/** * Generate a new key and add it to the keyset. */ private KeysetHandle rotateKey(KeysetHandle keysetHandle) throws GeneralSecurityException { return KeysetManager.withKeysetHandle(keysetHandle).rotate(HybridKeyTemplates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM).getKeysetHandle(); }
/** * Sets the key with {@code keyId} as primary. * * @throws GeneralSecurityException if the key is not found or not enabled * @deprecated use {@link setPrimary} */ @GuardedBy("this") @Deprecated public synchronized KeysetManager promote(int keyId) throws GeneralSecurityException { return setPrimary(keyId); }
/** * @return a new {@link KeysetHandle} that contains a single fresh key generated according to * {@code keyTemplate}. * @throws GeneralSecurityException */ public static final KeysetHandle generateNew(KeyTemplate keyTemplate) throws GeneralSecurityException { return KeysetManager.withEmptyKeyset().rotate(keyTemplate).getKeysetHandle(); }
/** * Optional step to disable the original key. */ private KeysetHandle disableOriginalKey(KeysetHandle keysetHandle) throws GeneralSecurityException { return KeysetManager.withKeysetHandle(keysetHandle).disable(keysetHandle.getKeysetInfo().getKeyInfo(0).getKeyId()).getKeysetHandle(); }
/** * Generates and adds a fresh key generated using {@code keyTemplate}. * * @throws GeneralSecurityException if cannot find any {@link KeyManager} that can handle {@code * keyTemplate} */ @GuardedBy("this") public synchronized KeysetManager add(KeyTemplate keyTemplate) throws GeneralSecurityException { keysetBuilder.addKey(newKey(keyTemplate)); return this; }
/** @return a {@link KeysetManager} for an empty keyset. */ public static KeysetManager withEmptyKeyset() { return new KeysetManager(Keyset.newBuilder()); }
@GuardedBy("this") private synchronized int newKeyId() { int keyId = randPositiveInt(); while (true) { for (Keyset.Key key : keysetBuilder.getKeyList()) { if (key.getKeyId() == keyId) { keyId = randPositiveInt(); continue; } } break; } return keyId; }
@GuardedBy("this") private synchronized Keyset.Key newKey(KeyTemplate keyTemplate) throws GeneralSecurityException { KeyData keyData = Registry.newKeyData(keyTemplate); int keyId = newKeyId(); OutputPrefixType outputPrefixType = keyTemplate.getOutputPrefixType(); if (outputPrefixType == OutputPrefixType.UNKNOWN_PREFIX) { outputPrefixType = OutputPrefixType.TINK; } return Keyset.Key.newBuilder() .setKeyData(keyData) .setKeyId(keyId) .setStatus(KeyStatusType.ENABLED) .setOutputPrefixType(outputPrefixType) .build(); }
/** * Generates and adds a fresh key generated using {@code keyTemplate}, and sets the new key as the * primary key. * * @throws GeneralSecurityException if cannot find any {@link KeyManager} that can handle {@code * keyTemplate} */ @GuardedBy("this") public synchronized KeysetManager rotate(KeyTemplate keyTemplate) throws GeneralSecurityException { Keyset.Key key = newKey(keyTemplate); keysetBuilder.addKey(key).setPrimaryKeyId(key.getKeyId()); return this; }
/** @return a {@link KeysetManager} for the keyset manged by {@code val} */ public static KeysetManager withKeysetHandle(KeysetHandle val) { return new KeysetManager(val.getKeyset().toBuilder()); }