org.globus.gsi
Class OpenSSLKey

java.lang.Object
  extended by org.globus.gsi.OpenSSLKey
Direct Known Subclasses:
BouncyCastleOpenSSLKey

public abstract class OpenSSLKey
extends java.lang.Object

Represents a OpenSSL-style PEM-formatted private key. It supports encryption and decryption of the key. Currently, only RSA keys are supported, and only TripleDES encryption is supported.

This is based on work done by Ming Yung at DSTC.

Since:
1.0
Version:
${version}

Constructor Summary
OpenSSLKey(java.io.InputStream is)
          Reads a OpenSSL private key from the specified input stream.
OpenSSLKey(java.security.PrivateKey key)
          Converts a RSAPrivateCrtKey into OpenSSL key.
OpenSSLKey(java.lang.String file)
          Reads a OpenSSL private key from the specified file.
OpenSSLKey(java.lang.String algorithm, byte[] data)
          Initializes the OpenSSL key from raw byte array.
 
Method Summary
 void decrypt(byte[] password)
          Decrypts the private key with given password.
 void decrypt(java.lang.String password)
          Decrypts the private key with given password.
 void encrypt(byte[] password)
          Encrypts the private key with given password.
 void encrypt(java.lang.String password)
          Encrypts the private key with given password.
protected  byte[] getEncoded()
           
protected abstract  byte[] getEncoded(java.security.PrivateKey key)
           
protected abstract  java.security.PrivateKey getKey(java.lang.String alg, byte[] data)
           
 java.security.PrivateKey getPrivateKey()
          Returns the JCE (RSAPrivateCrtKey) key.
protected  java.lang.String getProvider()
           
 boolean isEncrypted()
          Check if the key was encrypted or not.
 void setEncryptionAlgorithm(java.lang.String alg)
          Sets algorithm for encryption.
 void writeTo(java.io.OutputStream output)
          Writes the private key to the specified output stream in PEM format.
 void writeTo(java.lang.String file)
          Writes the private key to the specified file in PEM format.
 void writeTo(java.io.Writer w)
          Writes the private key to the specified writer in PEM format.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

OpenSSLKey

public OpenSSLKey(java.io.InputStream is)
           throws java.io.IOException,
                  java.security.GeneralSecurityException
Reads a OpenSSL private key from the specified input stream. The private key must be PEM encoded and can be encrypted.

Parameters:
is - input stream with OpenSSL key in PEM format.
Throws:
java.io.IOException - if I/O problems.
java.security.GeneralSecurityException - if problems with the key

OpenSSLKey

public OpenSSLKey(java.lang.String file)
           throws java.io.IOException,
                  java.security.GeneralSecurityException
Reads a OpenSSL private key from the specified file. The private key must be PEM encoded and can be encrypted.

Parameters:
file - file containing the OpenSSL key in PEM format.
Throws:
java.io.IOException - if I/O problems.
java.security.GeneralSecurityException - if problems with the key

OpenSSLKey

public OpenSSLKey(java.security.PrivateKey key)
Converts a RSAPrivateCrtKey into OpenSSL key.

Parameters:
key - private key - must be a RSAPrivateCrtKey

OpenSSLKey

public OpenSSLKey(java.lang.String algorithm,
                  byte[] data)
           throws java.security.GeneralSecurityException
Initializes the OpenSSL key from raw byte array.

Parameters:
algorithm - the algorithm of the key. Currently only RSA algorithm is supported.
data - the DER encoded key data. If RSA algorithm, the key must be in PKCS#1 format.
Throws:
java.security.GeneralSecurityException - if any security problems.
Method Detail

getEncoded

protected byte[] getEncoded()

isEncrypted

public boolean isEncrypted()
Check if the key was encrypted or not.

Returns:
true if the key is encrypted, false otherwise.

decrypt

public void decrypt(java.lang.String password)
             throws java.security.GeneralSecurityException
Decrypts the private key with given password. Does nothing if the key is not encrypted.

Parameters:
password - password to decrypt the key with.
Throws:
java.security.GeneralSecurityException - whenever an error occurs during decryption.

decrypt

public void decrypt(byte[] password)
             throws java.security.GeneralSecurityException
Decrypts the private key with given password. Does nothing if the key is not encrypted.

Parameters:
password - password to decrypt the key with.
Throws:
java.security.GeneralSecurityException - whenever an error occurs during decryption.

encrypt

public void encrypt(java.lang.String password)
             throws java.security.GeneralSecurityException
Encrypts the private key with given password. Does nothing if the key is encrypted already.

Parameters:
password - password to encrypt the key with.
Throws:
java.security.GeneralSecurityException - whenever an error occurs during encryption.

encrypt

public void encrypt(byte[] password)
             throws java.security.GeneralSecurityException
Encrypts the private key with given password. Does nothing if the key is encrypted already.

Parameters:
password - password to encrypt the key with.
Throws:
java.security.GeneralSecurityException - whenever an error occurs during encryption.

setEncryptionAlgorithm

public void setEncryptionAlgorithm(java.lang.String alg)
                            throws java.security.GeneralSecurityException
Sets algorithm for encryption.

Parameters:
alg - algorithm for encryption
Throws:
java.security.GeneralSecurityException - if algorithm is not supported

getPrivateKey

public java.security.PrivateKey getPrivateKey()
Returns the JCE (RSAPrivateCrtKey) key.

Returns:
the private key, null if the key was not decrypted yet.

writeTo

public void writeTo(java.io.OutputStream output)
             throws java.io.IOException
Writes the private key to the specified output stream in PEM format. If the key was encrypted it will be encoded as an encrypted RSA key. If not, it will be encoded as a regular RSA key.

Parameters:
output - output stream to write the key to.
Throws:
java.io.IOException - if I/O problems writing the key

writeTo

public void writeTo(java.io.Writer w)
             throws java.io.IOException
Writes the private key to the specified writer in PEM format. If the key was encrypted it will be encoded as an encrypted RSA key. If not, it will be encoded as a regular RSA key.

Parameters:
w - writer to output the key to.
Throws:
java.io.IOException - if I/O problems writing the key

writeTo

public void writeTo(java.lang.String file)
             throws java.io.IOException
Writes the private key to the specified file in PEM format. If the key was encrypted it will be encoded as an encrypted RSA key. If not, it will be encoded as a regular RSA key.

Parameters:
file - file to write the key to.
Throws:
java.io.IOException - if I/O problems writing the key

getEncoded

protected abstract byte[] getEncoded(java.security.PrivateKey key)

getKey

protected abstract java.security.PrivateKey getKey(java.lang.String alg,
                                                   byte[] data)
                                            throws java.security.GeneralSecurityException
Throws:
java.security.GeneralSecurityException

getProvider

protected java.lang.String getProvider()