Imported GNU Classpath 0.90

       * scripts/makemake.tcl: Set gnu/java/awt/peer/swing to ignore.
       * gnu/classpath/jdwp/VMFrame.java (SIZE): New constant.
       * java/lang/VMCompiler.java: Use gnu.java.security.hash.MD5.
       * java/lang/Math.java: New override file.
       * java/lang/Character.java: Merged from Classpath.
       (start, end): Now 'int's.
       (canonicalName): New field.
       (CANONICAL_NAME, NO_SPACES_NAME, CONSTANT_NAME): New constants.
       (UnicodeBlock): Added argument.
       (of): New overload.
       (forName): New method.
       Updated unicode blocks.
       (sets): Updated.
       * sources.am: Regenerated.
       * Makefile.in: Likewise.


git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@111942 138bc75d-0d04-0410-961f-82ee72b054a4

7 files changed, 1793 insertions, 0 deletions

diff --git a/libjava/classpath/gnu/java/security/key/rsa/GnuRSAKey.java b/libjava/classpath/gnu/java/security/key/rsa/GnuRSAKey.java
new file mode 100644
index 00000000000..72cd808d43b
--- /dev/null
+++ b/libjava/classpath/gnu/java/security/key/rsa/GnuRSAKey.java
@@ -0,0 +1,181 @@
+/* GnuRSAKey.java -- 
+   Copyright 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.  */
+
+
+package gnu.java.security.key.rsa;
+
+import gnu.java.security.Registry;
+import gnu.java.security.key.IKeyPairCodec;
+import gnu.java.security.util.FormatUtil;
+
+import java.math.BigInteger;
+import java.security.Key;
+import java.security.interfaces.RSAKey;
+
+/**
+ * <p>A base asbtract class for both public and private RSA keys.</p>
+ *
+ * @version $Revision: 1.3 $
+ */
+public abstract class GnuRSAKey implements Key, RSAKey
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /** The public modulus of an RSA key pair. */
+  private final BigInteger n;
+
+  /** The public exponent of an RSA key pair. */
+  private final BigInteger e;
+
+  /**
+   * Identifier of the default encoding format to use when externalizing the
+   * key material.
+   */
+  protected final int defaultFormat;
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  /**
+   * Trivial protected constructor.
+   * 
+   * @param defaultFormat the identifier of the encoding format to use by
+   *          default when externalizing the key.
+   * @param n the public modulus <code>n</code>.
+   * @param e the public exponent <code>e</code>.
+   */
+  protected GnuRSAKey(int defaultFormat, BigInteger n, BigInteger e)
+  {
+    super();
+
+    this.defaultFormat = defaultFormat <= 0 ? Registry.RAW_ENCODING_ID
+                                            : defaultFormat;
+    this.n = n;
+    this.e = e;
+  }
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  // java.security.interfaces.RSAKey interface implementation ----------------
+
+  public BigInteger getModulus()
+  {
+    return getN();
+  }
+
+  // java.security.Key interface implementation ------------------------------
+
+  public String getAlgorithm()
+  {
+    return Registry.RSA_KPG;
+  }
+
+  /** @deprecated see getEncoded(int). */
+  public byte[] getEncoded()
+  {
+    return getEncoded(IKeyPairCodec.RAW_FORMAT);
+  }
+
+  public String getFormat()
+  {
+    return FormatUtil.getEncodingShortName(defaultFormat);
+  }
+
+  // Other instance methods --------------------------------------------------
+
+  /**
+   * <p>Returns the modulus <code>n</code>.</p>
+   *
+   * @return the modulus <code>n</code>.
+   */
+  public BigInteger getN()
+  {
+    return n;
+  }
+
+  /**
+   * <p>Returns the public exponent <code>e</code>.</p>
+   *
+   * @return the public exponent <code>e</code>.
+   */
+  public BigInteger getPublicExponent()
+  {
+    return getE();
+  }
+
+  /**
+   * <p>Same as {@link #getPublicExponent()}.</p>
+   *
+   * @return the public exponent <code>e</code>.
+   */
+  public BigInteger getE()
+  {
+    return e;
+  }
+
+  /**
+   * <p>Returns <code>true</code> if the designated object is an instance of
+   * {@link RSAKey} and has the same RSA parameter values as this one.</p>
+   *
+   * @param obj the other non-null RSA key to compare to.
+   * @return <code>true</code> if the designated object is of the same type and
+   * value as this one.
