com.google.crypto.tink.internal

Class KeyManagerRegistry

java.lang.Object

com.google.crypto.tink.internal.KeyManagerRegistry

public final class KeyManagerRegistry
extends Object

An internal API to register KeyManagers.

The KeyManagerRegistry provides an API to register KeyManagers, ensuring FIPS compatibility. For registered managers, it gives access to the following operations:

• Retrive KeyManagers

Constructor Summary

Constructors

Constructor and Description
KeyManagerRegistry()
KeyManagerRegistry(KeyManagerRegistry original)

Method Summary

Modifier and Type	Method and Description
<P> KeyManager<P>	getKeyManager(String typeUrl, Class<P> primitiveClass)
KeyManager<?>	getUntypedKeyManager(String typeUrl)
static KeyManagerRegistry	globalInstance() Returns the global instance.
boolean	isEmpty()
boolean	isNewKeyAllowed(String typeUrl)
<P> void	registerKeyManager(KeyManager<P> manager, boolean newKeyAllowed) Attempts to insert the given KeyManager into the object.
<P> void	registerKeyManagerWithFipsCompatibility(KeyManager<P> manager, TinkFipsUtil.AlgorithmFipsCompatibility compatibility, boolean newKeyAllowed) Attempts to insert the given KeyManager into the object; the caller guarantees that the given key manager satisfies the given FIPS compatibility.
static void	resetGlobalInstanceTestOnly() Resets the global instance.
void	restrictToFipsIfEmptyAndGlobalInstance() Restricts Tink to FIPS if this is the global instance.
boolean	typeUrlExists(String typeUrl)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeyManagerRegistry

public KeyManagerRegistry(KeyManagerRegistry original)

KeyManagerRegistry

public KeyManagerRegistry()

Method Detail

globalInstance

public static KeyManagerRegistry globalInstance()

Returns the global instance.

resetGlobalInstanceTestOnly

public static void resetGlobalInstanceTestOnly()

Resets the global instance. Should only be used in tests. Not thread safe.

registerKeyManager

public <P> void registerKeyManager(KeyManager<P> manager,
                                   boolean newKeyAllowed)
                            throws GeneralSecurityException

Attempts to insert the given KeyManager into the object.

Throws:

GeneralSecurityException

registerKeyManagerWithFipsCompatibility

public <P> void registerKeyManagerWithFipsCompatibility(KeyManager<P> manager,
                                                        TinkFipsUtil.AlgorithmFipsCompatibility compatibility,
                                                        boolean newKeyAllowed)
                                                 throws GeneralSecurityException

Attempts to insert the given KeyManager into the object; the caller guarantees that the given key manager satisfies the given FIPS compatibility.

Throws:

GeneralSecurityException

typeUrlExists

public boolean typeUrlExists(String typeUrl)

getKeyManager

public <P> KeyManager<P> getKeyManager(String typeUrl,
                                       Class<P> primitiveClass)
                                throws GeneralSecurityException

Returns:

a KeyManager for the given typeUrl and primitiveClass(if found and this key type supports this primitive).

Throws:

GeneralSecurityException

getUntypedKeyManager

public KeyManager<?> getUntypedKeyManager(String typeUrl)
                                   throws GeneralSecurityException

Returns:

a KeyManager for the given typeUrl (if found).

Throws:

GeneralSecurityException

isNewKeyAllowed

public boolean isNewKeyAllowed(String typeUrl)

isEmpty

public boolean isEmpty()

restrictToFipsIfEmptyAndGlobalInstance

public void restrictToFipsIfEmptyAndGlobalInstance()
                                            throws GeneralSecurityException

Restricts Tink to FIPS if this is the global instance.

We make this a member method (instead of a static one which gets the global instance) because the call to "useOnlyFips" needs to happen under the same mutex lock which protects the registerKeyManager methods.

Throws:

GeneralSecurityException