6f5ce93bab
2004-09-21 Andreas Tobler <a.tobler@schweiz.ch> Import the big Crypto/Jessie/Security merge from Classpath. * Makefile.am: Add imported files. * Makefile.in: Regenerate. 2004-08-14 Casey Marshall <csm@gnu.org> The Big Crypto Merge of 2004. * javax/security/auth/x500/X500Principal.java: Replaced with GNU Crypto's version. Files imported from GNU Crypto. * javax/crypto/BadPaddingException.java * javax/crypto/Cipher.java * javax/crypto/CipherInputStream.java * javax/crypto/CipherOutputStream.java * javax/crypto/CipherSpi.java * javax/crypto/EncryptedPrivateKeyInfo.java * javax/crypto/ExemptionMechanism.java * javax/crypto/ExemptionMechanismException.java * javax/crypto/ExemptionMechanismSpi.java * javax/crypto/IllegalBlockSizeException.java * javax/crypto/KeyAgreement.java * javax/crypto/KeyAgreementSpi.java * javax/crypto/KeyGenerator.java * javax/crypto/KeyGeneratorSpi.java * javax/crypto/Mac.java * javax/crypto/MacSpi.java * javax/crypto/Makefile.am * javax/crypto/NoSuchPaddingException.java * javax/crypto/NullCipher.java * javax/crypto/NullCipherImpl.java * javax/crypto/SealedObject.java * javax/crypto/SecretKey.java * javax/crypto/SecretKeyFactory.java * javax/crypto/SecretKeyFactorySpi.java * javax/crypto/ShortBufferException.java * javax/crypto/interfaces/DHKey.java * javax/crypto/interfaces/DHPrivateKey.java * javax/crypto/interfaces/DHPublicKey.java * javax/crypto/interfaces/PBEKey.java * javax/crypto/spec/DESKeySpec.java * javax/crypto/spec/DESedeKeySpec.java * javax/crypto/spec/DHGenParameterSpec.java * javax/crypto/spec/DHParameterSpec.java * javax/crypto/spec/DHPrivateKeySpec.java * javax/crypto/spec/DHPublicKeySpec.java * javax/crypto/spec/IvParameterSpec.java * javax/crypto/spec/PBEKeySpec.java * javax/crypto/spec/PBEParameterSpec.java * javax/crypto/spec/RC2ParameterSpec.java * javax/crypto/spec/RC5ParameterSpec.java * javax/crypto/spec/SecretKeySpec.java * javax/security/auth/AuthPermission.java * javax/security/auth/DestroyFailedException.java * javax/security/auth/Destroyable.java * javax/security/auth/Policy.java * javax/security/auth/PrivateCredentialPermission.java * javax/security/auth/RefreshFailedException.java * javax/security/auth/Refreshable.java * javax/security/auth/Subject.java * javax/security/auth/SubjectDomainCombiner.java * javax/security/auth/callback/Callback.java * javax/security/auth/callback/CallbackHandler.java * javax/security/auth/callback/ChoiceCallback.java * javax/security/auth/callback/ConfirmationCallback.java * javax/security/auth/callback/LanguageCallback.java * javax/security/auth/callback/NameCallback.java * javax/security/auth/callback/PasswordCallback.java * javax/security/auth/callback/TextInputCallback.java * javax/security/auth/callback/TextOutputCallback.java * javax/security/auth/callback/UnsupportedCallbackException.java * javax/security/auth/login/AccountExpiredException.java * javax/security/auth/login/AppConfigurationEntry.java * javax/security/auth/login/Configuration.java * javax/security/auth/login/CredentialExpiredException.java * javax/security/auth/login/FailedLoginException.java * javax/security/auth/login/LoginContext.java * javax/security/auth/login/LoginException.java * javax/security/auth/login/NullConfiguration.java * javax/security/auth/x500/X500PrivateCredential.java * javax/security/sasl/AuthenticationException.java * javax/security/sasl/AuthorizeCallback.java * javax/security/sasl/RealmCallback.java * javax/security/sasl/RealmChoiceCallback.java * javax/security/sasl/Sasl.java * javax/security/sasl/SaslClient.java * javax/security/sasl/SaslClientFactory.java * javax/security/sasl/SaslException.java * javax/security/sasl/SaslServer.java * javax/security/sasl/SaslServerFactory.java * org/ietf/jgss/ChannelBinding.java * org/ietf/jgss/GSSContext.java * org/ietf/jgss/GSSCredential.java * org/ietf/jgss/GSSException.java * org/ietf/jgss/GSSManager.java * org/ietf/jgss/GSSName.java * org/ietf/jgss/MessageProp.java * org/ietf/jgss/Oid.java * org/ietf/jgss/MessagesBundle.properties Files imported from Jessie <http://www.nongnu.org/jessie/> * javax/net/ServerSocketFactory.java * javax/net/SocketFactory.java * javax/net/VanillaServerSocketFactory.java * javax/net/VanillaSocketFactory.java * javax/net/ssl/HandshakeCompletedEvent.java * javax/net/ssl/HandshakeCompletedListener.java * javax/net/ssl/HostnameVerifier.java * javax/net/ssl/HttpsURLConnection.java * javax/net/ssl/KeyManager.java * javax/net/ssl/KeyManagerFactory.java * javax/net/ssl/KeyManagerFactorySpi.java * javax/net/ssl/ManagerFactoryParameters.java * javax/net/ssl/SSLContext.java * javax/net/ssl/SSLContextSpi.java * javax/net/ssl/SSLException.java * javax/net/ssl/SSLHandshakeException.java * javax/net/ssl/SSLKeyException.java * javax/net/ssl/SSLPeerUnverifiedException.java * javax/net/ssl/SSLPermission.java * javax/net/ssl/SSLProtocolException.java * javax/net/ssl/SSLServerSocket.java * javax/net/ssl/SSLServerSocketFactory.java * javax/net/ssl/SSLSession.java * javax/net/ssl/SSLSessionBindingEvent.java * javax/net/ssl/SSLSessionBindingListener.java * javax/net/ssl/SSLSessionContext.java * javax/net/ssl/SSLSocket.java * javax/net/ssl/SSLSocketFactory.java * javax/net/ssl/TrivialHostnameVerifier.java * javax/net/ssl/TrustManager.java * javax/net/ssl/TrustManagerFactory.java * javax/net/ssl/TrustManagerFactorySpi.java * javax/net/ssl/X509KeyManager.java * javax/net/ssl/X509TrustManager.java * javax/security/cert/Certificate.java * javax/security/cert/CertificateEncodingException.java * javax/security/cert/CertificateException.java * javax/security/cert/CertificateExpiredException.java * javax/security/cert/CertificateNotYetValidException.java * javax/security/cert/CertificateParsingException.java * javax/security/cert/X509CertBridge.java * javax/security/cert/X509Certificate.java 2004-08-20 Casey Marshall <csm@gnu.org> * java/security/cert/X509CRLSelector.java: New file. * java/security/cert/X509CertSelector.java: New file. From-SVN: r87795
356 lines
11 KiB
Java
356 lines
11 KiB
Java
/* SealedObject.java -- An encrypted Serializable object.
|
|
Copyright (C) 2004 Free Software Foundation, Inc.
|
|
|
|
This file is part of GNU Classpath.
|
|
|
|
GNU Classpath is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2, or (at your option)
|
|
any later version.
|
|
|
|
GNU Classpath is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with GNU Classpath; see the file COPYING. If not, write to the
|
|
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
|
02111-1307 USA.
|
|
|
|
Linking this library statically or dynamically with other modules is
|
|
making a combined work based on this library. Thus, the terms and
|
|
conditions of the GNU General Public License cover the whole
|
|
combination.
