iaik.security.ssl

Class SecurityProvider

java.lang.Object

iaik.security.ssl.SecurityProvider

Direct Known Subclasses:

IaikProvider

public class SecurityProvider
extends java.lang.Object

This interface centralizes all security provider dependent code. If a user of iSaSiLk wants to use another security provider than IAIK (s)he only needs to extend this class. This class also contains the settings for the currently active SecurityProvider.

This class provides default implementations for all methods using the JCA/JCE 1.2 APIs except for some methods like getPrincipal() and getEncodedPrincipal() or ECC specific methods because they cannot be implemented in provider independent way. Therefore, if used with a fully JCA/JCE compliant provider no implementation work needs to be done at all and the provider will be used right away.

Note that if no SecurityProvider has been set explicitly, defaults will be used. If the IAIK JCE is available the IaikProvider will be used automatically, otherwise an instance of this class is used.

Note that there are separate documents about the iSaSiLk SecurityProvider model and the use of iSaSiLk with Smartcards.

See Also:

IaikProvider

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	ALG_CIPHER_3DES Constant string DESede/CBC/NoPadding.
static java.lang.String	ALG_CIPHER_AES Constant string AES/CBC/NoPadding.
static java.lang.String	ALG_CIPHER_AES_CCM Constant string AES/CCM/NoPadding.
static java.lang.String	ALG_CIPHER_AES_GCM Constant string AES/GCM/NoPadding.
static java.lang.String	ALG_CIPHER_AES_PKCS5 Constant string AES/CBC/PKCS5Padding.
static java.lang.String	ALG_CIPHER_CAMELLIA Constant string Camellia/CBC/NoPadding.
static java.lang.String	ALG_CIPHER_CAMELLIA_GCM Constant string Camellia/GCM/NoPadding.
static java.lang.String	ALG_CIPHER_CHACHA20_POLY1305 Constant string ChaCha20ChaCha20Poly1305/ECB/NoPadding.
static java.lang.String	ALG_CIPHER_DES Constant string DES/CBC/NoPadding.
static java.lang.String	ALG_CIPHER_IDEA Constant string IDEA/CBC/NoPadding.
static java.lang.String	ALG_CIPHER_RC2 Constant string RC2/CBC/NoPadding.
static java.lang.String	ALG_CIPHER_RC4 Constant string RC4/ECB/NoPadding.
static java.lang.String	ALG_CIPHER_RSA Constant string RSA/ECB/PKCS1Padding.
static java.lang.String	ALG_CIPHER_RSA_DECRYPT Constant string RSA/ECB/PKCS1Padding/Decrypt.
static java.lang.String	ALG_CIPHER_RSA_ENCRYPT Constant string RSA/ECB/PKCS1Padding/Encrypt.
static java.lang.String	ALG_CIPHER_RSA_ENCRYPT_SSL2 Constant string RSA/ECB/PKCS1PaddingSSL2.
static java.lang.String	ALG_CIPHER_RSA_SIGN Constant string RSA/ECB/PKCS1Padding/Sign.
static java.lang.String	ALG_CIPHER_RSA_VERIFY Constant string RSA/ECB/PKCS1Padding/Verify.
static java.lang.String	ALG_DIGEST_MD5 Constant string MD5 ("MD5").
static java.lang.String	ALG_DIGEST_SHA Constant string SHA ("SHA-1").
static java.lang.String	ALG_DIGEST_SHA1 Constant string SHA ("SHA-1").
static java.lang.String	ALG_DIGEST_SHA224 Constant string SHA224 ("SHA224").
static java.lang.String	ALG_DIGEST_SHA256 Constant string SHA256 ("SHA256").
static java.lang.String	ALG_DIGEST_SHA384 Constant string SHA384 ("SHA384").
static java.lang.String	ALG_DIGEST_SHA512 Constant string SHA512 ("SHA512").
static java.lang.String	ALG_HMAC_MD5 Constant string HmacMD5.
static java.lang.String	ALG_HMAC_SHA Constant string HmacSHA1.
static java.lang.String	ALG_HMAC_SHA256 Constant string HmacSHA256.
static java.lang.String	ALG_HMAC_SHA384 Constant string HmacSHA384.
static java.lang.String	ALG_HMAC_SHA512 Constant string HmacSHA512.
static java.lang.String	ALG_KEM_MLKEM1024 Constant string ML-KEM-1024 for the ML-KEM PQC key encapsulation mechanism specified by FIPS 203.
static java.lang.String	ALG_KEM_MLKEM512 Constant string ML-KEM-512 for the ML-KEM PQC key encapsulation mechanism specified by FIPS 203.
static java.lang.String	ALG_KEM_MLKEM768 Constant string ML-KEM-768 for the ML-KEM PQC key encapsulation mechanism specified by FIPS 203.
static java.lang.String	ALG_KEYEX_DH Constant string DH.
static java.lang.String	ALG_KEYEX_DSA Constant string DSA.
static java.lang.String	ALG_KEYEX_DSA_CLIENT Constant string DSAClient.
static java.lang.String	ALG_KEYEX_ECDH Constant string ECDH.
static java.lang.String	ALG_KEYEX_ECDSA Constant string ECDSA.
static java.lang.String	ALG_KEYEX_ECDSA_CLIENT Constant string ECDSAClient.
static java.lang.String	ALG_KEYEX_RSA Constant string RSA.
static java.lang.String	ALG_KEYGEN_AES Constant string AES.
static java.lang.String	ALG_KEYGEN_HMAC_SHA Constant string HmacSHA1.
static java.lang.String	ALG_KEYGEN_HMAC_SHA256 Constant string HmacSHA256.
static java.lang.String	ALG_KEYGEN_PBKDF2 Constant String PBKDF2.
static java.lang.String	ALG_KEYPAIR_RSA Constant string RSA.
static java.lang.String	ALG_SIGNATURE_MD5RSA Constant string MD5withRSA.
static java.lang.String	ALG_SIGNATURE_RAWDSA Constant string RawDSA.
static java.lang.String	ALG_SIGNATURE_RAWECDSA Constant string RawECDSA.
static java.lang.String	ALG_SIGNATURE_RAWRSAPSS Constant string RawRSASSA-PSS.
static java.lang.String	ALG_SIGNATURE_SHA1ECDSA Constant string SHA1withECDSA.
static java.lang.String	ALG_SIGNATURE_SHA1RSA Constant string SHA1withRSA.
static java.lang.String	ALG_SIGNATURE_SHA224ECDSA Constant string SHA224withECDSA.
static java.lang.String	ALG_SIGNATURE_SHA224RSA Constant string SHA224withRSA.
static java.lang.String	ALG_SIGNATURE_SHA256ECDSA Constant string SHA256withECDSA.
static java.lang.String	ALG_SIGNATURE_SHA256RSA Constant string SHA256withRSA.
static java.lang.String	ALG_SIGNATURE_SHA384ECDSA Constant string SHA384withECDSA.
static java.lang.String	ALG_SIGNATURE_SHA384RSA Constant string SHA384withRSA.
static java.lang.String	ALG_SIGNATURE_SHA512ECDSA Constant string SHA512withECDSA.
static java.lang.String	ALG_SIGNATURE_SHA512RSA Constant string SHA512withRSA.
static java.lang.String	ALG_SIGNATURE_SHADSA Constant string SHA1withDSA.
static java.lang.String	ALG_SIGNATURE_SHAECDSA Constant string SHA1withECDSA.
static int	CIPHER_DECRYPT Constant for a cipher object which is to be initialized for decryption.
static int	CIPHER_ENCRYPT Constant for a cipher object which is to be initialized for encryption.
static int	CIPHER_NONE Constant for a cipher object which is not to be initialized.
protected static java.util.Properties	configuration_ The properties object loaded from the configured file.
protected static java.lang.String	CONFIGURATION_PROPERTIES The name of the properties file that holds the configuration of the SecurityProvider.
static int	KEYAGREEMENT_INIT Constant for a KeyAgreement object which is to be initialized.
static int	KEYAGREEMENT_NONE Constant for a KeyAgreement object which is not to be initialized.
protected java.security.Provider	provider The JCA/JCE Provider instance to be used.
protected java.lang.String	providerName The name of the JCA/JCE Provider to be used.
static int	SIGNATURE_NONE Constant for a signature object which is not to be initialized.
static int	SIGNATURE_SIGN Constant for a signature object which is to be initialized for signing.
static int	SIGNATURE_VERIFY Constant for a signature object which is to be initialized for verification.

Constructor Summary

Constructors

Constructor and Description
SecurityProvider() Default constructor.
SecurityProvider(java.security.Provider provider) Constructor specifying the provider to use.
SecurityProvider(java.lang.String providerName) Constructor specifying the provider to use.

