The method java.lang.Object.equals() by default, is unable to compare composite objects such as cryptographic keys. Most Key classes do not fail to provide an equals() implementation that overrides Object.equals(). In such cases, the components of the composite object must be compared individually to ensure correctness.
...
This noncompliant code example compares two keys using the equals() method, but the . The keys may compare unequal even if when they represent the same value.
...
This compliant solution uses the equals() method as a first test and then compares the encoded version of the keys to facilitate provider-independent behavior. For In this example, it can be checked if a we check whether an RSAPrivateKey and an RSAPrivateCrtKey represent an equivalent private key keys [Sun 2006].
| Code Block | ||
|---|---|---|
| ||
private static boolean keysEqual(Key key1, Key key2) {
if (key1.equals(key2)) {
return true;
}
if (Arrays.equals(key1.getEncoded(), key2.getEncoded())) {
return true;
}
// More code for different types of keys here.
// For example, the following code can check ifwhether
// an RSAPrivateKey and an RSAPrivateCrtKey are equal:
if ((key1 instanceof RSAPrivateKey) &&
(key2 instanceof RSAPrivateKey)) {
if ((((RSAKey) key1).getModulus().equals(((RSAKey) key2).getModulus()))
&& (((RSAPrivateKey) key1).getPrivateExponent().equals(
((RSAPrivateKey) key2).getPrivateExponent()))) {
return true;
}
}
return false;
}
|
...