Package com.unboundid.util.ssl.cert

Class PKCS8PrivateKey

java.lang.Object
com.unboundid.util.ssl.cert.PKCS8PrivateKey
All Implemented Interfaces:
Serializable
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class PKCS8PrivateKey extends Object implements Serializable
This class provides support for decoding an X.509 private key encoded in the PKCS #8 format as defined in RFC 5958. The private key is encoded using the ASN.1 Distinguished Encoding Rules (DER), which is a subset of BER, and is supported by the code in the com.unboundid.asn1 package. The ASN.1 specification is as follows: 
   OneAsymmetricKey ::= SEQUENCE {
     version                   Version,
     privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
     privateKey                PrivateKey,
     attributes            [0] Attributes OPTIONAL,
     ...,
     [[2: publicKey        [1] PublicKey OPTIONAL ]],
     ...
   }

   PrivateKeyInfo ::= OneAsymmetricKey

   -- PrivateKeyInfo is used by [P12]. If any items tagged as version
   -- 2 are used, the version must be v2, else the version should be
   -- v1. When v1, PrivateKeyInfo is the same as it was in [RFC5208].

   Version ::= INTEGER { v1(0), v2(1) } (v1, ..., v2)

   PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
                                      { PUBLIC-KEY,
                                        { PrivateKeyAlgorithms } }

   PrivateKey ::= OCTET STRING
                     -- Content varies based on type of key. The
                     -- algorithm identifier dictates the format of
                     -- the key.

   PublicKey ::= BIT STRING
                     -- Content varies based on type of key. The
                     -- algorithm identifier dictates the format of
                     -- the key.

   Attributes ::= SET OF Attribute { { OneAsymmetricKeyAttributes } }

   OneAsymmetricKeyAttributes ATTRIBUTE ::= {
     ... -- For local profiles
   }
See Also:

  • Constructor Details

    • PKCS8PrivateKey

      public PKCS8PrivateKey(@NotNull byte[] privateKeyBytes) throws CertException
      Decodes the contents of the provided byte array as a PKCS #8 private key.
      Parameters:
      privateKeyBytes - The byte array containing the encoded PKCS #8 private key.
      Throws:
      CertException - If the contents of the provided byte array could not be decoded as a valid PKCS #8 private key.

  • Method Details

    • getPKCS8PrivateKeyBytes

      @NotNull public byte[] getPKCS8PrivateKeyBytes()
      Retrieves the bytes that comprise the encoded representation of this PKCS #8 private key.
      Returns:
      The bytes that comprise the encoded representation of this PKCS #8 private key.

    • getVersion

      @NotNull public PKCS8PrivateKeyVersion getVersion()
      Retrieves the private key version.
      Returns:
      The private key version.

    • getPrivateKeyAlgorithmOID

      @NotNull public OID getPrivateKeyAlgorithmOID()
      Retrieves the private key algorithm OID.
      Returns:
      The private key algorithm OID.

    • getPrivateKeyAlgorithmName

      @Nullable public String getPrivateKeyAlgorithmName()
      Retrieves the private key algorithm name, if available.
      Returns:
      The private key algorithm name, or null if private key algorithm OID is not recognized.

    • getPrivateKeyAlgorithmNameOrOID

      @NotNull public String getPrivateKeyAlgorithmNameOrOID()
      Retrieves the private key algorithm name, if available, or a string representation of the OID if the name is not available.
      Returns:
      The private key algorithm name if it is available, or a string representation of the private key algorithm OID if it is not.

    • getPrivateKeyAlgorithmParameters

      @Nullable public ASN1Element getPrivateKeyAlgorithmParameters()
      Retrieves the encoded private key algorithm parameters, if present.
      Returns:
      The encoded private key algorithm parameters, or null if there are no private key algorithm parameters.

    • getEncodedPrivateKey

      @NotNull public ASN1OctetString getEncodedPrivateKey()
      Retrieves the encoded private key data.
      Returns:
      The encoded private key data.

    • getDecodedPrivateKey

      @Nullable public DecodedPrivateKey getDecodedPrivateKey()
      Retrieves the decoded private key, if available.
      Returns:
      The decoded private key, or null if the decoded key is not available.

    • getAttributesElement

      @Nullable public ASN1Element getAttributesElement()
      Retrieves an ASN.1 element containing an encoded set of private key attributes, if available.
      Returns:
      An ASN.1 element containing an encoded set of private key attributes, or null if the private key does not have any attributes.

    • getPublicKey

      @Nullable public ASN1BitString getPublicKey()
      Retrieves the public key included in the private key, if available.
      Returns:
      The public key included in the private key, or null if the private key does not include a public key.

    • toPrivateKey

      @NotNull public PrivateKey toPrivateKey() throws GeneralSecurityException
      Converts this PKCS #8 private key object to a Java PrivateKey object.
      Returns:
      The Java PrivateKey object that corresponds to this PKCS #8 private key.
      Throws:
      GeneralSecurityException - If a problem is encountered while performing the conversion.

    • toString

      @NotNull public String toString()
      Retrieves a string representation of the decoded X.509 certificate.
      Overrides:
      toString in class Object
      Returns:
      A string representation of the decoded X.509 certificate.

    • toString

      public void toString(@NotNull StringBuilder buffer)
      Appends a string representation of the decoded X.509 certificate to the provided buffer.
      Parameters:
      buffer - The buffer to which the information should be appended.

    • toPEM

      @NotNull public List<String> toPEM()
      Retrieves a list of the lines that comprise a PEM representation of this PKCS #8 private key.
      Returns:
      A list of the lines that comprise a PEM representation of this PKCS #8 private key.

    • toPEMString

      @NotNull public String toPEMString()
      Retrieves a multi-line string containing a PEM representation of this PKCS #8 private key.
      Returns:
      A multi-line string containing a PEM representation of this PKCS #8 private key.

    • toEncryptedPEM

      @NotNull public List<String> toEncryptedPEM(@NotNull char[] encryptionPassword, @NotNull PKCS8EncryptionProperties encryptionProperties) throws CertException
      Retrieves a list of the lines that comprise a PEM representation of this private key that is encrypted with the provided settings.
      Parameters:
      encryptionPassword - The password to use to generate the encryption key. It must not be null.
      encryptionProperties - The properties to use when encrypting the key. It must not be null.
      Returns:
      A list of the lines that comprise a PEM representation of this private key that is encrypted with the provided settings.
      Throws:
      CertException - If a problem occurs while encrypting the private key.

    • toEncryptedPEMString

      @NotNull public String toEncryptedPEMString(@NotNull char[] encryptionPassword, @NotNull PKCS8EncryptionProperties encryptionProperties) throws CertException
      Retrieves a multi-line string containing a PEM representation of this private key that is encrypted with the provided settings.
      Parameters:
      encryptionPassword - The password to use to generate the encryption key. It must not be null.
      encryptionProperties - The properties to use when encrypting the key. It must not be null.
      Returns:
      A multi-line string containing a PEM representation of this private key that is encrypted with the provided settings.
      Throws:
      CertException - If a problem occurs while encrypting the private key.