Method Summary

Modifier and Type	Method and Description
protected int	aeadDecrypt(javax.crypto.Cipher cipher, javax.crypto.SecretKey key, byte[] in, int inOff, int inLen, byte[] out, int outOff, byte[] aad, byte[] nonce, int macSize) Uses the given cipher to AEAD decrypt the given encrypted data with the given key.
protected int	aeadEncrypt(javax.crypto.Cipher cipher, javax.crypto.SecretKey key, byte[] in, int inOff, int inLen, byte[] out, int outOff, byte[] aad, byte[] nonce, int macSize, java.security.SecureRandom random) Uses the given cipher to AEAD encrypt the given data with the given key.
protected byte[]	calculateRawSignature(java.lang.String algorithm, byte[] hash, java.security.Key key, java.security.SecureRandom random, java.security.spec.AlgorithmParameterSpec paramSpec) This method uses a "eraw"e signature engine to calculate the signature value from the given hash value.
protected byte[]	calculateRawSignature(java.lang.String algorithmName, byte[] dataToBeSigned, java.security.PrivateKey key, java.security.SecureRandom random) Calculate the raw RSA PKCS#1v1.5 signature.
byte[]	calculateTrustedAuthorityIdentifier(int type, java.security.cert.X509Certificate certificate) Calculates a TrustedAuthority identifier of the given type from the given certificate.
boolean	canBeUsedWithKey(SignatureAndHashAlgorithm signatureAlgorithm, java.security.Key key) Checks if the given SignatureAndHashAlgorithm can be used with the given key.
boolean	canBeUsedWithKey(SignatureAndHashAlgorithmList signatureAlgorithms, java.security.PublicKey publicKey) Checks if the given SignatureAndHashAlgorithm list can be used with the given public key.
boolean	canBeUsedWithKey(SignatureAndHashAlgorithm signatureAlgorithm, java.security.PrivateKey privateKey) Checks if the given SignatureAndHashAlgorithm can be used with the given private key.
boolean	canBeUsedWithKey(SignatureAndHashAlgorithm signatureAlgorithm, java.security.PublicKey publicKey) Checks if the given SignatureAndHashAlgorithm can be used with the given public key.
boolean	canBeUsedWithVersion(SignatureAndHashAlgorithm sigantureScheme, int version) Checks if the given signature scheme can be used with the given version.
boolean	checkCertSignatureAlgorithm(java.security.cert.X509Certificate[] certChain, int len, SignatureAndHashAlgorithmList signatureAlgorithmsCertList) Checks if the signature algorithms of the given certificate chain comply with the given signature algorithms list of the SignatureAlgorithmsCert extension.
boolean	checkCertSignatureAlgorithm(java.security.cert.X509Certificate[] certChain, SignatureAndHashAlgorithmList signatureAlgorithmsCertList) Checks if the signature algorithms of the given certificate chain comply with the given signature algorithms list of the SignatureAlgorithmsCert extension.
boolean	checkCertSignatureAlgorithm(java.security.cert.X509Certificate cert, SignatureAndHashAlgorithmList signatureAlgorithmsCertList) Checks if the signature algorithm of the given certificate complies with the given signature algorithms list of the SignatureAlgorithmsCert extension.
protected boolean	checkCreatedRSAServerKeyExchangeSignature() Asks whether to check an RSA-CRT key ServerKeyExchange signature immediately after signature creation.
boolean	checkExtendedKeyUsage(java.security.cert.X509Certificate cert, boolean clientAuth) Checks if the ExtendedKeyUsage of the given client/server certificate enables the certificate for client/server authentication.
boolean	checkIfOnSameCurve(java.security.PublicKey ecdhServerPublicKey, java.security.PublicKey ecdhClientPublicKey) Checks if the given public server and client key are on the same elliptic curve.
boolean	checkKeyECPointFormat(java.security.PublicKey publicKey, SupportedPointFormats supportedPointFormats) Checks if the given public key complies with the given SupportedPointFormats extension.
boolean	checkKeyEllipticCurve(java.security.PublicKey publicKey, SupportedEllipticCurves supportedEllipticCurves) Checks if the given public key complies with the given SupportedEllipticCurves extension.
void	checkKeyLength(java.security.Key key) Checks the length (size) of the given key.
void	checkKeyLength(java.lang.String algorithm, int keySize) Checks the length (size) of the given key.
void	continueIfPeerDoesNotSupportSecureRenegotiation(SSLTransport transport, boolean renegotiation) Asks whether to continue if the peer does not support secure renegotiation.
byte[]	createCertStatusRequest(int statusType) Creates a status request to be sent within a status_request extension.
byte[]	createPkiPath(java.security.cert.X509Certificate[] certificates) Creates a DER encoded PKI path from the given (client) certificate chain.
byte[]	createSharedECDHSecret(java.security.PrivateKey privateKey, java.security.PublicKey publicKey) Creates a ECDH shared secret based on the given private and public ECDH keys.
void	decapsulate(java.lang.String kemAlg, java.security.PrivateKey privateKey, byte[] ct, byte[] ss) Uses the specified key encapsulation mechanism to decapsulate the session key from the given ciphertext with the given private key.
java.security.PublicKey	decodeECPublicKey(byte[] ecPoint, java.security.PrivateKey privateKey, SupportedPointFormats supportedPointFormats) Decodes the given encoded EC PublicKey according to the Octet-String-to-Point conversion of ANSI X9.62 (1998), section 4.3.7.
java.security.PublicKey	decodeECPublicKey(byte[] ecPoint, SupportedEllipticCurves.NamedCurve curve, SupportedPointFormats supportedPointFormats, SupportedEllipticCurves supportedEllipticCurves) Decodes the given encoded EC PublicKey according to the Octet-String-to-Point conversion of ANSI X9.62 (1998), section 4.3.7.
java.security.PublicKey	decodePqcPublicKey(java.lang.String alg, byte[] encodedKey) Decodes the given encoded PQC PublicKey .
java.lang.String	decodeURL(byte[] encodedCertificateURL) Decodes an encoded client certificate url.
javax.crypto.SecretKey	deriveKey(java.lang.String algorithm, char[] password, byte[] salt, int iterationCount, int keyLen, java.lang.String keyName, java.security.SecureRandom random) Uses the specified key derivation function to derive a key from the given password.
byte[]	encapsulate(java.lang.String kemAlg, java.security.PublicKey publicKey, byte[] ss) Uses the specified key encapsulation mechanism to create a shared secret and encapsulate it with the given public key.
byte[]	encodeECPublicKey(java.security.PublicKey publicKey, SupportedPointFormats supportedPointFormats) Encodes the given EC PublicKey according to the Point-To-Octet-String conversion of ANSI X9.62 (1998), section 4.3.6.
byte[]	encodePqcPublicKey(java.security.PublicKey publicKey) Encodes the given PQC PublicKey.
byte[]	encodeURL(java.lang.String certificateURL) Encodes the given client certificate url.
java.security.KeyPair	generateECKeyPair(java.security.PublicKey serverKey) Generates a key pair with same domain parameters as the given public key for the given key agreement method.
java.security.KeyPair	generateECKeyPair(java.lang.String name) Generates an EC key pair for the given algorithm/curve name.
java.security.KeyPair	generateECKeyPair(SupportedEllipticCurves supportedEllipticCurves, SupportedPointFormats supportedPointFormats) Generates an EC key pair according to the given list of supported curves.
byte[]	generateExtendedMasterSecret(byte[] preMasterSecret, byte[] handshakeHash, int version, java.lang.String prfDigestAlg) Creates an extended the master secret according to RFC 7627.
byte[]	generateMasterSecret(byte[] preMasterSecret, byte[] clientHelloRandom, byte[] serverHelloRandom, int version) Deprecated. use method generateMasterSecret(byte[], byte[], byte[], int, String)
byte[]	generateMasterSecret(byte[] preMasterSecret, byte[] clientHelloRandom, byte[] serverHelloRandom, int version, java.lang.String prfDigestAlg) Creates the master secret from the pre master secret.
java.security.KeyPair	generatePqcKeyPair(java.lang.String name) Generates an PQC key pair for the given algorithm name.
java.security.AlgorithmParameterGenerator	getAlgorithmParameterGenerator(java.lang.String algorithm) Returns an AlgorithmParameterGenerator for the requested algorithm.
protected javax.crypto.Cipher	getCipher(java.lang.String algorithm, int mode, java.security.Key key, java.security.spec.AlgorithmParameterSpec param, java.security.SecureRandom random) This method returns the desired Cipher object.
SupportedEllipticCurves.NamedCurve	getCurve(java.security.Key ecKey) Gets the NamedCurve belonging to the given EC key.
SupportedEllipticCurves.NamedCurve	getCurve(java.security.PrivateKey ecPrivateKey) Gets the NamedCurve belonging to the given private EC key.
SupportedEllipticCurves.NamedCurve	getCurve(java.security.PublicKey ecPublicKey) Gets the NamedCurve belonging to the given public EC key.
java.lang.String	getCurveName(java.security.PrivateKey ecPrivateKey) Gets the curve name belonging to the given private EC key.
java.lang.String	getCurveName(java.security.PublicKey ecPublicKey) Gets the curve name belonging to the given public EC key.
SupportedEllipticCurves.NamedCurve	getDefaultCurve(boolean binary) Gets the preferred default curve to be used by the server if no SupportedEllipticCurves extension has been sent by the client.
protected javax.crypto.interfaces.DHPrivateKey	getDHPrivateKey(java.math.BigInteger x, java.math.BigInteger p, java.math.BigInteger g) This method returns a DHPrivateKey created from the values: x, p and g.
protected javax.crypto.interfaces.DHPublicKey	getDHPublicKey(java.math.BigInteger y, java.math.BigInteger p, java.math.BigInteger g) This method returns a DHPublicKey created from the values: y, p and g.
SupportedPointFormats.ECPointFormat	getECPointFormat(java.security.PublicKey ecPublicKey) Gets the ECPointFormat (uncompressed, compressed prime, compressed char2) of the given public EC key.
protected byte[]	getEncodedPrincipal(java.security.Principal principal) This method returns a DER encoded Name (Principal).
javax.crypto.KeyAgreement	getKeyAgreement(java.lang.String algorithm, int mode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random) Gets a KeyAgreement object for the given algorithm.
protected javax.crypto.KeyGenerator	getKeyGenerator(java.lang.String algorithm) Returns a KeyGenerator for the requested algorithm.
int	getKeyLength(java.security.Key key) Calculates the length of the given key.
int	getKeyLength(java.security.PrivateKey privKey) Calculates the length of the given private key.
int	getKeyLength(java.security.PublicKey pubKey) Calculates the length of the given public key.
protected java.security.KeyPairGenerator	getKeyPairGenerator(java.lang.String algorithm) Returns a KeyPairGenerator for the requested algorithm.
protected javax.crypto.Mac	getMac(java.lang.String algorithm, java.security.Key key) This method returns the desired HMAC object.
int	getMacLength(javax.crypto.Mac mac)
protected java.security.MessageDigest	getMessageDigest(java.lang.String algorithm) This method returns the desired MessageDigest object.
SupportedEllipticCurves.NamedCurve	getNamedCurve(SignatureScheme signatureScheme) Gets the curve supported by the given SignatureScheme.
protected java.security.Principal	getPrincipal(byte[] array) This method returns a Principal created from a DER encoded byte array.
protected java.security.spec.AlgorithmParameterSpec	getRSAPssParameterSpec(java.lang.String hashAlgName) Creates a RSA-PSS AlgorithmParameterSpec from the given hash algorithm name.
protected java.security.interfaces.RSAPublicKey	getRSAPublicKey(java.math.BigInteger modulus, java.math.BigInteger publicExponent) This method returns a RSAPublicKey created from the values: modulus and publicExponent.
protected java.security.SecureRandom	getSecureRandom() Returns a new instance of a SecureRandom number generator.
static SecurityProvider	getSecurityProvider() Returns the active SecurityProvider.
protected java.security.Signature	getSignature(java.lang.String algorithm, int mode, java.security.Key key, java.security.SecureRandom random) This method returns the desired Signature object.
protected java.security.Signature	getSignature(java.lang.String algorithm, int mode, java.security.Key key, java.security.SecureRandom random, java.security.spec.AlgorithmParameterSpec paramSpec) This method returns the desired Signature object.
SignatureAndHashAlgorithmList	getSignatureAlgorithms(java.security.cert.X509Certificate cert, int certificateType) Gets the signature algorithm list that can be used with the given certificate for the given certificate type.
SignatureAndHashAlgorithmList	getSignatureAlgorithms(java.security.cert.X509Certificate cert, int certificateType, int version) Gets the signature algorithm list that can be used with the given certificate for the given certificate type and protocol version.
SignatureScheme	getSignatureScheme(SupportedEllipticCurves.NamedCurve namedCurve) Gets a signature scheme appropriate for the given curve.
ServerName	getTLSServerName(int nameType, byte[] encodedServerName) Creates a ServerName from the given (UTF-8) encoded server name.
ServerName	getTLSServerName(int nameType, java.lang.String name) Creates a ServerName from the given server name string.
ServerName[]	getTLSServerName(int nameType, java.security.cert.X509Certificate serverCert) Gets the TLS server name(s) from the given certificate.
protected java.lang.String[]	getTLSServerName(java.security.cert.X509Certificate serverCert) Returns the TLS server name(s) from the certificate.
protected java.security.cert.X509Certificate	getX509Certificate(byte[] array) This method returns a X509Certificate created from a DER encoded byte array.
java.security.cert.X509Certificate	getX509Certificate(java.io.InputStream is) This method parses a DER encoded X509Certificate from an input stream.
java.security.cert.X509Certificate[]	getX509Certificates(byte[] pkiPath) This method creates a X.509 certificate array from a DER encoded PKI path as used by the TLS extension client_certificate_ URL (RFC 4366).
boolean	isBinary(java.security.PublicKey ecPublicKey) Checks if the curve of the given EC Public Key is binary or prime.
protected boolean	isImplemented(java.lang.String algorithm) Check if the specified algorithm is implemented by this provider.
protected boolean	isImplemented(java.lang.String algorithm, CipherSuite suite) Check if the specified algorithm required by the given cipher suite is implemented by this provider.
protected boolean	isImplementedSignatureAlgorithm(java.lang.String algorithm) Check if the specified signature algorithm is implemented by this provider.
boolean	isNamedCurveSupported(SupportedEllipticCurves.NamedCurve curve) Checks if the given NamedCurve is supported by this SecurityProvider.
boolean	isNamedGroupSupported(NamedGroup group) Checks if the given NamedGroup is supported by this SecurityProvider.
boolean	isPointFormatSupported(SupportedPointFormats.ECPointFormat pointFormat) Checks if the given ECPointFormat is supported by this SecurityProvider.
java.security.KeyStore	loadKeyStore(java.lang.String keyStoreFile, char[] keyStorePassword, java.lang.String keyStoreType, java.security.Provider keyStoreProvider) Loads a KeyStore from the given file protected with the given password.
java.security.KeyStore	loadKeyStore(java.lang.String keyStoreFile, char[] keyStorePassword, java.lang.String keyStoreType, java.lang.String keyStoreProvider) Loads a KeyStore from the given file protected with the given password.
static void	setImplementationCheckDebugStream(java.io.OutputStream os) Sets an debug stream to which debug failure message that occur during the initial algorithm implementation checks.
static void	setSecurityProvider(SecurityProvider provider) Sets the global SecurityProvider.
protected void	validateDHPublicKey(java.math.BigInteger y, java.math.BigInteger p, java.math.BigInteger g) Validates the given DHPublicKey.
protected boolean	verifyRawSignature(java.lang.String algorithmName, byte[] dataToBeSigned, byte[] signature, java.security.PublicKey key) Verify the provided RSA PKCS#1v1.5 signature.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CONFIGURATION_PROPERTIES

protected static final java.lang.String CONFIGURATION_PROPERTIES

The name of the properties file that holds the configuration of the SecurityProvider. This holds the class name of the implementation class of this SecurityProvider interface. If this file does not exist the default (IaikProvider) is used.

See Also:

Constant Field Values

configuration_

protected static java.util.Properties configuration_

The properties object loaded from the configured file.

SIGNATURE_NONE

public static final int SIGNATURE_NONE

Constant for a signature object which is not to be initialized.

See Also:

Constant Field Values

SIGNATURE_SIGN

public static final int SIGNATURE_SIGN

Constant for a signature object which is to be initialized for signing.

See Also:

Constant Field Values

SIGNATURE_VERIFY

public static final int SIGNATURE_VERIFY

Constant for a signature object which is to be initialized for verification.

See Also:

Constant Field Values

CIPHER_NONE

public static final int CIPHER_NONE

Constant for a cipher object which is not to be initialized.

See Also:

Constant Field Values

CIPHER_ENCRYPT

public static final int CIPHER_ENCRYPT

Constant for a cipher object which is to be initialized for encryption.

See Also:

Constant Field Values

CIPHER_DECRYPT

public static final int CIPHER_DECRYPT

Constant for a cipher object which is to be initialized for decryption.

See Also:

Constant Field Values

KEYAGREEMENT_NONE

public static final int KEYAGREEMENT_NONE

Constant for a KeyAgreement object which is not to be initialized.

See Also:

Constant Field Values

KEYAGREEMENT_INIT

public static final int KEYAGREEMENT_INIT

Constant for a KeyAgreement object which is to be initialized.

See Also:

Constant Field Values

ALG_DIGEST_MD5

public static final java.lang.String ALG_DIGEST_MD5

Constant string MD5 ("MD5"). Used by the library with getMessageDigest().

