Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/javax/crypto/ExemptionMechanism.java
38829 views
/*1* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package javax.crypto;2627import java.security.AlgorithmParameters;28import java.security.Provider;29import java.security.Key;30import java.security.Security;31import java.security.NoSuchAlgorithmException;32import java.security.NoSuchProviderException;33import java.security.InvalidKeyException;34import java.security.InvalidAlgorithmParameterException;35import java.security.spec.AlgorithmParameterSpec;3637import sun.security.jca.GetInstance.Instance;3839/**40* This class provides the functionality of an exemption mechanism, examples41* of which are <i>key recovery</i>, <i>key weakening</i>, and42* <i>key escrow</i>.43*44* <p>Applications or applets that use an exemption mechanism may be granted45* stronger encryption capabilities than those which don't.46*47* @since 1.448*/4950public class ExemptionMechanism {5152// The provider53private Provider provider;5455// The provider implementation (delegate)56private ExemptionMechanismSpi exmechSpi;5758// The name of the exemption mechanism.59private String mechanism;6061// Flag which indicates whether this ExemptionMechanism62// result is generated successfully.63private boolean done = false;6465// State information66private boolean initialized = false;6768// Store away the key at init() time for later comparison.69private Key keyStored = null;7071/**72* Creates a ExemptionMechanism object.73*74* @param exmechSpi the delegate75* @param provider the provider76* @param mechanism the exemption mechanism77*/78protected ExemptionMechanism(ExemptionMechanismSpi exmechSpi,79Provider provider,80String mechanism) {81this.exmechSpi = exmechSpi;82this.provider = provider;83this.mechanism = mechanism;84}8586/**87* Returns the exemption mechanism name of this88* <code>ExemptionMechanism</code> object.89*90* <p>This is the same name that was specified in one of the91* <code>getInstance</code> calls that created this92* <code>ExemptionMechanism</code> object.93*94* @return the exemption mechanism name of this95* <code>ExemptionMechanism</code> object.96*/97public final String getName() {98return this.mechanism;99}100101/**102* Returns an <code>ExemptionMechanism</code> object that implements the103* specified exemption mechanism algorithm.104*105* <p> This method traverses the list of registered security Providers,106* starting with the most preferred Provider.107* A new ExemptionMechanism object encapsulating the108* ExemptionMechanismSpi implementation from the first109* Provider that supports the specified algorithm is returned.110*111* <p> Note that the list of registered providers may be retrieved via112* the {@link Security#getProviders() Security.getProviders()} method.113*114* @param algorithm the standard name of the requested exemption115* mechanism.116* See the ExemptionMechanism section in the117* <a href=118* "{@docRoot}/../technotes/guides/security/StandardNames.html#Exemption">119* Java Cryptography Architecture Standard Algorithm Name Documentation</a>120* for information about standard exemption mechanism names.121*122* @return the new <code>ExemptionMechanism</code> object.123*124* @exception NullPointerException if <code>algorithm</code>125* is null.126*127* @exception NoSuchAlgorithmException if no Provider supports an128* ExemptionMechanismSpi implementation for the129* specified algorithm.130*131* @see java.security.Provider132*/133public static final ExemptionMechanism getInstance(String algorithm)134throws NoSuchAlgorithmException {135Instance instance = JceSecurity.getInstance("ExemptionMechanism",136ExemptionMechanismSpi.class, algorithm);137return new ExemptionMechanism((ExemptionMechanismSpi)instance.impl,138instance.provider, algorithm);139}140141142/**143* Returns an <code>ExemptionMechanism</code> object that implements the144* specified exemption mechanism algorithm.145*146* <p> A new ExemptionMechanism object encapsulating the147* ExemptionMechanismSpi implementation from the specified provider148* is returned. The specified provider must be registered149* in the security provider list.150*151* <p> Note that the list of registered providers may be retrieved via152* the {@link Security#getProviders() Security.getProviders()} method.153154* @param algorithm the standard name of the requested exemption mechanism.155* See the ExemptionMechanism section in the156* <a href=157* "{@docRoot}/../technotes/guides/security/StandardNames.html#Exemption">158* Java Cryptography Architecture Standard Algorithm Name Documentation</a>159* for information about standard exemption mechanism names.160*161* @param provider the name of the provider.162*163* @return the new <code>ExemptionMechanism</code> object.164*165* @exception NullPointerException if <code>algorithm</code>166* is null.167*168* @exception NoSuchAlgorithmException if an ExemptionMechanismSpi169* implementation for the specified algorithm is not170* available from the specified provider.171*172* @exception NoSuchProviderException if the specified provider is not173* registered in the security provider list.174*175* @exception IllegalArgumentException if the <code>provider</code>176* is null or empty.177*178* @see java.security.Provider179*/180public static final ExemptionMechanism getInstance(String algorithm,181String provider) throws NoSuchAlgorithmException,182NoSuchProviderException {183Instance instance = JceSecurity.getInstance("ExemptionMechanism",184ExemptionMechanismSpi.class, algorithm, provider);185return new ExemptionMechanism((ExemptionMechanismSpi)instance.impl,186instance.provider, algorithm);187}188189/**190* Returns an <code>ExemptionMechanism</code> object that implements the191* specified exemption mechanism algorithm.192*193* <p> A new ExemptionMechanism object encapsulating the194* ExemptionMechanismSpi implementation from the specified Provider195* object is returned. Note that the specified Provider object196* does not have to be registered in the provider list.197*198* @param algorithm the standard name of the requested exemption mechanism.199* See the ExemptionMechanism section in the200* <a href=201* "{@docRoot}/../technotes/guides/security/StandardNames.html#Exemption">202* Java Cryptography Architecture Standard Algorithm Name Documentation</a>203* for information about standard exemption mechanism names.204*205* @param provider the provider.206*207* @return the new <code>ExemptionMechanism</code> object.208*209* @exception NullPointerException if <code>algorithm</code>210* is null.211*212* @exception NoSuchAlgorithmException if an ExemptionMechanismSpi213* implementation for the specified algorithm is not available214* from the specified Provider object.215*216* @exception IllegalArgumentException if the <code>provider</code>217* is null.218*219* @see java.security.Provider220*/221public static final ExemptionMechanism getInstance(String algorithm,222Provider provider) throws NoSuchAlgorithmException {223Instance instance = JceSecurity.getInstance("ExemptionMechanism",224ExemptionMechanismSpi.class, algorithm, provider);225return new ExemptionMechanism((ExemptionMechanismSpi)instance.impl,226instance.provider, algorithm);227}228229/**230* Returns the provider of this <code>ExemptionMechanism</code> object.231*232* @return the provider of this <code>ExemptionMechanism</code> object.233*/234public final Provider getProvider() {235return this.provider;236}237238/**239* Returns whether the result blob has been generated successfully by this240* exemption mechanism.241*242* <p>The method also makes sure that the key passed in is the same as243* the one this exemption mechanism used in initializing and generating244* phases.245*246* @param key the key the crypto is going to use.247*248* @return whether the result blob of the same key has been generated249* successfully by this exemption mechanism; false if <code>key</code>250* is null.251*252* @exception ExemptionMechanismException if problem(s) encountered253* while determining whether the result blob has been generated successfully254* by this exemption mechanism object.255*/256public final boolean isCryptoAllowed(Key key)257throws ExemptionMechanismException {258boolean ret = false;259if (done && (key != null)) {260// Check if the key passed in is the same as the one261// this exemption mechanism used.262ret = keyStored.equals(key);263}264return ret;265}266267/**268* Returns the length in bytes that an output buffer would need to be in269* order to hold the result of the next270* {@link #genExemptionBlob(byte[]) genExemptionBlob}271* operation, given the input length <code>inputLen</code> (in bytes).272*273* <p>The actual output length of the next274* {@link #genExemptionBlob(byte[]) genExemptionBlob}275* call may be smaller than the length returned by this method.276*277* @param inputLen the input length (in bytes)278*279* @return the required output buffer size (in bytes)280*281* @exception IllegalStateException if this exemption mechanism is in a282* wrong state (e.g., has not yet been initialized)283*/284public final int getOutputSize(int inputLen) throws IllegalStateException {285if (!initialized) {286throw new IllegalStateException(287"ExemptionMechanism not initialized");288}289if (inputLen < 0) {290throw new IllegalArgumentException(291"Input size must be equal to " + "or greater than zero");292}293return exmechSpi.engineGetOutputSize(inputLen);294}295296/**297* Initializes this exemption mechanism with a key.298*299* <p>If this exemption mechanism requires any algorithm parameters300* that cannot be derived from the given <code>key</code>, the301* underlying exemption mechanism implementation is supposed to302* generate the required parameters itself (using provider-specific303* default values); in the case that algorithm parameters must be304* specified by the caller, an <code>InvalidKeyException</code> is raised.305*306* @param key the key for this exemption mechanism307*308* @exception InvalidKeyException if the given key is inappropriate for309* this exemption mechanism.310* @exception ExemptionMechanismException if problem(s) encountered in the311* process of initializing.312*/313public final void init(Key key)314throws InvalidKeyException, ExemptionMechanismException {315done = false;316initialized = false;317318keyStored = key;319exmechSpi.engineInit(key);320initialized = true;321}322323/**324* Initializes this exemption mechanism with a key and a set of algorithm325* parameters.326*327* <p>If this exemption mechanism requires any algorithm parameters328* and <code>params</code> is null, the underlying exemption329* mechanism implementation is supposed to generate the required330* parameters itself (using provider-specific default values); in the case331* that algorithm parameters must be specified by the caller, an332* <code>InvalidAlgorithmParameterException</code> is