com.tencent.kona.sun.security.util

Class KeyUtil

java.lang.Object

com.tencent.kona.sun.security.util.KeyUtil

public final class KeyUtil
extends java.lang.Object

A utility class to get key length, validate keys, etc.

Constructor Summary

Constructors

Constructor and Description
KeyUtil()

Method Summary

Modifier and Type	Method and Description
static byte[]	checkTlsPreMasterSecretKey(int clientVersion, int serverVersion, java.security.SecureRandom random, byte[] encoded, boolean isFailOver) Check the format of TLS PreMasterSecret.
static java.lang.String	fullDisplayAlgName(java.security.Key key) Returns the algorithm name of the given key object.
static int	getKeySize(java.security.AlgorithmParameters parameters) Returns the key size of the given cryptographic parameters in bits.
static int	getKeySize(java.security.Key key) Returns the key size of the given key object in bits.
static boolean	isOracleJCEProvider(java.lang.String providerName) Returns whether the specified provider is Oracle provider or not.
static byte[]	trimZeroes(byte[] b) Trim leading (most significant) zeroes from the result.
static void	validate(java.security.Key key) Returns whether the key is valid or not.
static void	validate(java.security.spec.KeySpec keySpec) Returns whether the key spec is valid or not.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeyUtil

public KeyUtil()

Method Detail

getKeySize

public static int getKeySize(java.security.Key key)

Returns the key size of the given key object in bits.

Parameters:

key - the key object, cannot be null

Returns:

the key size of the given key object in bits, or -1 if the key size is not accessible

getKeySize

public static final int getKeySize(java.security.AlgorithmParameters parameters)

Returns the key size of the given cryptographic parameters in bits.

Parameters:

parameters - the cryptographic parameters, cannot be null

Returns:

the key size of the given cryptographic parameters in bits, or -1 if the key size is not accessible

fullDisplayAlgName

public static final java.lang.String fullDisplayAlgName(java.security.Key key)

Returns the algorithm name of the given key object. If an EC key is specified, returns the algorithm name and its named curve.

Parameters:

key - the key object, cannot be null

Returns:

the algorithm name of the given key object, or return in the form of "EC (named curve)" if the given key object is an EC key

validate

public static final void validate(java.security.Key key)
                           throws java.security.InvalidKeyException

Returns whether the key is valid or not.

Note that this method is only apply to DHPublicKey at present.

Parameters:

key - the key object, cannot be null

Throws:

java.lang.NullPointerException - if key is null

java.security.InvalidKeyException - if key is invalid

validate

public static final void validate(java.security.spec.KeySpec keySpec)
                           throws java.security.InvalidKeyException

Returns whether the key spec is valid or not.

Note that this method is only apply to DHPublicKeySpec at present.

Parameters:

keySpec - the key spec object, cannot be null

Throws:

java.lang.NullPointerException - if keySpec is null

java.security.InvalidKeyException - if keySpec is invalid

isOracleJCEProvider

public static final boolean isOracleJCEProvider(java.lang.String providerName)

Returns whether the specified provider is Oracle provider or not.

Parameters:

providerName - the provider name

Returns:

true if, and only if, the provider of the specified providerName is Oracle provider

checkTlsPreMasterSecretKey

public static byte[] checkTlsPreMasterSecretKey(int clientVersion,
                                                int serverVersion,
                                                java.security.SecureRandom random,
                                                byte[] encoded,
                                                boolean isFailOver)

Check the format of TLS PreMasterSecret.

To avoid vulnerabilities described by section 7.4.7.1, RFC 5246, treating incorrectly formatted message blocks and/or mismatched version numbers in a manner indistinguishable from correctly formatted RSA blocks. RFC 5246 describes the approach as:

  1. Generate a string R of 48 random bytes

  2. Decrypt the message to recover the plaintext M

  3. If the PKCS#1 padding is not correct, or the length of message
     M is not exactly 48 bytes:
        pre_master_secret = R
     else If ClientHello.client_version <= TLS 1.0, and version
     number check is explicitly disabled:
        premaster secret = M
     else If M[0..1] != ClientHello.client_version:
        premaster secret = R
     else:
        premaster secret = M

 Note that #2 should have completed before the call to this method.
 

Parameters:

clientVersion - the version of the TLS protocol by which the client wishes to communicate during this session

serverVersion - the negotiated version of the TLS protocol which contains the lower of that suggested by the client in the client hello and the highest supported by the server.

encoded - the encoded key in its "RAW" encoding format

isFailOver - whether the previous decryption of the encrypted PreMasterSecret message run into problem

Returns:

the polished PreMasterSecret key in its "RAW" encoding format

trimZeroes

public static byte[] trimZeroes(byte[] b)

Trim leading (most significant) zeroes from the result.

Throws:

java.lang.NullPointerException - if b is null