See Also:

Constant Field Values

ALG_DIGEST_SHA

public static final java.lang.String ALG_DIGEST_SHA

Constant string SHA ("SHA-1"). Same as ALG_DIGEST_SHA1. Used by the library with getMessageDigest().

See Also:

Constant Field Values

ALG_DIGEST_SHA1

public static final java.lang.String ALG_DIGEST_SHA1

Constant string SHA ("SHA-1"). Same as ALG_DIGEST_SHA. Used by the library with getMessageDigest().

See Also:

Constant Field Values

ALG_DIGEST_SHA224

public static final java.lang.String ALG_DIGEST_SHA224

Constant string SHA224 ("SHA224"). Used by the library with getMessageDigest().

See Also:

Constant Field Values

ALG_DIGEST_SHA256

public static final java.lang.String ALG_DIGEST_SHA256

Constant string SHA256 ("SHA256"). Used by the library with getMessageDigest().

See Also:

Constant Field Values

ALG_DIGEST_SHA384

public static final java.lang.String ALG_DIGEST_SHA384

Constant string SHA384 ("SHA384"). Used by the library with getMessageDigest().

See Also:

Constant Field Values

ALG_DIGEST_SHA512

public static final java.lang.String ALG_DIGEST_SHA512

Constant string SHA512 ("SHA512"). Used by the library with getMessageDigest().

See Also:

Constant Field Values

ALG_HMAC_MD5

public static final java.lang.String ALG_HMAC_MD5

Constant string HmacMD5. Used by the library with getMac().

See Also:

Constant Field Values

ALG_HMAC_SHA

public static final java.lang.String ALG_HMAC_SHA

Constant string HmacSHA1. Used by the library with getMac().

See Also:

Constant Field Values

ALG_HMAC_SHA256

public static final java.lang.String ALG_HMAC_SHA256

Constant string HmacSHA256. Used by the library with getMac().

See Also:

Constant Field Values

ALG_HMAC_SHA384

public static final java.lang.String ALG_HMAC_SHA384

Constant string HmacSHA384. Used by the library with getMac().

See Also:

Constant Field Values

ALG_HMAC_SHA512

public static final java.lang.String ALG_HMAC_SHA512

Constant string HmacSHA512. Used by the library with getMac().

See Also:

Constant Field Values

ALG_SIGNATURE_SHADSA

public static final java.lang.String ALG_SIGNATURE_SHADSA

Constant string SHA1withDSA. Used by the library with getSignature().

See Also:

Constant Field Values

ALG_SIGNATURE_RAWDSA

public static final java.lang.String ALG_SIGNATURE_RAWDSA

Constant string RawDSA. Used by the library with getSignature().

See Also:

Constant Field Values

ALG_SIGNATURE_SHAECDSA

public static final java.lang.String ALG_SIGNATURE_SHAECDSA

Constant string SHA1withECDSA. Used by the library with getSignature().

See Also:

Constant Field Values

ALG_SIGNATURE_SHA1ECDSA

public static final java.lang.String ALG_SIGNATURE_SHA1ECDSA

Constant string SHA1withECDSA. Used by the library with getSignature(). Same as #ALG_SIGNATURE_SHAECDSA

See Also:

Constant Field Values

ALG_SIGNATURE_SHA224ECDSA

public static final java.lang.String ALG_SIGNATURE_SHA224ECDSA

Constant string SHA224withECDSA. Used by the library with getSignature().

See Also:

Constant Field Values

ALG_SIGNATURE_SHA256ECDSA

public static final java.lang.String ALG_SIGNATURE_SHA256ECDSA

Constant string SHA256withECDSA. Used by the library with getSignature().

See Also:

Constant Field Values

ALG_SIGNATURE_SHA384ECDSA

public static final java.lang.String ALG_SIGNATURE_SHA384ECDSA

Constant string SHA384withECDSA. Used by the library with getSignature().

See Also:

Constant Field Values

ALG_SIGNATURE_SHA512ECDSA

public static final java.lang.String ALG_SIGNATURE_SHA512ECDSA

Constant string SHA512withECDSA. Used by the library with getSignature().

See Also:

Constant Field Values

ALG_SIGNATURE_RAWECDSA

public static final java.lang.String ALG_SIGNATURE_RAWECDSA

Constant string RawECDSA. Used by the library with getSignature().

See Also:

Constant Field Values

ALG_SIGNATURE_MD5RSA

public static final java.lang.String ALG_SIGNATURE_MD5RSA

Constant string MD5withRSA. Used by the library with getSignature().

See Also:

Constant Field Values

ALG_SIGNATURE_SHA1RSA

public static final java.lang.String ALG_SIGNATURE_SHA1RSA

Constant string SHA1withRSA. Used by the library with getSignature().

See Also:

Constant Field Values

ALG_SIGNATURE_SHA224RSA

public static final java.lang.String ALG_SIGNATURE_SHA224RSA

Constant string SHA224withRSA. Used by the library with getSignature().

See Also:

Constant Field Values

ALG_SIGNATURE_SHA256RSA

public static final java.lang.String ALG_SIGNATURE_SHA256RSA

Constant string SHA256withRSA. Used by the library with getSignature().

See Also:

Constant Field Values

ALG_SIGNATURE_SHA384RSA

public static final java.lang.String ALG_SIGNATURE_SHA384RSA

Constant string SHA384withRSA. Used by the library with getSignature().

See Also:

Constant Field Values

ALG_SIGNATURE_SHA512RSA

public static final java.lang.String ALG_SIGNATURE_SHA512RSA

Constant string SHA512withRSA. Used by the library with getSignature().

See Also:

Constant Field Values

ALG_SIGNATURE_RAWRSAPSS

public static final java.lang.String ALG_SIGNATURE_RAWRSAPSS

Constant string RawRSASSA-PSS. Used by the library with getSignature().

See Also:

Constant Field Values

ALG_CIPHER_RC4

public static final java.lang.String ALG_CIPHER_RC4

Constant string RC4/ECB/NoPadding. Used by the library with getCipher().

See Also:

Constant Field Values

ALG_CIPHER_RC2

public static final java.lang.String ALG_CIPHER_RC2

Constant string RC2/CBC/NoPadding. Used by the library with getCipher().

See Also:

Constant Field Values

ALG_CIPHER_DES

public static final java.lang.String ALG_CIPHER_DES

Constant string DES/CBC/NoPadding. Used by the library with getCipher().

See Also:

Constant Field Values

ALG_CIPHER_3DES

public static final java.lang.String ALG_CIPHER_3DES

Constant string DESede/CBC/NoPadding. Used by the library with getCipher().

See Also:

Constant Field Values

ALG_CIPHER_IDEA

public static final java.lang.String ALG_CIPHER_IDEA

Constant string IDEA/CBC/NoPadding. Used by the library with getCipher().

See Also:

Constant Field Values

ALG_CIPHER_AES

public static final java.lang.String ALG_CIPHER_AES

Constant string AES/CBC/NoPadding. Used by the library with getCipher().

See Also:

Constant Field Values

ALG_CIPHER_AES_PKCS5

public static final java.lang.String ALG_CIPHER_AES_PKCS5

Constant string AES/CBC/PKCS5Padding. Used by the library with getCipher().

See Also:

Constant Field Values

ALG_CIPHER_AES_GCM

public static final java.lang.String ALG_CIPHER_AES_GCM

Constant string AES/GCM/NoPadding. Used by the library with getCipher().

See Also:

Constant Field Values

ALG_CIPHER_AES_CCM

public static final java.lang.String ALG_CIPHER_AES_CCM

Constant string AES/CCM/NoPadding. Used by the library with getCipher().

See Also:

Constant Field Values

ALG_CIPHER_CAMELLIA

public static final java.lang.String ALG_CIPHER_CAMELLIA

Constant string Camellia/CBC/NoPadding. Used by the library with getCipher().

See Also:

Constant Field Values

ALG_CIPHER_CAMELLIA_GCM

public static final java.lang.String ALG_CIPHER_CAMELLIA_GCM

Constant string Camellia/GCM/NoPadding. Used by the library with getCipher().

See Also:

Constant Field Values

ALG_CIPHER_CHACHA20_POLY1305

public static final java.lang.String ALG_CIPHER_CHACHA20_POLY1305

Constant string ChaCha20ChaCha20Poly1305/ECB/NoPadding. Used by the library with getCipher().

See Also:

Constant Field Values

ALG_KEYPAIR_RSA

public static final java.lang.String ALG_KEYPAIR_RSA

Constant string RSA. Used by the library with getKeyPairGenerator().

See Also:

Constant Field Values

ALG_KEYEX_RSA

public static final java.lang.String ALG_KEYEX_RSA

Constant string RSA. Used by the library with isImplemented().

See Also:

Constant Field Values

ALG_KEYEX_DSA

public static final java.lang.String ALG_KEYEX_DSA

Constant string DSA. Used by the library with isImplemented().

See Also:

Constant Field Values

ALG_KEYEX_DSA_CLIENT

public static final java.lang.String ALG_KEYEX_DSA_CLIENT

Constant string DSAClient. Used by the library with isImplemented().

See Also:

Constant Field Values

ALG_KEYEX_DH

public static final java.lang.String ALG_KEYEX_DH

Constant string DH. Used by the library with isImplemented().

See Also:

Constant Field Values

ALG_KEYEX_ECDSA

public static final java.lang.String ALG_KEYEX_ECDSA

Constant string ECDSA. Used by the library with isImplemented().

See Also:

Constant Field Values

ALG_KEYEX_ECDSA_CLIENT

public static final java.lang.String ALG_KEYEX_ECDSA_CLIENT

Constant string ECDSAClient. Used by the library with isImplemented().

See Also:

Constant Field Values

ALG_KEYEX_ECDH

public static final java.lang.String ALG_KEYEX_ECDH

Constant string ECDH. Used by the library with isImplemented().

See Also:

Constant Field Values

ALG_KEM_MLKEM512

public static final java.lang.String ALG_KEM_MLKEM512

Constant string ML-KEM-512 for the ML-KEM PQC key encapsulation mechanism specified by FIPS 203.

See Also:

Constant Field Values

ALG_KEM_MLKEM768

public static final java.lang.String ALG_KEM_MLKEM768

Constant string ML-KEM-768 for the ML-KEM PQC key encapsulation mechanism specified by FIPS 203.

See Also:

Constant Field Values

ALG_KEM_MLKEM1024

public static final java.lang.String ALG_KEM_MLKEM1024

Constant string ML-KEM-1024 for the ML-KEM PQC key encapsulation mechanism specified by FIPS 203.

See Also:

Constant Field Values

ALG_CIPHER_RSA

public static final java.lang.String ALG_CIPHER_RSA

Constant string RSA/ECB/PKCS1Padding. This string is NOT used with getCipher(), but it is the prefix of all RSA algorithm identifier strings (see below). The different identifiers were chosen to simplify using a particular RSA implementation just one of these operations. For example, to implement RSA client authentication on a smartcard one will only care about signature creation operations and will want to leave all other operations to the standard implementation. This can easily be done by checking for the String ALG_CIPHER_RSA_SIGN only.

If you write your own security provider that does nothing like this you will typically use code like:

 if( algorithm.startsWith(ALG_CIPHER_RSA) ) {
   algorithm = ALG_CIPHER_RSA;
 }
 return Cipher.getInstance(algorithm, "MyProvider");
 

See Also:

Constant Field Values

ALG_CIPHER_RSA_SIGN

public static final java.lang.String ALG_CIPHER_RSA_SIGN

Constant string RSA/ECB/PKCS1Padding/Sign. Used by the library with getCipher() to indicate an RSA signature creation operation (private key encryption).

See Also:

Constant Field Values

ALG_CIPHER_RSA_VERIFY

public static final java.lang.String ALG_CIPHER_RSA_VERIFY

Constant string RSA/ECB/PKCS1Padding/Verify. Used by the library with getCipher() to indicate an RSA signature verification operation (public key decryption).

See Also:

Constant Field Values

ALG_CIPHER_RSA_ENCRYPT

public static final java.lang.String ALG_CIPHER_RSA_ENCRYPT

Constant string RSA/ECB/PKCS1Padding/Encrypt. Used by the library with getCipher() to indicate an RSA data encryption operation (public key encryption).

See Also:

Constant Field Values

ALG_CIPHER_RSA_DECRYPT

public static final java.lang.String ALG_CIPHER_RSA_DECRYPT

Constant string RSA/ECB/PKCS1Padding/Decrypt. Used by the library with getCipher() to indicate an RSA data decryption operation (private key decryption).

See Also:

Constant Field Values

ALG_CIPHER_RSA_ENCRYPT_SSL2

public static final java.lang.String ALG_CIPHER_RSA_ENCRYPT_SSL2

Constant string RSA/ECB/PKCS1PaddingSSL2. Used by the library with getCipher() in SSLv2 mode to detect version rollback attacks (see RFC2246 section E.2). If this padding variant is not supported by a particular provider it should treat it the same as ALG_CIPHER_RSA_ENCRYPT.

