public final class KeyUtils extends Object
Modifier and Type | Field and Description |
---|---|
static DigestFactory |
DEFAULT_FINGERPRINT_DIGEST_FACTORY
The default
Factory of Digest s initialized as the value of
getDefaultFingerPrintFactory() if not overridden by KEY_FINGERPRINT_FACTORY_PROP or
setDefaultFingerPrintFactory(DigestFactory) |
static BigInteger |
DEFAULT_RSA_PUBLIC_EXPONENT
The most commonly used RSA public key exponent
|
static String |
DSS_ALGORITHM
Name of algorithm for DSS keys to be used when calling security provider
|
static String |
EC_ALGORITHM
Name of algorithm for EC keys to be used when calling security provider
|
static String |
KEY_FINGERPRINT_FACTORY_PROP
System property that can be used to control the default fingerprint factory used for keys.
|
static String |
RSA_ALGORITHM
Name of algorithm for RSA keys to be used when calling security provider
|
static String |
RSA_SHA256_CERT_TYPE_ALIAS |
static String |
RSA_SHA256_KEY_TYPE_ALIAS |
static String |
RSA_SHA512_CERT_TYPE_ALIAS |
static String |
RSA_SHA512_KEY_TYPE_ALIAS |
static Set<PosixFilePermission> |
STRICTLY_PROHIBITED_FILE_PERMISSION
The
Set of PosixFilePermission not allowed if strict permissions are enforced on key files |
public static final String RSA_ALGORITHM
public static final BigInteger DEFAULT_RSA_PUBLIC_EXPONENT
public static final String DSS_ALGORITHM
public static final String EC_ALGORITHM
public static final Set<PosixFilePermission> STRICTLY_PROHIBITED_FILE_PERMISSION
Set
of PosixFilePermission
not allowed if strict permissions are enforced on key filespublic static final String KEY_FINGERPRINT_FACTORY_PROP
DEFAULT_FINGERPRINT_DIGEST_FACTORY
is usedpublic static final DigestFactory DEFAULT_FINGERPRINT_DIGEST_FACTORY
Factory
of Digest
s initialized as the value of
getDefaultFingerPrintFactory()
if not overridden by KEY_FINGERPRINT_FACTORY_PROP
or
setDefaultFingerPrintFactory(DigestFactory)
public static final String RSA_SHA256_KEY_TYPE_ALIAS
public static final String RSA_SHA512_KEY_TYPE_ALIAS
public static final String RSA_SHA256_CERT_TYPE_ALIAS
public static final String RSA_SHA512_CERT_TYPE_ALIAS
public static AbstractMap.SimpleImmutableEntry<String,Object> validateStrictKeyFilePermissions(Path path, LinkOption... options) throws IOException
Checks if a path has strict permissions
The path may not have PosixFilePermission.OTHERS_EXECUTE
permission
(For Unix
) The path may not have group or others permissions
(For Unix
) If the path is a file, then its folder may not have group or others permissions
The path must be owned by current user.
(For Unix
) The path may be owned by root.
(For Unix
) If the path is a file, then its folder must also have valid owner.
