Class PKCS8PrivateKey

  • All Implemented Interfaces:
    java.io.Serializable

    @NotMutable
    @ThreadSafety(level=COMPLETELY_THREADSAFE)
    public final class PKCS8PrivateKey
    extends java.lang.Object
    implements java.io.Serializable
    This class provides support for decoding an X.509 private key encoded in the PKCS #8 format as defined in RFC 5958. The private key is encoded using the ASN.1 Distinguished Encoding Rules (DER), which is a subset of BER, and is supported by the code in the com.unboundid.asn1 package. The ASN.1 specification is as follows:
       OneAsymmetricKey ::= SEQUENCE {
         version                   Version,
         privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
         privateKey                PrivateKey,
         attributes            [0] Attributes OPTIONAL,
         ...,
         [[2: publicKey        [1] PublicKey OPTIONAL ]],
         ...
       }
    
       PrivateKeyInfo ::= OneAsymmetricKey
    
       -- PrivateKeyInfo is used by [P12]. If any items tagged as version
       -- 2 are used, the version must be v2, else the version should be
       -- v1. When v1, PrivateKeyInfo is the same as it was in [RFC5208].
    
       Version ::= INTEGER { v1(0), v2(1) } (v1, ..., v2)
    
       PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
                                          { PUBLIC-KEY,
                                            { PrivateKeyAlgorithms } }
    
       PrivateKey ::= OCTET STRING
                         -- Content varies based on type of key. The
                         -- algorithm identifier dictates the format of
                         -- the key.
    
       PublicKey ::= BIT STRING
                         -- Content varies based on type of key. The
                         -- algorithm identifier dictates the format of
                         -- the key.
    
       Attributes ::= SET OF Attribute { { OneAsymmetricKeyAttributes } }
    
       OneAsymmetricKeyAttributes ATTRIBUTE ::= {
         ... -- For local profiles
       }
     
    See Also:
    Serialized Form
    • Constructor Summary

      Constructors 
      Constructor Description
      PKCS8PrivateKey​(byte[] privateKeyBytes)
      Decodes the contents of the provided byte array as a PKCS #8 private key.
    • Constructor Detail

      • PKCS8PrivateKey

        public PKCS8PrivateKey​(byte[] privateKeyBytes)
                        throws CertException
        Decodes the contents of the provided byte array as a PKCS #8 private key.
        Parameters:
        privateKeyBytes - The byte array containing the encoded PKCS #8 private key.
        Throws:
        CertException - If the contents of the provided byte array could not be decoded as a valid PKCS #8 private key.
    • Method Detail

      • getPKCS8PrivateKeyBytes

        public byte[] getPKCS8PrivateKeyBytes()
        Retrieves the bytes that comprise the encoded representation of this PKCS #8 private key.
        Returns:
        The bytes that comprise the encoded representation of this PKCS #8 private key.
      • getPrivateKeyAlgorithmOID

        public OID getPrivateKeyAlgorithmOID()
        Retrieves the private key algorithm OID.
        Returns:
        The private key algorithm OID.
      • getPrivateKeyAlgorithmName

        public java.lang.String getPrivateKeyAlgorithmName()
        Retrieves the private key algorithm name, if available.
        Returns:
        The private key algorithm name, or null if private key algorithm OID is not recognized.
      • getPrivateKeyAlgorithmNameOrOID

        public java.lang.String getPrivateKeyAlgorithmNameOrOID()
        Retrieves the private key algorithm name, if available, or a string representation of the OID if the name is not available.
        Returns:
        The private key algorithm name if it is available, or a string representation of the private key algorithm OID if it is not.
      • getPrivateKeyAlgorithmParameters

        public ASN1Element getPrivateKeyAlgorithmParameters()
        Retrieves the encoded private key algorithm parameters, if present.
        Returns:
        The encoded private key algorithm parameters, or null if there are no private key algorithm parameters.
      • getDecodedPrivateKey

        public DecodedPrivateKey getDecodedPrivateKey()
        Retrieves the decoded private key, if available.
        Returns:
        The decoded private key, or null if the decoded key is not available.
      • getAttributesElement

        public ASN1Element getAttributesElement()
        Retrieves an ASN.1 element containing an encoded set of private key attributes, if available.
        Returns:
        An ASN.1 element containing an encoded set of private key attributes, or null if the private key does not have any attributes.
      • getPublicKey

        public ASN1BitString getPublicKey()
        Retrieves the public key included in the private key, if available.
        Returns:
        The public key included in the private key, or null if the private key does not include a public key.
      • toPrivateKey

        public java.security.PrivateKey toPrivateKey()
                                              throws java.security.GeneralSecurityException
        Converts this PKCS #8 private key object to a Java PrivateKey object.
        Returns:
        The Java PrivateKey object that corresponds to this PKCS #8 private key.
        Throws:
        java.security.GeneralSecurityException - If a problem is encountered while performing the conversion.
      • toString

        public java.lang.String toString()
        Retrieves a string representation of the decoded X.509 certificate.
        Overrides:
        toString in class java.lang.Object
        Returns:
        A string representation of the decoded X.509 certificate.
      • toString

        public void toString​(java.lang.StringBuilder buffer)
        Appends a string representation of the decoded X.509 certificate to the provided buffer.
        Parameters:
        buffer - The buffer to which the information should be appended.
      • toPEM

        public java.util.List<java.lang.String> toPEM()
        Retrieves a list of the lines that comprise a PEM representation of this certificate signing request.
        Returns:
        A list of the lines that comprise a PEM representation of this certificate signing request.
      • toPEMString

        public java.lang.String toPEMString()
        Retrieves a multi-line string containing a PEM representation of this certificate signing request.
        Returns:
        A multi-line string containing a PEM representation of this certificate signing request.