See Also:

Constant Field Values

ALG_KEYGEN_PBKDF2

public static final java.lang.String ALG_KEYGEN_PBKDF2

Constant String PBKDF2. Only used for deriving a key from a password for pbe protected storing the contents of the DefaultPSKManager by using the PKCS#5 key derivation function "PBKDF2". Note that storing the DefaultPSKManager is only an optional feature and is NOT required for the normal SSL/TLS protocol working, even if PSK cipher suites are used.

See Also:

Constant Field Values

ALG_KEYGEN_AES

public static final java.lang.String ALG_KEYGEN_AES

Constant string AES. Used by the library with getKeyGenerator() to generate keys for an AES Cipher engine.

See Also:

Constant Field Values

ALG_KEYGEN_HMAC_SHA

public static final java.lang.String ALG_KEYGEN_HMAC_SHA

Constant string HmacSHA1. Used by the library with getKeyGenerator() to generate keys for an HmacSHA1 Mac engine.

See Also:

Constant Field Values

ALG_KEYGEN_HMAC_SHA256

public static final java.lang.String ALG_KEYGEN_HMAC_SHA256

Constant string HmacSHA256. Used by the library with getKeyGenerator() to generate keys for an HmacSHA256 Mac engine.

See Also:

Constant Field Values

providerName

protected java.lang.String providerName

The name of the JCA/JCE Provider to be used.

provider

protected java.security.Provider provider

The JCA/JCE Provider instance to be used.

Constructor Detail

SecurityProvider

public SecurityProvider()

Default constructor.

SecurityProvider

public SecurityProvider(java.lang.String providerName)

Constructor specifying the provider to use. If this constructor is used only the specified provider is searched, no implementations from other providers are used.

Parameters:

providerName - the name of the JCA/JCE Provider to be used

SecurityProvider

public SecurityProvider(java.security.Provider provider)

Constructor specifying the provider to use. If this constructor is used only the specified provider is searched, no implementations from other providers are used.

This constructor may be called for using a JCA Provider without installing it within the JCA Security framework. Using JCA engines from a Provider without installing it within the JCA framework is supported from JDK 1.4 upwards.

Parameters:

provider - the the JCA Provider to be used

Method Detail

setImplementationCheckDebugStream

public static void setImplementationCheckDebugStream(java.io.OutputStream os)

Sets an debug stream to which debug failure message that occur during the initial algorithm implementation checks.

Parameters:

os - the debug stream to which to write failure messages during the algorithm availability checks

getSecurityProvider

public static SecurityProvider getSecurityProvider()

Returns the active SecurityProvider. If no provider has been set explicitly using setSecurityProvider() and the properties file iaik/security/ssl/SecurityProvider.properties is available, this method tries to instanciate there SecurityProvider implementation configured there. If this file is no available, it tries to instanciate the IaikPovider. If the above mentioned attemps fail, it retunrs an instance of this class.

NOTE that the SecurityProvider setting is global for all SSLContexts.

Returns:

the installed SecurityProvider

setSecurityProvider

public static void setSecurityProvider(SecurityProvider provider)

Sets the global SecurityProvider.

NOTE that the SecurityProvider setting is global for all SSLContexts.

Parameters:

provider - the SecurityProvider which shall be used

isImplemented

protected boolean isImplemented(java.lang.String algorithm)

Check if the specified algorithm is implemented by this provider. The algorithm argument is the ALG_CIPHER_xxx string for symmetric algorithms or ALG_KEYEX_xxx for asymmetric algorithms. The default implementation performs the check by calling the respective get method and checking for exceptions.

It should normally not be necessary to override this method. Note that the library uses a caching mechanism to make sure this method is only called once per algorithm and SecurityProvider.

Parameters:

algorithm - the algorithm to be checked

isImplemented

protected boolean isImplemented(java.lang.String algorithm,
                                CipherSuite suite)

Check if the specified algorithm required by the given cipher suite is implemented by this provider. The algorithm argument is the ALG_CIPHER_xxx string for symmetric algorithms or ALG_KEYEX_xxx for asymmetric algorithms. The default implementation performs the check by calling the respective get method and checking for exceptions. For Cipher engine this method also tries to init the engine by using a key with a length required for the given CipherSuite (this check will drop all CipherSuites that need key sizes which are not allowed due to to key size restrictions of the installed JCE framework configuration).

It should normally not be necessary to override this method. Note that the library uses a caching mechanism to make sure this method is only called once per algorithm and SecurityProvider.

Parameters:

algorithm - the algorithm to be checked

suite - the CipherSuite that uses the given algorithm

isImplementedSignatureAlgorithm

protected boolean isImplementedSignatureAlgorithm(java.lang.String algorithm)

Check if the specified signature algorithm is implemented by this provider.

It should normally not be necessary to override this method. Note that the library uses a caching mechanism to make sure this method is only called once per algorithm and SecurityProvider.

Parameters:

algorithm - the signature algorithm to be checked

getDHPublicKey

protected javax.crypto.interfaces.DHPublicKey getDHPublicKey(java.math.BigInteger y,
                                                             java.math.BigInteger p,
                                                             java.math.BigInteger g)
                                                      throws java.lang.Exception

This method returns a DHPublicKey created from the values: y, p and g. This method only must be implemented if one wants to use Diffie-Hellman cipher suites.

Parameters:

y - the public value y

p - the prime modulus p

g - the base generator g

Returns:

the new created DHPublicKey

Throws:

java.lang.Exception

validateDHPublicKey

protected void validateDHPublicKey(java.math.BigInteger y,
                                   java.math.BigInteger p,
                                   java.math.BigInteger g)
                            throws java.security.InvalidKeyException

Validates the given DHPublicKey. This method checks if the public key value y is within the interval [2,p-2] (see RFC 7919, 5.1: 1 < y < p-1) and the generator (if not null) is in the interval [2,p-2] (see RFC 7919, 5.2; RFC 2631, 2.1.5).

Parameters:

y - the public value y

p - the prime modulus p

g - the base generator g, maybe null if we are on the server side and have to validate the client public value only received in the ClientKeyExchange message

Throws:

java.security.InvalidKeyException - if the DH key is supposed to be a weak key

getDHPrivateKey

protected javax.crypto.interfaces.DHPrivateKey getDHPrivateKey(java.math.BigInteger x,
                                                               java.math.BigInteger p,
                                                               java.math.BigInteger g)
                                                        throws java.lang.Exception

This method returns a DHPrivateKey created from the values: x, p and g. This method only must be implemented if one wants to use Diffie-Hellman cipher suites.

Parameters:

x - the private value x

p - the prime modulus p

g - the base generator g

Returns:

the new created DHPrivateKey

Throws:

java.lang.Exception

getRSAPublicKey

protected java.security.interfaces.RSAPublicKey getRSAPublicKey(java.math.BigInteger modulus,
                                                                java.math.BigInteger publicExponent)
                                                         throws java.lang.Exception

This method returns a RSAPublicKey created from the values: modulus and publicExponent. This method only must be implemented if one wants to use exportable RSA cipher suites.

Parameters:

modulus - the modulus

publicExponent - the public exponent

Returns:

the new created RSAPublicKey

Throws:

java.lang.Exception

getX509Certificate

protected java.security.cert.X509Certificate getX509Certificate(byte[] array)
                                                         throws java.lang.Exception

This method returns a X509Certificate created from a DER encoded byte array.

Parameters:

array - a X509Certificate as DER encoded byte array

Returns:

the created X509Certificate

Throws:

java.lang.Exception

getX509Certificate

public java.security.cert.X509Certificate getX509Certificate(java.io.InputStream is)
                                                      throws java.lang.Exception

This method parses a DER encoded X509Certificate from an input stream.

Parameters:

is - the stream from which to read the certifictae

Returns:

the created X509Certificate

Throws:

java.lang.Exception

getX509Certificates

public java.security.cert.X509Certificate[] getX509Certificates(byte[] pkiPath)
                                                         throws java.lang.Exception

This method creates a X.509 certificate array from a DER encoded PKI path as used by the TLS extension client_certificate_ URL (RFC 4366). A PKI path is defined as ASN.1 sequence of certificates:

 PkiPath ::= SEQUENCE OF Certificate
 

Note that the certificates in a PKI path are ordered in a way that the client certificate is located at index [n-1]. However TLS expects certificates in reverse order (client certificate at index 0). For that reason this method may have to reverse the order of the certificates parsed from the PKI path.

AttentionThis method uses a CertificateFactory for parsing the PKI path. For that reason this method only will return a reasonable result if the CertficateFactory is able to parse a PKI path.

Parameters:

pkiPath - the DER encoded PKI path holding a SEQUENCE of certificates

Returns:

an array holding the certificates parsed from the PKI path; the array has to be ordered according subject-issuer relationship and has to contain the client certificate at index 0

Throws:

java.lang.Exception - if the certificates cannot be parsed from the PKI path

createPkiPath

public byte[] createPkiPath(java.security.cert.X509Certificate[] certificates)
                     throws java.lang.Exception

Creates a DER encoded PKI path from the given (client) certificate chain.
A PKI path is defined as ASN.1 sequence of certificates:

 PkiPath ::= SEQUENCE OF Certificate
 

Note that the certificates in a PKI path are ordered in a way that the client certificate is located at index (n-1). However, TLS uses certificates in reverse order (client certificate at index 0). Thus, before creating the pki path, this method first may have to order the certificates in a way that the client certificate is located at index [n-1].

Attention! This method returns null in any case since PKI path encoding cannot be implemented in a provider independent way.

Parameters:

certificates - the (client) certificate chain from which to create the pki path

Returns:

the DER encoded pki path containing the client certificate at index [n-1]; this implementation returns null in any case

Throws:

java.lang.Exception - if the PKI path cannot be created

checkExtendedKeyUsage

public boolean checkExtendedKeyUsage(java.security.cert.X509Certificate cert,
                                     boolean clientAuth)
                              throws java.security.cert.CertificateException

Checks if the ExtendedKeyUsage of the given client/server certificate enables the certificate for client/server authentication.
This method returns true in any case because the general JCA X509Certificate class does not support ExtendedKeyUsage checks. The IaikProvider implements this method for the IAIK-JCE crypto provider. You may override this method if you want to use another JCA provider.

Parameters:

cert - the certificate to be checked

clientAuth - true if the certificate shall be used for client authentication, false if it shall be used for server authentication

Returns:

true in any case because the general JCA X509Certificate class does not support ExtendedKeyUsage checks

Throws:

java.security.cert.CertificateException - if an error occurs when parsing the ExtendedKeyUsage extension

loadKeyStore

public java.security.KeyStore loadKeyStore(java.lang.String keyStoreFile,
                                           char[] keyStorePassword,
                                           java.lang.String keyStoreType,
                                           java.lang.String keyStoreProvider)
                                    throws java.lang.Exception

Loads a KeyStore from the given file protected with the given password.

Parameters:

keyStoreFile - the name of the KeyStore file

keyStorePassword - the KeyStore password

keyStoreType - the KeyStore type

keyStoreProvider - the KeyStore provider

Returns:

the KeyStore just loaded

Throws:

java.lang.Exception - if an error occurs when loading the KeyStore

loadKeyStore

public java.security.KeyStore loadKeyStore(java.lang.String keyStoreFile,
                                           char[] keyStorePassword,
                                           java.lang.String keyStoreType,
                                           java.security.Provider keyStoreProvider)
                                    throws java.lang.Exception

Loads a KeyStore from the given file protected with the given password.

Parameters:

keyStoreFile - the name of the KeyStore file

keyStorePassword - the KeyStore password

keyStoreType - the KeyStore type

keyStoreProvider - the KeyStore provider

Returns:

the KeyStore just loaded

Throws:

java.lang.Exception - if an error occurs when loading the KeyStore

getPrincipal

protected java.security.Principal getPrincipal(byte[] array)
                                        throws java.lang.Exception

This method returns a Principal created from a DER encoded byte array. A Principal represents an ASN.1 Distinguished Name (DN) as used as subject of issuer of an X.509 certificate. This method is the opposite of getEncodedPrincipal).

Parameters:

array - a Distinguished Name (Principal) as DER encoded byte array

Returns:

the created Name (Principal)

Throws:

java.lang.Exception

getEncodedPrincipal

protected byte[] getEncodedPrincipal(java.security.Principal principal)

This method returns a DER encoded Name (Principal). A Principal represents an ASN.1 Distinguished Name (DN) as used as subject of issuer of an X.509 certificate. This method is the opposite of getPrincipal).

Parameters:

principal - the Distinguished Name (Principal) to encode

Returns:

the Name (Principal) as DER encoded byte array

getMessageDigest

protected java.security.MessageDigest getMessageDigest(java.lang.String algorithm)
                                                throws java.lang.Exception

This method returns the desired MessageDigest object. iSaSiLk makes use of the following algorithms:

• "SHA" (i.e. "SHA1")
• "MD5"
• "SHA256"
• "SHA384"
• "SHA512"

Parameters:

algorithm - the name of the algorithm

Throws:

java.lang.Exception

getMac

protected javax.crypto.Mac getMac(java.lang.String algorithm,
                                  java.security.Key key)
                           throws java.lang.Exception

This method returns the desired HMAC object. These are required for TLS. If your provider is never to be used with TLS you can return null here (not recommended though). iSaSiLk makes use of the following algorithms:

• "HmacMD5"
• "HmacSHA1"
• "HmacSHA224"
• "HmacSHA256"
• "HmacSHA384"
• "HmacSHA512"

Parameters:

algorithm - the name of the algorithm

Throws:

java.lang.Exception

getMacLength

public int getMacLength(javax.crypto.Mac mac)

getSignature

protected java.security.Signature getSignature(java.lang.String algorithm,
                                               int mode,
                                               java.security.Key key,
                                               java.security.SecureRandom random)
                                        throws java.lang.Exception

This method returns the desired Signature object.

