Logo Search packages:      
Sourcecode: libgnucrypto-java version File versions  Download package

Cipher.java

/*
 * Copyright (c) 2000 The Legion Of The Bouncy Castle
 * (http://www.bouncycastle.org)
 *
 * Permission is hereby granted, free of charge, to any person obtaining
 * a copy of this software and associated documentation files (the
 * "Software"), to deal in the Software without restriction, including
 * without limitation the rights to use, copy, modify, merge, publish,
 * distribute, sublicense, and/or sell copies of the Software, and to
 * permit persons to whom the Software is furnished to do so, subject to
 * the following conditions:
 *
 * The above copyright notice and this permission notice shall be
 * included in all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 * NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 *
 */

package javax.crypto;

import java.util.StringTokenizer;
import java.security.Key;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.Certificate;
import java.security.spec.AlgorithmParameterSpec;

/**
 * This class provides the functionality of a cryptographic cipher for
 * encryption and decryption. It forms the core of the Java Cryptographic
 * Extension (JCE) framework.
 * <p>
 * In order to create a Cipher object, the application calls the
 * Cipher's <code>getInstance</code> method, and passes the name of the
 * requested <i>transformation</i> to it. Optionally, the name of a provider
 * may be specified.
 * <p>
 * A <i>transformation</i> is a string that describes the operation (or
 * set of operations) to be performed on the given input, to produce some
 * output. A transformation always includes the name of a cryptographic
 * algorithm (e.g., <i>DES</i>), and may be followed by a feedback mode and
 * padding scheme.
 *
 * <p> A transformation is of the form:<p>
 *
 * <ul>
 * <li>"<i>algorithm/mode/padding</i>" or
 * <p>
 * <li>"<i>algorithm</i>"
 * </ul>
 *
 * <P> (in the latter case,
 * provider-specific default values for the mode and padding scheme are used).
 * For example, the following is a valid transformation:<p>
 *
 * <pre>
 *     Cipher c = Cipher.getInstance("<i>DES/CBC/PKCS5Padding</i>");
 * </pre>
 * <p>
 * When requesting a block cipher in stream cipher mode (e.g.,
 * <code>DES</code> in <code>CFB</code> or <code>OFB</code> mode), the user may
 * optionally specify the number of bits to be
 * processed at a time, by appending this number to the mode name as shown in
 * the "<i>DES/CFB8/NoPadding</i>" and "<i>DES/OFB32/PKCS5Padding</i>"
 * transformations. If no such number is specified, a provider-specific default
 * is used. (For example, the "SunJCE" provider uses a default of 64 bits.)
 *
 * @since 1.4
 * @version $Revision: 1.2 $
 */
00084 public class Cipher
{
    static private final int    UNINITIALIZED     = 0;

    static public final int     ENCRYPT_MODE    = 1;
    static public final int     DECRYPT_MODE    = 2;
    static public final int     WRAP_MODE       = 3;
    static public final int     UNWRAP_MODE     = 4;

    static public final int     PUBLIC_KEY      = 1;
    static public final int     PRIVATE_KEY     = 2;
    static public final int     SECRET_KEY      = 3;

    private CipherSpi   cipherSpi;
    private Provider    provider;
    private String      transformation;

    private int         mode = UNINITIALIZED;

    /**
     * Creates a Cipher object.
     *
     * @param cipherSpi the delegate
     * @param provider the provider
     * @param transformation the transformation
     */
00110     protected Cipher(
        CipherSpi       cipherSpi,
        Provider        provider,
        String          transformation)
    {
        this.cipherSpi = cipherSpi;
        this.provider = provider;
        this.transformation = transformation;
    }

    /**
     * Generates a <code>Cipher</code> object that implements the specified
     * transformation.
     * <p>
     * If the default provider package supplies an implementation of the
     * requested transformation, an instance of <code>Cipher</code> containing
     * that implementation is returned.
     * If the transformation is not available in the default provider package,
     * other provider packages are searched.
     *
     * @param transformation the name of the transformation, e.g., <i>DES/CBC/PKCS5Padding</i>.
     * See Appendix A in the Java Cryptography Extension API Specification &amp; Reference
     * for information about standard transformation names.
     *
     * @return a cipher that implements the requested transformation
     * @exception NoSuchAlgorithmException if the specified transformation is not available in the default
     * provider package or any of the other provider packages that were searched.
     * @exception NoSuchPaddingException if <code>transformation</code> contains a padding scheme that is
     * not available.
     */
00140     public static final Cipher getInstance(
        String transformation)
    throws NoSuchAlgorithmException, NoSuchPaddingException
    {
        try
        {
            JCEUtil.Implementation  imp = JCEUtil.getImplementation("Cipher", transformation, null);

            if (imp != null)
            {
                return new Cipher((CipherSpi)imp.getEngine(), imp.getProvider(), transformation);
            }

            //
            // try the long way
            //
            StringTokenizer tok = new StringTokenizer(transformation, "/");
            String          algorithm = tok.nextToken();

            imp = JCEUtil.getImplementation("Cipher", algorithm, null);

            if (imp == null)
            {
                throw new NoSuchAlgorithmException(transformation + " not found");
            }

            CipherSpi cipherSpi = (CipherSpi)imp.getEngine();

            //
            // make sure we don't get fooled by a "//" in the string
            //
            if (tok.hasMoreTokens() && !transformation.regionMatches(algorithm.length(), "//", 0, 2))
            {
                cipherSpi.engineSetMode(tok.nextToken());
            }

            if (tok.hasMoreTokens())
            {
                cipherSpi.engineSetPadding(tok.nextToken());
            }

            return new Cipher(cipherSpi, imp.getProvider(), transformation);
        }
        catch (NoSuchProviderException e)
        {
            throw new NoSuchAlgorithmException(transformation + " not found");
        }
    }

    /**
     * Creates a <code>Cipher</code> object that implements the specified
     * transformation, as supplied by the specified provider. Note: the
     * <code>provider</code> doesn't have to be registered.
     *
     * @param transformation the name of the transformation, e.g.,
     * <i>DES/CBC/PKCS5Padding</i>. See Appendix A in the Java Cryptography
     * Extension Reference Guide for information about standard transformation
     * names.
     * @param provider the provider
     * @return a cipher that implements the requested transformation
     * @throws NoSuchAlgorithmException if no transformation was specified, or
     * if the specified transformation is not available from the specified
     * provider.
     * @throws NoSuchPaddingException if transformation contains a padding
     * scheme that is not available.
     * @throws IllegalArgumentException if the provider is null.
     */
00207     public static final Cipher getInstance(String transformation, Provider provider)
    throws NoSuchAlgorithmException, NoSuchPaddingException
    {
        if (provider == null)
        {
            throw new IllegalArgumentException();
        }
        JCEUtil.Implementation impl = JCEUtil
            .getImplementationFromProvider("Cipher", transformation, provider);
        if (impl != null)
        {
            return new Cipher((CipherSpi) impl.getEngine(), provider, transformation);
        }