path
- The Path
to be checked - ignored if null
or does not existoptions
- The LinkOption
s to use to query the file's permissionsAbstractMap.SimpleImmutableEntry
where key is a message and value is
the offending object PosixFilePermission
or String
for owner - null
if no violations detectedIOException
- If failed to retrieve the permissionsSTRICTLY_PROHIBITED_FILE_PERMISSION
public static PublicKey loadPublicKey(Path path) throws IOException, GeneralSecurityException
PublicKey
from a public key file.path
- Path
of the file to read; must not be null
PublicKey
, may be null
if the file is emptyIOException
- if the file cannot be read or parsedGeneralSecurityException
- if the file contents cannot be read as a single PublicKey
public static KeyPair generateKeyPair(String keyType, int keySize) throws GeneralSecurityException
keyType
- The key type - OpenSSH
name - e.g., ssh-rsa, ssh-dss
keySize
- The key size (in bits)KeyPair
of the specified type and sizeGeneralSecurityException
- If failed to generate the key pairgetPublicKeyEntryDecoder(String)
,
KeyEntryResolver.generateKeyPair(int)
public static KeyPair cloneKeyPair(String keyType, KeyPair kp) throws GeneralSecurityException
KeyPair
- i.e., creates new public/private keys that are
clones of the original onekeyType
- The key type - OpenSSH
name - e.g., ssh-rsa, ssh-dss
kp
- The KeyPair
to clone - ignored if null
GeneralSecurityException
- If failed to clone the pairpublic static void registerPublicKeyEntryDecoder(PublicKeyEntryDecoder<?,?> decoder)
decoder
- The decoder to registerIllegalArgumentException
- if no decoder or not key type or no supported names for the decoderIdentityResourceLoader.getPublicKeyType()
,
KeyTypeNamesSupport.getSupportedKeyTypes()
public static void registerPublicKeyEntryDecoderKeyTypes(PublicKeyEntryDecoder<?,?> decoder)
supports
decoder
- The (never null
) decoder
to registerregisterPublicKeyEntryDecoderForKeyType(String, PublicKeyEntryDecoder)
public static PublicKeyEntryDecoder<?,?> registerPublicKeyEntryDecoderForKeyType(String keyType, PublicKeyEntryDecoder<?,?> decoder)
keyType
- The key (never null
/empty) key typedecoder
- The (never null
) decoder
to registernull
if nonepublic static NavigableSet<String> unregisterPublicKeyEntryDecoder(PublicKeyEntryDecoder<?,?> decoder)
decoder
- The (never null
) decoder
to unregisterNavigableSet
of all the effectively un-registered key types
out of all the supported
ones.unregisterPublicKeyEntryDecoderKeyTypes(PublicKeyEntryDecoder)
public static NavigableSet<String> unregisterPublicKeyEntryDecoderKeyTypes(PublicKeyEntryDecoder<?,?> decoder)
decoder
- The (never null
) decoder
to unregisterNavigableSet
of all the effectively un-registered key types
out of all the supported
ones.unregisterPublicKeyEntryDecoderForKeyType(String)
public static PublicKeyEntryDecoder<?,?> unregisterPublicKeyEntryDecoderForKeyType(String keyType)
keyType
- The key (never null
/empty) key typePublicKeyEntryDecoder
- null
if none registered for this key
typepublic static PublicKeyEntryDecoder<?,?> getPublicKeyEntryDecoder(String keyType)
keyType
- The OpenSSH
key type string - e.g., ssh-rsa, ssh-dss
- ignored if
null
/emptyPublicKeyEntryDecoder
or {code null} if not foundpublic static PublicKeyEntryDecoder<?,?> getPublicKeyEntryDecoder(KeyPair kp)
kp
- The KeyPair
to examine - ignored if null
PublicKeyEntryDecoder
provided both the public and private keys have the
same decoder - null
if no match foundgetPublicKeyEntryDecoder(Key)
public static PublicKeyEntryDecoder<?,?> getPublicKeyEntryDecoder(Key key)
key
- The Key
(public or private) - ignored if null
PublicKeyEntryDecoder
for this key or {code null} if no match foundgetPublicKeyEntryDecoder(Class)
public static PublicKeyEntryDecoder<?,?> getPublicKeyEntryDecoder(Class<?> keyType)
keyType
- The key Class
- ignored if null
or not a Key
compatible typePublicKeyEntryDecoder
or {code null} if no match foundpublic static DigestFactory getDefaultFingerPrintFactory()
DigestFactory
by the getFingerPrint(PublicKey)
and
getFingerPrint(String)
methodsKEY_FINGERPRINT_FACTORY_PROP
,
setDefaultFingerPrintFactory(DigestFactory)