+   */
+  public boolean equals(final Object obj)
+  {
+    if (obj == null)
+      {
+        return false;
+      }
+    if (!(obj instanceof RSAKey))
+      {
+        return false;
+      }
+    final RSAKey that = (RSAKey) obj;
+    return n.equals(that.getModulus());
+  }
+
+  // abstract methods to be implemented by subclasses ------------------------
+
+  public abstract byte[] getEncoded(int format);
+}
diff --git a/libjava/classpath/gnu/java/security/key/rsa/GnuRSAPrivateKey.java b/libjava/classpath/gnu/java/security/key/rsa/GnuRSAPrivateKey.java
new file mode 100644
index 00000000000..f8acaa50df7
--- /dev/null
+++ b/libjava/classpath/gnu/java/security/key/rsa/GnuRSAPrivateKey.java
@@ -0,0 +1,299 @@
+/* GnuRSAPrivateKey.java -- 
+   Copyright 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.  */
+
+
+package gnu.java.security.key.rsa;
+
+import gnu.java.security.Registry;
+import gnu.java.security.key.IKeyPairCodec;
+
+import java.math.BigInteger;
+import java.security.PrivateKey;
+import java.security.interfaces.RSAPrivateCrtKey;
+import java.security.interfaces.RSAPrivateKey;
+
+/**
+ * <p>An object that embodies an RSA private key.</p>
+ *
+ * <p>References:</p>
+ * <ol>
+ *    <li><a href="http://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/rsa-pss.zip">
+ *    RSA-PSS Signature Scheme with Appendix, part B.</a><br>
+ *    Primitive specification and supporting documentation.<br>
+ *    Jakob Jonsson and Burt Kaliski.</li>
+ * </ol>
+ *
+ * @version $Revision: 1.3 $
+ */
+public class GnuRSAPrivateKey extends GnuRSAKey implements PrivateKey,
+    RSAPrivateCrtKey
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /** The first prime divisor of the modulus. */
+  private final BigInteger p;
+
+  /** The second prime divisor of the modulus. */
+  private final BigInteger q;
+
+  /** The public exponent of an RSA key. */
+  //   private final BigInteger e;
+  /** The private exponent of an RSA private key. */
+  private final BigInteger d;
+
+  /** The first factor's exponent. */
+  private final BigInteger dP;
+
+  /** The second factor's exponent. */
+  private final BigInteger dQ;
+
+  /** The CRT (Chinese Remainder Theorem) coefficient. */
+  private final BigInteger qInv;
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  /**
+   * Convenience constructor. Calls the constructor with 5 arguments passing
+   * {@link Registry#RAW_ENCODING_ID} as the identifier of the preferred
+   * encoding format.
+   *
+   * @param p the modulus first prime divisor.
+   * @param q the modulus second prime divisor.
+   * @param e the public exponent.
+   * @param d the private exponent.
+   */
+  public GnuRSAPrivateKey(BigInteger p, BigInteger q, BigInteger e,
+                          BigInteger d)
+  {
+    this(Registry.RAW_ENCODING_ID, p, q, e, d);
+  }
+
+  /**
+   * Constructs a new instance of a <code>GnuRSAPrivateKey</code> given the
+   * designated arguments.
+   * 
+   * @param preferredFormat the indetifier of the preferred encoding format to
+   *          use when externalizing this key.
+   * @param p the modulus first prime divisor.
+   * @param q the modulus second prime divisor.
+   * @param e the public exponent.
+   * @param d the private exponent.
+   */
+  public GnuRSAPrivateKey(int preferredFormat, BigInteger p, BigInteger q,
+                          BigInteger e, BigInteger d)
+  {
+    this(preferredFormat, p.multiply(q), e, d, p, q, 
+         e.modInverse(p.subtract(BigInteger.ONE)),
+         e.modInverse(q.subtract(BigInteger.ONE)),
+         q.modInverse(p));
+  }
+
+  /**
+   * Constructs a new instance of a <code>GnuRSAPrivateKey</code> given the
+   * designated arguments.
+   * 
+   * @param preferredFormat the indetifier of the preferred encoding format to
+   *          use when externalizing this key.
+   * @param n the public modulus, which is also the product of <code>p</code>
+   * and <code>q</code>.
+   * @param e the public exponent.
+   * @param d the private exponent.
+   * @param p the modulus first prime divisor.
+   * @param q the modulus second prime divisor.
+   * @param dP the first prime's exponen. A positive integer less than
+   * <code>p</code> and <code>q</code>, satisfying <code>e * dP = 1 (mod p-1)
+   * </code>.
+   * @param dQ the second prime's exponent. A positive integer less than
+   * <code>p</code> and <code>q</code>, satisfying <code>e * dQ = 1 (mod p-1)
+   * </code>.
+   * @param qInv the Chinese Remainder Theorem coefiicient. A positive integer
+   * less than <code>p</code>, satisfying <code>q * qInv = 1 (mod p)</code>.
