org.globus.gsi
Class OpenSSLKey

java.lang.Object
  extended byorg.globus.gsi.OpenSSLKey
Direct Known Subclasses:
BouncyCastleOpenSSLKey

public abstract class OpenSSLKey
extends Object

Represents a OpenSSL-style PEM-formatted private key. It supports encryption and decryption of the key. Currently, only RSA keys are supported, and only TripleDES encryption is supported. This is based on work done by Ming Yung at DSTC.


Field Summary
static String HEADER
           
 
Constructor Summary
OpenSSLKey(InputStream is)
          Reads a OpenSSL private key from the specified input stream.
OpenSSLKey(PrivateKey key)
          Converts a RSAPrivateCrtKey into OpenSSL key.
OpenSSLKey(String file)
          Reads a OpenSSL private key from the specified file.
OpenSSLKey(String algorithm, byte[] data)
          Initializes the OpenSSL key from raw byte array.
 
Method Summary
 void decrypt(byte[] password)
          Decrypts the private key with given password.
 void decrypt(String password)
          Decrypts the private key with given password.
 void encrypt(byte[] password)
          Encrypts the private key with given password.
 void encrypt(String password)
          Encrypts the private key with given password.
protected  byte[] getEncoded()
           
protected abstract  byte[] getEncoded(PrivateKey key)
          Returns DER encoded byte array (PKCS#1).
protected abstract  PrivateKey getKey(String alg, byte[] data)
          Returns PrivateKey object initialized from give byte array (in PKCS#1 format)
 PrivateKey getPrivateKey()
          Returns the JCE (RSAPrivateCrtKey) key.
protected  String getProvider()
           
 boolean isEncrypted()
          Check if the key was encrypted or not.
 void setEncryptionAlgorithm(String alg)
          Sets algorithm for encryption.
 void writeTo(OutputStream output)
          Writes the private key to the specified output stream in PEM format.
 void writeTo(String file)
          Writes the private key to the specified file in PEM format.
 void writeTo(Writer w)
          Writes the private key to the specified writer in PEM format.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

HEADER

public static final String HEADER
See Also:
Constant Field Values
Constructor Detail

OpenSSLKey

public OpenSSLKey(InputStream is)
           throws IOException,
                  GeneralSecurityException
Reads a OpenSSL private key from the specified input stream. The private key must be PEM encoded and can be encrypted.

Parameters:
is - input stream with OpenSSL key in PEM format.
Throws:
IOException - if I/O problems.
GeneralSecurityException - if problems with the key

OpenSSLKey

public OpenSSLKey(String file)
           throws IOException,
                  GeneralSecurityException
Reads a OpenSSL private key from the specified file. The private key must be PEM encoded and can be encrypted.

Parameters:
file - file containing the OpenSSL key in PEM format.
Throws:
IOException - if I/O problems.
GeneralSecurityException - if problems with the key

OpenSSLKey

public OpenSSLKey(PrivateKey key)
Converts a RSAPrivateCrtKey into OpenSSL key.

Parameters:
key - private key - must be a RSAPrivateCrtKey

OpenSSLKey

public OpenSSLKey(String algorithm,
                  byte[] data)
           throws GeneralSecurityException
Initializes the OpenSSL key from raw byte array.

Parameters:
algorithm - the algorithm of the key. Currently only RSA algorithm is supported.
data - the DER encoded key data. If RSA algorithm, the key must be in PKCS#1 format.
Throws:
GeneralSecurityException - if any security problems.
Method Detail

getEncoded

protected byte[] getEncoded()

isEncrypted

public boolean isEncrypted()
Check if the key was encrypted or not.

Returns:
true if the key is encrypted, false otherwise.

decrypt

public void decrypt(String password)
             throws GeneralSecurityException,
                    InvalidKeyException
Decrypts the private key with given password. Does nothing if the key is not encrypted.

Parameters:
password - password to decrypt the key with.
Throws:
GeneralSecurityException - whenever an error occurs during decryption.
InvalidKeyException - whenever an error occurs during decryption.

decrypt

public void decrypt(byte[] password)
             throws GeneralSecurityException,
                    InvalidKeyException
Decrypts the private key with given password. Does nothing if the key is not encrypted.

Parameters:
password - password to decrypt the key with.
Throws:
GeneralSecurityException - whenever an error occurs during decryption.
InvalidKeyException - whenever an error occurs during decryption.

encrypt

public void encrypt(String password)
             throws GeneralSecurityException
Encrypts the private key with given password. Does nothing if the key is encrypted already.

Parameters:
password - password to encrypt the key with.
Throws:
GeneralSecurityException - whenever an error occurs during encryption.

encrypt

public void encrypt(byte[] password)
             throws GeneralSecurityException
Encrypts the private key with given password. Does nothing if the key is encrypted already.

Parameters:
password - password to encrypt the key with.
Throws:
GeneralSecurityException - whenever an error occurs during encryption.

setEncryptionAlgorithm

public void setEncryptionAlgorithm(String alg)
                            throws GeneralSecurityException
Sets algorithm for encryption.

Parameters:
alg - algorithm for encryption
Throws:
GeneralSecurityException - if algorithm is not supported

getPrivateKey

public PrivateKey getPrivateKey()
Returns the JCE (RSAPrivateCrtKey) key.

Returns:
the private key, null if the key was not decrypted yet.

writeTo

public void writeTo(OutputStream output)
             throws IOException
Writes the private key to the specified output stream in PEM format. If the key was encrypted it will be encoded as an encrypted RSA key. If not, it will be encoded as a regular RSA key.

Parameters:
output - output stream to write the key to.
Throws:
IOException - if I/O problems writing the key

writeTo

public void writeTo(Writer w)
             throws IOException
Writes the private key to the specified writer in PEM format. If the key was encrypted it will be encoded as an encrypted RSA key. If not, it will be encoded as a regular RSA key.

Parameters:
w - writer to output the key to.
Throws:
IOException - if I/O problems writing the key

writeTo

public void writeTo(String file)
             throws IOException
Writes the private key to the specified file in PEM format. If the key was encrypted it will be encoded as an encrypted RSA key. If not, it will be encoded as a regular RSA key.

Parameters:
file - file to write the key to.
Throws:
IOException - if I/O problems writing the key

getEncoded

protected abstract byte[] getEncoded(PrivateKey key)
Returns DER encoded byte array (PKCS#1).


getKey

protected abstract PrivateKey getKey(String alg,
                                     byte[] data)
                              throws GeneralSecurityException
Returns PrivateKey object initialized from give byte array (in PKCS#1 format)

Throws:
GeneralSecurityException

getProvider

protected String getProvider()