        // try the long way
        StringTokenizer tok = new StringTokenizer(transformation, "/");
        String algorithm = tok.nextToken();
        impl = JCEUtil.getImplementationFromProvider("Cipher", algorithm, provider);
        if (impl == null)
        {
            throw new NoSuchAlgorithmException(transformation + " not found");
        }
        CipherSpi cipherSpi = (CipherSpi) impl.getEngine();

        // make sure we don't get fooled by a "//" in the string
        if (tok.hasMoreTokens()
                && !transformation.regionMatches(algorithm.length(), "//", 0, 2))
        {
            cipherSpi.engineSetMode(tok.nextToken());
        }
        if (tok.hasMoreTokens())
        {
            cipherSpi.engineSetPadding(tok.nextToken());
        }

        return new Cipher(cipherSpi, provider, transformation);
    }

    /**
     * Creates a <code>Cipher</code> object that implements the specified
     * transformation, as supplied by the specified provider.
     *
     * @param transformation the name of the transformation, e.g., <i>DES/CBC/PKCS5Padding</i>.
     * See Appendix A in the Java Cryptography Extension API Specification &amp; Reference
     * for information about standard transformation names.
     *
     * @param provider the name of the provider
     * @return a cipher that implements the requested transformation
     * @exception NoSuchAlgorithmException if no transformation was specified, or if the specified
     * transformation is not available from the specified provider.
     * @exception NoSuchProviderException if the specified provider has not been configured.
     * @exception NoSuchPaddingException if <code>transformation</code> contains a padding scheme
     * that is not available.
     */
00261     public static final Cipher getInstance(
        String      transformation,
        String      provider)
    throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException
    {
        JCEUtil.Implementation  imp = JCEUtil.getImplementation("Cipher", transformation, provider);

        if (imp != null)
        {
            return new Cipher((CipherSpi)imp.getEngine(), imp.getProvider(), transformation);
        }

        //
        // try the long way
        //
        StringTokenizer tok = new StringTokenizer(transformation, "/");
        String          algorithm = tok.nextToken();

        imp = JCEUtil.getImplementation("Cipher", algorithm, provider);

        if (imp == null)
        {
            throw new NoSuchAlgorithmException(transformation + " not found");
        }

        CipherSpi cipherSpi = (CipherSpi)imp.getEngine();

        //
        // make sure we don't get fooled by a "//" in the string
        //
        if (tok.hasMoreTokens() && !transformation.regionMatches(algorithm.length(), "//", 0, 2))
        {
            cipherSpi.engineSetMode(tok.nextToken());
        }

        if (tok.hasMoreTokens())
        {
            cipherSpi.engineSetPadding(tok.nextToken());
        }

        return new Cipher(cipherSpi, imp.getProvider(), transformation);
    }

    /**
     * Returns the provider of this <code>Cipher</code> object.
     *
     * @return the provider of this <code>Cipher</code> object
     */
00309     public final Provider getProvider()
    {
        return provider;
    }

    /**
     * Returns the algorithm name of this <code>Cipher</code> object.
     * <p>
     * This is the same name that was specified in one of the
     * <code>getInstance</code> calls that created this <code>Cipher</code>
     * object..
     *
     * @return the algorithm name of this <code>Cipher</code> object.
     */
00323     public final String getAlgorithm()
    {
        return transformation;
    }

    /**
     * Returns the block size (in bytes).
     *
     * @return the block size (in bytes), or 0 if the underlying algorithm is not a block cipher
     */
00333     public final int getBlockSize()
    {
        return cipherSpi.engineGetBlockSize();
    }

    /**
     * Returns the length in bytes that an output buffer would need to be in
     * order to hold the result of the next <code>update</code> or
     * <code>doFinal</code> operation, given the input length <code>inputLen</code> (in bytes).
     * <p>
     * This call takes into account any unprocessed (buffered) data from a
     * previous <code>update</code> call, and padding.
     * <p>
     * The actual output length of the next <code>update</code> or
     * <code>doFinal</code> call may be smaller than the length returned by
     * this method.
     *
     * @param inputLen the input length (in bytes)
     * @return the required output buffer size (in bytes)
     * @exception java.lang.IllegalStateException if this cipher is in a wrong state (e.g., has not
     * yet been initialized)
     */
00355     public final int getOutputSize(
        int     inputLen)
    throws IllegalStateException
    {
            if ( mode != ENCRYPT_MODE && mode != DECRYPT_MODE )
                  throw new IllegalStateException("Cipher is uninitialised");

        return cipherSpi.engineGetOutputSize(inputLen);
    }

    /**
     * Returns the initialization vector (IV) in a new buffer.
     * <p>
     * This is useful in the case where a random IV was created,
     * or in the context of password-based encryption or decryption, where the IV
     * is derived from a user-supplied password.
     *
     * @return the initialization vector in a new buffer, or null if the
     * underlying algorithm does not use an IV, or if the IV has not yet been set.
     */
00375     public final byte[] getIV()
    {
        return cipherSpi.engineGetIV();
    }

    /**
     * Returns the parameters used with this cipher.
     * <p>
     * The returned parameters may be the same that were used to initialize
     * this cipher, or may contain a combination of default and random
     * parameter values used by the underlying cipher implementation if this
     * cipher requires algorithm parameters but was not initialized with any.
     *
     * @return the parameters used with this cipher, or null if this cipher
     * does not use any parameters.
     */
00391     public final AlgorithmParameters getParameters()
    {
        return cipherSpi.engineGetParameters();
    }

    /**
     * Returns the exemption mechanism object used with this cipher.
     *
     * @return the exemption mechanism object used with this cipher, or
     * null if this cipher does not use any exemption mechanism.
     */
00402     public final ExemptionMechanism getExemptionMechanism()
    {
        return null;
    }

