Class PKCS8PrivateKey

  • All Implemented Interfaces:
    java.io.Serializable

    @NotMutable
    @ThreadSafety(level=COMPLETELY_THREADSAFE)
    public final class PKCS8PrivateKey
    extends java.lang.Object
    implements java.io.Serializable
    This class provides support for decoding an X.509 private key encoded in the PKCS #8 format as defined in RFC 5958. The private key is encoded using the ASN.1 Distinguished Encoding Rules (DER), which is a subset of BER, and is supported by the code in the com.unboundid.asn1 package. The ASN.1 specification is as follows:
       OneAsymmetricKey ::= SEQUENCE {
         version                   Version,
         privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
         privateKey                PrivateKey,
         attributes            [0] Attributes OPTIONAL,
         ...,
         [[2: publicKey        [1] PublicKey OPTIONAL ]],
         ...
       }
    
       PrivateKeyInfo ::= OneAsymmetricKey
    
       -- PrivateKeyInfo is used by [P12]. If any items tagged as version
       -- 2 are used, the version must be v2, else the version should be
       -- v1. When v1, PrivateKeyInfo is the same as it was in [RFC5208].
    
       Version ::= INTEGER { v1(0), v2(1) } (v1, ..., v2)
    
       PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
                                          { PUBLIC-KEY,
                                            { PrivateKeyAlgorithms } }
    
       PrivateKey ::= OCTET STRING
                         -- Content varies based on type of key. The
                         -- algorithm identifier dictates the format of
                         -- the key.
    
       PublicKey ::= BIT STRING
                         -- Content varies based on type of key. The
                         -- algorithm identifier dictates the format of
                         -- the key.
    
       Attributes ::= SET OF Attribute { { OneAsymmetricKeyAttributes } }
    
       OneAsymmetricKeyAttributes ATTRIBUTE ::= {
         ... -- For local profiles
       }
     
    See Also:
    Serialized Form
    • Constructor Summary

      Constructors 
      Constructor Description
      PKCS8PrivateKey​(byte[] privateKeyBytes)
      Decodes the contents of the provided byte array as a PKCS #8 private key.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      ASN1Element getAttributesElement()
      Retrieves an ASN.1 element containing an encoded set of private key attributes, if available.
      DecodedPrivateKey getDecodedPrivateKey()
      Retrieves the decoded private key, if available.
      ASN1OctetString getEncodedPrivateKey()
      Retrieves the encoded private key data.
      byte[] getPKCS8PrivateKeyBytes()
      Retrieves the bytes that comprise the encoded representation of this PKCS #8 private key.
      java.lang.String getPrivateKeyAlgorithmName()
      Retrieves the private key algorithm name, if available.
      java.lang.String getPrivateKeyAlgorithmNameOrOID()
      Retrieves the private key algorithm name, if available, or a string representation of the OID if the name is not available.
      OID getPrivateKeyAlgorithmOID()
      Retrieves the private key algorithm OID.
      ASN1Element getPrivateKeyAlgorithmParameters()
      Retrieves the encoded private key algorithm parameters, if present.
      ASN1BitString getPublicKey()
      Retrieves the public key included in the private key, if available.
      PKCS8PrivateKeyVersion getVersion()
      Retrieves the private key version.
      java.util.List<java.lang.String> toEncryptedPEM​(char[] encryptionPassword, PKCS8EncryptionProperties encryptionProperties)
      Retrieves a list of the lines that comprise a PEM representation of this private key that is encrypted with the provided settings.
      java.lang.String toEncryptedPEMString​(char[] encryptionPassword, PKCS8EncryptionProperties encryptionProperties)
      Retrieves a multi-line string containing a PEM representation of this private key that is encrypted with the provided settings.
      java.util.List<java.lang.String> toPEM()
      Retrieves a list of the lines that comprise a PEM representation of this PKCS #8 private key.
      java.lang.String toPEMString()
      Retrieves a multi-line string containing a PEM representation of this PKCS #8 private key.
      java.security.PrivateKey toPrivateKey()
      Converts this PKCS #8 private key object to a Java PrivateKey object.
      java.lang.String toString()
      Retrieves a string representation of the decoded X.509 certificate.
      void toString​(java.lang.StringBuilder buffer)
      Appends a string representation of the decoded X.509 certificate to the provided buffer.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
    • Constructor Detail

      • PKCS8PrivateKey

        public PKCS8PrivateKey​(@NotNull
                               byte[] privateKeyBytes)
                        throws CertException
        Decodes the contents of the provided byte array as a PKCS #8 private key.
        Parameters:
        privateKeyBytes - The byte array containing the encoded PKCS #8 private key.
        Throws:
        CertException - If the contents of the provided byte array could not be decoded as a valid PKCS #8 private key.
    • Method Detail