public static void setDefaultFingerPrintFactory(DigestFactory f)
f
- The DigestFactory
of Digest
s to be used - may not be null
public static String getFingerPrint(PublicKey key)
key
- the public key - ignored if null
null
if no key. Note: if exception encountered then returns the
exception's simple class namegetFingerPrint(Factory, PublicKey)
public static String getFingerPrint(String password)
password
- The String
to digest - ignored if null
/empty, otherwise its UTF-8 representation
is used as input for the fingerprintnull
if null
/empty input. Note: if exception
encountered then returns the exception's simple class namegetFingerPrint(String, Charset)
public static String getFingerPrint(String password, Charset charset)
password
- The String
to digest - ignored if null
/emptycharset
- The Charset
to use in order to convert the string to its byte representation to use as
input for the fingerprintnull
if null
/empty input. Note: if exception
encountered then returns the exception's simple class namegetFingerPrint(Factory, String, Charset)
,
getDefaultFingerPrintFactory()
public static String getFingerPrint(Factory<? extends Digest> f, PublicKey key)
f
- The Factory
to create the Digest
to usekey
- the public key - ignored if null
null
if no key. Note: if exception encountered then returns the
exception's simple class namegetFingerPrint(Digest, PublicKey)
public static String getFingerPrint(Digest d, PublicKey key)
d
- The Digest
to usekey
- the public key - ignored if null
null
if no key. Note: if exception encountered then returns the
exception's simple class nameDigestUtils.getFingerPrint(Digest, byte[], int, int)
public static byte[] getRawFingerprint(PublicKey key) throws Exception
Exception
public static byte[] getRawFingerprint(Factory<? extends Digest> f, PublicKey key) throws Exception
Exception
public static byte[] getRawFingerprint(Digest d, PublicKey key) throws Exception
Exception
public static String getFingerPrint(Factory<? extends Digest> f, String s)
f
- The Factory
to create the Digest
to uses
- The String
to digest - ignored if null
/empty, otherwise its UTF-8 representation is
used as input for the fingerprintnull
if null
/empty input. Note: if exception encountered then
returns the exception's simple class namegetFingerPrint(Digest, String, Charset)
public static String getFingerPrint(Factory<? extends Digest> f, String s, Charset charset)
f
- The Factory
to create the Digest
to uses
- The String
to digest - ignored if null
/emptycharset
- The Charset
to use in order to convert the string to its byte representation to use as
input for the fingerprintnull
if null
/empty input Note: if exception encountered
then returns the exception's simple class nameDigestUtils.getFingerPrint(Digest, String, Charset)
public static String getFingerPrint(Digest d, String s)
d
- The Digest
to uses
- The String
to digest - ignored if null
/empty, otherwise its UTF-8 representation is
used as input for the fingerprintnull
if null
/empty input. Note: if exception encountered then
returns the exception's simple class nameDigestUtils.getFingerPrint(Digest, String, Charset)
public static String getFingerPrint(Digest d, String s, Charset charset)
d
- The Digest
to use to calculate the fingerprints
- The string to digest - ignored if null
/emptycharset
- The Charset
to use in order to convert the string to its byte representation to use as
input for the fingerprintnull
if null
/empty input. Note: if exception encountered
then returns the exception's simple class nameDigestUtils.getFingerPrint(Digest, String, Charset)
public static AbstractMap.SimpleImmutableEntry<Boolean,String> checkFingerPrint(String expected, PublicKey key)
expected
- The expected fingerprint if null
or empty then returns a failure with the default
fingerprint.key
- the PublicKey
- if null
then returns null.null
if no key.getDefaultFingerPrintFactory()
,
checkFingerPrint(String, Factory, PublicKey)
public static AbstractMap.SimpleImmutableEntry<Boolean,String> checkFingerPrint(String expected, Factory<? extends Digest> f, PublicKey key)
expected
- The expected fingerprint if null
or empty then returns a failure with the default