    /**
     * Initializes this cipher with a key.
     * <p>
     * The cipher is initialized for one of the following four operations:
     * encryption, decryption, key wrapping or key unwrapping, depending
     * on the value of <code>opmode</code>.
     * <p>
     * If this cipher requires any algorithm parameters that cannot be
     * derived from the given <code>key</code>, the underlying cipher
     * implementation is supposed to generate the required parameters itself
     * (using provider-specific default or random values) if it is being
     * initialized for encryption or key wrapping, and raise an
     * <code>InvalidKeyException</code> if it is being
     * initialized for decryption or key unwrapping.
     * The generated parameters can be retrieved using
     * <a href = "#getParameters()">getParameters</a> or
     * <a href = "#getIV()">getIV</a> (if the parameter is an IV).
     * <p>
     * If this cipher (including its underlying feedback or padding scheme)
     * requires any random bytes (e.g., for parameter generation), it will get
     * them using the <a href="http://java.sun.com/products/jdk/1.2/docs/api/java.security.SecureRandom.html">
     * <code>SecureRandom</code></a> implementation of the highest-priority
     * installed provider as the source of randomness.
     * (If none of the installed providers supply an implementation of
     * SecureRandom, a system-provided source of randomness will be used.)
     * <p>
     * Note that when a Cipher object is initialized, it loses all
     * previously-acquired state. In other words, initializing a Cipher is
     * equivalent to creating a new instance of that Cipher and initializing
     * it.
     *
     * @param opmode the operation mode of this cipher (this is one of the following:
     * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>,
     * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
     * @param key the key
     * @exception InvalidKeyException if the given key is inappropriate for
     * initializing this cipher, or if this cipher is being initialized for
     * decryption and requires algorithm parameters that cannot be
     * determined from the given key, or if the given key has a keysize that
     * exceeds the maximum allowable keysize (as determined from the
     * configured jurisdiction policy files). Note: Jurisdiction files are ignored
     * in this implementation.
     */
00450     public final void init(
        int     opmode,
        Key     key)
    throws InvalidKeyException
    {
        cipherSpi.engineInit(opmode, key, new SecureRandom());
            mode = opmode;
    }

    /**
     * Initializes this cipher with a key and a source of randomness.
     * <p>
     * The cipher is initialized for one of the following four operations:
     * encryption, decryption, key wrapping or  key unwrapping, depending
     * on the value of <code>opmode</code>.
     * <p>
     * If this cipher requires any algorithm parameters that cannot be
     * derived from the given <code>key</code>, the underlying cipher
     * implementation is supposed to generate the required parameters itself
     * (using provider-specific default or random values) if it is being
     * initialized for encryption or key wrapping, and raise an
     * <code>InvalidKeyException</code> if it is being
     * initialized for decryption or key unwrapping.
     * The generated parameters can be retrieved using
     * <a href = "#engineGetParameters()">engineGetParameters</a> or
     * <a href = "#engineGetIV()">engineGetIV</a> (if the parameter is an IV).
     * <p>
     * If this cipher (including its underlying feedback or padding scheme)
     * requires any random bytes (e.g., for parameter generation), it will get
     * them from <code>random</code>.
     * <p>
     * Note that when a Cipher object is initialized, it loses all
     * previously-acquired state. In other words, initializing a Cipher is
     * equivalent to creating a new instance of that Cipher and initializing
     * it.
     * @param opmode the operation mode of this cipher (this is one of the
     * following: <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>,
     * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
     * @param key the encryption key
     * @param random the source of randomness
     * @exception InvalidKeyException if the given key is inappropriate for
     * initializing this cipher, or if this cipher is being initialized for
     * decryption and requires algorithm parameters that cannot be
     * determined from the given key, or if the given key has a keysize that
     * exceeds the maximum allowable keysize (as determined from the
     * configured jurisdiction policy files). Note: Jurisdiction files are ignored
     * in this implementation.
     */
00498     public final void init(
        int             opmode,
        Key             key,
        SecureRandom    random)
    throws InvalidKeyException
    {
        cipherSpi.engineInit(opmode, key, random);
            mode = opmode;
    }

    /**
     * Initializes this cipher with a key and a set of algorithm parameters.
     * <p>
     * The cipher is initialized for one of the following four operations:
     * encryption, decryption, key wrapping or  key unwrapping, depending
     * on the value of <code>opmode</code>.
     * <p>
     * If this cipher requires any algorithm parameters and
     * <code>params</code> is null, the underlying cipher implementation is
     * supposed to generate the required parameters itself (using
     * provider-specific default or random values) if it is being
     * initialized for encryption or key wrapping, and raise an
     * <code>InvalidAlgorithmParameterException</code> if it is being
     * initialized for decryption or key unwrapping.
     * The generated parameters can be retrieved using
     * <a href = "#getParameters()">getParameters</a> or
     * <a href = "#getIV()">getIV</a> (if the parameter is an IV).
     * <p>
     * If this cipher (including its underlying feedback or padding scheme)
     * requires any random bytes (e.g., for parameter generation), it will get
     * them using the
     * <a href="http://java.sun.com/products/jdk/1.2/docs/api/java.security.SecureRandom.html">
     * <code>SecureRandom</code></a> implementation of the highest-priority
     * installed provider as the source of randomness.
     * (If none of the installed providers supply an implementation of
     * SecureRandom, a system-provided source of randomness will be used.)
     * <p>
     * Note that when a Cipher object is initialized, it loses all
     * previously-acquired state. In other words, initializing a Cipher is
     * equivalent to creating a new instance of that Cipher and initializing
     * it.
     *
     * @param opmode the operation mode of this cipher (this is one of the
     * following: <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, <code>WRAP_MODE</code>
     * or <code>UNWRAP_MODE</code>)
     * @param key the encryption key
     * @param params the algorithm parameters
     * @exception InvalidKeyException if the given key is inappropriate for initializing this
     * cipher, or its keysize exceeds the maximum allowable keysize (as determined from the
     * configured jurisdiction policy files).
     * @exception InvalidAlgorithmParameterException if the given algorithm parameters are
     * inappropriate for this cipher, or this cipher is being initialized for decryption and
     * requires algorithm parameters and <code>params</code> is null, or the given algorithm
     * parameters imply a cryptographic strength that would exceed the legal limits (as determined
     * from the configured jurisdiction policy files). Note: Jurisdiction files are ignored
     * in this implementation.
     */
00555     public final void init(
        int                     opmode,
        Key                     key,
        AlgorithmParameterSpec  params)
    throws InvalidKeyException, InvalidAlgorithmParameterException
    {
        cipherSpi.engineInit(opmode, key, params, new SecureRandom());
            mode = opmode;
    }