|
|
|
|
As a special exception, the copyright holders of this library give you
|
|
permission to link this library with independent modules to produce an
|
|
executable, regardless of the license terms of these independent
|
|
modules, and to copy and distribute the resulting executable under
|
|
terms of your choice, provided that you also meet, for each linked
|
|
independent module, the terms and conditions of the license of that
|
|
module. An independent module is a module which is not derived from
|
|
or based on this library. If you modify this library, you may extend
|
|
this exception to your version of the library, but you are not
|
|
obligated to do so. If you do not wish to do so, delete this
|
|
exception statement from your version. */
|
|
|
|
|
|
package javax.crypto;
|
|
|
|
import java.io.ByteArrayInputStream;
|
|
import java.io.ByteArrayOutputStream;
|
|
import java.io.IOException;
|
|
import java.io.ObjectInputStream;
|
|
import java.io.ObjectOutputStream;
|
|
import java.io.Serializable;
|
|
|
|
import java.security.AlgorithmParameters;
|
|
import java.security.InvalidAlgorithmParameterException;
|
|
import java.security.InvalidKeyException;
|
|
import java.security.Key;
|
|
import java.security.NoSuchAlgorithmException;
|
|
import java.security.NoSuchProviderException;
|
|
|
|
/**
|
|
* This class allows any {@link java.io.Serializable} object to be
|
|
* stored in an encrypted form.
|
|
*
|
|
* <p>When the sealed object is ready to be unsealed (and deserialized)
|
|
* the caller may use either
|
|
*
|
|
* <ol>
|
|
* <li>{@link #getObject(javax.crypto.Cipher)}, which uses an
|
|
* already-initialized {@link javax.crypto.Cipher}.<br>
|
|
* <br>
|
|
* or,</li>
|
|
*
|
|
* <li>{@link #getObject(java.security.Key)} or {@link
|
|
* #getObject(java.security.Key,java.lang.String)}, which will
|
|
* initialize a new cipher instance with the {@link #encodedParams} that
|
|
* were stored with this sealed object (this is so parameters, such as
|
|
* the IV, don't need to be known by the one unsealing the object).</li>
|
|
* </ol>
|
|
*
|
|
* @author Casey Marshall (csm@gnu.org)
|
|
* @since 1.4
|
|
*/
|
|
public class SealedObject implements Serializable
|
|
{
|
|
|
|
// Constants and fields.
|
|
// ------------------------------------------------------------------------
|
|
|
|
/** The encoded algorithm parameters. */
|
|
protected byte[] encodedParams;
|
|
|
|
/** The serialized, encrypted object. */
|
|
private byte[] encryptedContent;
|
|
|
|
/** The algorithm used to seal the object. */
|
|
private String sealAlg;
|
|
|
|
/** The parameter type. */
|
|
private String paramsAlg;
|
|
|
|
/** The cipher that decrypts when this object is unsealed. */
|
|
private transient Cipher sealCipher;
|
|
|
|
/** Compatible with JDK1.4. */
|
|
private static final long serialVersionUID = 4482838265551344752L;
|
|
|
|
// Constructors.
|
|
// ------------------------------------------------------------------------
|
|
|
|
/**
|
|
* Create a new sealed object from a {@link java.io.Serializable}
|
|
* object and a cipher.
|
|
*
|
|
* @param object The object to seal.
|
|
* @param cipher The cipher to encrypt with.
|
|
* @throws java.io.IOException If serializing the object fails.
|
|
* @throws javax.crypto.IllegalBlockSizeException If the cipher has no
|
|
* padding and the size of the serialized representation of the
|
|
* object is not a multiple of the cipher's block size.
|
|
*/
|
|
public SealedObject(Serializable object, Cipher cipher)
|
|
throws IOException, IllegalBlockSizeException
|
|
{
|
|
ByteArrayOutputStream baos = new ByteArrayOutputStream();
|
|
ObjectOutputStream oos = new ObjectOutputStream(baos);
|
|
oos.writeObject(object);
|
|
oos.flush();
|
|
try
|
|
{
|
|
encryptedContent = cipher.doFinal(baos.toByteArray());
|
|
}
|
|
catch (IllegalStateException ise)
|
|
{
|
|
throw new IOException("cipher not in proper state");
|
|
}
|
|
catch (BadPaddingException bpe)
|
|
{
|
|
throw new IOException(
|
|
"encrypting but got javax.crypto.BadPaddingException");
|
|
}
|
|
sealAlg = cipher.getAlgorithm();
|
|
encodedParams = cipher.getParameters().getEncoded();
|
|
paramsAlg = cipher.getParameters().getAlgorithm();
|
|
}
|
|
|
|
/**
|
|
* Create a new sealed object from another sealed object.
