public final class KeyUtils
extends java.lang.Object
Modifier and Type | Field and Description |
---|---|
private static java.util.Map<java.lang.Class<?>,PublicKeyEntryDecoder<?,?>> |
BY_KEY_CLASS_DECODERS_MAP |
private static java.util.Map<java.lang.String,PublicKeyEntryDecoder<?,?>> |
BY_KEY_TYPE_DECODERS_MAP |
private static java.util.concurrent.atomic.AtomicReference<DigestFactory> |
DEFAULT_DIGEST_HOLDER |
static DigestFactory |
DEFAULT_FINGERPRINT_DIGEST_FACTORY
The default
Factory of Digest s initialized
as the value of getDefaultFingerPrintFactory() if not
overridden by KEY_FINGERPRINT_FACTORY_PROP or
setDefaultFingerPrintFactory(DigestFactory) |
static java.math.BigInteger |
DEFAULT_RSA_PUBLIC_EXPONENT
The most commonly used RSA public key exponent
|
static java.lang.String |
DSS_ALGORITHM
Name of algorithm for DSS keys to be used when calling security provider
|
static java.lang.String |
EC_ALGORITHM
Name of algorithm for EC keys to be used when calling security provider
|
static java.lang.String |
KEY_FINGERPRINT_FACTORY_PROP
System property that can be used to control the default fingerprint factory used for keys.
|
static java.lang.String |
RSA_ALGORITHM
Name of algorithm for RSA keys to be used when calling security provider
|
static java.util.Set<java.nio.file.attribute.PosixFilePermission> |
STRICTLY_PROHIBITED_FILE_PERMISSION
The
Set of PosixFilePermission not allowed if strict
permissions are enforced on key files |
Modifier | Constructor and Description |
---|---|
private |
KeyUtils() |
Modifier and Type | Method and Description |
---|---|
static java.util.AbstractMap.SimpleImmutableEntry<java.lang.Boolean,java.lang.String> |
checkFingerPrint(java.lang.String expected,
Digest d,
java.security.PublicKey key) |
static java.util.AbstractMap.SimpleImmutableEntry<java.lang.Boolean,java.lang.String> |
checkFingerPrint(java.lang.String expected,
Factory<? extends Digest> f,
java.security.PublicKey key) |
static java.util.AbstractMap.SimpleImmutableEntry<java.lang.Boolean,java.lang.String> |
checkFingerPrint(java.lang.String expected,
java.security.PublicKey key) |
static java.security.KeyPair |
cloneKeyPair(java.lang.String keyType,
java.security.KeyPair kp)
Performs a deep-clone of the original
KeyPair - i.e., creates
new public/private keys that are clones of the original one |
static boolean |
compareDSAKeys(java.security.interfaces.DSAPrivateKey k1,
java.security.interfaces.DSAPrivateKey k2) |
static boolean |
compareDSAKeys(java.security.interfaces.DSAPublicKey k1,
java.security.interfaces.DSAPublicKey k2) |
static boolean |
compareDSAParams(java.security.interfaces.DSAParams p1,
java.security.interfaces.DSAParams p2) |
static boolean |
compareECKeys(java.security.interfaces.ECPrivateKey k1,
java.security.interfaces.ECPrivateKey k2) |
static boolean |
compareECKeys(java.security.interfaces.ECPublicKey k1,
java.security.interfaces.ECPublicKey k2) |
static boolean |
compareECParams(java.security.spec.ECParameterSpec s1,
java.security.spec.ECParameterSpec s2) |
static boolean |
compareKeyPairs(java.security.KeyPair k1,
java.security.KeyPair k2) |
static boolean |
compareKeys(java.security.PrivateKey k1,
java.security.PrivateKey k2) |
static boolean |
compareKeys(java.security.PublicKey k1,
java.security.PublicKey k2) |
static boolean |
compareRSAKeys(java.security.interfaces.RSAPrivateKey k1,
java.security.interfaces.RSAPrivateKey k2) |
static boolean |
compareRSAKeys(java.security.interfaces.RSAPublicKey k1,
java.security.interfaces.RSAPublicKey k2) |
static java.security.PublicKey |
findMatchingKey(java.security.PublicKey key,
java.util.Collection<? extends java.security.PublicKey> keySet) |
static java.security.PublicKey |
findMatchingKey(java.security.PublicKey key,
java.security.PublicKey... keySet) |
static java.security.KeyPair |
generateKeyPair(java.lang.String keyType,
int keySize) |
static DigestFactory |
getDefaultFingerPrintFactory() |
static java.lang.String |
getFingerPrint(Digest d,
java.security.PublicKey key) |
static java.lang.String |
getFingerPrint(Digest d,
java.lang.String s) |
static java.lang.String |
getFingerPrint(Digest d,