    /**
     * Initializes this cipher with a key, a set of algorithm
     * parameters, and a source of randomness.
     * <p>
     * The cipher is initialized for one of the following four operations:
     * encryption, decryption, key wrapping or  key unwrapping, depending
     * on the value of <code>opmode</code>.
     * <p>
     * If this cipher requires any algorithm parameters and
     * <code>params</code> is null, the underlying cipher implementation is
     * supposed to generate the required parameters itself (using
     * provider-specific default or random values) if it is being
     * initialized for encryption or key wrapping, and raise an
     * <code>InvalidAlgorithmParameterException</code> if it is being
     * initialized for decryption or key unwrapping.
     * The generated parameters can be retrieved using
     * <a href = "#getParameters()">getParameters</a> or
     * <a href = "#getIV()">getIV</a> (if the parameter is an IV).
     * <p>
     * If this cipher (including its underlying feedback or padding scheme)
     * requires any random bytes (e.g., for parameter generation), it will get
     * them from <code>random</code>.
     * <p>
     * Note that when a Cipher object is initialized, it loses all
     * previously-acquired state. In other words, initializing a Cipher is
     * equivalent to creating a new instance of that Cipher and initializing
     * it.
     *
     * @param opmode the operation mode of this cipher (this is one of the
     * following: <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>,
     * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
     * @param key the encryption key
     * @param params the algorithm parameters
     * @param random the source of randomness
     * @exception InvalidKeyException if the given key is inappropriate for
     * initializing this cipher, or its keysize exceeds the maximum allowable
     * keysize (as determined from the configured jurisdiction policy files).
     * @exception InvalidAlgorithmParameterException if the given algorithm
     * parameters are inappropriate for this cipher,
     * or this cipher is being initialized for decryption and requires
     * algorithm parameters and <code>params</code> is null, or the given
     * algorithm parameters imply a cryptographic strength that would exceed
     * the legal limits (as determined from the configured jurisdiction
     * policy files).
     * Note: Jurisdiction files are ignored in this implementation.
     */
00611     public final void init(
        int                     opmode,
        Key                     key,
        AlgorithmParameterSpec  params,
        SecureRandom            random)
    throws InvalidKeyException, InvalidAlgorithmParameterException
    {
        cipherSpi.engineInit(opmode, key, params, random);
            mode = opmode;
    }

    /**
     * Initializes this cipher with a key and a set of algorithm
     * parameters.
     * <p>
     * The cipher is initialized for one of the following four operations:
     * encryption, decryption, key wrapping or  key unwrapping, depending
     * on the value of <code>opmode</code>.
     * <p>
     * If this cipher requires any algorithm parameters and
     * <code>params</code> is null, the underlying cipher implementation is
     * supposed to generate the required parameters itself (using
     * provider-specific default or random values) if it is being
     * initialized for encryption or key wrapping, and raise an
     * <code>InvalidAlgorithmParameterException</code> if it is being
     * initialized for decryption or key unwrapping.
     * The generated parameters can be retrieved using
     * <a href = "#getParameters()">getParameters</a> or
     * <a href = "#getIV()">getIV</a> (if the parameter is an IV).
     * <p>
     * If this cipher (including its underlying feedback or padding scheme)
     * requires any random bytes (e.g., for parameter generation), it will get
     * them using the
     * <a href="http://java.sun.com/products/jdk/1.2/docs/api/java.security.SecureRandom.html">
     * <code>SecureRandom</code></a> implementation of the highest-priority
     * installed provider as the source of randomness.
     * (If none of the installed providers supply an implementation of
     * SecureRandom, a system-provided source of randomness will be used.)
     * <p>
     * Note that when a Cipher object is initialized, it loses all
     * previously-acquired state. In other words, initializing a Cipher is
     * equivalent to creating a new instance of that Cipher and initializing
     * it.
     *
     * @param opmode the operation mode of this cipher (this is one of the
     * following: <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, <code>WRAP_MODE</code>
     * or <code>UNWRAP_MODE</code>)
     * @param key the encryption key
     * @param params the algorithm parameters
     * @exception InvalidKeyException if the given key is inappropriate for
     * initializing this cipher, or its keysize exceeds the maximum allowable
     * keysize (as determined from the configured jurisdiction policy files).
     * @exception InvalidAlgorithmParameterException if the given algorithm
     * parameters are inappropriate for this cipher,
     * or this cipher is being initialized for decryption and requires
     * algorithm parameters and <code>params</code> is null, or the given
     * algorithm parameters imply a cryptographic strength that would exceed
     * the legal limits (as determined from the configured jurisdiction
     * policy files).
     * Note: Jurisdiction files are ignored in this implementation.
     */
00672     public final void init(
        int                     opmode,
        Key                     key,
        AlgorithmParameters     params)
    throws InvalidKeyException, InvalidAlgorithmParameterException
    {
        cipherSpi.engineInit(opmode, key, params, new SecureRandom());
            mode = opmode;
    }

    /**
     * Initializes this cipher with a key, a set of algorithm
     * parameters, and a source of randomness.
     * <p>
     * The cipher is initialized for one of the following four operations:
     * encryption, decryption, key wrapping or  key unwrapping, depending
     * on the value of <code>opmode</code>.
     * <p>
     * If this cipher requires any algorithm parameters and
     * <code>params</code> is null, the underlying cipher implementation is
     * supposed to generate the required parameters itself (using
     * provider-specific default or random values) if it is being
     * initialized for encryption or key wrapping, and raise an
     * <code>InvalidAlgorithmParameterException</code> if it is being
     * initialized for decryption or key unwrapping.
     * The generated parameters can be retrieved using
     * <a href = "#getParameters()">getParameters</a> or
     * <a href = "#getIV()">getIV</a> (if the parameter is an IV).
     * <p>
     * If this cipher (including its underlying feedback or padding scheme)
     * requires any random bytes (e.g., for parameter generation), it will get
     * them from <code>random</code>.
     * <p>
     * Note that when a Cipher object is initialized, it loses all
     * previously-acquired state. In other words, initializing a Cipher is
     * equivalent to creating a new instance of that Cipher and initializing
     * it.
     *
     * @param opmode the operation mode of this cipher (this is one of the
     * following: <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, <code>WRAP_MODE</code>
     * or <code>UNWRAP_MODE</code>)
     * @param key the encryption key
     * @param params the algorithm parameters
     * @param random the source of randomness
     * @exception InvalidKeyException if the given key is inappropriate for
     * initializing this cipher, or its keysize exceeds the maximum allowable
     * keysize (as determined from the configured jurisdiction policy files).
     * @exception InvalidAlgorithmParameterException if the given algorithm
     * parameters are inappropriate for this cipher,
     * or this cipher is being initialized for decryption and requires
     * algorithm parameters and <code>params</code> is null, or the given
     * algorithm parameters imply a cryptographic strength that would exceed
     * the legal limits (as determined from the configured jurisdiction
     * policy files).
     * Note: Jurisdiction files are ignored in this implementation.
     */
00728     public final void init(
        int                 opmode,
        Key                 key,
        AlgorithmParameters params,
        SecureRandom        random)
    throws InvalidKeyException, InvalidAlgorithmParameterException
    {
        cipherSpi.engineInit(opmode, key, params, random);
            mode = opmode;
    }