+   */
+  public GnuRSAPrivateKey(int preferredFormat, BigInteger n, BigInteger e,
+                          BigInteger d, BigInteger p, BigInteger q,
+                          BigInteger dP, BigInteger dQ, BigInteger qInv)
+  {
+    super(preferredFormat == Registry.ASN1_ENCODING_ID ? Registry.PKCS8_ENCODING_ID
+                                                       : preferredFormat,
+          n, e);
+
+    this.d = d;
+    this.p = p;
+    this.q = q;
+    // the exponents dP and dQ are positive integers less than p and q
+    // respectively satisfying
+    //    e * dP = 1 (mod p-1);
+    //    e * dQ = 1 (mod q-1),
+    this.dP = dP;
+    this.dQ = dQ;
+    // the CRT coefficient qInv is a positive integer less than p satisfying
+    //    q * qInv = 1 (mod p).
+    this.qInv = qInv;
+  }
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * A class method that takes the output of the <code>encodePrivateKey()</code>
+   * method of an RSA keypair codec object (an instance implementing
+   * {@link IKeyPairCodec} for RSA keys, and re-constructs an instance of this
+   * object.
+   * 
+   * @param k the contents of a previously encoded instance of this object.
+   * @throws ArrayIndexOutOfBoundsException if there is not enough bytes, in
+   *           <code>k</code>, to represent a valid encoding of an instance
+   *           of this object.
+   * @throws IllegalArgumentException if the byte sequence does not represent a
+   *           valid encoding of an instance of this object.
+   */
+  public static GnuRSAPrivateKey valueOf(final byte[] k)
+  {
+    // try RAW codec
+    if (k[0] == Registry.MAGIC_RAW_RSA_PRIVATE_KEY[0])
+      try
+        {
+          return (GnuRSAPrivateKey) new RSAKeyPairRawCodec().decodePrivateKey(k);
+        }
+      catch (IllegalArgumentException ignored)
+        {
+        }
+
+    // try PKCS#8 codec
+    return (GnuRSAPrivateKey) new RSAKeyPairPKCS8Codec().decodePrivateKey(k);
+  }
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  public BigInteger getPrimeP()
+  {
+    return p;
+  }
+
+  public BigInteger getPrimeQ()
+  {
+    return q;
+  }
+
+  public BigInteger getPrimeExponentP()
+  {
+    return dP;
+  }
+
+  public BigInteger getPrimeExponentQ()
+  {
+    return dQ;
+  }
+
+  public BigInteger getCrtCoefficient()
+  {
+    return qInv;
+  }
+
+  // java.security.interfaces.RSAPrivateKey interface implementation ---------
+
+  public BigInteger getPrivateExponent()
+  {
+    return d;
+  }
+
+  // Other instance methods --------------------------------------------------
+
+  /**
+   * Returns the encoded form of this private key according to the
+   * designated format.
+   *
+   * @param format the desired format identifier of the resulting encoding.
+   * @return the byte sequence encoding this key according to the designated
+   * format.
+   * @throws IllegalArgumentException if the format is not supported.
+   * @see RSAKeyPairRawCodec
+   * @see RSAKeyPairPKCS8Codec
+   */
+  public byte[] getEncoded(int format)
+  {
+    final byte[] result;
+    switch (format)
+      {
+      case IKeyPairCodec.RAW_FORMAT:
+        result = new RSAKeyPairRawCodec().encodePrivateKey(this);
+        break;
+      case IKeyPairCodec.PKCS8_FORMAT:
+        result = new RSAKeyPairPKCS8Codec().encodePrivateKey(this);
+        break;
+      default:
+        throw new IllegalArgumentException("Unsupported encoding format: "
+                                           + format);
+      }
+    return result;
+  }
+
+  /**
+   * <p>Returns <code>true</code> if the designated object is an instance of
+   * this class and has the same RSA parameter values as this one.</p>
+   *
+   * @param obj the other non-null RSA key to compare to.
+   * @return <code>true</code> if the designated object is of the same type
+   * and value as this one.