java.lang.String s,
java.nio.charset.Charset charset) |
static java.lang.String |
getFingerPrint(Factory<? extends Digest> f,
java.security.PublicKey key) |
static java.lang.String |
getFingerPrint(Factory<? extends Digest> f,
java.lang.String s) |
static java.lang.String |
getFingerPrint(Factory<? extends Digest> f,
java.lang.String s,
java.nio.charset.Charset charset) |
static java.lang.String |
getFingerPrint(java.security.PublicKey key) |
static java.lang.String |
getFingerPrint(java.lang.String password) |
static java.lang.String |
getFingerPrint(java.lang.String password,
java.nio.charset.Charset charset) |
static int |
getKeySize(java.security.Key key)
Determines the key size in bits
|
static java.lang.String |
getKeyType(java.security.Key key) |
static java.lang.String |
getKeyType(java.security.KeyPair kp) |
static PublicKeyEntryDecoder<?,?> |
getPublicKeyEntryDecoder(java.lang.Class<?> keyType) |
static PublicKeyEntryDecoder<?,?> |
getPublicKeyEntryDecoder(java.security.Key key) |
static PublicKeyEntryDecoder<?,?> |
getPublicKeyEntryDecoder(java.security.KeyPair kp) |
static PublicKeyEntryDecoder<?,?> |
getPublicKeyEntryDecoder(java.lang.String keyType) |
static byte[] |
getRawFingerprint(Digest d,
java.security.PublicKey key) |
static byte[] |
getRawFingerprint(Factory<? extends Digest> f,
java.security.PublicKey key) |
static byte[] |
getRawFingerprint(java.security.PublicKey key) |
static java.security.interfaces.DSAPublicKey |
recoverDSAPublicKey(java.security.interfaces.DSAPrivateKey privateKey) |
static java.security.interfaces.RSAPublicKey |
recoverFromRSAPrivateCrtKey(java.security.interfaces.RSAPrivateCrtKey rsaKey) |
static java.security.PublicKey |
recoverPublicKey(java.security.PrivateKey key) |
static java.security.interfaces.RSAPublicKey |
recoverRSAPublicKey(java.math.BigInteger modulus,
java.math.BigInteger publicExponent) |
static java.security.interfaces.RSAPublicKey |
recoverRSAPublicKey(java.math.BigInteger p,
java.math.BigInteger q,
java.math.BigInteger publicExponent) |
static java.security.interfaces.RSAPublicKey |
recoverRSAPublicKey(java.security.interfaces.RSAPrivateKey privateKey) |
static void |
registerPublicKeyEntryDecoder(PublicKeyEntryDecoder<?,?> decoder) |
static void |
setDefaultFingerPrintFactory(DigestFactory f) |
static java.util.AbstractMap.SimpleImmutableEntry<java.lang.String,java.lang.Object> |
validateStrictKeyFilePermissions(java.nio.file.Path path,
java.nio.file.LinkOption... options)
Checks if a path has strict permissions
|
public static final java.lang.String RSA_ALGORITHM
public static final java.math.BigInteger DEFAULT_RSA_PUBLIC_EXPONENT
public static final java.lang.String DSS_ALGORITHM
public static final java.lang.String EC_ALGORITHM
public static final java.util.Set<java.nio.file.attribute.PosixFilePermission> STRICTLY_PROHIBITED_FILE_PERMISSION
Set
of PosixFilePermission
not allowed if strict
permissions are enforced on key filespublic static final java.lang.String KEY_FINGERPRINT_FACTORY_PROP
DEFAULT_FINGERPRINT_DIGEST_FACTORY
is usedpublic static final DigestFactory DEFAULT_FINGERPRINT_DIGEST_FACTORY
Factory
of Digest
s initialized
as the value of getDefaultFingerPrintFactory()
if not
overridden by KEY_FINGERPRINT_FACTORY_PROP
or
setDefaultFingerPrintFactory(DigestFactory)
private static final java.util.concurrent.atomic.AtomicReference<DigestFactory> DEFAULT_DIGEST_HOLDER
private static final java.util.Map<java.lang.String,PublicKeyEntryDecoder<?,?>> BY_KEY_TYPE_DECODERS_MAP
private static final java.util.Map<java.lang.Class<?>,PublicKeyEntryDecoder<?,?>> BY_KEY_CLASS_DECODERS_MAP
public static java.util.AbstractMap.SimpleImmutableEntry<java.lang.String,java.lang.Object> validateStrictKeyFilePermissions(java.nio.file.Path path, java.nio.file.LinkOption... options) throws java.io.IOException
Checks if a path has strict permissions
The path may not have PosixFilePermission.OTHERS_EXECUTE
permission
(For Unix
) The path may not have group or others permissions
(For Unix
) If the path is a file, then its folder may not have
group or others permissions
The path must be owned by current user.