    /**
     * Initializes this cipher with the public key from the given certificate.
     * <p>
     * The cipher is initialized for one of the following four operations:
     * encryption, decryption, key wrapping or  key unwrapping, depending
     * on the value of <code>opmode</code>.
     * <p>
     * If the certificate is of type X.509 and has a <i>key usage</i>
     * extension field marked as critical, and the value of the <i>key usage</i>
     * extension field implies that the public key in
     * the certificate and its corresponding private key are not
     * supposed to be used for the operation represented by the value
     * of <code>opmode</code>,
     * an <code>InvalidKeyException</code>
     * is thrown.
     * <p>
     * If this cipher requires any algorithm parameters that cannot be
     * derived from the public key in the given certificate, the underlying
     * cipher
     * implementation is supposed to generate the required parameters itself
     * (using provider-specific default or ramdom values) if it is being
     * initialized for encryption or key wrapping, and raise an <code>
     * InvalidKeyException</code> if it is being initialized for decryption or
     * key unwrapping.
     * The generated parameters can be retrieved using
     * <a href = "#getParameters()">getParameters</a> or
     * <a href = "#getIV()">getIV</a> (if the parameter is an IV).
     * <p>
     * If this cipher (including its underlying feedback or padding scheme)
     * requires any random bytes (e.g., for parameter generation), it will get
     * them using the
     * <a href="http://java.sun.com/products/jdk/1.2/docs/api/java.security.SecureRandom.html">
     * <code>SecureRandom</code></a>
     * implementation of the highest-priority installed provider as the source of randomness.
     * (If none of the installed providers supply an implementation of
     * SecureRandom, a system-provided source of randomness will be used.)
     * <p>
     * Note that when a Cipher object is initialized, it loses all
     * previously-acquired state. In other words, initializing a Cipher is
     * equivalent to creating a new instance of that Cipher and initializing
     * it.
     * @param opmode the operation mode of this cipher (this is one of the
     * following:
     * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>,
     * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
     * @param certificate the certificate
     * @exception InvalidKeyException if the public key in the given
     * certificate is inappropriate for initializing this cipher, or this
     * cipher is being initialized for decryption or unwrapping keys and
     * requires algorithm parameters that cannot be determined from the
     * public key in the given certificate, or the keysize of the public key
     * in the given certificate has a keysize that exceeds the maximum
     * allowable keysize (as determined by the configured jurisdiction policy
     * files).
     * Note: Jurisdiction files are ignored in this implementation.
     */
00795     public final void init(
        int             opmode,
        Certificate     certificate)
    throws InvalidKeyException
    {
        cipherSpi.engineInit(opmode, certificate.getPublicKey(), new SecureRandom());
            mode = opmode;
    }

    /**
     * Initializes this cipher with the public key from the given certificate
     * and a source of randomness.
     * <p>The cipher is initialized for one of the following four operations:
     * encryption, decryption, key wrapping
     * or key unwrapping, depending on
     * the value of <code>opmode</code>.
     * <p>
     * If the certificate is of type X.509 and has a <i>key usage</i>
     * extension field marked as critical, and the value of the <i>key usage</i>
     * extension field implies that the public key in
     * the certificate and its corresponding private key are not
     * supposed to be used for the operation represented by the value of
     * <code>opmode</code>,
     * an <code>InvalidKeyException</code>
     * is thrown.
     * <p>
     * If this cipher requires any algorithm parameters that cannot be
     * derived from the public key in the given <code>certificate</code>,
     * the underlying cipher
     * implementation is supposed to generate the required parameters itself
     * (using provider-specific default or random values) if it is being
     * initialized for encryption or key wrapping, and raise an
     * <code>InvalidKeyException</code> if it is being
     * initialized for decryption or key unwrapping.
     * The generated parameters can be retrieved using
     * <a href = "#engineGetParameters()">engineGetParameters</a> or
     * <a href = "#engineGetIV()">engineGetIV</a> (if the parameter is an IV).
     * <p>
     * If this cipher (including its underlying feedback or padding scheme)
     * requires any random bytes (e.g., for parameter generation), it will get
     * them from <code>random</code>.
     * <p>
     * Note that when a Cipher object is initialized, it loses all
     * previously-acquired state. In other words, initializing a Cipher is
     * equivalent to creating a new instance of that Cipher and initializing
     * it.
     *
     * @param opmode the operation mode of this cipher (this is one of the
     * following: <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>,
     * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
     * @param certificate the certificate
     * @param random the source of randomness
     * @exception InvalidKeyException if the public key in the given
     * certificate is inappropriate for initializing this cipher, or this
     * cipher is being initialized for decryption or unwrapping keys and
     * requires algorithm parameters that cannot be determined from the
     * public key in the given certificate, or the keysize of the public key
     * in the given certificate has a keysize that exceeds the maximum
     * allowable keysize (as determined by the configured jurisdiction policy
     * files).
     */
00856     public final void init(
        int             opmode,
        Certificate     certificate,
        SecureRandom    random)
    throws InvalidKeyException
    {
        cipherSpi.engineInit(opmode, certificate.getPublicKey(), random);
            mode = opmode;
    }

    /**
     * Continues a multiple-part encryption or decryption operation
     * (depending on how this cipher was initialized), processing another data
     * part.
     * <p>
     * The bytes in the <code>input</code> buffer are processed, and the
     * result is stored in a new buffer.
     * <p>
     * If <code>input</code> has a length of zero, this method returns
     * <code>null</code>.
     *
     * @param input the input buffer
     * @return the new buffer with the result, or null if the underlying
     * cipher is a block cipher and the input data is too short to result in a
     * new block.
     * @exception IllegalStateException if this cipher is in a wrong state
     * (e.g., has not been initialized)
     */
00884     public final byte[] update(
        byte[]      input)
    throws IllegalStateException
    {
            if ( mode != ENCRYPT_MODE && mode != DECRYPT_MODE )
                  throw new IllegalStateException("Cipher is uninitialised");

            if ( input == null )
                  throw new IllegalArgumentException("Null input buffer");

            if ( input.length == 0 )
                  return null;

        return cipherSpi.engineUpdate(input, 0, input.length);
    }

    /**
     * Continues a multiple-part encryption or decryption operation
     * (depending on how this cipher was initialized), processing another data
     * part.
     * <p>
     * The first <code>inputLen</code> bytes in the <code>input</code>
     * buffer, starting at <code>inputOffset</code> inclusive, are processed,
     * and the result is stored in a new buffer.
     * <p>
     * If <code>inputLen</code> is zero, this method returns
     * <code>null</code>.
     *
     * @param input the input buffer
     * @param inputOffset the offset in <code>input</code> where the input
     * starts
     * @param inputLen the input length
     * @return the new buffer with the result, or null if the underlying
     * cipher is a block cipher and the input data is too short to result in a
     * new block.
     * @exception IllegalStateException if this cipher is in a wrong state
     * (e.g., has not been initialized)
     */
00922     public final byte[] update(
        byte[]      input,
        int         inputOffset,
        int         inputLen)
    throws IllegalStateException
    {
            if ( mode != ENCRYPT_MODE && mode != DECRYPT_MODE )
                  throw new IllegalStateException("Cipher is uninitialised");

            if (input == null)
        {
                  throw new IllegalArgumentException("Null input passed");
        }

        if (inputLen < 0 || inputOffset < 0
                  || inputLen > (input.length - inputOffset))
            {
                  throw new IllegalArgumentException("Bad inputOffset/inputLen");
            }

