Key factories are used to convert keys (opaque * cryptographic keys of type {@code Key}) into key specifications * (transparent representations of the underlying key material), and vice * versa. * Secret key factories operate only on secret (symmetric) keys. * *
Key factories are bi-directional, i.e., they allow to build an opaque * key object from a given key specification (key material), or to retrieve * the underlying key material of a key object in a suitable format. * *
Application developers should refer to their provider's documentation * to find out which key specifications are supported by the * {@link #generateSecret(java.security.spec.KeySpec) generateSecret} and * {@link #getKeySpec(javax.crypto.SecretKey, java.lang.Class) getKeySpec} * methods. * For example, the DES secret-key factory supplied by the "SunJCE" provider * supports {@code DESKeySpec} as a transparent representation of DES * keys, and that provider's secret-key factory for Triple DES keys supports * {@code DESedeKeySpec} as a transparent representation of Triple DES * keys. * *
Every implementation of the Java platform is required to support the * following standard {@code SecretKeyFactory} algorithms: *
This method traverses the list of registered security Providers, * starting with the most preferred Provider. * A new SecretKeyFactory object encapsulating the * SecretKeyFactorySpi implementation from the first * Provider that supports the specified algorithm is returned. * *
Note that the list of registered providers may be retrieved via * the {@link Security#getProviders() Security.getProviders()} method. * * @param algorithm the standard name of the requested secret-key * algorithm. * See the SecretKeyFactory section in the * Java Cryptography Architecture Standard Algorithm Name Documentation * for information about standard algorithm names. * * @return the new {@code SecretKeyFactory} object. * * @exception NullPointerException if the specified algorithm * is null. * * @exception NoSuchAlgorithmException if no Provider supports a * SecretKeyFactorySpi implementation for the * specified algorithm. * * @see java.security.Provider */ public static final SecretKeyFactory getInstance(String algorithm) throws NoSuchAlgorithmException { return new SecretKeyFactory(algorithm); } /** * Returns a {@code SecretKeyFactory} object that converts * secret keys of the specified algorithm. * *
A new SecretKeyFactory object encapsulating the * SecretKeyFactorySpi implementation from the specified provider * is returned. The specified provider must be registered * in the security provider list. * *
Note that the list of registered providers may be retrieved via * the {@link Security#getProviders() Security.getProviders()} method. * * @param algorithm the standard name of the requested secret-key * algorithm. * See the SecretKeyFactory section in the * Java Cryptography Architecture Standard Algorithm Name Documentation * for information about standard algorithm names. * * @param provider the name of the provider. * * @return the new {@code SecretKeyFactory} object. * * @exception NoSuchAlgorithmException if a SecretKeyFactorySpi * implementation for the specified algorithm is not * available from the specified provider. * * @exception NullPointerException if the specified algorithm * is null. * * @throws NoSuchProviderException if the specified provider is not * registered in the security provider list. * * @exception IllegalArgumentException if the {@code provider} * is null or empty. * * @see java.security.Provider */ public static final SecretKeyFactory getInstance(String algorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderException { Instance instance = JceSecurity.getInstance("SecretKeyFactory", SecretKeyFactorySpi.class, algorithm, provider); return new SecretKeyFactory((SecretKeyFactorySpi)instance.impl, instance.provider, algorithm); } /** * Returns a {@code SecretKeyFactory} object that converts * secret keys of the specified algorithm. * *
A new SecretKeyFactory object encapsulating the * SecretKeyFactorySpi implementation from the specified Provider * object is returned. Note that the specified Provider object * does not have to be registered in the provider list. * * @param algorithm the standard name of the requested secret-key * algorithm. * See the SecretKeyFactory section in the * Java Cryptography Architecture Standard Algorithm Name Documentation * for information about standard algorithm names. * * @param provider the provider. * * @return the new {@code SecretKeyFactory} object. * * @exception NullPointerException if the specified algorithm * is null. * * @exception NoSuchAlgorithmException if a SecretKeyFactorySpi * implementation for the specified algorithm is not available * from the specified Provider object. * * @exception IllegalArgumentException if the {@code provider} * is null. * * @see java.security.Provider */ public static final SecretKeyFactory getInstance(String algorithm, Provider provider) throws NoSuchAlgorithmException { Instance instance = JceSecurity.getInstance("SecretKeyFactory", SecretKeyFactorySpi.class, algorithm, provider); return new SecretKeyFactory((SecretKeyFactorySpi)instance.impl, instance.provider, algorithm); } /** * Returns the provider of this {@code SecretKeyFactory} object. * * @return the provider of this {@code SecretKeyFactory} object */ public final Provider getProvider() { synchronized (lock) { // disable further failover after this call serviceIterator = null; return provider; } } /** * Returns the algorithm name of this {@code SecretKeyFactory} object. * *