(For Unix
) The path may be owned by root.
(For Unix
) If the path is a file, then its folder must also
have valid owner.
path
- The Path
to be checked - ignored if null
or does not existoptions
- The LinkOption
s to use to query the file's permissionsAbstractMap.SimpleImmutableEntry
where key is a message and
value is the offending object PosixFilePermission
or String
for owner - null
if no violations detectedjava.io.IOException
- If failed to retrieve the permissionsSTRICTLY_PROHIBITED_FILE_PERMISSION
public static java.security.KeyPair generateKeyPair(java.lang.String keyType, int keySize) throws java.security.GeneralSecurityException
keyType
- The key type - OpenSSH
name - e.g., ssh-rsa, ssh-dss
keySize
- The key size (in bits)KeyPair
of the specified type and sizejava.security.GeneralSecurityException
- If failed to generate the key pairgetPublicKeyEntryDecoder(String)
,
KeyEntryResolver.generateKeyPair(int)
public static java.security.KeyPair cloneKeyPair(java.lang.String keyType, java.security.KeyPair kp) throws java.security.GeneralSecurityException
KeyPair
- i.e., creates
new public/private keys that are clones of the original onekeyType
- The key type - OpenSSH
name - e.g., ssh-rsa, ssh-dss
kp
- The KeyPair
to clone - ignored if null
java.security.GeneralSecurityException
- If failed to clone the pairpublic static void registerPublicKeyEntryDecoder(PublicKeyEntryDecoder<?,?> decoder)
decoder
- The decoder to registerjava.lang.IllegalArgumentException
- if no decoder or not key type or no
supported names for the decoderIdentityResourceLoader.getPublicKeyType()
,
IdentityResourceLoader.getSupportedTypeNames()
public static PublicKeyEntryDecoder<?,?> getPublicKeyEntryDecoder(java.lang.String keyType)
keyType
- The OpenSSH
key type string - e.g., ssh-rsa, ssh-dss
- ignored if null
/emptyPublicKeyEntryDecoder
or {code null} if not foundpublic static PublicKeyEntryDecoder<?,?> getPublicKeyEntryDecoder(java.security.KeyPair kp)
kp
- The KeyPair
to examine - ignored if null
PublicKeyEntryDecoder
provided both
the public and private keys have the same decoder - null
if no
match foundgetPublicKeyEntryDecoder(Key)
public static PublicKeyEntryDecoder<?,?> getPublicKeyEntryDecoder(java.security.Key key)
key
- The Key
(public or private) - ignored if null
PublicKeyEntryDecoder
for this key or {code null} if no match foundgetPublicKeyEntryDecoder(Class)
public static PublicKeyEntryDecoder<?,?> getPublicKeyEntryDecoder(java.lang.Class<?> keyType)
keyType
- The key Class
- ignored if null
or not a Key
compatible typePublicKeyEntryDecoder
or {code null} if no match foundpublic static DigestFactory getDefaultFingerPrintFactory()
DigestFactory
by the getFingerPrint(PublicKey)
and getFingerPrint(String)
methodsKEY_FINGERPRINT_FACTORY_PROP
,
setDefaultFingerPrintFactory(DigestFactory)
public static void setDefaultFingerPrintFactory(DigestFactory f)
f
- The DigestFactory
of Digest
s to be used - may
not be null
public static java.lang.String getFingerPrint(java.security.PublicKey key)
key
- the public key - ignored if null
null
if no key.