      • getPKCS8PrivateKeyBytes

        @NotNull
        public byte[] getPKCS8PrivateKeyBytes()
        Retrieves the bytes that comprise the encoded representation of this PKCS #8 private key.
        Returns:
        The bytes that comprise the encoded representation of this PKCS #8 private key.
      • getPrivateKeyAlgorithmName

        @Nullable
        public java.lang.String getPrivateKeyAlgorithmName()
        Retrieves the private key algorithm name, if available.
        Returns:
        The private key algorithm name, or null if private key algorithm OID is not recognized.
      • getPrivateKeyAlgorithmNameOrOID

        @NotNull
        public java.lang.String getPrivateKeyAlgorithmNameOrOID()
        Retrieves the private key algorithm name, if available, or a string representation of the OID if the name is not available.
        Returns:
        The private key algorithm name if it is available, or a string representation of the private key algorithm OID if it is not.
      • getPrivateKeyAlgorithmParameters

        @Nullable
        public ASN1Element getPrivateKeyAlgorithmParameters()
        Retrieves the encoded private key algorithm parameters, if present.
        Returns:
        The encoded private key algorithm parameters, or null if there are no private key algorithm parameters.
      • getAttributesElement

        @Nullable
        public ASN1Element getAttributesElement()
        Retrieves an ASN.1 element containing an encoded set of private key attributes, if available.
        Returns:
        An ASN.1 element containing an encoded set of private key attributes, or null if the private key does not have any attributes.
      • getPublicKey

        @Nullable
        public ASN1BitString getPublicKey()
        Retrieves the public key included in the private key, if available.
        Returns:
        The public key included in the private key, or null if the private key does not include a public key.
      • toPrivateKey

        @NotNull
        public java.security.PrivateKey toPrivateKey()
                                              throws java.security.GeneralSecurityException
        Converts this PKCS #8 private key object to a Java PrivateKey object.
        Returns:
        The Java PrivateKey object that corresponds to this PKCS #8 private key.
        Throws:
        java.security.GeneralSecurityException - If a problem is encountered while performing the conversion.
      • toString

        @NotNull
        public java.lang.String toString()
        Retrieves a string representation of the decoded X.509 certificate.
        Overrides:
        toString in class java.lang.Object
        Returns:
        A string representation of the decoded X.509 certificate.
      • toString

        public void toString​(@NotNull
                             java.lang.StringBuilder buffer)
        Appends a string representation of the decoded X.509 certificate to the provided buffer.
        Parameters:
        buffer - The buffer to which the information should be appended.
      • toPEM

        @NotNull
        public java.util.List<java.lang.String> toPEM()
        Retrieves a list of the lines that comprise a PEM representation of this PKCS #8 private key.
        Returns:
        A list of the lines that comprise a PEM representation of this PKCS #8 private key.
      • toPEMString

        @NotNull
        public java.lang.String toPEMString()
        Retrieves a multi-line string containing a PEM representation of this PKCS #8 private key.
        Returns:
        A multi-line string containing a PEM representation of this PKCS #8 private key.
      • toEncryptedPEM

        @NotNull
        public java.util.List<java.lang.String> toEncryptedPEM​(@NotNull
                                                               char[] encryptionPassword,
                                                               @NotNull
                                                               PKCS8EncryptionProperties encryptionProperties)
                                                        throws CertException
        Retrieves a list of the lines that comprise a PEM representation of this private key that is encrypted with the provided settings.
        Parameters:
        encryptionPassword - The password to use to generate the encryption key. It must not be null.
        encryptionProperties - The properties to use when encrypting the key. It must not be null.
        Returns:
        A list of the lines that comprise a PEM representation of this private key that is encrypted with the provided settings.
        Throws:
        CertException - If a problem occurs while encrypting the private key.
      • toEncryptedPEMString

        @NotNull
        public java.lang.String toEncryptedPEMString​(@NotNull
                                                     char[] encryptionPassword,
                                                     @NotNull
                                                     PKCS8EncryptionProperties encryptionProperties)
                                              throws CertException
        Retrieves a multi-line string containing a PEM representation of this private key that is encrypted with the provided settings.
        Parameters:
        encryptionPassword - The password to use to generate the encryption key. It must not be null.
        encryptionProperties - The properties to use when encrypting the key. It must not be null.
        Returns:
        A multi-line string containing a PEM representation of this private key that is encrypted with the provided settings.
        Throws:
        CertException - If a problem occurs while encrypting the private key.