Parameters:

algorithm - the name of the signature algorithm

mode - the initialization mode, either SIGNATURE_NONE, SIGNATURE_SIGN or SIGNATURE_VERIFY indicating whether to not initialize the signature engine at all, or to initialize it for signing or verifying with the given key

key - the key to be used to initialize the Signature engine

random - the SecureRandom to be set for the Signature engine

Returns:

the (maybe initialized) Signature engine

Throws:

java.lang.Exception

getSignature

protected java.security.Signature getSignature(java.lang.String algorithm,
                                               int mode,
                                               java.security.Key key,
                                               java.security.SecureRandom random,
                                               java.security.spec.AlgorithmParameterSpec paramSpec)
                                        throws java.lang.Exception

This method returns the desired Signature object.

Parameters:

algorithm - the name of the signature algorithm

mode - the initialization mode, either SIGNATURE_NONE, SIGNATURE_SIGN or SIGNATURE_VERIFY indicating whether to not initialize the signature engine at all, or to initialize it for signing or verifying with the given key

key - the key to be used to initialize the Signature engine

random - the SecureRandom to be set for the Signature engine

paramSpec - the AlgorithmParameterSpec object (may be null) to be set for the Signature engine

Returns:

the (maybe initialized) Signature engine

Throws:

java.lang.Exception

calculateRawSignature

protected byte[] calculateRawSignature(java.lang.String algorithm,
                                       byte[] hash,
                                       java.security.Key key,
                                       java.security.SecureRandom random,
                                       java.security.spec.AlgorithmParameterSpec paramSpec)
                                throws java.lang.Exception

This method uses a "eraw"e signature engine to calculate the signature value from the given hash value.

Parameters:

algorithm - the name of the signature algorithm ("eRawRSASSA-PSS"e, "eRawDSA"e, "eRawECDSA"e)

key - the key to be used to initialize the Signature engine

random - the SecureRandom to be set for the Signature engine

paramSpec - the AlgorithmParameterSpec object (may be null) to be set for the Signature engine

Returns:

the calculated signature value

Throws:

java.lang.Exception

calculateRawSignature

protected byte[] calculateRawSignature(java.lang.String algorithmName,
                                       byte[] dataToBeSigned,
                                       java.security.PrivateKey key,
                                       java.security.SecureRandom random)
                                throws java.lang.Exception

Calculate the raw RSA PKCS#1v1.5 signature. The provided data to be signed is the data provided to the underlying RSA PKCS#1v1.5 encryption scheme. Here, the data to be signed is the concatenation of the MD5 and Sha-1 hashes. The library uses this method for all RSA PKCS#1v1.5 signatures; i.e. authentication of the server and the client. The default For example, an extension of this class may override this method to do client authentication using a smart card.

Parameters:

algorithmName - The algorithm name; e.g. ALG_CIPHER_RSA_SIGN.

dataToBeSigned - This is the data input for the underlying crypto algorithm; e.g. the digest info object or the concatenation of the MD5 and Sha-1 hashes.

key - The signature key.

random - The random source to use, if random data is required.

Returns:

The signature value.

Throws:

java.lang.Exception - If calculating the signature value fails.

verifyRawSignature

protected boolean verifyRawSignature(java.lang.String algorithmName,
                                     byte[] dataToBeSigned,
                                     byte[] signature,
                                     java.security.PublicKey key)
                              throws java.lang.Exception

Verify the provided RSA PKCS#1v1.5 signature. The provided data to be signed is the data provided to the underlying RSA PKCS#1v1.5 encryption scheme. Here, the data to be signed is the concatenation of the MD5 and Sha-1 hashes. The library uses this method for all RSA PKCS#1v1.5 signatures; i.e. authentication of the server and the client. For example, an extension of this class may override this method to do client authentication using a smart card or HSM.

Parameters:

algorithmName - The algorithm name; e.g. ALG_CIPHER_RSA_VERIFY.

dataToBeSigned - This is the data input for the underlying crypto algorithm; e.g. the digest info object or the concatenation of the MD5 and Sha-1 hashes.

signature - The signature value to verify.

key - The verification key.

Returns:

True, if the signature value was verified, false otherwise.

Throws:

java.lang.Exception - If verifying the signature value fails.

getRSAPssParameterSpec

protected java.security.spec.AlgorithmParameterSpec getRSAPssParameterSpec(java.lang.String hashAlgName)
                                                                    throws java.lang.Exception

Creates a RSA-PSS AlgorithmParameterSpec from the given hash algorithm name.

Parameters:

hashAlgName - the name of the hash algorithm

Returns:

the RSA PSSParameterSpec

Throws:

java.lang.Exception - if the RSA PSSParameterSpec cannot be created (e.g. if a JDK version < 1.4 is used)

checkCertSignatureAlgorithm

public boolean checkCertSignatureAlgorithm(java.security.cert.X509Certificate cert,
                                           SignatureAndHashAlgorithmList signatureAlgorithmsCertList)

Checks if the signature algorithm of the given certificate complies with the given signature algorithms list of the SignatureAlgorithmsCert extension.

Parameters:

cert - the certificate

signatureAlgorithmsCertList - the signature algorithms list of the SignatureAlgorithmsCert extension

Returns:

true if the algorithm the certificate is signed with is contained in the given signature algorithms list, or the signature algorithms list is null, false if it is not contained

checkCertSignatureAlgorithm

public boolean checkCertSignatureAlgorithm(java.security.cert.X509Certificate[] certChain,
                                           SignatureAndHashAlgorithmList signatureAlgorithmsCertList)

Checks if the signature algorithms of the given certificate chain comply with the given signature algorithms list of the SignatureAlgorithmsCert extension.
Self-signed certificates at the last index of the chain are out of scope and therefore not checked.

Parameters:

certChain - the certificate chain

signatureAlgorithmsCertList - the signature algorithms list of the SignatureAlgorithmsCert extension

Returns:

true if the algorithms the certificates are signed with are contained in the given signature algorithms list, or the signature algorithms list is null, false if any of the signature algorithms is not contained

checkCertSignatureAlgorithm

public boolean checkCertSignatureAlgorithm(java.security.cert.X509Certificate[] certChain,
                                           int len,
                                           SignatureAndHashAlgorithmList signatureAlgorithmsCertList)

Checks if the signature algorithms of the given certificate chain comply with the given signature algorithms list of the SignatureAlgorithmsCert extension.
This method only checks up to len certificates of the certificate chain. If len is -1 this method checks all certificates of the given chain except for self-signed certificates at the last index of the chain.

Parameters:

certChain - the certificate chain

len - number of certs that shall be checked or -1 if all certificates shall be checked except for self-signed certificates at the last index of the chain

signatureAlgorithmsCertList - the signature algorithms list of the SignatureAlgorithmsCert extension

Returns:

true if the algorithms the certificates are signed with are contained in the given signature algorithms list, or the signature algorithms list is null, false if any of the signature algorithms is not contained

getSignatureAlgorithms

public SignatureAndHashAlgorithmList getSignatureAlgorithms(java.security.cert.X509Certificate cert,
                                                            int certificateType)

Gets the signature algorithm list that can be used with the given certificate for the given certificate type.

Parameters:

cert - the certificate

certificateType - the certificate type

Returns:

the signature algorithm list; may be empty if the given certificate cannot be used for the given certificate type

getSignatureAlgorithms

public SignatureAndHashAlgorithmList getSignatureAlgorithms(java.security.cert.X509Certificate cert,
                                                            int certificateType,
                                                            int version)

Gets the signature algorithm list that can be used with the given certificate for the given certificate type and protocol version.

Parameters:

cert - the certificate

certificateType - the certificate type

version - the protocol version

Returns:

the signature algorithm list; may be empty if the given certificate cannot be used for the given certificate type

canBeUsedWithKey

public boolean canBeUsedWithKey(SignatureAndHashAlgorithm signatureAlgorithm,
                                java.security.Key key)

Checks if the given SignatureAndHashAlgorithm can be used with the given key.

Parameters:

signatureAlgorithm - the signature algorithm

key - the key

Returns:

true if the SignatureAndHashAlgorithm can be used with the given key, false otherwise

canBeUsedWithKey

public boolean canBeUsedWithKey(SignatureAndHashAlgorithm signatureAlgorithm,
                                java.security.PublicKey publicKey)

Checks if the given SignatureAndHashAlgorithm can be used with the given public key.

Parameters:

signatureAlgorithm - the signature algorithm

publicKey - the public key

Returns:

true if the SignatureAndHashAlgorithm can be used with the given key, false otherwise

canBeUsedWithKey

public boolean canBeUsedWithKey(SignatureAndHashAlgorithm signatureAlgorithm,
                                java.security.PrivateKey privateKey)

Checks if the given SignatureAndHashAlgorithm can be used with the given private key.

Parameters:

signatureAlgorithm - the signature algorithm

privateKey - the private key

Returns:

true if the SignatureAndHashAlgorithm can be used with the given key, false otherwise

canBeUsedWithKey

public boolean canBeUsedWithKey(SignatureAndHashAlgorithmList signatureAlgorithms,
                                java.security.PublicKey publicKey)

Checks if the given SignatureAndHashAlgorithm list can be used with the given public key.

Parameters:

signatureAlgorithms - the signature algorithm list

publicKey - the public key

Returns:

true if the SignatureAndHashAlgorithm list can be used with the given key, false otherwise

canBeUsedWithVersion

public boolean canBeUsedWithVersion(SignatureAndHashAlgorithm sigantureScheme,
                                    int version)

Checks if the given signature scheme can be used with the given version.
Only meaningful for TLS versions >= TLS 1.3.

Parameters:

sigantureScheme - the signature scheme

version - the protocol version

Returns:

true if the signature scheme can be used with the version, false otherwise

getCipher

protected javax.crypto.Cipher getCipher(java.lang.String algorithm,
                                        int mode,
                                        java.security.Key key,
                                        java.security.spec.AlgorithmParameterSpec param,
                                        java.security.SecureRandom random)
                                 throws java.lang.Exception

This method returns the desired Cipher object. iSaSiLk makes use of the following algorithms:

• "RSA/ECB/PKCS1Padding/xxx" (see note above)
• "RC4/ECB/NoPadding"
• "RC2/CBC/NoPadding"
• "IDEA/CBC/NoPadding"
• "DES/CBC/NoPadding"
• "DESede/CBC/NoPadding"

The symmetric ciphers shall explain themselves.

RSA/ECB/PKCS1Padding means RSA en/decryption with padding as defined in PKCS#1 1.5 where the padding block type is automatically selected based on the type of key used (block type 1 for signature operations, block type 2 for encryption operations). This cipher will be always used the same way (other methods need not to be implemented!):

 Cipher rsa = provider.getCipher("RSA/ECB/PKCS1Padding/...", ...);
 crypted = rsa.doFinal(plain);
 

If the mode parameter is CIPHER_ENCRYPT or CIPHER_DECRYPT the cipher object is to be initialized with the provided key in the respective mode.

Throws:

java.lang.Exception

aeadEncrypt

protected int aeadEncrypt(javax.crypto.Cipher cipher,
                          javax.crypto.SecretKey key,
                          byte[] in,
                          int inOff,
                          int inLen,
                          byte[] out,
                          int outOff,
                          byte[] aad,
                          byte[] nonce,
                          int macSize,
                          java.security.SecureRandom random)
                   throws java.lang.Exception

Uses the given cipher to AEAD encrypt the given data with the given key.

AEAD (authenticated encryption with additional data) cipher suites have been introduced by TLS 1.2 (RFC 5246). They do not require a separate mac calculation because data integrity is already ensured during AEAD encryption.
AEAD is specified in RFC 5116, AES Galois Counter Mode (GCM) Cipher Suites for TLS are specified in RFC 5288, and Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM) are specified in RFC 5289.

The AEAD (write) Cipher object for this method has been created by a previous call to method getCipher and is used throughout the entire TLS session with some specific peer. However, with any call of this method the Cipher has to be initialized anew with the given key. This has to be done inside the method because the AEAD parameters built from given additional authentication data, nonce and mac size may depend on the JCA provider that is used for encryption. After initializing the Cipher the required update and/or doFinal calls have to be made to encrypt inLen data bytes from the in array and write the encrypted data to the out array, starting at offset outOff. The output data shall consist of the encrypted data and (followed by) the authentication tag: encrypted data || mac.

The default implementation of this method throws an exception since a provider independent AEAD API (parameter classes) was not available before Java 7.