Note: if exception encountered then returns the exception's simple class namegetFingerPrint(Factory, PublicKey)
public static java.lang.String getFingerPrint(java.lang.String password)
password
- The String
to digest - ignored if null
/empty,
otherwise its UTF-8 representation is used as input for the fingerprintnull
if null
/empty input.
Note: if exception encountered then returns the exception's simple class namegetFingerPrint(String, Charset)
public static java.lang.String getFingerPrint(java.lang.String password, java.nio.charset.Charset charset)
password
- The String
to digest - ignored if null
/emptycharset
- The Charset
to use in order to convert the
string to its byte representation to use as input for the fingerprintnull
if null
/empty input.
Note: if exception encountered then returns the exception's simple class namegetFingerPrint(Factory, String, Charset)
,
getDefaultFingerPrintFactory()
public static java.lang.String getFingerPrint(Factory<? extends Digest> f, java.security.PublicKey key)
f
- The Factory
to create the Digest
to usekey
- the public key - ignored if null
null
if no key.
Note: if exception encountered then returns the exception's simple class namegetFingerPrint(Digest, PublicKey)
public static java.lang.String getFingerPrint(Digest d, java.security.PublicKey key)
d
- The Digest
to usekey
- the public key - ignored if null
null
if no key.
Note: if exception encountered then returns the exception's simple class nameDigestUtils.getFingerPrint(Digest, byte[], int, int)
public static byte[] getRawFingerprint(java.security.PublicKey key) throws java.lang.Exception
java.lang.Exception
public static byte[] getRawFingerprint(Factory<? extends Digest> f, java.security.PublicKey key) throws java.lang.Exception
java.lang.Exception
public static byte[] getRawFingerprint(Digest d, java.security.PublicKey key) throws java.lang.Exception
java.lang.Exception
public static java.lang.String getFingerPrint(Factory<? extends Digest> f, java.lang.String s)
f
- The Factory
to create the Digest
to uses
- The String
to digest - ignored if null
/empty,
otherwise its UTF-8 representation is used as input for the fingerprintnull
if null
/empty input.
Note: if exception encountered then returns the exception's simple class namegetFingerPrint(Digest, String, Charset)
public static java.lang.String getFingerPrint(Factory<? extends Digest> f, java.lang.String s, java.nio.charset.Charset charset)
f
- The Factory
to create the Digest
to uses
- The String
to digest - ignored if null
/emptycharset
- The Charset
to use in order to convert the
string to its byte representation to use as input for the fingerprintnull
if null
/empty input
Note: if exception encountered then returns the exception's simple class nameDigestUtils.getFingerPrint(Digest, String, Charset)
public static java.lang.String getFingerPrint(Digest d, java.lang.String s)
d
- The Digest
to uses
- The String
to digest - ignored if null
/empty,
otherwise its UTF-8 representation is used as input for the fingerprintnull
if null
/empty input.
Note: if exception encountered then returns the exception's simple class nameDigestUtils.getFingerPrint(Digest, String, Charset)
public static java.lang.String getFingerPrint(Digest d, java.lang.String s, java.nio.charset.Charset charset)
d
- The Digest
to use to calculate the fingerprints
- The string to digest - ignored if null
/emptycharset
- The Charset
to use in order to convert the
string to its byte representation to use as input for the fingerprintnull
if null
/empty input.