|
|
*
|
|
* @param so The other sealed object.
|
|
*/
|
|
protected SealedObject(SealedObject so)
|
|
{
|
|
this.encodedParams = (byte[]) so.encodedParams.clone();
|
|
this.encryptedContent = (byte[]) so.encryptedContent.clone();
|
|
this.sealAlg = so.sealAlg;
|
|
this.paramsAlg = so.paramsAlg;
|
|
}
|
|
|
|
// Instance methods.
|
|
// ------------------------------------------------------------------------
|
|
|
|
/**
|
|
* Get the name of the algorithm used to seal this object.
|
|
*
|
|
* @return The algorithm's name.
|
|
*/
|
|
public final String getAlgorithm()
|
|
{
|
|
return sealAlg;
|
|
}
|
|
|
|
/**
|
|
* Unseal and deserialize this sealed object with a specified (already
|
|
* initialized) cipher.
|
|
*
|
|
* @param cipher The cipher to decrypt with.
|
|
* @return The original object.
|
|
* @throws java.io.IOException If reading fails.
|
|
* @throws java.lang.ClassNotFoundException If deserialization fails.
|
|
* @throws javax.crypto.IllegalBlockSizeException If the cipher has no
|
|
* padding and the encrypted data is not a multiple of the
|
|
* cipher's block size.
|
|
* @throws javax.crypto.BadPaddingException If the padding bytes are
|
|
* incorrect.
|
|
*/
|
|
public final Object getObject(Cipher cipher)
|
|
throws IOException, ClassNotFoundException, IllegalBlockSizeException,
|
|
BadPaddingException
|
|
{
|
|
sealCipher = cipher;
|
|
return unseal();
|
|
}
|
|
|
|
/**
|
|
* Unseal and deserialize this sealed object with the specified key.
|
|
*
|
|
* @param key The key to decrypt with.
|
|
* @return The original object.
|
|
* @throws java.io.IOException If reading fails.
|
|
* @throws java.lang.ClassNotFoundException If deserialization fails.
|
|
* @throws java.security.InvalidKeyException If the supplied key
|
|
* cannot be used to unseal this object.
|
|
* @throws java.security.NoSuchAlgorithmException If the algorithm
|
|
* used to originally seal this object is not available.
|
|
*/
|
|
public final Object getObject(Key key)
|
|
throws IOException, ClassNotFoundException, InvalidKeyException,
|
|
NoSuchAlgorithmException
|
|
{
|
|
try
|
|
{
|
|
if (sealCipher == null)
|
|
sealCipher = Cipher.getInstance(sealAlg);
|
|
}
|
|
catch (NoSuchPaddingException nspe)
|
|
{
|
|
throw new NoSuchAlgorithmException(nspe.getMessage());
|
|
}
|
|
AlgorithmParameters params = null;
|
|
if (encodedParams != null)
|
|
{
|
|
params = AlgorithmParameters.getInstance(paramsAlg);
|
|
params.init(encodedParams);
|
|
}
|
|
try
|
|
{
|
|
sealCipher.init(Cipher.DECRYPT_MODE, key, params);
|
|
return unseal();
|
|
}
|
|
catch (InvalidAlgorithmParameterException iape)
|
|
{
|
|
throw new IOException("bad parameters");
|
|
}
|
|
catch (IllegalBlockSizeException ibse)
|
|
{
|
|
throw new IOException("illegal block size");
|
|
}
|
|
catch (BadPaddingException bpe)
|
|
{
|
|
throw new IOException("bad padding");
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Unseal and deserialize this sealed object with the specified key,
|
|
* using a cipher from the named provider.
|
|
*
|
|
* @param key The key to decrypt with.
|
|
* @param provider The name of the provider to use.
|
|
* @return The original object.
|
|
* @throws java.io.IOException If reading fails.
|
|
* @throws java.lang.ClassNotFoundException If deserialization fails.