            if ( inputLen == 0 )
                  return null;

        return cipherSpi.engineUpdate(input, inputOffset, inputLen);
    }

    /**
     * Continues a multiple-part encryption or decryption operation
     * (depending on how this cipher was initialized), processing another data
     * part.
     * <p>
     * The first <code>inputLen</code> bytes in the <code>input</code>
     * buffer, starting at <code>inputOffset</code> inclusive, are processed,
     * and the result is stored in the <code>output</code> buffer.
     * <p>
     * If the <code>output</code> buffer is too small to hold the result,
     * a <code>ShortBufferException</code> is thrown. In this case, repeat this
     * call with a larger output buffer. Use
     * <a href = "#getOutputSize(int)">getOutputSize</a> to determine how big
     * the output buffer should be.
     * <p>
     * If <code>inputLen</code> is zero, this method returns
     * a length of zero.
     *
     * @param input the input buffer
     * @param inputOffset the offset in <code>input</code> where the input starts
     * @param inputLen the input length
     * @param output the buffer for the result
     * @return the number of bytes stored in <code>output</code>
     * @exception IllegalStateException if this cipher is in a wrong state
     * (e.g., has not been initialized)
     * @exception ShortBufferException if the given output buffer is too small
     * to hold the result
     */
00976     public final int update(
        byte[]  input,
        int     inputOffset,
        int     inputLen,
        byte[]  output)
    throws IllegalStateException, ShortBufferException
    {
            if ( mode != ENCRYPT_MODE && mode != DECRYPT_MODE )
                  throw new IllegalStateException("Cipher is uninitialised");

            if (input == null)
        {
                  throw new IllegalArgumentException("Null input passed");
        }

        if (inputLen < 0 || inputOffset < 0
                  || inputLen > (input.length - inputOffset))
            {
                  throw new IllegalArgumentException("Bad inputOffset/inputLen");
            }

            if (output == null)
            {
                  throw new IllegalArgumentException("Null output passed");
            }

            if ( inputLen == 0 )
                  return 0;

        return cipherSpi.engineUpdate(input, inputOffset, inputLen, output, 0);
    }

    /**
     * Continues a multiple-part encryption or decryption operation
     * (depending on how this cipher was initialized), processing another data
     * part.
     * <p>
     * The first <code>inputLen</code> bytes in the <code>input</code>
     * buffer, starting at <code>inputOffset</code> inclusive, are processed,
     * and the result is stored in the <code>output</code> buffer, starting at
     * <code>outputOffset</code> inclusive.
     * <p>
     * If the <code>output</code> buffer is too small to hold the result,
     * a <code>ShortBufferException</code> is thrown. In this case, repeat this
     * call with a larger output buffer. Use
     * <a href = "#getOutputSize(int)">getOutputSize</a> to determine how big
     * the output buffer should be.
     * <p>
     * If <code>inputLen</code> is zero, this method returns
     * a length of zero.
     *
     * @param input the input buffer
     * @param inputOffset the offset in <code>input</code> where the input starts
     * @param inputLen the input length
     * @param output the buffer for the result
     * @param outputOffset the offset in <code>output</code> where the result
     * is stored
     * @return the number of bytes stored in <code>output</code>
     * @exception IllegalStateException if this cipher is in a wrong state
     * (e.g., has not been initialized)
     * @exception ShortBufferException if the given output buffer is too small
     * to hold the result
     */
01039     public final int update(
        byte[]      input,
        int         inputOffset,
        int         inputLen,
        byte[]      output,
        int         outputOffset)
    throws IllegalStateException, ShortBufferException
    {
            if ( mode != ENCRYPT_MODE && mode != DECRYPT_MODE )
                  throw new IllegalStateException("Cipher is uninitialised");

            if (input == null)
        {
                  throw new IllegalArgumentException("Null input passed");
        }

        if (inputLen < 0 || inputOffset < 0
                  || inputLen > (input.length - inputOffset))
            {
                  throw new IllegalArgumentException("Bad inputOffset/inputLen");
            }

            if (output == null)
            {
                  throw new IllegalArgumentException("Null output passed");
            }

        if (outputOffset < 0 || outputOffset >= output.length)
            {
                  throw new IllegalArgumentException("Bad outputOffset");
            }

            if (inputLen == 0)
        {
                  return 0;
        }

        return cipherSpi.engineUpdate(input, inputOffset, inputLen, output, outputOffset);
    }

    /**
     * Finishes a multiple-part encryption or decryption operation, depending
     * on how this cipher was initialized.
     * <p>
     * Input data that may have been buffered during a previous
     * <code>update</code> operation is processed, with padding (if requested)
     * being applied.
     * The result is stored in a new buffer.
     * <p>
     * A call to this method resets this cipher object to the state
     * it was in when previously initialized via a call to <code>init</code>.
     * That is, the object is reset and available to encrypt or decrypt
     * (depending on the operation mode that was specified in the call to
     * <code>init</code>) more data.
     * @return the new buffer with the result
     * @exception IllegalStateException if this cipher is in a wrong state
     * (e.g., has not been initialized)
     * @exception IllegalBlockSizeException if this cipher is a block cipher,
     * no padding has been requested (only in encryption mode), and the total
     * input length of the data processed by this cipher is not a multiple of
     * block size
     * @exception BadPaddingException if this cipher is in decryption mode,
     * and (un)padding has been requested, but the decrypted data is not
     * bounded by the appropriate padding bytes
     */
01104     public final byte[] doFinal()
    throws java.lang.IllegalStateException, IllegalBlockSizeException,
        BadPaddingException
    {
            if ( mode != ENCRYPT_MODE && mode != DECRYPT_MODE )
                  throw new IllegalStateException("Cipher is uninitialised");

        return cipherSpi.engineDoFinal(null, 0, 0);
    }

    /**
     * Finishes a multiple-part encryption or decryption operation, depending
     * on how this cipher was initialized.
     * <p>
     * Input data that may have been buffered during a previous
     * <code>update</code> operation is processed, with padding (if requested)
     * being applied.
     * The result is stored in the <code>output</code> buffer, starting at
     * <code>outputOffset</code> inclusive.
     * <p>
     * If the <code>output</code> buffer is too small to hold the result,
     * a <code>ShortBufferException</code> is thrown. In this case, repeat this
     * call with a larger output buffer. Use
     * <a href = "#getOutputSize(int)">getOutputSize</a> to determine how big
     * the output buffer should be.
     * <p>
     * A call to this method resets this cipher object to the state
     * it was in when previously initialized via a call to <code>init</code>.
     * That is, the object is reset and available to encrypt or decrypt
     * (depending on the operation mode that was specified in the call to
     * <code>init</code>) more data.
     *
     * @param output the buffer for the result
     * @param outputOffset the offset in <code>output</code> where the result
     * is stored
     * @return the number of bytes stored in <code>output</code>
     * @exception IllegalStateException if this cipher is in a wrong state
     * (e.g., has not been initialized)
     * @exception IllegalBlockSizeException if this cipher is a block cipher,
     * no padding has been requested (only in encryption mode), and the total
     * input length of the data processed by this cipher is not a multiple of
     * block size
     * @exception ShortBufferException if the given output buffer is too small
     * to hold the result
     * @exception BadPaddingException if this cipher is in decryption mode,
     * and (un)padding has been requested, but the decrypted data is not
     * bounded by the appropriate padding bytes
     */
01152     public final int doFinal(
        byte[]      output,
        int         outputOffset)
    throws IllegalStateException, IllegalBlockSizeException,
         ShortBufferException, BadPaddingException
    {
            if ( mode != ENCRYPT_MODE && mode != DECRYPT_MODE )
                  throw new IllegalStateException("Cipher is uninitialised");