+   */
+  public boolean equals(final Object obj)
+  {
+    if (obj == null)
+      {
+        return false;
+      }
+    if (obj instanceof RSAPrivateKey)
+      {
+        final RSAPrivateKey that = (RSAPrivateKey) obj;
+        return super.equals(that) && d.equals(that.getPrivateExponent());
+      }
+    if (obj instanceof RSAPrivateCrtKey)
+      {
+        final RSAPrivateCrtKey that = (RSAPrivateCrtKey) obj;
+        return super.equals(that) && p.equals(that.getPrimeP())
+               && q.equals(that.getPrimeQ())
+               && dP.equals(that.getPrimeExponentP())
+               && dQ.equals(that.getPrimeExponentQ())
+               && qInv.equals(that.getCrtCoefficient());
+      }
+    return false;
+  }
+}
diff --git a/libjava/classpath/gnu/java/security/key/rsa/GnuRSAPublicKey.java b/libjava/classpath/gnu/java/security/key/rsa/GnuRSAPublicKey.java
new file mode 100644
index 00000000000..f49027ca621
--- /dev/null
+++ b/libjava/classpath/gnu/java/security/key/rsa/GnuRSAPublicKey.java
@@ -0,0 +1,185 @@
+/* GnuRSAPublicKey.java -- 
+   Copyright 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.  */
+
+
+package gnu.java.security.key.rsa;
+
+import gnu.java.security.Registry;
+import gnu.java.security.key.IKeyPairCodec;
+
+import java.math.BigInteger;
+import java.security.PublicKey;
+import java.security.interfaces.RSAPublicKey;
+
+/**
+ * <p>An object that encapsulates an RSA public key.</p>
+ *
+ * <p>References:</p>
+ * <ol>
+ *    <li><a href="http://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/rsa-pss.zip">
+ *    RSA-PSS Signature Scheme with Appendix, part B.</a><br>
+ *    Primitive specification and supporting documentation.<br>
+ *    Jakob Jonsson and Burt Kaliski.</li>
+ * </ol>
+ *
+ * @version $Revision: 1.2 $
+ */
+public class GnuRSAPublicKey extends GnuRSAKey implements PublicKey,
+    RSAPublicKey
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  /**
+   * Conveience constructor. Calls the constructor with 3 arguments passing
+   * {@link Registry#RAW_ENCODING_ID} as the identifier of the preferred
+   * encoding format.
+   *
+   * @param n the modulus.
+   * @param e the public exponent.
+   */
+  public GnuRSAPublicKey(final BigInteger n, final BigInteger e)
+  {
+    this(Registry.RAW_ENCODING_ID, n, e);
+  }
+
+  /**
+   * Constructs a new instance of <code>GnuRSAPublicKey</code> given the
+   * designated arguments.
+   * 
+   * @param preferredFormat the identifier of the preferred encoding format to
+   *          use when externalizing this key.
+   * @param n the modulus.
+   * @param e the public exponent.
+   */
+  public GnuRSAPublicKey(int preferredFormat, BigInteger n, BigInteger e)
+  {
+    super(preferredFormat == Registry.ASN1_ENCODING_ID ? Registry.X509_ENCODING_ID
+                                                       : preferredFormat,
+          n, e);
+  }
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * A class method that takes the output of the <code>encodePublicKey()</code>
+   * method of an RSA keypair codec object (an instance implementing
+   * {@link IKeyPairCodec} for RSA keys, and re-constructs an instance of this
+   * object.
+   * 
+   * @param k the contents of a previously encoded instance of this object.
+   * @throws ArrayIndexOutOfBoundsException if there is not enough bytes, in
+   *           <code>k</code>, to represent a valid encoding of an instance
+   *           of this object.
+   * @throws IllegalArgumentException if the byte sequence does not represent a
+   *           valid encoding of an instance of this object.
+   */
+  public static GnuRSAPublicKey valueOf(final byte[] k)
+  {
+    // try RAW codec
+    if (k[0] == Registry.MAGIC_RAW_RSA_PUBLIC_KEY[0])
+      try
+        {
+          return (GnuRSAPublicKey) new RSAKeyPairRawCodec().decodePublicKey(k);
+        }
+      catch (IllegalArgumentException ignored)
+        {
+        }
+
+    // try X.509 codec
+    return (GnuRSAPublicKey) new RSAKeyPairX509Codec().decodePublicKey(k);
+  }
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  /**
+   * <p>Returns the encoded form of this public key according to the designated
+   * format.</p>
+   *
+   * @param format the desired format identifier of the resulting encoding.
+   * @return the byte sequence encoding this key according to the designated
+   * format.
+   * @throws IllegalArgumentException if the format is not supported.
+   * @see RSAKeyPairRawCodec
+   */
+  public byte[] getEncoded(final int format)
+  {
+    final byte[] result;
+    switch (format)
+      {
+      case IKeyPairCodec.RAW_FORMAT:
+        result = new RSAKeyPairRawCodec().encodePublicKey(this);
+        break;
+      case IKeyPairCodec.X509_FORMAT:
+        result = new RSAKeyPairX509Codec().encodePublicKey(this);
+        break;
+      default:
+        throw new IllegalArgumentException("Unsupported encoding format: "
+                                           + format);
+      }
+    return result;
+  }
+
+  /**
+   * <p>Returns <code>true</code> if the designated object is an instance of
+   * this class and has the same RSA parameter values as this one.</p>
+   *
+   * @param obj the other non-null RSA key to compare to.
+   * @return <code>true</code> if the designated object is of the same type and
+   * value as this one.