Parameters:

cipher - the AEAD (GCM) Cipher object to be used for encryption

key - the cipher key to be used for initializing the Cipher

inOff - the offset indicating the start of the message data in the in byte array

inLen - the number of bytes to encrypt

out - the array to which to write the encrypted message

outOff - the offset indicating the start position in the out byte array

aad - the additional authentication data (not (!) cloned)

nonce - the nonce (not (!) cloned)

macSize - the size of the mac (authentication tag)

random - the SecureRandom that may be used when random numbers are required

Returns:

the number of bytes that are written to the out byte array

Throws:

java.lang.Exception - if an error occurs during encryption

aeadDecrypt

protected int aeadDecrypt(javax.crypto.Cipher cipher,
                          javax.crypto.SecretKey key,
                          byte[] in,
                          int inOff,
                          int inLen,
                          byte[] out,
                          int outOff,
                          byte[] aad,
                          byte[] nonce,
                          int macSize)
                   throws java.lang.Exception

Uses the given cipher to AEAD decrypt the given encrypted data with the given key.

AEAD (authenticated encryption with additional data) cipher suites have been introduced by TLS 1.2 (RFC 5246). They do not require a separate mac calculation because data integrity is already ensured during AEAD encryption.
AEAD is specified in RFC 5116, AES Galois Counter Mode (GCM) Cipher Suites for TLS are specified in RFC 5288, and Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM) are specified in RFC 5289.

The AEAD (read) Cipher object for this method has been created by a previous call to method getCipher and is used throughout the entire TLS session with some specific peer. However, with any call of this method the Cipher has to be initialized anew with the given key. This has to be done inside the method because the AEAD parameters built from given additional authentication data, nonce and mac size may depend on the JCA provider that is used for decryption. After initializing the Cipher the required update and/or doFinal calls have to be made to decrypt inLen data bytes from the in array and write the decrypted data to the out array, starting at offset outOff. The input data contains the encrypted data and the authentication tag: encrypted data || mac. For that reason an implementation of this method may first parse the authentication tag from the in array (if, e.g., required as parameter for Cipher initialization) or may pass the whole in data as it is to the Cipher update, doFinal calls (and let the Cipher take care from getting the authentication tag), depending on the specific JCA provider implementation.

The default implementation of this method throws an exception since a provider independent AEAD API (parameter classes) was not available before Java 7.

Parameters:

cipher - the AEAD (GCM) Cipher object to be used for encryption

key - the cipher key to be used for intializing the Cipher

inOff - the offset indicating the start of the message data in the in byte array

inLen - the number of bytes to encrypt

out - the array to which to write the encrypted message

outOff - the offset indicating the start position in the out byte array

aad - the additional authentication data (not (!) cloned)

nonce - the nonce (not (!) cloned)

macSize - the size of the mac (authentication tag)

Returns:

the number of bytes that are written to the out byte array

Throws:

java.lang.Exception - if an error occurs during encryption

getKeyPairGenerator

protected java.security.KeyPairGenerator getKeyPairGenerator(java.lang.String algorithm)
                                                      throws java.lang.Exception

Returns a KeyPairGenerator for the requested algorithm.

This method is only called to generate temporary RSA keys of 512 or 1024 bit if those are required for an export cipher and you have not set any in the SSLServerContext.

Throws:

java.lang.Exception

getKeyGenerator

protected javax.crypto.KeyGenerator getKeyGenerator(java.lang.String algorithm)
                                             throws java.lang.Exception

Returns a KeyGenerator for the requested algorithm.

This method is only called by an iSaSiLk server to generate session ticket encryption and mac keys if they have not been explicitly specified for a SessionTicket extension (or have to be renewed within a certain time interval).

Parameters:

algorithm - the key algorithm

Returns:

the KeyGenerator for the requested algorithm

Throws:

java.lang.Exception - if the KeyGenerator instance cannot be created

getAlgorithmParameterGenerator

public java.security.AlgorithmParameterGenerator getAlgorithmParameterGenerator(java.lang.String algorithm)
                                                                         throws java.lang.Exception

Returns an AlgorithmParameterGenerator for the requested algorithm.

This method is only called to generate temporary domestic DH parameters if DH parameter scheduling is enabled.

Parameters:

algorithm - the parameter algorithm

Returns:

the AlgorithmParameterGenerator for the requested algorithm

Throws:

java.lang.Exception - if the AlgorithmParameterGenerator instance cannot be created

getSecureRandom

protected java.security.SecureRandom getSecureRandom()

Returns a new instance of a SecureRandom number generator. This can be the original java.security.SecureRandom or a better generator if available (as when using IAIK JCE).

generateMasterSecret

public byte[] generateMasterSecret(byte[] preMasterSecret,
                                   byte[] clientHelloRandom,
                                   byte[] serverHelloRandom,
                                   int version)
                            throws java.lang.Exception

Deprecated. use method generateMasterSecret(byte[], byte[], byte[], int, String)

Creates the master secret from the pre master secret. This method is called for TLS/SSL versions <= TLS 1.2.

Parameters:

preMasterSecret - the premaster secret

clientHelloRandom - the random from the client hello

serverHelloRandom - the random from the server hello

version - the active protocol version

Throws:

SSLException - if the master secret cannot be generated

java.lang.Exception

generateMasterSecret

public byte[] generateMasterSecret(byte[] preMasterSecret,
                                   byte[] clientHelloRandom,
                                   byte[] serverHelloRandom,
                                   int version,
                                   java.lang.String prfDigestAlg)
                            throws java.lang.Exception

Creates the master secret from the pre master secret.

Parameters:

preMasterSecret - the premaster secret

clientHelloRandom - the random from the client hello

serverHelloRandom - the random from the server hello

version - the active protocol version

prfDigestAlg - the digest algorithm (default: "SHA256") used for TLS 1.2 PRF algorithm

Throws:

SSLException - if the master secret cannot be generated

java.lang.Exception

generateExtendedMasterSecret

public byte[] generateExtendedMasterSecret(byte[] preMasterSecret,
                                           byte[] handshakeHash,
                                           int version,
                                           java.lang.String prfDigestAlg)
                                    throws java.lang.Exception

Creates an extended the master secret according to RFC 7627.

Parameters:

preMasterSecret - the premaster secret

handshakeHash - the hash of the handshake messages up to ClientKeyExchange (inclusive)

version - the active protocol version

prfDigestAlg - the digest algorithm (default: "SHA256") used for TLS 1.2 PRF algorithm

Throws:

SSLException - if the master secret cannot be generated

java.lang.Exception

getTLSServerName

protected java.lang.String[] getTLSServerName(java.security.cert.X509Certificate serverCert)

Returns the TLS server name(s) from the certificate. This method is used by the default ChainVerifier to check if the server name matches the name in the certificate. The default implementation tries to parse the server name from the commonName attribute (cn) -- if included -- of the subjectDN of the certificate, but does not look at the SubjectAltName extension.

Parameters:

serverCert - the cert from which to get the server name(s)

Returns:

the commonName attribute of the subjectDN of the certificate or null if no commonName attribute is included

getTLSServerName

public ServerName[] getTLSServerName(int nameType,
                                     java.security.cert.X509Certificate serverCert)

Gets the TLS server name(s) from the given certificate. In contrast to method getTLSServerName(X509Certificate) which returns the server name(s) as String(s), this method return(s) the server name(s) as instances of class ServerName.
The ServerName structure has been introduced by RFC 4366 (TLS Extensions). It maybe sent within a Server Name Indication extension from the client to the server to help the server to select a certificate in accordance with the server name(s) received from the client (see RFC 4366):

   struct {
       NameType name_type;
       select (name_type) {
           case host_name: HostName;
       } name;
   } ServerName;
 
   enum {
       host_name(0), (255)
   } NameType;
 
   opaque HostName<1..2^16-1>;
   
   struct {
       ServerName server_name_list<1..2^16-1>
   } ServerNameList;
 

Each ServerName in the list consists of a type and a name. Currently only one type HostName is defined by RFC 4366. It represents the UTF-8 encoded DNS host name of the server. Other name types may be added in the future.
The iSaSiLk default ServerName implementation generally does not interpret the name type and expects that a name is encoded according to the UTF-8 syntax. If you want to support (or especially interpret) other name types, or if you want to implement full IDNA naming comparison, you may write your own ServerName class and override the corresponding getTLSServerName SecurityProvider methods to use your ServerName implementation.

This method tries to build TLS ServerNames from name information that may be included in a X.509 certificate. It is used by iSaSiLk for mapping server credentials to server names.

Parameters:

nameType - the type of the server name (currently only HostName) is specified

serverCert - the certificate of the server

Returns:

the server name(s) contained in the server certificate; an empty array indicates that no server name was found in the certificate; null signals to the ChainVerifier that this operation is not supported.

getTLSServerName

public ServerName getTLSServerName(int nameType,
                                   byte[] encodedServerName)

Creates a ServerName from the given (UTF-8) encoded server name.
The ServerName structure has been introduced by RFC 4366 (TLS Extensions). It maybe sent within a Server Name Indication extension from the client to the server to help the server to select a certificate in accordance with the server name(s) received from the client (see RFC 4366):

   struct {
       NameType name_type;
       select (name_type) {
           case host_name: HostName;
       } name;
   } ServerName;
 
   enum {
       host_name(0), (255)
   } NameType;
 
   opaque HostName<1..2^16-1>;
   
   struct {
       ServerName server_name_list<1..2^16-1>
   } ServerNameList;
 

Each ServerName in the list consists of a type and a name. Currently only one type HostName) is defined by RFC 4366. It represents the UTF-8 encoded DNS host name of the server. Other name types may be added in the future.
The iSaSiLk default ServerName implementation generally does not interpret the name type and expects that a name is encoded according to the UTF-8 syntax. If you want to support (or especially interpret) other name types and/or encoding formats, or if you want to implement full IDNA naming comparison, you may write your own ServerName class and override the corresponding getTLSServerName SecurityProvider methods to use your ServerName implementation.

The encodedServerName provided to this method does not represent the full TLS encoded server name struct (including name type and name), rather it represents the encoded name component (without the name type) only. Thus for the HostName type, encodedServerName is the UTF-8 encoded server name.

Parameters:

nameType - the type of the server name (currently only HostName) is specified

encodedServerName - the UTF-8 encoded server name

Returns:

the (decoded) ServerName object

getTLSServerName

public ServerName getTLSServerName(int nameType,
                                   java.lang.String name)
                            throws java.lang.Exception

Creates a ServerName from the given server name string.
The ServerName structure has been introduced by RFC 4366 (TLS Extensions). It maybe sent within a Server Name Indication extension from the client to the server to help the server to select a certificate in accordance with the server name(s) received from the client (see RFC 4366):

   struct {
       NameType name_type;
       select (name_type) {
           case host_name: HostName;
       } name;
   } ServerName;
 
   enum {
       host_name(0), (255)
   } NameType;
 
   opaque HostName<1..2^16-1>;
   
   struct {
       ServerName server_name_list<1..2^16-1>
   } ServerNameList;
 

Each ServerName in the list consists of a type and a name. Currently only one type HostName) is defined by RFC 4366. It represents the UTF-8 encoded DNS host name of the server. Other name types may be added in the future.
The iSaSiLk default ServerName implementation supports the HostName type. If you want to support (or especially interpret) other name types and/or encoding formats, or if you want to implement full IDNA naming comparison, you may write your own ServerName class and override the corresponding getTLSServerName SecurityProvider methods to use your ServerName implementation.

Parameters:

nameType - the type of the server name (currently only HostName) is specified

name - the server name as String

Returns:

the ServerName object created from the String name

Throws:

java.lang.Exception - if an error occurs when creating the ServerName

calculateTrustedAuthorityIdentifier

public byte[] calculateTrustedAuthorityIdentifier(int type,
                                                  java.security.cert.X509Certificate certificate)
                                           throws java.lang.Exception

Calculates a TrustedAuthority identifier of the given type from the given certificate.

The identifier type has to be one of the following (see RFC 4366):

1. pre_agreed: does not provide any identification information about the CA root key
2. key_sha1_hash: the CA root key is identified by a SHA-1 hash of the public key. For DSA and ECDSA keys the hash is calculated from the subjectPublicKey field, for RSA keys the hash is calculated from the big-endian byte representation of the modulus (without leading 0-bytes) (see RFC 4366).
3. x509_name: the CA root key is identified by the DER encoded distinguished name of the CA
4. cert_sha1_hash: the CA root key is identified by the SHA-1 hash of the DER encoded CA certificate

This general SecurityProvider implementation can calculate identifiers of type pre_agreed (for which an empty byte array is returned) and cert_sha1_hash. A key_sha1_hash identifier can only be calculated for a RSA certificate (since ASN.1 parsing routines are required for other key types). An x509_name cannot be calculated because method getEncodedPrincipal cannot be supported by a general SecurityProvider implementation.

