• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2017 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //      http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16 
17 package com.google.crypto.tink;
18 
19 import com.google.crypto.tink.proto.KeyData;
20 import com.google.crypto.tink.proto.Keyset;
21 import com.google.protobuf.ExtensionRegistryLite;
22 import com.google.protobuf.InvalidProtocolBufferException;
23 import java.io.IOException;
24 import java.security.GeneralSecurityException;
25 
26 /**
27  * Static methods for reading cleartext keysets that don't contain any secret key material.
28  *
29  * @since 1.0.0
30  * @deprecated use {@link KeysetHandle#readNoSecret} instead
31  */
32 @Deprecated
33 public final class NoSecretKeysetHandle {
34   /**
35    * @return a new keyset handle from {@code serialized} which is a serialized {@link Keyset}.
36    * @throws GeneralSecurityException
37    * @deprecated use {@link NoSecretKeysetHandle#read} instead
38    */
39   @SuppressWarnings("UnusedException")
40   @Deprecated
parseFrom(final byte[] serialized)41   public static final KeysetHandle parseFrom(final byte[] serialized)
42       throws GeneralSecurityException {
43     try {
44       Keyset keyset = Keyset.parseFrom(serialized, ExtensionRegistryLite.getEmptyRegistry());
45       validate(keyset);
46       return KeysetHandle.fromKeyset(keyset);
47     } catch (InvalidProtocolBufferException e) {
48       throw new GeneralSecurityException("invalid keyset");
49     }
50   }
51 
52   /**
53    * @return a new keyset handle from a keyset obtained from {@code reader}.
54    * @throws GeneralSecurityException
55    */
read(KeysetReader reader)56   public static final KeysetHandle read(KeysetReader reader)
57       throws GeneralSecurityException, IOException {
58     Keyset keyset = reader.read();
59     validate(keyset);
60     return KeysetHandle.fromKeyset(keyset);
61   }
62 
63   /**
64    * Validates that {@code keyset} doesn't contain any secret key material.
65    *
66    * @throws GeneralSecurityException if {@code keyset} contains secret key material.
67    */
validate(Keyset keyset)68   private static void validate(Keyset keyset) throws GeneralSecurityException {
69     for (Keyset.Key key : keyset.getKeyList()) {
70       if (key.getKeyData().getKeyMaterialType() == KeyData.KeyMaterialType.UNKNOWN_KEYMATERIAL
71           || key.getKeyData().getKeyMaterialType() == KeyData.KeyMaterialType.SYMMETRIC
72           || key.getKeyData().getKeyMaterialType() == KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE) {
73         throw new GeneralSecurityException("keyset contains secret key material");
74       }
75     }
76   }
77 
NoSecretKeysetHandle()78   private NoSecretKeysetHandle() {}
79 }
80