+   */
+  public boolean equals(final Object obj)
+  {
+    if (obj == null)
+      {
+        return false;
+      }
+    if (!(obj instanceof RSAPublicKey))
+      {
+        return false;
+      }
+    final RSAPublicKey that = (RSAPublicKey) obj;
+    return super.equals(that)
+           && getPublicExponent().equals(that.getPublicExponent());
+  }
+}
diff --git a/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairGenerator.java b/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairGenerator.java
new file mode 100644
index 00000000000..9c7338f662a
--- /dev/null
+++ b/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairGenerator.java
@@ -0,0 +1,264 @@
+/* RSAKeyPairGenerator.java -- 
+   Copyright 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.  */
+
+
+package gnu.java.security.key.rsa;
+
+import gnu.java.security.Registry;
+import gnu.java.security.key.IKeyPairGenerator;
+import gnu.java.security.util.PRNG;
+import gnu.java.security.util.Prime2;
+
+import java.math.BigInteger;
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.spec.RSAKeyGenParameterSpec;
+import java.util.Map;
+
+/**
+ * <p>A key-pair generator for asymetric keys to use in conjunction with the RSA
+ * scheme.</p>
+ *
+ * <p>Reference:</p>
+ * <ol>
+ *    <li><a href="http://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/rsa-pss.zip">
+ *    RSA-PSS Signature Scheme with Appendix</a>, part B. Primitive
+ *    specification and supporting documentation. Jakob Jonsson and Burt Kaliski.
+ *    </li>
+ *    <li><a href="http://www.cacr.math.uwaterloo.ca/hac/">Handbook of Applied
+ *    Cryptography</a>, Alfred J. Menezes, Paul C. van Oorschot and Scott A.
+ *    Vanstone. Section 11.3 RSA and related signature schemes.</li>
+ * </ol>
+ */
+public class RSAKeyPairGenerator implements IKeyPairGenerator
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  /** The BigInteger constant 1. */
+  private static final BigInteger ONE = BigInteger.ONE;
+
+  /** The BigInteger constant 2. */
+  private static final BigInteger TWO = BigInteger.valueOf(2L);
+
+  /** Property name of the length (Integer) of the modulus of an RSA key. */
+  public static final String MODULUS_LENGTH = "gnu.crypto.rsa.L";
+
+  /**
+   * Property name of an optional {@link SecureRandom} instance to use. The
+   * default is to use a classloader singleton from {@link PRNG}.
+   */
+  public static final String SOURCE_OF_RANDOMNESS = "gnu.crypto.rsa.prng";
+
+  /**
+   * Property name of an optional {@link RSAKeyGenParameterSpec} instance to
+   * use for this generator's <code>n</code>, and <code>e</code> values. The
+   * default is to generate <code>n</code> and use a fixed value for
+   * <code>e</.code> (Fermat's F4 number).
+   */
+  public static final String RSA_PARAMETERS = "gnu.crypto.rsa.params";
+
+  /**
+   * Property name of the preferred encoding format to use when externalizing
+   * generated instance of key-pairs from this generator. The property is taken
+   * to be an {@link Integer} that encapsulates an encoding format identifier.
+   */
+  public static final String PREFERRED_ENCODING_FORMAT = "gnu.crypto.rsa.encoding";
+
+  /** Default value for the modulus length. */
+  private static final int DEFAULT_MODULUS_LENGTH = 1024;
+
+  /** Default encoding format to use when none was specified. */
+  private static final int DEFAULT_ENCODING_FORMAT = Registry.RAW_ENCODING_ID;
+
+  /** The desired bit length of the modulus. */
+  private int L;
+
+  /**
+   * This implementation uses, by default, Fermat's F4 number as the public
+   * exponent.
+   */
+  private BigInteger e = BigInteger.valueOf(65537L);
+
+  /** The optional {@link SecureRandom} instance to use. */
+  private SecureRandom rnd = null;
+
+  /** Our default source of randomness. */
+  private PRNG prng = null;
+
+  /** Preferred encoding format of generated keys. */
+  private int preferredFormat;
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  // implicit 0-arguments constructor
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  // gnu.crypto.key.IKeyPairGenerator interface implementation ---------------
+
+  public String name()
+  {
+    return Registry.RSA_KPG;
+  }
+
+  /**
+   * <p>Configures this instance.</p>
+   *
+   * @param attributes the map of name/value pairs to use.
+   * @exception IllegalArgumentException if the designated MODULUS_LENGTH
+   * value is less than 1024.
+   */
+  public void setup(Map attributes)
+  {
+    // do we have a SecureRandom, or should we use our own?
+    rnd = (SecureRandom) attributes.get(SOURCE_OF_RANDOMNESS);
+
+    // are we given a set of RSA params or we shall use our own?