Note: if exception encountered then returns the exception's simple class nameDigestUtils.getFingerPrint(Digest, String, Charset)
public static java.util.AbstractMap.SimpleImmutableEntry<java.lang.Boolean,java.lang.String> checkFingerPrint(java.lang.String expected, java.security.PublicKey key)
expected
- The expected fingerprint if null
or empty then returns a failure
with the default fingerprint.key
- the PublicKey
- if null
then returns null.null
if no key.getDefaultFingerPrintFactory()
,
checkFingerPrint(String, Factory, PublicKey)
public static java.util.AbstractMap.SimpleImmutableEntry<java.lang.Boolean,java.lang.String> checkFingerPrint(java.lang.String expected, Factory<? extends Digest> f, java.security.PublicKey key)
expected
- The expected fingerprint if null
or empty then returns a failure
with the default fingerprint.f
- The Factory
to be used to generate the default Digest
for the keykey
- the PublicKey
- if null
then returns null.null
if no key.public static java.util.AbstractMap.SimpleImmutableEntry<java.lang.Boolean,java.lang.String> checkFingerPrint(java.lang.String expected, Digest d, java.security.PublicKey key)
expected
- The expected fingerprint if null
or empty then returns a failure
with the default fingerprint.d
- The Digest
to be used to generate the default fingerprint for the keykey
- the PublicKey
- if null
then returns null.null
if no key.public static java.lang.String getKeyType(java.security.KeyPair kp)
kp
- a key pair - ignored if null
. If the private
key is non-null
then it is used to determine the type,
otherwise the public one is used.null
if cannot determine itgetKeyType(Key)
public static java.lang.String getKeyType(java.security.Key key)
key
- a public or private keynull
if cannot determine itpublic static int getKeySize(java.security.Key key)
key
- The Key
to examine - ignored if null
public static java.security.PublicKey findMatchingKey(java.security.PublicKey key, java.security.PublicKey... keySet)
key
- The PublicKey
to be checked - ignored if null
keySet
- The keys to be searched - ignored if null
/emptyPublicKey
from the keys or null
if
no match foundcompareKeys(PublicKey, PublicKey)
public static java.security.PublicKey findMatchingKey(java.security.PublicKey key, java.util.Collection<? extends java.security.PublicKey> keySet)
key
- The PublicKey
to be checked - ignored if null
keySet
- The keys to be searched - ignored if null
/emptyPublicKey
from the keys or null
if
no match foundcompareKeys(PublicKey, PublicKey)
public static boolean compareKeyPairs(java.security.KeyPair k1, java.security.KeyPair k2)
public static boolean compareKeys(java.security.PublicKey k1, java.security.PublicKey k2)
public static java.security.PublicKey recoverPublicKey(java.security.PrivateKey key) throws java.security.GeneralSecurityException
java.security.GeneralSecurityException
public static boolean compareKeys(java.security.PrivateKey k1, java.security.PrivateKey k2)
public static boolean compareRSAKeys(java.security.interfaces.RSAPublicKey k1, java.security.interfaces.RSAPublicKey k2)
public static boolean compareRSAKeys(java.security.interfaces.RSAPrivateKey k1, java.security.interfaces.RSAPrivateKey k2)
public static java.security.interfaces.RSAPublicKey recoverRSAPublicKey(java.security.interfaces.RSAPrivateKey privateKey) throws java.security.GeneralSecurityException
java.security.GeneralSecurityException
public static java.security.interfaces.RSAPublicKey recoverFromRSAPrivateCrtKey(java.security.interfaces.RSAPrivateCrtKey rsaKey) throws java.security.GeneralSecurityException
java.security.GeneralSecurityException
public static java.security.interfaces.RSAPublicKey recoverRSAPublicKey(java.math.BigInteger p, java.math.BigInteger q, java.math.BigInteger publicExponent) throws java.security.GeneralSecurityException
java.security.GeneralSecurityException
public static java.security.interfaces.RSAPublicKey recoverRSAPublicKey(java.math.BigInteger modulus, java.math.BigInteger publicExponent) throws java.security.GeneralSecurityException
java.security.GeneralSecurityException
public static boolean compareDSAKeys(java.security.interfaces.DSAPublicKey k1, java.security.interfaces.DSAPublicKey k2)
public static boolean compareDSAKeys(java.security.interfaces.DSAPrivateKey k1, java.security.interfaces.DSAPrivateKey k2)
public static boolean compareDSAParams(java.security.interfaces.DSAParams p1, java.security.interfaces.DSAParams p2)
public static java.security.interfaces.DSAPublicKey recoverDSAPublicKey(java.security.interfaces.DSAPrivateKey privateKey) throws java.security.GeneralSecurityException
java.security.GeneralSecurityException
public static boolean compareECKeys(java.security.interfaces.ECPrivateKey k1, java.security.interfaces.ECPrivateKey k2)
public static boolean compareECKeys(java.security.interfaces.ECPublicKey k1, java.security.interfaces.ECPublicKey k2)
public static boolean compareECParams(java.security.spec.ECParameterSpec s1, java.security.spec.ECParameterSpec s2)