonnull
                                          InputStream key,
                                          @Nullable
                                          char[] password)
                                   throws KeyException
        Decodes RSA/DSA private keys in DER, PEM, or PKCS#8 (encrypted or unencrypted) formats. Note that this does not close the input stream.
        Parameters:
        key - encoded key
        password - decryption password or null if the key is not encrypted
        Returns:
        decoded private key
        Throws:
        KeyException - thrown if the key cannot be decoded

      • decodePrivateKey

        @Nonnull
public static PrivateKey decodePrivateKey​(@Nonnull
                                          byte[] key,
                                          @Nullable
                                          char[] password)
                                   throws KeyException
        Decodes RSA/DSA private keys in DER, PEM, or PKCS#8 (encrypted or unencrypted) formats.
        Parameters:
        key - encoded key
        password - decryption password or null if the key is not encrypted
        Returns:
        decoded private key
        Throws:
        KeyException - thrown if the key cannot be decoded

      • derivePublicKey

        @Nonnull
public static PublicKey derivePublicKey​(@Nonnull
                                        PrivateKey key)
                                 throws KeyException
        Derives the public key from either a DSA or RSA private key.
        Parameters:
        key - the private key to derive the public key from
        Returns:
        the derived public key
        Throws:
        KeyException - thrown if the given private key is not a DSA or RSA key or there is a problem generating the public key

      • buildJavaDSAPublicKey

        @Nonnull
public static DSAPublicKey buildJavaDSAPublicKey​(@Nonnull
                                                 String base64EncodedKey)
                                          throws KeyException
        Build Java DSA public key from base64 encoding.
        Parameters:
        base64EncodedKey - base64-encoded DSA public key
        Returns:
        a native Java DSAPublicKey
        Throws:
        KeyException - thrown if there is an error constructing key

      • buildJavaDHPublicKey

        @Nonnull
public static DHPublicKey buildJavaDHPublicKey​(@Nonnull
                                               String base64EncodedKey)
                                        throws KeyException
        Build Java DH public key from base64 encoding.
        Parameters:
        base64EncodedKey - base64-encoded DH public key
        Returns:
        a native Java DHPublicKey
        Throws:
        KeyException - thrown if there is an error constructing key

      • buildJavaRSAPublicKey

        @Nonnull
public static RSAPublicKey buildJavaRSAPublicKey​(@Nonnull
                                                 String base64EncodedKey)
                                          throws KeyException
        Build Java RSA public key from base64 encoding.
        Parameters:
        base64EncodedKey - base64-encoded RSA public key
        Returns:
        a native Java RSAPublicKey
        Throws:
        KeyException - thrown if there is an error constructing key

      • buildJavaECPublicKey

        @Nonnull
public static ECPublicKey buildJavaECPublicKey​(@Nonnull
                                               String base64EncodedKey)
                                        throws KeyException
        Build Java EC public key from base64 encoding.
        Parameters:
        base64EncodedKey - base64-encoded EC public key
        Returns:
        a native Java ECPublicKey
        Throws:
        KeyException - thrown if there is an error constructing key

      • base64DecodeOrThrow

        @Nonnull
private static byte[] base64DecodeOrThrow​(@Nonnull
                                          String base64EncodedKey)
                                   throws KeyException
        Base64 decode the input string, if it fails to decode throw a KeyException wrapping the original exception.
        Parameters:
        base64EncodedKey - base64-encoded key
        Returns:
        a base64 decoded byte array. Never null.
        Throws:
        KeyException - if there is an error decoding the string.

      • buildJavaRSAPrivateKey

        @Nonnull
public static RSAPrivateKey buildJavaRSAPrivateKey​(@Nonnull
                                                   String base64EncodedKey)
                                            throws KeyException
        Build Java RSA private key from base64 encoding.
        Parameters:
        base64EncodedKey - base64-encoded RSA private key
        Returns:
        a native Java RSAPrivateKey
        Throws:
        KeyException - thrown if there is an error constructing key

      • buildJavaDSAPrivateKey

        @Nonnull
public static DSAPrivateKey buildJavaDSAPrivateKey​(@Nonnull
                                                   String base64EncodedKey)
                                            throws KeyException
        Build Java DSA private key from base64 encoding.
        Parameters:
        base64EncodedKey - base64-encoded DSA private key
        Returns:
        a native Java DSAPrivateKey
        Throws:
        KeyException - thrown if there is an error constructing key

      • buildJavaDHPrivateKey

        @Nonnull
public static DHPrivateKey buildJavaDHPrivateKey​(@Nonnull
                                                 String base64EncodedKey)
                                          throws KeyException
        Build Java DH private key from base64 encoding.
        Parameters:
        base64EncodedKey - base64-encoded DH private key
        Returns:
        a native Java DHPrivateKey
        Throws:
        KeyException - thrown if there is an error constructing key

      • buildJavaECPrivateKey

        public static ECPrivateKey buildJavaECPrivateKey​(String base64EncodedKey)
                                          throws KeyException
        Build Java EC private key from base64 encoding.
        Parameters:
        base64EncodedKey - base64-encoded EC private key
        Returns:
        a native Java ECPrivateKey
        Throws:
        KeyException - thrown if there is an error constructing key

      • buildJavaPrivateKey

        @Nonnull
public static PrivateKey buildJavaPrivateKey​(@Nonnull
                                             String base64EncodedKey)
                                      throws KeyException
        Build Java private key from base64 encoding. The key should have no password.
        Parameters:
        base64EncodedKey - base64-encoded private key
        Returns:
        a native Java PrivateKey
        Throws:
        KeyException - thrown if there is an error constructing key

      • buildKey

        @Nonnull
public static PublicKey buildKey​(@Nullable
                                 KeySpec keySpec,
                                 @Nonnull
                                 String keyAlgorithm)
                          throws KeyException
        Generates a public key from the given key spec.
        Parameters:
        keySpec - KeySpec specification for the key
        keyAlgorithm - key generation algorithm, only DSA, RSA, and EC supported
        Returns:
        the generated PublicKey
        Throws:
        KeyException - thrown if the key algorithm is not supported by the JCA or the key spec does not contain valid information

      • matchKeyPair

        public static boolean matchKeyPair​(@Nonnull
                                   PublicKey pubKey,
                                   @Nonnull
                                   PrivateKey privKey)
                            throws SecurityException
        Compare the supplied public and private keys, and determine if they correspond to the same key pair.
        Parameters:
        pubKey - the public key
        privKey - the private key
        Returns:
        true if the public and private are from the same key pair, false if not
        Throws:
        SecurityException - if the keys can not be evaluated, or if the key algorithm is unsupported or unknown

      • getLogger

        @Nonnull
private static org.slf4j.Logger getLogger()
        Get an SLF4J Logger.
        Returns:
        a Logger instance