fingerprint.f
- The Factory
to be used to generate the default Digest
for the keykey
- the PublicKey
- if null
then returns null.null
if no key.public static AbstractMap.SimpleImmutableEntry<Boolean,String> checkFingerPrint(String expected, Digest d, PublicKey key)
expected
- The expected fingerprint if null
or empty then returns a failure with the default
fingerprint.d
- The Digest
to be used to generate the default fingerprint for the keykey
- the PublicKey
- if null
then returns null.null
if no key.public static String getKeyType(KeyPair kp)
kp
- a key pair - ignored if null
. If the private key is non-null
then it is used to
determine the type, otherwise the public one is used.null
if cannot determine itgetKeyType(Key)
public static String getKeyType(Key key)
key
- a public or private keynull
if cannot determine itpublic static List<String> getAllEquivalentKeyTypes(String keyType)
keyType
- A key type name - ignored if null
/emptyList
of they canonical key name and all its aliasesgetCanonicalKeyType(String)
public static String getCanonicalKeyType(String keyType)
keyType
- The available key-type - ignored if null
/emptyRSA_SHA256_KEY_TYPE_ALIAS
,
RSA_SHA512_KEY_TYPE_ALIAS
public static NavigableSet<String> getRegisteredKeyTypeAliases()
NavigableSet
of the currently registered key type "aliases".getCanonicalKeyType(String)
public static List<String> registerCanonicalKeyTypes(String keyType, Collection<String> aliases)
keyType
- The (never null
/empty) canonical namealiases
- The (never null
/empty) aliasesList
of the replaced aliases - empty if no previous aliases for the canonical namepublic static String unregisterCanonicalKeyTypeAlias(String alias)
alias
- The alias to unregister (ignored if null
/empty)null
if alias not registeredpublic static int getKeySize(Key key)
key
- The Key
to examine - ignored if null
public static PublicKey findMatchingKey(PublicKey key, PublicKey... keySet)
key
- The PublicKey
to be checked - ignored if null
keySet
- The keys to be searched - ignored if null
/emptyPublicKey
from the keys or null
if no match foundcompareKeys(PublicKey, PublicKey)
public static PublicKey findMatchingKey(PublicKey key, Collection<? extends PublicKey> keySet)
key
- The PublicKey
to be checked - ignored if null
keySet
- The keys to be searched - ignored if null
/emptyPublicKey
from the keys or null
if no match foundcompareKeys(PublicKey, PublicKey)
public static PublicKey recoverPublicKey(PrivateKey key) throws GeneralSecurityException
GeneralSecurityException
public static boolean compareKeys(PrivateKey k1, PrivateKey k2)
public static boolean compareRSAKeys(RSAPublicKey k1, RSAPublicKey k2)
public static boolean compareRSAKeys(RSAPrivateKey k1, RSAPrivateKey k2)
public static boolean compareOpenSSHCertificateKeys(OpenSshCertificate k1, OpenSshCertificate k2)
public static RSAPublicKey recoverRSAPublicKey(RSAPrivateKey privateKey) throws GeneralSecurityException
GeneralSecurityException
public static RSAPublicKey recoverFromRSAPrivateCrtKey(RSAPrivateCrtKey rsaKey) throws GeneralSecurityException
GeneralSecurityException
public static RSAPublicKey recoverRSAPublicKey(BigInteger p, BigInteger q, BigInteger publicExponent) throws GeneralSecurityException
GeneralSecurityException
public static RSAPublicKey recoverRSAPublicKey(BigInteger modulus, BigInteger publicExponent) throws GeneralSecurityException
GeneralSecurityException
public static boolean compareDSAKeys(DSAPublicKey k1, DSAPublicKey k2)
public static boolean compareDSAKeys(DSAPrivateKey k1, DSAPrivateKey k2)
public static DSAPublicKey recoverDSAPublicKey(DSAPrivateKey privateKey) throws GeneralSecurityException
GeneralSecurityException
public static boolean compareECKeys(ECPrivateKey k1, ECPrivateKey k2)
public static boolean compareECKeys(ECPublicKey k1, ECPublicKey k2)
public static boolean compareECParams(ECParameterSpec s1, ECParameterSpec s2)
public static boolean compareSkEcdsaKeys(SkEcdsaPublicKey k1, SkEcdsaPublicKey k2)
public static boolean compareSkEd25519Keys(SkED25519PublicKey k1, SkED25519PublicKey k2)
Copyright © 2008–2024 The Apache Software Foundation. All rights reserved.