Java Reference
In-Depth Information
Compliant Solution
This compliant solution uses the
equals()
method as a first test, and then compares the
encodedversionofthekeystofacilitate provider-independentbehavior.Itcheckswhether
an
RSAPrivateKey
and an
RSAPrivateCrtKey
represent equivalent private keys [Oracle
2011b].
private static boolean keysEqual(Key key1, Key key2) {
if (key1.equals(key2)) {
return true;
}
if (Arrays.equals(key1.getEncoded(), key2.getEncoded())) {
return true;
}
// More code for different types of keys here
// For example, the following code can check whether
// an RSAPrivateKey and an RSAPrivateCrtKey are equal
if ((key1 instanceof RSAPrivateKey) &&
(key2 instanceof RSAPrivateKey)) {
if ((((RSAKey) key1).getModulus().equals(
((RSAKey) key2).getModulus())) &&
(((RSAPrivateKey) key1).getPrivateExponent().equals(
((RSAPrivateKey) key2).getPrivateExponent()))) {
return true;
}
}
return false;
}
Automated Detection
Using
Object.equals()
to compare cryptographic keys may yield unexpected results.
Bibliography
[API 2013]
java.lang.Object.equals()
,
Object.equals()
[Oracle 2011b]
