Package org.opensaml.security.crypto.ec

Class ECSupport

java.lang.Object

org.opensaml.security.crypto.ec.ECSupport

public final class ECSupport
extends Object

Cryptography support related to Elliptic Curve.

Field Summary

Fields

Modifier and Type	Field	Description
private static org.slf4j.Logger	LOG	Logger.

Constructor Summary

Constructors

Modifier	Constructor	Description
private	ECSupport()	Constructor.

Method Summary

Modifier and Type	Method	Description
static ECParameterSpec	convert(org.bouncycastle.jce.spec.ECNamedCurveParameterSpec bcSpec)	Convert a Bouncy Castle ECNamedCurveParameterSpec, such as obtained from the ECNamedCurveTable, to a standard JCA ECParameterSpec.
static ECPoint	decodeECPoint(byte[] data, EllipticCurve curve)	Decode the ECPoint from the byte representation.
static byte[]	encodeECPointUncompressed(ECPoint point, EllipticCurve curve)	Encode the uncompressed byte representation of the specified ECPoint.
static KeyPair	generateCompatibleKeyPair(ECPublicKey publicKey, String provider)	Generate a key pair whose parameters are compatible with those of the specified EC public key.
static Set<NamedCurve>	getCurvesFromBouncyCastle()	Return a set of all curves known to Bouncy Castle as instances of NamedCurve.
static NamedCurveRegistry	getGlobalNamedCurveRegistry()	Get the global NamedCurveRegistry instance.
static NamedCurve	getNamedCurve(String uri)	Get the NamedCurve for the specified URI.
static NamedCurve	getNamedCurve(ECPublicKey publicKey)	Get the NamedCurve for the specified ECPublicKey.
static String	getNamedCurveURI(ECPublicKey publicKey)	Get the URI of the named curve for the specified ECPublicKey.
static ECParameterSpec	getParameterSpecForURI(String uri)	Get an ECParameterSpec instance which corresponds to the specified named curve URI.
static byte[]	performKeyAgreement(ECPublicKey publicKey, ECPrivateKey privateKey, String provider)	Perform ECDH key agreement between the given public and private keys.
private static byte[]	trimZeroes(byte[] b)	Trim leading zero bytes from the byte array.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

private static final org.slf4j.Logger LOG

Logger.

Constructor Detail

ECSupport

private ECSupport()

Constructor.

Method Detail

performKeyAgreement

@Nonnull
public static byte[] performKeyAgreement(@Nonnull
                                         ECPublicKey publicKey,
                                         @Nonnull
                                         ECPrivateKey privateKey,
                                         @Nullable
                                         String provider)
                                  throws NoSuchAlgorithmException,
                                         NoSuchProviderException,
                                         InvalidKeyException

Perform ECDH key agreement between the given public and private keys.

Parameters:

publicKey - the public key

privateKey - the private key

provider - the optional security provider to use

Returns:

the secret produced by key agreement

Throws:

NoSuchAlgorithmException - if algorithm is unknown

NoSuchProviderException - if provider is unknown

InvalidKeyException - if supplied key is invalid

generateCompatibleKeyPair

@Nonnull
public static KeyPair generateCompatibleKeyPair(@Nonnull
                                                ECPublicKey publicKey,
                                                @Nullable
                                                String provider)
                                         throws NoSuchAlgorithmException,
                                                NoSuchProviderException,
                                                InvalidAlgorithmParameterException

Generate a key pair whose parameters are compatible with those of the specified EC public key.

Parameters:

publicKey - the public key

provider - the optional security provider to use

Returns:

the generated key pair

Throws:

NoSuchAlgorithmException - if algorithm is unknown

NoSuchProviderException - if provider is unknown

InvalidAlgorithmParameterException - if the public key's ECParameterSpec is not supported

getGlobalNamedCurveRegistry

@Nullable
public static NamedCurveRegistry getGlobalNamedCurveRegistry()

Get the global NamedCurveRegistry instance.

Returns:

the global named curve registry, or null if nothing registered

getNamedCurve

@Nullable
public static NamedCurve getNamedCurve(@Nonnull
                                       ECPublicKey publicKey)

Get the NamedCurve for the specified ECPublicKey.

Parameters:

publicKey - the ECPublicKey

Returns:

the NamedCurve instance, or null if can not be determined, possibly because the key's domain parameters do not correspond to a named curve

getNamedCurve

@Nullable
public static NamedCurve getNamedCurve(@Nonnull
                                       String uri)

Get the NamedCurve for the specified URI.

Parameters:

uri - the URI

Returns:

the NamedCurve instance, or null if can not be determined,

getNamedCurveURI

@Nullable
public static String getNamedCurveURI(@Nonnull
                                      ECPublicKey publicKey)

Get the URI of the named curve for the specified ECPublicKey.

Parameters:

publicKey - the ECPublicKey

Returns:

the URI or null if can not be determined, possibly because is not a named curve

getParameterSpecForURI

@Nullable
public static ECParameterSpec getParameterSpecForURI(@Nonnull
                                                     String uri)

Get an ECParameterSpec instance which corresponds to the specified named curve URI.

Parameters:

uri - the URI of the named curve

Returns:

the ECParameterSpec instance

decodeECPoint

@Nonnull
public static ECPoint decodeECPoint(@Nonnull
                                    byte[] data,
                                    @Nonnull
                                    EllipticCurve curve)
                             throws KeyException

Decode the ECPoint from the byte representation.

Only uncompressed point types (0x04) are supported.

Parameters:

data - the EC point byte representation

curve - the EllipticCurve

Returns:

the ECPoint

Throws:

KeyException - if point is not in uncompressed format, or point does not match curve's field size

encodeECPointUncompressed

@Nonnull
public static byte[] encodeECPointUncompressed(@Nonnull
                                               ECPoint point,
                                               @Nonnull
                                               EllipticCurve curve)

Encode the uncompressed byte representation of the specified ECPoint.

Parameters:

point - the ECPoint

curve - the EllipticCurve

Returns:

the uncompressed byte representation

trimZeroes

@Nonnull
private static byte[] trimZeroes(@Nonnull
                                 byte[] b)

Trim leading zero bytes from the byte array.

Parameters:

b - the byte array

Returns:

the byte array without leading zero bytes

convert

@Nullable
public static ECParameterSpec convert(@Nullable
                                      org.bouncycastle.jce.spec.ECNamedCurveParameterSpec bcSpec)

Convert a Bouncy Castle ECNamedCurveParameterSpec, such as obtained from the ECNamedCurveTable, to a standard JCA ECParameterSpec.

Parameters:

bcSpec - the Bouncy Castle parameter spec instance

Returns:

the standard parameter spec instance

getCurvesFromBouncyCastle

@Nonnull
@NonnullElements
@NotLive
public static Set<NamedCurve> getCurvesFromBouncyCastle()

Return a set of all curves known to Bouncy Castle as instances of NamedCurve.

Returns:

the set of curves known to Bouncy Castle