            if (output == null)
            {
                  throw new IllegalArgumentException("Null output passed");
            }

        if (outputOffset < 0 || outputOffset >= output.length)
            {
                  throw new IllegalArgumentException("Bad outputOffset");
            }

        return cipherSpi.engineDoFinal(null, 0, 0, output, outputOffset);
    }

    /**
     * Encrypts or decrypts data in a single-part operation, or finishes a
     * multiple-part operation. The data is encrypted or decrypted,
     * depending on how this cipher was initialized.
     * <p>
     * The bytes in the <code>input</code> buffer, and any input bytes that
     * may have been buffered during a previous <code>update</code> operation,
     * are processed, with padding (if requested) being applied.
     * The result is stored in a new buffer.
     * <p>
     * A call to this method resets this cipher object to the state
     * it was in when previously initialized via a call to <code>init</code>.
     * That is, the object is reset and available to encrypt or decrypt
     * (depending on the operation mode that was specified in the call to
     * <code>init</code>) more data.
     *
     * @param input the input buffer
     * @return the new buffer with the result
     * @exception IllegalStateException if this cipher is in a wrong state
     * (e.g., has not been initialized)
     * @exception IllegalBlockSizeException if this cipher is a block cipher,
     * no padding has been requested (only in encryption mode), and the total
     * input length of the data processed by this cipher is not a multiple of
     * block size
     * @exception BadPaddingException if this cipher is in decryption mode,
     * and (un)padding has been requested, but the decrypted data is not
     * bounded by the appropriate padding bytes
     */
01202     public final byte[] doFinal(
        byte[]      input)
    throws java.lang.IllegalStateException, IllegalBlockSizeException, BadPaddingException
    {
            if ( mode != ENCRYPT_MODE && mode != DECRYPT_MODE )
                  throw new IllegalStateException("Cipher is uninitialised");

            if ( input == null )
            {
                  throw new IllegalArgumentException("Null input passed");
            }

        return cipherSpi.engineDoFinal(input, 0, input.length);
    }

    /**
     * Encrypts or decrypts data in a single-part operation, or finishes a
     * multiple-part operation. The data is encrypted or decrypted,
     * depending on how this cipher was initialized.
     * <p>
     * The first <code>inputLen</code> bytes in the <code>input</code>
     * buffer, starting at <code>inputOffset</code> inclusive, and any input
     * bytes that may have been buffered during a previous <code>update</code>
     * operation, are processed, with padding (if requested) being applied.
     * The result is stored in a new buffer.
     * <p>A call to this method resets this cipher object to the state
     * it was in when previously initialized via a call to <code>init</code>.
     * That is, the object is reset and available to encrypt or decrypt
     * (depending on the operation mode that was specified in the call to
     * <code>init</code>) more data.
     *
     * @param input the input buffer
     * @param inputOffset the offset in <code>input</code> where the input starts
     * @param inputLen the input length
     * @return the new buffer with the result
     * @exception IllegalStateException if this cipher is in a wrong state
     * (e.g., has not been initialized)
     * @exception IllegalBlockSizeException if this cipher is a block cipher,
     * no padding has been requested (only in encryption mode), and the total
     * input length of the data processed by this cipher is not a multiple of
     * block size
     * @exception BadPaddingException if this cipher is in decryption mode,
     * and (un)padding has been requested, but the decrypted data is not
     * bounded by the appropriate padding bytes
     */
01247     public final byte[] doFinal(
        byte[]      input,
        int         inputOffset,
        int         inputLen)
    throws IllegalStateException, IllegalBlockSizeException, BadPaddingException
    {
            if ( mode != ENCRYPT_MODE && mode != DECRYPT_MODE )
                  throw new IllegalStateException("Cipher is uninitialised");

            if (input == null)
        {
                  throw new IllegalArgumentException("Null input passed");
        }

        if (inputLen < 0 || inputOffset < 0
                  || inputLen > (input.length - inputOffset))
            {
                  throw new IllegalArgumentException("Bad inputOffset/inputLen");
            }

        return cipherSpi.engineDoFinal(input, inputOffset, inputLen);
    }

    /**
     * Encrypts or decrypts data in a single-part operation, or finishes a
     * multiple-part operation. The data is encrypted or decrypted,
     * depending on how this cipher was initialized.
     * <p>
     * The first <code>inputLen</code> bytes in the <code>input</code>
     * buffer, starting at <code>inputOffset</code> inclusive, and any input
     * bytes that may have been buffered during a previous <code>update</code>
     * operation, are processed, with padding (if requested) being applied.
     * The result is stored in the <code>output</code> buffer.
     * <p>
     * If the <code>output</code> buffer is too small to hold the result,
     * a <code>ShortBufferException</code> is thrown. In this case, repeat this
     * call with a larger output buffer. Use
     * <a href = "#getOutputSize(int)">getOutputSize</a> to determine how big
     * the output buffer should be.
     * <p>
     * A call to this method resets this cipher object to the state
     * it was in when previously initialized via a call to <code>init</code>.
     * That is, the object is reset and available to encrypt or decrypt
     * (depending on the operation mode that was specified in the call to
     * <code>init</code>) more data.
     * @param input the input buffer
     * @param inputOffset the offset in <code>input</code> where the input starts
     * @param inputLen the input length
     * @param output the buffer for the result
     * @return the number of bytes stored in <code>output</code>
     * @exception IllegalStateException if this cipher is in a wrong state
     * (e.g., has not been initialized)
     * @exception IllegalBlockSizeException if this cipher is a block cipher,
     * no padding has been requested (only in encryption mode), and the total
     * input length of the data processed by this cipher is not a multiple of
     * block size
     * @exception ShortBufferException if the given output buffer is too small
     * to hold the result
     * @exception BadPaddingException if this cipher is in decryption mode,
     * and (un)padding has been requested, but the decrypted data is not
     * bounded by the appropriate padding bytes
     */
01309     public final int doFinal(
        byte[]      input,
        int         inputOffset,
        int         inputLen,
        byte[]      output)
    throws IllegalStateException, ShortBufferException,
                IllegalBlockSizeException, BadPaddingException
    {
            if ( mode != ENCRYPT_MODE && mode != DECRYPT_MODE )
                  throw new IllegalStateException("Cipher is uninitialised");