+    RSAKeyGenParameterSpec params = (RSAKeyGenParameterSpec) attributes.get(RSA_PARAMETERS);
+
+    // find out the modulus length
+    if (params != null)
+      {
+        L = params.getKeysize();
+        e = params.getPublicExponent();
+      }
+    else
+      {
+        Integer l = (Integer) attributes.get(MODULUS_LENGTH);
+        L = (l == null ? DEFAULT_MODULUS_LENGTH : l.intValue());
+      }
+
+    if (L < 1024)
+      {
+        throw new IllegalArgumentException(MODULUS_LENGTH);
+      }
+
+    // what is the preferred encoding format
+    Integer formatID = (Integer) attributes.get(PREFERRED_ENCODING_FORMAT);
+    preferredFormat = formatID == null ? DEFAULT_ENCODING_FORMAT
+                                       : formatID.intValue();
+  }
+
+  /**
+   * <p>The algorithm used here is described in <i>nessie-pss-B.pdf</i>
+   * document which is part of the RSA-PSS submission to NESSIE.</p>
+   *
+   * @return an RSA keypair.
+   */
+  public KeyPair generate()
+  {
+    BigInteger p, q, n, d;
+
+    // 1. Generate a prime p in the interval [2**(M-1), 2**M - 1], where
+    // M = CEILING(L/2), and such that GCD(p, e) = 1
+    int M = (L + 1) / 2;
+    BigInteger lower = TWO.pow(M - 1);
+    BigInteger upper = TWO.pow(M).subtract(ONE);
+    byte[] kb = new byte[(M + 7) / 8]; // enough bytes to frame M bits
+    step1: while (true)
+      {
+        nextRandomBytes(kb);
+        p = new BigInteger(1, kb).setBit(0);
+        if (p.compareTo(lower) >= 0 && p.compareTo(upper) <= 0
+            && Prime2.isProbablePrime(p) && p.gcd(e).equals(ONE))
+          {
+            break step1;
+          }
+      }
+
+    // 2. Generate a prime q such that the product of p and q is an L-bit
+    // number, and such that GCD(q, e) = 1
+    step2: while (true)
+      {
+        nextRandomBytes(kb);
+        q = new BigInteger(1, kb).setBit(0);
+        n = p.multiply(q);
+        if (n.bitLength() == L && Prime2.isProbablePrime(q)
+            && q.gcd(e).equals(ONE))
+          {
+            break step2;
+          }
+
+        // TODO: test for p != q
+      }
+
+    // TODO: ensure p < q
+
+    // 3. Put n = pq. The public key is (n, e).
+    // 4. Compute the parameters necessary for the private key K (see
+    // Section 2.2).
+    BigInteger phi = p.subtract(ONE).multiply(q.subtract(ONE));
+    d = e.modInverse(phi);
+
+    // 5. Output the public key and the private key.
+    PublicKey pubK = new GnuRSAPublicKey(preferredFormat, n, e);
+    PrivateKey secK = new GnuRSAPrivateKey(preferredFormat, p, q, e, d);
+
+    return new KeyPair(pubK, secK);
+  }
+
+  // helper methods ----------------------------------------------------------
+
+  /**
+   * <p>Fills the designated byte array with random data.</p>
+   *
+   * @param buffer the byte array to fill with random data.
+   */
+  private void nextRandomBytes(byte[] buffer)
+  {
+    if (rnd != null)
+      {
+        rnd.nextBytes(buffer);
+      }
+    else
+      getDefaultPRNG().nextBytes(buffer);
+  }
+
+  private PRNG getDefaultPRNG()
+  {
+    if (prng == null)
+      prng = PRNG.getInstance();
+
+    return prng;
+  }
+}
diff --git a/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java b/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java
new file mode 100644
index 00000000000..a7f65b61012
--- /dev/null
+++ b/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java
@@ -0,0 +1,284 @@
+/* RSAKeyPairPKCS8Codec.java -- PKCS#8 Encoding/Decoding handler
+   Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.key.rsa;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidParameterException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.util.ArrayList;
+
+import gnu.java.security.OID;
+import gnu.java.security.Registry;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+import gnu.java.security.der.DERWriter;
+import gnu.java.security.key.IKeyPairCodec;
+import gnu.java.security.util.DerUtil;
+
+/**
+ * An implementation of an {@link IKeyPairCodec} that knows how to encode /
+ * decode PKCS#8 ASN.1 external representation of RSA private keys.
+ */
+public class RSAKeyPairPKCS8Codec
+    implements IKeyPairCodec
+{
+  private static final OID RSA_ALG_OID = new OID(Registry.RSA_OID_STRING);
+
+  // implicit 0-arguments constructor
+
+  public int getFormatID()
+  {
+    return PKCS8_FORMAT;
+  }
+
+  /**
+   * @throws InvalidParameterException ALWAYS.