|
|
* @throws java.security.InvalidKeyException If the supplied key
|
|
* cannot be used to unseal this object.
|
|
* @throws java.security.NoSuchAlgorithmException If the algorithm
|
|
* used to originally seal this object is not available from
|
|
* the named provider.
|
|
* @throws java.security.NoSuchProviderException If the named provider
|
|
* does not exist.
|
|
*/
|
|
public final Object getObject(Key key, String provider)
|
|
throws IOException, ClassNotFoundException, InvalidKeyException,
|
|
NoSuchAlgorithmException, NoSuchProviderException
|
|
{
|
|
try
|
|
{
|
|
sealCipher = Cipher.getInstance(sealAlg, provider);
|
|
}
|
|
catch (NoSuchPaddingException nspe)
|
|
{
|
|
throw new NoSuchAlgorithmException(nspe.getMessage());
|
|
}
|
|
AlgorithmParameters params = null;
|
|
if (encodedParams != null)
|
|
{
|
|
params = AlgorithmParameters.getInstance(paramsAlg, provider);
|
|
params.init(encodedParams);
|
|
}
|
|
try
|
|
{
|
|
sealCipher.init(Cipher.DECRYPT_MODE, key, params);
|
|
return unseal();
|
|
}
|
|
catch (InvalidAlgorithmParameterException iape)
|
|
{
|
|
throw new IOException("bad parameters");
|
|
}
|
|
catch (IllegalBlockSizeException ibse)
|
|
{
|
|
throw new IOException("illegal block size");
|
|
}
|
|
catch (BadPaddingException bpe)
|
|
{
|
|
throw new IOException("bad padding");
|
|
}
|
|
}
|
|
|
|
// Own methods.
|
|
// ------------------------------------------------------------------------
|
|
|
|
/**
|
|
* Deserialize this object.
|
|
*
|
|
* @param ois The input stream.
|
|
* @throws java.io.IOException If reading fails.
|
|
* @throws java.lang.ClassNotFoundException If reading fails.
|
|
*/
|
|
private void readObject(ObjectInputStream ois)
|
|
throws IOException, ClassNotFoundException
|
|
{
|
|
encodedParams = (byte[]) ois.readObject();
|
|
encryptedContent = (byte[]) ois.readObject();
|
|
sealAlg = (String) ois.readObject();
|
|
paramsAlg = (String) ois.readObject();
|
|
}
|
|
|
|
/**
|
|
* Serialize this object.
|
|
*
|
|
* @param oos The output stream.
|
|
* @throws java.io.IOException If writing fails.
|
|
*/
|
|
private void writeObject(ObjectOutputStream oos)
|
|
throws IOException
|
|
{
|
|
oos.writeObject(encodedParams);
|
|
oos.writeObject(encryptedContent);
|
|
oos.writeObject(sealAlg);
|
|
oos.writeObject(paramsAlg);
|
|
}
|
|
|
|
/**
|
|
* Unseal this object, returning it.
|
|
*
|
|
* @return The unsealed, deserialized Object.
|
|
* @throws java.io.IOException If reading fails.
|
|
* @throws java.io.ClassNotFoundException If reading fails.
|
|
* @throws javax.crypto.IllegalBlockSizeException If the cipher has no
|
|
* padding and the encrypted data is not a multiple of the
|
|
* cipher's block size.
|
|
* @throws javax.crypto.BadPaddingException If the padding bytes are
|
|
* incorrect.
|
|
*/
|
|
private Object unseal()
|
|
throws IOException, ClassNotFoundException, IllegalBlockSizeException,
|
|
BadPaddingException
|
|
{
|
|
ByteArrayInputStream bais = null;
|
|
try
|
|
{
|
|
bais = new ByteArrayInputStream(sealCipher.doFinal(encryptedContent));
|
|
}
|
|
catch (IllegalStateException ise)
|
|
{
|
|
throw new IOException("cipher not initialized");
|
|
}
|
|
ObjectInputStream ois = new ObjectInputStream(bais);
|
|
return ois.readObject();
|
|
}
|
|
}
|