Package com.google.crypto.tink.internal
Class KeyManagerRegistry
- java.lang.Object
-
- com.google.crypto.tink.internal.KeyManagerRegistry
-
public final class KeyManagerRegistry extends java.lang.ObjectAn internal API to register KeyManagers.The KeyManagerRegistry provides an API to register KeyManagers, ensuring FIPS compatibility. For registered managers, it gives access to the following operations:
- Retrive KeyManagers
-
-
Constructor Summary
Constructors Constructor Description KeyManagerRegistry()KeyManagerRegistry(KeyManagerRegistry original)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description <P> KeyManager<P>getKeyManager(java.lang.String typeUrl, java.lang.Class<P> primitiveClass)KeyManager<?>getUntypedKeyManager(java.lang.String typeUrl)static KeyManagerRegistryglobalInstance()Returns the global instance.booleanisEmpty()booleanisNewKeyAllowed(java.lang.String typeUrl)<P> voidregisterKeyManager(KeyManager<P> manager, boolean newKeyAllowed)Attempts to insert the given KeyManager into the object.<P> voidregisterKeyManagerWithFipsCompatibility(KeyManager<P> manager, TinkFipsUtil.AlgorithmFipsCompatibility compatibility, boolean newKeyAllowed)Attempts to insert the given KeyManager into the object; the caller guarantees that the given key manager satisfies the given FIPS compatibility.static voidresetGlobalInstanceTestOnly()Resets the global instance.voidrestrictToFipsIfEmptyAndGlobalInstance()Restricts Tink to FIPS if this is the global instance.booleantypeUrlExists(java.lang.String typeUrl)
-
-
-
Constructor Detail
-
KeyManagerRegistry
public KeyManagerRegistry(KeyManagerRegistry original)
-
KeyManagerRegistry
public KeyManagerRegistry()
-
-
Method Detail
-
globalInstance
public static KeyManagerRegistry globalInstance()
Returns the global instance.
-
resetGlobalInstanceTestOnly
public static void resetGlobalInstanceTestOnly()
Resets the global instance. Should only be used in tests. Not thread safe.
-
registerKeyManager
public <P> void registerKeyManager(KeyManager<P> manager, boolean newKeyAllowed) throws java.security.GeneralSecurityException
Attempts to insert the given KeyManager into the object.- Throws:
java.security.GeneralSecurityException
-
registerKeyManagerWithFipsCompatibility
public <P> void registerKeyManagerWithFipsCompatibility(KeyManager<P> manager, TinkFipsUtil.AlgorithmFipsCompatibility compatibility, boolean newKeyAllowed) throws java.security.GeneralSecurityException
Attempts to insert the given KeyManager into the object; the caller guarantees that the given key manager satisfies the given FIPS compatibility.- Throws:
java.security.GeneralSecurityException
-
typeUrlExists
public boolean typeUrlExists(java.lang.String typeUrl)
-
getKeyManager
public <P> KeyManager<P> getKeyManager(java.lang.String typeUrl, java.lang.Class<P> primitiveClass) throws java.security.GeneralSecurityException
- Returns:
- a
KeyManagerfor the giventypeUrlandprimitiveClass(if found and this key type supports this primitive). - Throws:
java.security.GeneralSecurityException
-
getUntypedKeyManager
public KeyManager<?> getUntypedKeyManager(java.lang.String typeUrl) throws java.security.GeneralSecurityException
- Returns:
- a
KeyManagerfor the giventypeUrl(if found). - Throws:
java.security.GeneralSecurityException
-
isNewKeyAllowed
public boolean isNewKeyAllowed(java.lang.String typeUrl)
-
isEmpty
public boolean isEmpty()
-
restrictToFipsIfEmptyAndGlobalInstance
public void restrictToFipsIfEmptyAndGlobalInstance() throws java.security.GeneralSecurityExceptionRestricts Tink to FIPS if this is the global instance.We make this a member method (instead of a static one which gets the global instance) because the call to "useOnlyFips" needs to happen under the same mutex lock which protects the registerKeyManager methods.
- Throws:
java.security.GeneralSecurityException
-
-