@Alpha public abstract class KeyTypeManager<KeyProtoT extends com.google.protobuf.MessageLite> extends Object
A KeyTypeManager manages all the operations one can do on a given KeyProto. This includes
generating primitives, generating keys (if applicable), parsing and validating keys and key
formats. This object is meant to be implemented, i.e., one should use it via the Registry, and not directly.
In order to implement a new key manager, one should subclass this class, setting the type
parameter to the proto of the corresponding key (e.g., subclass KeyTypeManager<AesGcmKey>).
For each primitive the key manager should implement, one needs to add an argument to the
constructor. The type of it should be a PrimitiveFactory<PrimitiveT, KeyT>, an object
which knows how to produce primitives.
If the key manager can create new keys, one also needs to implement the method #keyFactory. In this case it needs to return an object of type KeyFactory<KeyFormatProto,
KeyProtoT>, where one has to specify a proto for the key format as well.
This should not be used by Tink users outside of Google, since we first want to change it such that it can be independent of the protobuf library.
| Modifier and Type | Class and Description |
|---|---|
static class |
KeyTypeManager.KeyFactory<KeyFormatProtoT extends com.google.protobuf.MessageLite,KeyProtoT extends com.google.protobuf.MessageLite>
A
KeyFactory creates new keys from a given KeyFormat. |
| Modifier | Constructor and Description |
|---|---|
protected |
KeyTypeManager(Class<KeyProtoT> clazz,
PrimitiveFactory<?,KeyProtoT>... factories)
Constructs a new KeyTypeManager.
|
| Modifier and Type | Method and Description |
|---|---|
TinkFipsUtil.AlgorithmFipsCompatibility |
fipsStatus()
Returns the FIPS compatibility of this KeyTypeManager.
|
Class<?> |
firstSupportedPrimitiveClass()
Returns the first class object of the first supported primitive, or
Class<Void> if the
key manager supports no primitive at all. |
Class<KeyProtoT> |
getKeyClass()
Returns the class corresponding to the key protobuffer.
|
abstract String |
getKeyType()
Returns the type URL that identifies the key type of keys managed by this KeyManager.
|
<P> P |
getPrimitive(KeyProtoT key,
Class<P> primitiveClass)
Creates the requested primitive.
|
abstract int |
getVersion()
Returns the version number of this KeyManager.
|
KeyTypeManager.KeyFactory<?,KeyProtoT> |
keyFactory()
Returns the
KeyTypeManager.KeyFactory for this key type. |
abstract KeyData.KeyMaterialType |
keyMaterialType()
Returns the
KeyData.KeyMaterialType for this proto. |
abstract KeyProtoT |
parseKey(com.google.protobuf.ByteString byteString)
Parses a serialized key proto.
|
Set<Class<?>> |
supportedPrimitives()
Returns a set containing the supported primitives.
|
abstract void |
validateKey(KeyProtoT keyProto)
Checks if the given
keyProto is a valid key. |
@SafeVarargs protected KeyTypeManager(Class<KeyProtoT> clazz, PrimitiveFactory<?,KeyProtoT>... factories)
Takes an arbitrary number of PrimitiveFactory objects as input. These will be used
and provided via getPrimitive(KeyProtoT, java.lang.Class<P>) to the user.
IllegalArgumentException - if two of the passed in factories produce primitives of the
same class.public final Class<KeyProtoT> getKeyClass()
public abstract String getKeyType()
public abstract int getVersion()
public abstract KeyData.KeyMaterialType keyMaterialType()
KeyData.KeyMaterialType for this proto.public TinkFipsUtil.AlgorithmFipsCompatibility fipsStatus()
public abstract KeyProtoT parseKey(com.google.protobuf.ByteString byteString) throws com.google.protobuf.InvalidProtocolBufferException
Implement as return KeyProtoT.parseFrom(byteString);.
com.google.protobuf.InvalidProtocolBufferExceptionpublic abstract void validateKey(KeyProtoT keyProto) throws GeneralSecurityException
keyProto is a valid key.GeneralSecurityException - if the passed keyProto is not valid in any way.public final <P> P getPrimitive(KeyProtoT key, Class<P> primitiveClass) throws GeneralSecurityException
IllegalArgumentException - if the given primitiveClass is not supported
(i.e., not returned by supportedPrimitives().GeneralSecurityException - if the underlying factory throws a GeneralSecurityException
creating the primitive.public final Set<Class<?>> supportedPrimitives()
public final Class<?> firstSupportedPrimitiveClass()
Class<Void> if the
key manager supports no primitive at all.public KeyTypeManager.KeyFactory<?,KeyProtoT> keyFactory()
KeyTypeManager.KeyFactory for this key type.
By default, this throws an UnsupportedOperationException. Hence, if an implementation does not support creating primitives, no implementation is required.
UnsupportedOperationException - if the manager does not support creating primitives.