+   */
+  public byte[] encodePublicKey(PublicKey key)
+  {
+    throw new InvalidParameterException("Wrong format for public keys");
+  }
+
+  /**
+   * Returns the PKCS#8 ASN.1 <i>PrivateKeyInfo</i> representation of an RSA
+   * private key. The ASN.1 specification is as follows:
+   * 
+   * <pre>
+   *   PrivateKeyInfo ::= SEQUENCE {
+   *     version              INTEGER, -- MUST be 0
+   *     privateKeyAlgorithm  AlgorithmIdentifier,
+   *     privateKey           OCTET STRING
+   *   }
+   *
+   *   AlgorithmIdentifier ::= SEQUENCE {
+   *     algorithm   OBJECT IDENTIFIER,
+   *     parameters  ANY DEFINED BY algorithm OPTIONAL
+   *   }
+   * </pre>
+   * 
+   * <p>The <i>privateKey</i> field, which is an OCTET STRING, contains the
+   * DER-encoded form of the RSA private key defined as:</p>
+   * 
+   * <pre>
+   *   RSAPrivateKey ::= SEQUENCE {
+   *     version                 INTEGER, -- MUST be 0
+   *     modulus                 INTEGER, -- n
+   *     publicExponent          INTEGER, -- e
+   *     privateExponent         INTEGER, -- d
+   *     prime1                  INTEGER, -- p
+   *     prime2                  INTEGER, -- q
+   *     exponent1               INTEGER, -- d mod (p-1)
+   *     exponent2               INTEGER, -- d mod (q-1)
+   *     coefficient             INTEGER, -- (inverse of q) mod p
+   *   }
+   * </pre>
+   * 
+   * @return the DER encoded form of the ASN.1 representation of the
+   *         <i>PrivateKeyInfo</i> field for an RSA {@link PrivateKey}..
+   * @throw InvalidParameterException if an error occurs during the marshalling
+   *        process.
+   */
+  public byte[] encodePrivateKey(PrivateKey key)
+  {
+    if (! (key instanceof GnuRSAPrivateKey))
+      throw new InvalidParameterException("Wrong key type");
+
+    GnuRSAPrivateKey pk = (GnuRSAPrivateKey) key;
+    BigInteger n = pk.getN();
+    BigInteger e = pk.getE();
+    BigInteger d = pk.getPrivateExponent();
+    BigInteger p = pk.getPrimeP();
+    BigInteger q = pk.getPrimeQ();
+    BigInteger dP = pk.getPrimeExponentP();
+    BigInteger dQ = pk.getPrimeExponentQ();
+    BigInteger qInv = pk.getCrtCoefficient();
+
+    DERValue derVersion = new DERValue(DER.INTEGER, BigInteger.ZERO);
+
+    DERValue derOID = new DERValue(DER.OBJECT_IDENTIFIER, RSA_ALG_OID);
+
+    ArrayList algorithmID = new ArrayList(1);
+    algorithmID.add(derOID);
+    DERValue derAlgorithmID = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE,
+                                           algorithmID);
+
+    DERValue derRSAVersion = new DERValue(DER.INTEGER, BigInteger.ZERO);
+    DERValue derN = new DERValue(DER.INTEGER, n);
+    DERValue derE = new DERValue(DER.INTEGER, e);
+    DERValue derD = new DERValue(DER.INTEGER, d);
+    DERValue derP = new DERValue(DER.INTEGER, p);
+    DERValue derQ = new DERValue(DER.INTEGER, q);
+    DERValue derDP = new DERValue(DER.INTEGER, dP);
+    DERValue derDQ = new DERValue(DER.INTEGER, dQ);
+    DERValue derQInv = new DERValue(DER.INTEGER, qInv);
+
+    ArrayList rsaPrivateKey = new ArrayList();
+    rsaPrivateKey.add(derRSAVersion);
+    rsaPrivateKey.add(derN);
+    rsaPrivateKey.add(derE);
+    rsaPrivateKey.add(derD);
+    rsaPrivateKey.add(derP);
+    rsaPrivateKey.add(derQ);
+    rsaPrivateKey.add(derDP);
+    rsaPrivateKey.add(derDQ);
+    rsaPrivateKey.add(derQInv);
+    DERValue derRSAPrivateKey = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE,
+                                             rsaPrivateKey);
+    byte[] pkBytes = derRSAPrivateKey.getEncoded();
+    DERValue derPrivateKey = new DERValue(DER.OCTET_STRING, pkBytes);
+
+    ArrayList pki = new ArrayList(3);
+    pki.add(derVersion);
+    pki.add(derAlgorithmID);
+    pki.add(derPrivateKey);
+    DERValue derPKI = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, pki);
+
+    byte[] result;
+    ByteArrayOutputStream baos = new ByteArrayOutputStream();
+    try
+      {
+        DERWriter.write(baos, derPKI);
+        result = baos.toByteArray();
+      }
+    catch (IOException x)
+      {
+        InvalidParameterException y = new InvalidParameterException();
+        y.initCause(x);
+        throw y;
+      }
+
+    return result;
+  }
+
+  /**
+   * @throws InvalidParameterException ALWAYS.
