Logo Search packages:      
Sourcecode: bouncycastle version File versions

PBEKeySpec.java

package javax.crypto.spec;

import java.security.spec.KeySpec;

import javax.crypto.SecretKeyFactory;

/**
 * A user-chosen password that can be used with password-based encryption (PBE).
 * <p>
 * The password can be viewed as some kind of raw key material, from which the
 * encryption mechanism that uses it derives a cryptographic key.
 * <p>
 * Different PBE mechanisms may consume different bits of each password
 * character. For example, the PBE mechanism defined in PKCS #5 looks at only
 * the low order 8 bits of each character, whereas PKCS #12 looks at all 16 bits
 * of each character.
 * <p>
 * You convert the password characters to a PBE key by creating an instance of
 * the appropriate secret-key factory. For example, a secret-key factory for
 * PKCS #5 will construct a PBE key from only the low order 8 bits of each
 * password character, whereas a secret-key factory for PKCS #12 will take all
 * 16 bits of each character.
 * <p>
 * Also note that this class stores passwords as char arrays instead of String
 * objects (which would seem more logical), because the String class is
 * immutable and there is no way to overwrite its internal value when the
 * password stored in it is no longer needed. Hence, this class requests the
 * password as a char array, so it can be overwritten when done.
 * 
 * @see SecretKeyFactory
 * @see PBEParameterSpec
 */
00033 public class PBEKeySpec
    implements KeySpec
{

    private char[] password;

    private byte[] salt;

    private int iterationCount;

    private int keyLength;

    private boolean isPasswordCleared;

    /**
     * Constructor that takes a password. An empty char[] is used if null is
     * specified.
     * <p>
     * Note: password is cloned before it is stored in the new PBEKeySpec
     * object.
     * 
     * @param password -
     *            the password.
     */
00057     public PBEKeySpec(char[] password)
    {
        if (password == null)
        {
            this.password = new char[0];
        }
        else
        {
            this.password = new char[password.length];

            System.arraycopy(password, 0, this.password, 0, password.length);
        }
    }

    /**
     * Returns a copy of the password.
     * <p>
     * Note: this method returns a copy of the password. It is the caller's
     * responsibility to zero out the password information after it is no longer
     * needed.
     * 
     * @return the password
     * @throws IllegalStateException -
     *             if password has been cleared by calling clearPassword method.
     */
00082     public final char[] getPassword()
    {
        if (isPasswordCleared)
        {
            throw new IllegalStateException("Password has been cleared");
        }
        return password;
    }

    /**
     * Constructor that takes a password, salt, iteration count, and
     * to-be-derived key length for generating PBEKey of variable-key-size PBE
     * ciphers. An empty char[] is used if null is specified for password.
     * <p>
     * Note: the password and salt are cloned before they are stored in the new
     * PBEKeySpec object.
     * 
     * 
     * @param password
     *            password - the password.
     * @param salt
     *            salt - the salt.
     * @param iterationCount
     *            iterationCount - the iteration count.
     * @param keyLength
     *            keyLength - the to-be-derived key length.
     * @throws NullPointerException -
     *             if salt is null.
     * @throws IllegalArgumentException -
     *             if salt is empty, i.e. 0-length, iterationCount or keyLength
     *             is not positive.
     */
00114     public PBEKeySpec(char[] password, byte[] salt, int iterationCount, int keyLength)
    {
        this(password);
        if (salt == null)
        {
            throw new NullPointerException("salt is null");
        }
        if (salt.length == 0)
        {
            throw new IllegalArgumentException("salt is empty");
        }
        if (iterationCount < 0)
        {
            throw new IllegalArgumentException("iterationCount is not positive");
        }
        if (keyLength < 0)
        {
            throw new IllegalArgumentException("keyLength is not positive");
        }
        this.keyLength = keyLength;
        this.iterationCount = iterationCount;
        this.salt = (byte[]) salt.clone();
    }

    /**
     * Constructor that takes a password, salt, iteration count for generating
     * PBEKey of fixed-key-size PBE ciphers. An empty char[] is used if null is
     * specified for password.
     * <p>
     * Note: the password and salt are cloned before they are stored in the new
     * PBEKeySpec object.
     * 
     * @param password -
     *            the password.
     * @param salt -
     *            the salt.
     * @param iterationCount -
     *            the iteration count.
     * @throws NullPointerException -
     *             if salt is null.
     * @throws IllegalArgumentException -
     *             if salt is empty, i.e. 0-length, or iterationCount is not
     *             positive.
     */
00158     public PBEKeySpec(char[] password, byte[] salt, int iterationCount)
    {
        this(password, salt, iterationCount, 0);
    }

    /**
     * Clears the internal copy of the password.
     */
00166     public final void clearPassword()
    {
        for (int i = 0; i < password.length; i++)
        {
            password[i] = 0;
        }
        password = null;
        isPasswordCleared = true;
    }

    /**
     * Returns a copy of the salt or null if not specified.
     * 
     * Note: this method should return a copy of the salt. It is the caller's
     * responsibility to zero out the salt information after it is no longer
     * needed.
     * 
     * @return the salt.
     */
00185     public final byte[] getSalt()
    {
        if (salt != null)
        {
            byte[] tmp = new byte[salt.length];

            System.arraycopy(salt, 0, tmp, 0, salt.length);

            return tmp;
        }

        return null;
    }

    /**
     * Returns the iteration count or 0 if not specified.
     * 
     * @return the iteration count.
     */
00204     public final int getIterationCount()
    {
        return iterationCount;
    }

    /**
     * Returns the to-be-derived key length or 0 if not specified.
     * <p>
     * Note: this is used to indicate the preference on key length for
     * variable-key-size ciphers. The actual key size depends on each provider's
     * implementation.
     * 
     * @return the to-be-derived key length.
     */
00218     public final int getKeyLength()
    {
        return keyLength;
    }
}

Generated by  Doxygen 1.6.0   Back to index