Parameters:

type - the identifier type; PRE_AGREED (0), KEY_SHA1_HASH (1), KEY_X509_NAME (2), or CERT_SHA1_HASH (3)

certificate - the certificate from which to calculate the identifier

Returns:

the identifier, or null if the identifier type is key_sha1_hash and the given certificate is not a RSA certificate or the identifier type is x509_name (which cannot be handled by a general SecurityProvider)

Throws:

java.lang.IllegalArgumentException - if identifierType is invalid (not PRE_AGREED (0), KEY_SHA1_HASH (1), KEY_X509_NAME (2), or CERT_SHA1_HASH (3)), or the given certificate is null

java.lang.Exception - if an error occurs while calculating the identifier

createCertStatusRequest

public byte[] createCertStatusRequest(int statusType)
                               throws java.lang.Exception

Creates a status request to be sent within a status_request extension.
This method is called if the application does not specify a status request when creating a CertificateStatusRequest extension.

The byte array returned by this method must contain the TLS encoded request field of the CertificateStatusRequest structure (see RFC 4366):

  struct {
    CertificateStatusType status_type;
        select (status_type) {
            case ocsp: OCSPStatusRequest;
        } request;
    } CertificateStatusRequest;

    enum { ocsp(1), (255) } CertificateStatusType;

    struct {
        ResponderID responder_id_list<0..2^16-1>;
        Extensions  request_extensions;
    } OCSPStatusRequest;

    opaque ResponderID<1..2^16-1>;
    opaque Extensions<0..2^16-1>;
 

Currently only one status type, ocsp is specified (see RFC 4366). Since OCSP cannot be handled in a global, provider independent way, this method returns null in any case indicating that creation of status requests is not supported by this general SecurityProvider implementation. You may use the IAIK-JCE based IaikProvider implementation (enabled by default) which supports OCSP cert status request management.

Parameters:

statusType - the status type

Returns:

the TLS encoded status request or null if this certificate status request creation os not supported by the SecurityProvider implementation

Throws:

java.lang.Exception - if an error occurs when creating the status request

encodeURL

public byte[] encodeURL(java.lang.String certificateURL)
                 throws java.lang.Exception

Encodes the given client certificate url. A client certificate url may be sent to the server to indicate from where the server may download the client certificate(s). Client certificate url usage maybe negotiated by means of the client_certificate_url extension. This method simply UTF-8 encodes the given url string.

Parameters:

certificateURL - the client certificate url to be enoded

Returns:

the encoded client certificate url

Throws:

java.lang.Exception - if an exception occurs while encoding the url

decodeURL

public java.lang.String decodeURL(byte[] encodedCertificateURL)
                           throws java.lang.Exception

Decodes an encoded client certificate url. A client certificate url may be sent by the client to indicate the server from where it may download the client certificate(s). Client certificate url usage maybe negotiated by means of the client_certificate_url extension. This method simply UTF-8 decodes the given encoded url.

Parameters:

encodedCertificateURL - the encoded client certificate url to be deoded

Returns:

the client certificate url as String

Throws:

java.lang.Exception - if an exception occurs while encoding the url

deriveKey

public javax.crypto.SecretKey deriveKey(java.lang.String algorithm,
                                        char[] password,
                                        byte[] salt,
                                        int iterationCount,
                                        int keyLen,
                                        java.lang.String keyName,
                                        java.security.SecureRandom random)
                                 throws java.lang.Exception

Uses the specified key derivation function to derive a key from the given password. This method only is used by the DefaultPSKManager to derive a key from a password for pbe protected storing the contents of the psk manager. The default implementation of this method returns null. The IaikProvider implements this method for the IAIK-JCE crypto provider. You may override this method if you want to use your self-designed SecurityProvider. However, note that this method is NOT required for the normal SSL/TLS protocol working, even if PSK cipher suites are used. It is only required if you are using the DefaultPSKManager and want to pbe protected store/ read the contents of the manager.

Parameters:

algorithm - the name of key derivation function to be used (e.g. "PBKDF2")

password - the password to be used

salt - the salt value for the key derivation function

iterationCount - the iteration count value for the key derivation function

keyLen - the length of the key to be derived from the password

keyName - the (algorithm) name of the derived key

random - SecureRandom for providing random numbers if required by the key derivation function in use

Returns:

the derived key; null by this default implementation

Throws:

if - an error occurs when generating the key

java.lang.Exception

getKeyLength

public int getKeyLength(java.security.PublicKey pubKey)

Calculates the length of the given public key.

Parameters:

pubKey - the public key for which to calculate the length

Returns:

the length (in bits) of the public key

Throws:

java.lang.IllegalArgumentException - if the public key algorithm is not supported

getKeyLength

public int getKeyLength(java.security.PrivateKey privKey)

Calculates the length of the given private key.

Parameters:

privKey - the public key for which to calculate the length

Returns:

the length (in bits) of the private key

Throws:

java.lang.IllegalArgumentException - if the private key algorithm is not supported

getKeyLength

public int getKeyLength(java.security.Key key)

Calculates the length of the given key.

Parameters:

key - the key for which to calculate the length

Returns:

the length (in bits) of the key

Throws:

java.lang.IllegalArgumentException - if the key type is not supported

checkKeyLength

public void checkKeyLength(java.lang.String algorithm,
                           int keySize)
                    throws java.lang.Exception

Checks the length (size) of the given key.

The key is rejected if its size does not match the defined constraints for the for the key algorithm.
The check is independent from the usage of the key (signing, encryption, certificate key,...).
By the default the key is checked if being smaller than the defined minimum size:

• RSA: 1024
• DSA: 1024
• DH: 1024
• ECC: 192

An application may override this method to disable the key size check or enforce other key size values.

Currently only asymmetric keys are checked of having a proper size; symmetric keys are not checked because they use can be controlled by cipher suite en/disabling. Also local (private or public) keys are not checked, they may be controlled by other means. Thus iSaSiLk calls this method to check the key size of peer public keys when
- parsing the peer certificate chain (for any certificate of the chain) on client or server side
- parsing a server RSA/DH(E)/ECDH(E) key exchange message on the client side

Parameters:

algorithm - the key algorithm

keySize - the key size to be checked

Throws:

java.lang.Exception

checkKeyLength

public void checkKeyLength(java.security.Key key)
                    throws java.lang.Exception

Checks the length (size) of the given key.

The key is rejected if its size does not match the defined constraints for the for the key algorithm.
The check is independent from the usage of the key (signing, encryption, certificate key,...).
By the default the key is checked if being smaller than the defined minimum size:

• RSA: 1024
• DSA: 1024
• DH: 1024
• ECC: 192

An application may override this method to disable the key size check or enforce other key size values.

Currently only asymmetric keys are checked of having a proper size; symmetric keys are not checked because they use can be controlled by cipher suite en/disabling. Also local (private or public) keys are not checked, they may be controlled by other means. Thus iSaSiLk calls this method to check the key size of peer public keys when
- parsing the peer certificate chain (for any certificate of the chain) on client or server side
- parsing a server RSA/DH(E)/ECDH(E) key exchange message on the client side

Parameters:

key - the key to be checked

Throws:

java.lang.Exception

checkCreatedRSAServerKeyExchangeSignature

protected boolean checkCreatedRSAServerKeyExchangeSignature()

Asks whether to check an RSA-CRT key ServerKeyExchange signature immediately after signature creation.
Verification of the RSA signature maybe appropriate as countermeasure against against RSA CRT key leaks (Florian Weimer sept 2015: "Factoring RSA Keys With TLS Perfect Forward Secrecy"). This method returns false in any case since it cannot know if the underlying JCA provider already verifies the RSA signature when created with a CRT key. If you are sure that the underlying JCA provider does not already verify the signature you may override this method to return true

Returns:

false to not verify the RSA server key exchange signature after its creation (believing that the underlying JCA provider already verifies the signature)

continueIfPeerDoesNotSupportSecureRenegotiation

public void continueIfPeerDoesNotSupportSecureRenegotiation(SSLTransport transport,
                                                            boolean renegotiation)
                                                     throws SSLException

Asks whether to continue if the peer does not support secure renegotiation.

This method is called by the library during an (initial or renegotiation) handshake to check if legacy renegotiation is allowed or not when the peer does not support secure renegotiation according to RFC 5746.
By default this method will check the SSLContext configuration and throw an SSLException if legacy renegotiation is not allowed. This means that at the client side an intial handshake with a server that does not send the RenegotiationInfo extension will be aborted immediately with a fatal handshake failure alert. On the server side an initial handshake will also be aborted immediately if the client does not send the RenegotiationInfo extension or SCSV cipher suite value. However, if the server has been configured to use no_renegotiation warnings the initial handshake will be continued and later, if the client tries to renegotiate, this method is called again and (if again) throwing an SSLException a no_renegotiation warning is sent to the client indicating that (legacy) renegotiation is not allowed.

You may override this method if you do not want to use the default behaviour/configuration or, for instance, want to decide on case-by-case basis whether to continue or not. For instance, a client application may pop-up a warning dialag to inform the user that the server did not send the RenegotiationInfo extension (may be only appropriate for expierenced users), or, may maintain a white list with server names for which legacy renegotiation is allowed, e.g.:

 String serverName = transport.getRemotePeerName();
 if ((serverName != null) && (legacyRenegotiationSites_.get(serverName) != null)) {
   transport.debug("Server " + serverName + " did not send RenegotiationInfo extension. Continue anyway.");
 } else {
   throw new SSLException("Server did not send RenegotiationInfo extension.");
 } 
 

Parameters:

transport - the SSLTransport to maybe used for getting information about the remote peer

renegotiation - whether this method is called during an initial or during a renegotiation handshake

Throws:

SSLException - has to be thrown if legacy renegotiation with a peer that does not support secure renegotiation shall not be allowed

encodeECPublicKey

public byte[] encodeECPublicKey(java.security.PublicKey publicKey,
                                SupportedPointFormats supportedPointFormats)
                         throws java.lang.Exception

Encodes the given EC PublicKey according to the Point-To-Octet-String conversion of ANSI X9.62 (1998), section 4.3.6.

The default implementation of this method throws an Exception indicating that encoding of EC public keys is not supported JDK- and provider independently. Use the IAIK ECCelerate^TM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:

publicKey - the public EC key to be encoded

supportedPointFormats - the supported point formats of the peer; or null if the peer did not send a SupportedPointFormats extension (in this case the uncompressed format has to be used)

Returns:

the encoded EC key

Throws:

java.lang.Exception - if an error occurs when encoding the key

decodeECPublicKey

public java.security.PublicKey decodeECPublicKey(byte[] ecPoint,
                                                 SupportedEllipticCurves.NamedCurve curve,
                                                 SupportedPointFormats supportedPointFormats,
                                                 SupportedEllipticCurves supportedEllipticCurves)
                                          throws java.lang.Exception

Decodes the given encoded EC PublicKey according to the Octet-String-to-Point conversion of ANSI X9.62 (1998), section 4.3.7.

This method is called on the client side to decode the public server key contained in an ECDH ServerKeyExchange message received from the server.

The default implementation of this method throws an Exception indicating that decoding of EC public keys is not supported JDK- and provider independently. Use the IAIK ECCelerate^TM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:

ecPoint - the (client) public key ECPoint, encoded according to ANSI X9.62 (1998), section 4.3.6

curve - the curve of the key

supportedPointFormats - the supported point formats sent to the server within the SupportedPointFormats extension; if not null check if the received key corresponds with the supported point formats

supportedEllipticCurves - the supported elliptic curves sent to the server within the SupportedEllipticCurves extension; if not null check if the received curve corresponds with the supported curve list

Returns:

the decoded public EC key

Throws:

java.lang.Exception - if an error occurs when decoding the key

decodeECPublicKey

public java.security.PublicKey decodeECPublicKey(byte[] ecPoint,
                                                 java.security.PrivateKey privateKey,
                                                 SupportedPointFormats supportedPointFormats)
                                          throws java.lang.Exception

Decodes the given encoded EC PublicKey according to the Octet-String-to-Point conversion of ANSI X9.62 (1998), section 4.3.7.

This method is called on the server side to decode the public client key contained in an ECDH ClientKeyExchange message received from the client.

The default implementation of this method throws an Exception indicating that decoding of EC public keys is not supported JDK- and provider independently. Use the IAIK ECCelerate^TM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:

ecPoint - the (client) public key ECPoint, encoded according to ANSI X9.62 (1998), section 4.3.6

privateKey - the private (server) key containing the required domain parameters

supportedPointFormats - the SupportedPointFormats extension sent to the client; if not null check if the received key corresponds with the supported point formats

Returns:

the decoded public EC key

Throws:

java.lang.Exception - if an error occurs when decoding the key

getCurve

public SupportedEllipticCurves.NamedCurve getCurve(java.security.Key ecKey)

Gets the NamedCurve belonging to the given EC key.

The default implementation of this method returns null since curve retrievel is not supported JDK- and provider independently. Use the IAIK ECCelerate^TM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:

ecKey - the EC key for which to get the NamedCurve

Returns:

the NamedCurve of the EC key; null by default since not supported JDK- and provider independently

getCurve

public SupportedEllipticCurves.NamedCurve getCurve(java.security.PublicKey ecPublicKey)

Gets the NamedCurve belonging to the given public EC key.

The default implementation of this method returns null since curve retrievel is not supported JDK- and provider independently. Use the IAIK ECCelerate^TM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:

ecPublicKey - the public EC key for which to get the NamedCurve

Returns:

the NamedCurve of the public EC key; null by default since not supported JDK- and provider independently

getCurveName

public java.lang.String getCurveName(java.security.PublicKey ecPublicKey)

Gets the curve name belonging to the given public EC key.