This is the same name that was specified in one of the * {@code getInstance} calls that created this * {@code SecretKeyFactory} object. * * @return the algorithm name of this {@code SecretKeyFactory} * object. */ public final String getAlgorithm() { return this.algorithm; } /** * Update the active spi of this class and return the next * implementation for failover. If no more implemenations are * available, this method returns null. However, the active spi of * this class is never set to null. */ private SecretKeyFactorySpi nextSpi(SecretKeyFactorySpi oldSpi) { synchronized (lock) { // somebody else did a failover concurrently // try that spi now if ((oldSpi != null) && (oldSpi != spi)) { return spi; } if (serviceIterator == null) { return null; } while (serviceIterator.hasNext()) { Service s = serviceIterator.next(); if (JceSecurity.canUseProvider(s.getProvider()) == false) { continue; } try { Object obj = s.newInstance(null); if (obj instanceof SecretKeyFactorySpi == false) { continue; } SecretKeyFactorySpi spi = (SecretKeyFactorySpi)obj; provider = s.getProvider(); this.spi = spi; return spi; } catch (NoSuchAlgorithmException e) { // ignore } } serviceIterator = null; return null; } } /** * Generates a {@code SecretKey} object from the provided key * specification (key material). * * @param keySpec the specification (key material) of the secret key * * @return the secret key * * @exception InvalidKeySpecException if the given key specification * is inappropriate for this secret-key factory to produce a secret key. */ public final SecretKey generateSecret(KeySpec keySpec) throws InvalidKeySpecException { if (serviceIterator == null) { return spi.engineGenerateSecret(keySpec); } Exception failure = null; SecretKeyFactorySpi mySpi = spi; do { try { return mySpi.engineGenerateSecret(keySpec); } catch (Exception e) { if (failure == null) { failure = e; } mySpi = nextSpi(mySpi); } } while (mySpi != null); if (failure instanceof InvalidKeySpecException) { throw (InvalidKeySpecException)failure; } throw new InvalidKeySpecException ("Could not generate secret key", failure); } /** * Returns a specification (key material) of the given key object * in the requested format. * * @param key the key * @param keySpec the requested format in which the key material shall be * returned * * @return the underlying key specification (key material) in the * requested format * * @exception InvalidKeySpecException if the requested key specification is * inappropriate for the given key (e.g., the algorithms associated with * {@code key} and {@code keySpec} do not match, or * {@code key} references a key on a cryptographic hardware device * whereas {@code keySpec} is the specification of a software-based * key), or the given key cannot be dealt with * (e.g., the given key has an algorithm or format not supported by this * secret-key factory). */ public final KeySpec getKeySpec(SecretKey key, Class keySpec) throws InvalidKeySpecException { if (serviceIterator == null) { return spi.engineGetKeySpec(key, keySpec); } Exception failure = null; SecretKeyFactorySpi mySpi = spi; do { try { return mySpi.engineGetKeySpec(key, keySpec); } catch (Exception e) { if (failure == null) { failure = e; } mySpi = nextSpi(mySpi); } } while (mySpi != null); if (failure instanceof InvalidKeySpecException) { throw (InvalidKeySpecException)failure; } throw new InvalidKeySpecException ("Could not get key spec", failure); } /** * Translates a key object, whose provider may be unknown or potentially * untrusted, into a corresponding key object of this secret-key factory. * * @param key the key whose provider is unknown or untrusted * * @return the translated key * * @exception InvalidKeyException if the given key cannot be processed * by this secret-key factory. */ public final SecretKey translateKey(SecretKey key) throws InvalidKeyException { if (serviceIterator == null) { return spi.engineTranslateKey(key); } Exception failure = null; SecretKeyFactorySpi mySpi = spi; do { try { return mySpi.engineTranslateKey(key); } catch (Exception e) { if (failure == null) { failure = e; } mySpi = nextSpi(mySpi); } } while (mySpi != null); if (failure instanceof InvalidKeyException) { throw (InvalidKeyException)failure; } throw new InvalidKeyException ("Could not translate key", failure); } }