            if (input == null)
        {
                  throw new IllegalArgumentException("Null input passed");
        }

        if (inputLen < 0 || inputOffset < 0
                  || inputLen > (input.length - inputOffset))
            {
                  throw new IllegalArgumentException("Bad inputOffset/inputLen");
            }

            if (output == null)
            {
                  throw new IllegalArgumentException("Null output passed");
            }

        return cipherSpi.engineDoFinal(input, inputOffset, inputLen, output, 0);
    }

    /**
     * Encrypts or decrypts data in a single-part operation, or finishes a
     * multiple-part operation. The data is encrypted or decrypted,
     * depending on how this cipher was initialized.
     * <p>
     * The first <code>inputLen</code> bytes in the <code>input</code>
     * buffer, starting at <code>inputOffset</code> inclusive, and any input
     * bytes that may have been buffered during a previous
     * <code>update</code> operation, are processed, with padding
     * (if requested) being applied.
     * The result is stored in the <code>output</code> buffer, starting at
     * <code>outputOffset</code> inclusive.
     * <p>
     * If the <code>output</code> buffer is too small to hold the result,
     * a <code>ShortBufferException</code> is thrown. In this case, repeat this
     * call with a larger output buffer. Use
     * <a href = "#getOutputSize(int)">getOutputSize</a> to determine how big
     * the output buffer should be.
     * <p>
     * A call to this method resets this cipher object to the state
     * it was in when previously initialized via a call to <code>init</code>.
     * That is, the object is reset and available to encrypt or decrypt
     * (depending on the operation mode that was specified in the call to
     * <code>init</code>) more data.
     *
     * @param input the input buffer
     * @param inputOffset the offset in <code>input</code> where the input starts
     * @param inputLen the input length
     * @param output the buffer for the result
     * @param outputOffset the offset in <code>output</code> where the result is
     * stored
     * @return the number of bytes stored in <code>output</code>
     * @exception IllegalStateException if this cipher is in a wrong state
     * (e.g., has not been initialized)
     * @exception IllegalBlockSizeException if this cipher is a block cipher,
     * no padding has been requested (only in encryption mode), and the total
     * input length of the data processed by this cipher is not a multiple of
     * block size
     * @exception ShortBufferException if the given output buffer is too small
     * to hold the result
     * @exception BadPaddingException if this cipher is in decryption mode,
     * and (un)padding has been requested, but the decrypted data is not
     * bounded by the appropriate padding bytes
     */
01383     public final int doFinal(
        byte[]      input,
        int         inputOffset,
        int         inputLen,
        byte[]      output,
        int         outputOffset)
    throws IllegalStateException, ShortBufferException,
        IllegalBlockSizeException, BadPaddingException
    {
            if ( mode != ENCRYPT_MODE && mode != DECRYPT_MODE )
                  throw new IllegalStateException("Cipher is uninitialised");

            if (input == null)
        {
                  throw new IllegalArgumentException("Null input passed");
        }

        if (inputLen < 0 || inputOffset < 0
                  || inputLen > (input.length - inputOffset))
            {
                  throw new IllegalArgumentException("Bad inputOffset/inputLen");
            }

            if (output == null)
            {
                  throw new IllegalArgumentException("Null output passed");
            }

        if (outputOffset < 0 || outputOffset >= output.length)
            {
                  throw new IllegalArgumentException("Bad outputOffset");
            }

        return cipherSpi.engineDoFinal(input, inputOffset, inputLen, output, outputOffset);
    }

    /**
     * Wrap a key.
     *
     * @param key the key to be wrapped.
     * @return the wrapped key.
     * @exception IllegalStateException if this cipher is in a wrong state (e.g., has not
     * been initialized).
     * @exception IllegalBlockSizeException if this cipher is a block cipher, no padding
     * has been requested, and the length of the encoding of the key to be wrapped is not a
     * multiple of the block size.
     * @exception <DD>java.security.InvalidKeyException - if it is impossible or unsafe to
     * wrap the key with this cipher (e.g., a hardware protected key is being passed to a
     * software-only cipher).
     */
01433     public final byte[] wrap(
        Key   key)
    throws IllegalStateException, IllegalBlockSizeException, InvalidKeyException
    {
            if ( mode != WRAP_MODE )
                  throw new IllegalStateException("Cipher is not initialised for wrapping");

        if (key == null)
        {
                  throw new IllegalArgumentException("Null key passed");
        }

        return cipherSpi.engineWrap(key);
    }

    /**
     * Unwrap a previously wrapped key.
     *
     * @param wrappedKey the key to be unwrapped.
     * @param wrappedKeyAlgorithm the algorithm associated with the wrapped key.
     * @param wrappedKeyType the type of the wrapped key. This must be one of
     * <code>SECRET_KEY</code>, <code>PRIVATE_KEY</code>, or <code>PUBLIC_KEY</code>.
     * @return the unwrapped key.
     * @exception IllegalStateException if this cipher is in a wrong state
     * (e.g., has not been initialized).
     * @exception InvalidKeyException if <code>wrappedKey</code> does not
     * represent a wrapped key, or if the algorithm associated with the
     * wrapped key is different from <code>wrappedKeyAlgorithm</code>
     * and/or its key type is different from <code>wrappedKeyType</code>.
     * @exception NoSuchAlgorithmException - if no installed providers
     * can create keys for the <code>wrappedKeyAlgorithm</code>.
     */
01465     public final Key unwrap(
        byte[]      wrappedKey,
        String      wrappedKeyAlgorithm,
        int         wrappedKeyType)
    throws IllegalStateException, InvalidKeyException, NoSuchAlgorithmException
    {
            if ( mode != UNWRAP_MODE )
                  throw new IllegalStateException("Cipher is not initialised for unwrapping");

            if ( wrappedKeyType != SECRET_KEY && wrappedKeyType != PUBLIC_KEY
                  && wrappedKeyType != PRIVATE_KEY )
            {
                  throw new IllegalArgumentException("Invalid key type argument");
            }

        if (wrappedKey == null)
        {
                  throw new IllegalArgumentException("Null wrappedKey passed");
        }

        if (wrappedKeyAlgorithm == null)
        {
                  throw new IllegalArgumentException("Null wrappedKeyAlgorithm string passed");
        }

        return cipherSpi.engineUnwrap(wrappedKey, wrappedKeyAlgorithm, wrappedKeyType);
    }
}

Generated by  Doxygen 1.6.0   Back to index