The default implementation of this method returns null since curve retrievel is not supported JDK- and provider independently. Use the IAIK ECCelerate^TM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:

ecPublicKey - the public EC key for which to get the NamedCurve

Returns:

the curve name of the public EC key; null by default since not supported JDK- and provider independently

getCurve

public SupportedEllipticCurves.NamedCurve getCurve(java.security.PrivateKey ecPrivateKey)

Gets the NamedCurve belonging to the given private EC key.

The default implementation of this method returns null since curve retrievel is not supported JDK- and provider independently. Use the IAIK ECCelerate^TM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:

ecPrivateKey - the private EC key to be encoded

Returns:

the NamedCurve of the public EC key; null by default since not supported JDK- and provider independently

getCurveName

public java.lang.String getCurveName(java.security.PrivateKey ecPrivateKey)

Gets the curve name belonging to the given private EC key.

The default implementation of this method returns null since curve retrievel is not supported JDK- and provider independently. Use the IAIK ECCelerate^TM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:

ecPrivateKey - the private EC key for which to get the NamedCurve

Returns:

the curve name of the private EC key; null by default since not supported JDK- and provider independently

getECPointFormat

public SupportedPointFormats.ECPointFormat getECPointFormat(java.security.PublicKey ecPublicKey)

Gets the ECPointFormat (uncompressed, compressed prime, compressed char2) of the given public EC key.

The default implementation of this method returns null since EC point format checking is not supported JDK- and provider independently. Use the IAIK ECCelerate^TM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:

ecPublicKey - the public EC key for which to get the EC point format

Returns:

the ECPointFormat of the public EC key; null by default since not supported JDK- and provider independently

generateECKeyPair

public java.security.KeyPair generateECKeyPair(SupportedEllipticCurves supportedEllipticCurves,
                                               SupportedPointFormats supportedPointFormats)
                                        throws java.lang.Exception

Generates an EC key pair according to the given list of supported curves.

The default implementation of this method throws an Exception indicating that EC key pair generation is not supported JDK- and provider independently. Use the IAIK ECCelerate^TM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:

supportedEllipticCurves - the supported elliptic curves, maybe null if the client has not sent a SupportedEllipticCurves extension

supportedPointFormats - the supported point formats; if not null maybe used to check if the peer may prefer a char2 curve (if no SupportedEllipticCurves extension has been sent)

Returns:

the new EC KeyPair

Throws:

java.lang.Exception - if an error occurs when generating the EC KeyPair

generateECKeyPair

public java.security.KeyPair generateECKeyPair(java.lang.String name)
                                        throws java.lang.Exception

Generates an EC key pair for the given algorithm/curve name.

The default implementation of this method throws an Exception indicating that EC key pair generation is not supported JDK- and provider independently. Use the IAIK ECCelerate^TM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:

name - the name of the algorithm/curve

Returns:

the new EC KeyPair

Throws:

java.lang.Exception - if an error occurs when generating the EC KeyPair

generateECKeyPair

public java.security.KeyPair generateECKeyPair(java.security.PublicKey serverKey)
                                        throws java.lang.Exception

Generates a key pair with same domain parameters as the given public key for the given key agreement method.

The default implementation of this method throws an Exception indicating that EC key pair generation is not supported JDK- and provider independently. Use the IAIK ECCelerate^TM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:

serverKey - the public key of the server

Returns:

the client key pair with domain parameters matching to those of the supplied server key

Throws:

java.lang.Exception - if an error occurs when creating the key pair

createSharedECDHSecret

public byte[] createSharedECDHSecret(java.security.PrivateKey privateKey,
                                     java.security.PublicKey publicKey)
                              throws java.lang.Exception

Creates a ECDH shared secret based on the given private and public ECDH keys.

Parameters:

privateKey - the private key of the local party (client / server)

publicKey - the public key of the other party (server / client)

Returns:

the shared secret

Throws:

if - an error occurs when calculating the shared secret

java.lang.Exception

getKeyAgreement

public javax.crypto.KeyAgreement getKeyAgreement(java.lang.String algorithm,
                                                 int mode,
                                                 java.security.Key key,
                                                 java.security.spec.AlgorithmParameterSpec params,
                                                 java.security.SecureRandom random)
                                          throws java.lang.Exception

Gets a KeyAgreement object for the given algorithm. iSaSiLk uses a KeyAgreement engine for ECDH based cipher suites.

If the mode parameter is KEYAGREEMENT_INIT the KeyAgreement object is to be initialized with the provided key, parameters (if not null) and random number generator (if not null).

Parameters:

algorithm - the name of the KeyAgreement algorithm (e.g. "ECDH")

mode - the mode deciding whether to initialize (KEYAGREEMENT_INIT) the KeyAgreement or not (KEYAGREEMENT_NONE)

key - the key with which to -- if requested -- init the KeyAgreement object (if not null)

params - the parameters with which to (-- if requested -- init the KeyAgreement object (if not null)

random - the random generator with which to -- if requested -- init the KeyAgreement object (if not null)

Returns:

the KeyAgreement instance

Throws:

java.lang.Exception - if no KeyAgreement instance for the required algorithm is available or initialization of the KeyAgreement object fails

isBinary

public boolean isBinary(java.security.PublicKey ecPublicKey)
                 throws java.lang.Exception

Checks if the curve of the given EC Public Key is binary or prime. The default implementation of this method throws an Exception in any case since it is not possible to determine the underlying field JDK- and provider independently. Use the IAIK ECCelerate^TM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:

ecPublicKey - the EC public key

Throws:

java.lang.Exception - if the key does not represent an EC key or it cannot be determined if the underlying field is prime or binary

checkIfOnSameCurve

public boolean checkIfOnSameCurve(java.security.PublicKey ecdhServerPublicKey,
                                  java.security.PublicKey ecdhClientPublicKey)

Checks if the given public server and client key are on the same elliptic curve. Required for client authentication schemes ECDSA_fixed_ECDH and RSA_fixed_ECDH.

The default implementation of this method returns false in any case since it is not possible to check the curve JDK- and provider independently. Use the IAIK ECCelerate^TM elliptic curve library with its iaik.security.ssl.ECCelerateProvider if you want to support ECC cipher suites.

Parameters:

ecdhServerPublicKey - the ECDH public key of the server

ecdhClientPublicKey - the ECDH public key of the client

Returns:

true if the two keys are on the same curve, false if not. By default this method returns true in any case since ECC curve check is not supported JDK- and provider independently.

isPointFormatSupported

public boolean isPointFormatSupported(SupportedPointFormats.ECPointFormat pointFormat)

Checks if the given ECPointFormat is supported by this SecurityProvider.

Parameters:

pointFormat - the ECPointFormat to be checked

Returns:

true if the given ECPointFormat is supported, false if it is not supported. By default this method returns false in any case since EC point format check is not supported JDK- and provider independently.

isNamedCurveSupported

public boolean isNamedCurveSupported(SupportedEllipticCurves.NamedCurve curve)

Checks if the given NamedCurve is supported by this SecurityProvider.

Parameters:

curve - the NamedCurve to be checked

Returns:

true if the given NamedCurve is supported, false if it is not supported. By default this method returns false in any case since EC curve check is not supported JDK- and provider independently.

isNamedGroupSupported

public boolean isNamedGroupSupported(NamedGroup group)

Checks if the given NamedGroup is supported by this SecurityProvider.

If the NamedGroup represents a NamedCurve this method returns false by default since EC curve check is not supported JDK-version and provider independently.

For NamedFFDHEGroups this method only checks if the DH parameter bit length (of the prime modulus) is constrained and if DHAgreement is supported by this SecurityProvider.

Parameters:

group - the NamedGroup to be checked

Returns:

true if the given NamedGroup is supported, false if it is not supported.

checkKeyEllipticCurve

public boolean checkKeyEllipticCurve(java.security.PublicKey publicKey,
                                     SupportedEllipticCurves supportedEllipticCurves)

Checks if the given public key complies with the given SupportedEllipticCurves extension.
This method is used to check if the server uses an EC key that complies with the curves contained in the SupportedEllipticCurves extension that has been sent to the server.
By default this method returns false (since EC curve check is not supported JDK- and provider independently), except when the client did not sent a SupportedEllipticCurves extension (in this case true is returned by default since any EC key is accepted).

Parameters:

publicKey - the public key used by the server

supportedEllipticCurves - the SupportedEllipticCurves extension sent by the client; maybe null if the client has not sent a SupportedEllipticCurves extension

Returns:

true if the public key complies with the SupportedEllipticCurves extension, false if it is does not comply with it. By default this method returns false (since EC curve check is not supported JDK- and provider independently), except when the client did not sent a SupportedEllipticCurves extension (in this case true is returned by default since any EC key is accepted).

checkKeyECPointFormat

public boolean checkKeyECPointFormat(java.security.PublicKey publicKey,
                                     SupportedPointFormats supportedPointFormats)

Checks if the given public key complies with the given SupportedPointFormats extension.
This method is used to check if the peer uses an EC key that complies with the point formats contained in the SupportedPointFormats extension that has been sent to the peer within the Hello message.
By default this method returns false (since EC point format check is not supported JDK- and provider independently).

Parameters:

publicKey - the public key used by the server

supportedPointFormats - the SupportedPointFormats extension sent within the Hello message; maybe null if no SupportedPointFormats extension has been sent to the peer (in this case the uncompressed format has to be used!)

Returns:

true if the public key complies with the SupportedPointFormats extension, false if it is does not comply with it. By default this method returns false (since EC point format is not supported JDK- and provider independently)

getDefaultCurve

public SupportedEllipticCurves.NamedCurve getDefaultCurve(boolean binary)

Gets the preferred default curve to be used by the server if no SupportedEllipticCurves extension has been sent by the client.

Parameters:

binary - whether to get the preferred default binary or prime curve

Returns:

the preferred default curve, SECT283K1 (if binary), SECP256R1 (if binary),

getNamedCurve

public SupportedEllipticCurves.NamedCurve getNamedCurve(SignatureScheme signatureScheme)

Gets the curve supported by the given SignatureScheme. Only meaningful for TLS versions >= TLS 1.3 where the curve name is included in EC signature scheme.

Parameters:

signatureScheme - the signature scheme.

Returns:

the named curves or null if the given signature scheme is not an EC signature scheme with curve

getSignatureScheme

public SignatureScheme getSignatureScheme(SupportedEllipticCurves.NamedCurve namedCurve)

Gets a signature scheme appropriate for the given curve. Only meaningful for TLS versions >= TLS 1.3 where the curve name is included in EC signature scheme.

Parameters:

namedCurve - the curve.

Returns:

the signature scheme or null if no specific signature

generatePqcKeyPair

public java.security.KeyPair generatePqcKeyPair(java.lang.String name)
                                         throws java.lang.Exception

Generates an PQC key pair for the given algorithm name.

The default implementation of this method throws an Exception indicating that PQC key pair generation is not supported JDK- and provider independently. Use the IAIK ECCelerate^TM IAIK-PQ library with its iaik.security.ssl.IaikPqProvider if you want to support PQC key exchange.

Parameters:

name - the name of the PQC algorithm

Returns:

the new PQC KeyPair

Throws:

java.lang.Exception - if an error occurs when generating the EC KeyPair

encodePqcPublicKey

public byte[] encodePqcPublicKey(java.security.PublicKey publicKey)
                          throws java.lang.Exception

Encodes the given PQC PublicKey.

Parameters:

publicKey - the public key

Returns:

the encoded key as byte array

Throws:

java.lang.Exception - if an error occurs when encoding the key

decodePqcPublicKey

public java.security.PublicKey decodePqcPublicKey(java.lang.String alg,
                                                  byte[] encodedKey)
                                           throws java.lang.Exception

Decodes the given encoded PQC PublicKey .

Parameters:

alg - the name of the key algorithm

encodedKey - the (raw) encoded key

Returns:

the decoded public PQC key

Throws:

java.lang.Exception - if an error occurs when decoding the key

encapsulate

public byte[] encapsulate(java.lang.String kemAlg,
                          java.security.PublicKey publicKey,
                          byte[] ss)
                   throws java.lang.Exception

Uses the specified key encapsulation mechanism to create a shared secret and encapsulate it with the given public key.

Parameters:

kemAlg - the name of the key encapsulation mechanism

publicKey - the public key

ss - a byte array large enough to hold the session key

Returns:

the ciphertext (encapsulated shared secret)

Throws:

if - an error occurs when generating and encapsulating the shared secret

java.lang.Exception

decapsulate

public void decapsulate(java.lang.String kemAlg,
                        java.security.PrivateKey privateKey,
                        byte[] ct,
                        byte[] ss)
                 throws java.lang.Exception

Uses the specified key encapsulation mechanism to decapsulate the session key from the given ciphertext with the given private key.

Parameters:

kemAlg - the name of the key encapsulation mechanism

privateKey - the private key

ct - the cipher text

ss - a byte array large enough to hold the session key

Throws:

if - an error occurs when decapsulating the cipher text

java.lang.Exception