raised.333*334* @param key the key for this exemption mechanism335* @param params the algorithm parameters336*337* @exception InvalidKeyException if the given key is inappropriate for338* this exemption mechanism.339* @exception InvalidAlgorithmParameterException if the given algorithm340* parameters are inappropriate for this exemption mechanism.341* @exception ExemptionMechanismException if problem(s) encountered in the342* process of initializing.343*/344public final void init(Key key, AlgorithmParameterSpec params)345throws InvalidKeyException, InvalidAlgorithmParameterException,346ExemptionMechanismException {347done = false;348initialized = false;349350keyStored = key;351exmechSpi.engineInit(key, params);352initialized = true;353}354355/**356* Initializes this exemption mechanism with a key and a set of algorithm357* parameters.358*359* <p>If this exemption mechanism requires any algorithm parameters360* and <code>params</code> is null, the underlying exemption mechanism361* implementation is supposed to generate the required parameters itself362* (using provider-specific default values); in the case that algorithm363* parameters must be specified by the caller, an364* <code>InvalidAlgorithmParameterException</code> is raised.365*366* @param key the key for this exemption mechanism367* @param params the algorithm parameters368*369* @exception InvalidKeyException if the given key is inappropriate for370* this exemption mechanism.371* @exception InvalidAlgorithmParameterException if the given algorithm372* parameters are inappropriate for this exemption mechanism.373* @exception ExemptionMechanismException if problem(s) encountered in the374* process of initializing.375*/376public final void init(Key key, AlgorithmParameters params)377throws InvalidKeyException, InvalidAlgorithmParameterException,378ExemptionMechanismException {379done = false;380initialized = false;381382keyStored = key;383exmechSpi.engineInit(key, params);384initialized = true;385}386387/**388* Generates the exemption mechanism key blob.389*390* @return the new buffer with the result key blob.391*392* @exception IllegalStateException if this exemption mechanism is in393* a wrong state (e.g., has not been initialized).394* @exception ExemptionMechanismException if problem(s) encountered in the395* process of generating.396*/397public final byte[] genExemptionBlob() throws IllegalStateException,398ExemptionMechanismException {399if (!initialized) {400throw new IllegalStateException(401"ExemptionMechanism not initialized");402}403byte[] blob = exmechSpi.engineGenExemptionBlob();404done = true;405return blob;406}407408/**409* Generates the exemption mechanism key blob, and stores the result in410* the <code>output</code> buffer.411*412* <p>If the <code>output</code> buffer is too small to hold the result,413* a <code>ShortBufferException</code> is thrown. In this case, repeat this414* call with a larger output buffer. Use415* {@link #getOutputSize(int) getOutputSize} to determine how big416* the output buffer should be.417*418* @param output the buffer for the result419*420* @return the number of bytes stored in <code>output</code>421*422* @exception IllegalStateException if this exemption mechanism is in423* a wrong state (e.g., has not been initialized).424* @exception ShortBufferException if the given output buffer is too small425* to hold the result.426* @exception ExemptionMechanismException if problem(s) encountered in the427* process of generating.428*/429public final int genExemptionBlob(byte[] output)430throws IllegalStateException, ShortBufferException,431ExemptionMechanismException {432if (!initialized) {433throw new IllegalStateException434("ExemptionMechanism not initialized");435}436int n = exmechSpi.engineGenExemptionBlob(output, 0);437done = true;438return n;439}440441/**442* Generates the exemption mechanism key blob, and stores the result in443* the <code>output</code> buffer, starting at <code>outputOffset</code>444* inclusive.445*446* <p>If the <code>output</code> buffer is too small to hold the result,447* a <code>ShortBufferException</code> is thrown. In this case, repeat this448* call with a larger output buffer. Use449* {@link #getOutputSize(int) getOutputSize} to determine how big450* the output buffer should be.451*452* @param output the buffer for the result453* @param outputOffset the offset in <code>output</code> where the result454* is stored455*456* @return the number of bytes stored in <code>output</code>457*458* @exception IllegalStateException if this exemption mechanism is in459* a wrong state (e.g., has not been initialized).460* @exception ShortBufferException if the given output buffer is too small461* to hold the result.462* @exception ExemptionMechanismException if problem(s) encountered in the463* process of generating.464*/465public final int genExemptionBlob(byte[] output, int outputOffset)466throws IllegalStateException, ShortBufferException,467ExemptionMechanismException {468if (!initialized) {469throw new IllegalStateException470("ExemptionMechanism not initialized");471}472int n = exmechSpi.engineGenExemptionBlob(output, outputOffset);473done = true;474return n;475}476477/**478* Ensures that the key stored away by this ExemptionMechanism479* object will be wiped out when there are no more references to it.480*/481protected void finalize() {482keyStored = null;483// Are there anything else we could do?484}485}486487488