+   */
+  public PublicKey decodePublicKey(byte[] input)
+  {
+    throw new InvalidParameterException("Wrong format for public keys");
+  }
+
+  /**
+   * @param input the byte array to unmarshall into a valid RSA
+   *          {@link PrivateKey} instance. MUST NOT be null.
+   * @return a new instance of a {@link GnuRSAPrivateKey} decoded from the
+   *         <i>PrivateKeyInfo</i> material fed as <code>input</code>.
+   * @throw InvalidParameterException if an exception occurs during the
+   *        unmarshalling process.
+   */
+  public PrivateKey decodePrivateKey(byte[] input)
+  {
+    if (input == null)
+      throw new InvalidParameterException("Input bytes MUST NOT be null");
+
+    BigInteger version, n, e, d, p, q, dP, dQ, qInv;
+    DERReader der = new DERReader(input);
+    try
+      {
+        DERValue derPKI = der.read();
+        DerUtil.checkIsConstructed(derPKI, "Wrong PrivateKeyInfo field");
+
+        DERValue derVersion = der.read();
+        DerUtil.checkIsBigInteger(derVersion, "Wrong Version field");
+        version = (BigInteger) derVersion.getValue();
+        if (version.compareTo(BigInteger.ZERO) != 0)
+          throw new InvalidParameterException("Unexpected Version: " + version);
+
+        DERValue derAlgoritmID = der.read();
+        DerUtil.checkIsConstructed(derAlgoritmID, "Wrong AlgorithmIdentifier field");
+
+        DERValue derOID = der.read();
+        OID algOID = (OID) derOID.getValue();
+        if (! algOID.equals(RSA_ALG_OID))
+          throw new InvalidParameterException("Unexpected OID: " + algOID);
+
+        DERValue val = der.read();
+        byte[] pkBytes = (byte[]) val.getValue();
+
+        der = new DERReader(pkBytes);
+        DERValue derRSAPrivateKey = der.read();
+        DerUtil.checkIsConstructed(derRSAPrivateKey, "Wrong RSAPrivateKey field");
+        
+        val = der.read();
+        DerUtil.checkIsBigInteger(val, "Wrong RSAPrivateKey Version field");
+        version = (BigInteger) val.getValue();
+        if (version.compareTo(BigInteger.ZERO) != 0)
+          throw new InvalidParameterException("Unexpected RSAPrivateKey Version: "
+                                              + version);
+
+        val = der.read();
+        DerUtil.checkIsBigInteger(val, "Wrong modulus field");
+        n = (BigInteger) val.getValue();
+        val = der.read();
+        DerUtil.checkIsBigInteger(val, "Wrong publicExponent field");
+        e = (BigInteger) val.getValue();
+        val = der.read();
+        DerUtil.checkIsBigInteger(val, "Wrong privateExponent field");
+        d = (BigInteger) val.getValue();
+        val = der.read();
+        DerUtil.checkIsBigInteger(val, "Wrong prime1 field");
+        p = (BigInteger) val.getValue();
+        val = der.read();
+        DerUtil.checkIsBigInteger(val, "Wrong prime2 field");
+        q = (BigInteger) val.getValue();
+        val = der.read();
+        DerUtil.checkIsBigInteger(val, "Wrong exponent1 field");
+        dP = (BigInteger) val.getValue();
+        val = der.read();
+        DerUtil.checkIsBigInteger(val, "Wrong exponent2 field");
+        dQ = (BigInteger) val.getValue();
+        val = der.read();
+        DerUtil.checkIsBigInteger(val, "Wrong coefficient field");
+        qInv = (BigInteger) val.getValue();
+      }
+    catch (IOException x)
+      {
+        InvalidParameterException y = new InvalidParameterException();
+        y.initCause(x);
+        throw y;
+      }
+
+    return new GnuRSAPrivateKey(Registry.PKCS8_ENCODING_ID, n, e, d, p, q,
+                                dP, dQ, qInv);
+  }
+}
diff --git a/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairRawCodec.java b/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairRawCodec.java
new file mode 100644
index 00000000000..fb7cea99edd
--- /dev/null
+++ b/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairRawCodec.java
@@ -0,0 +1,332 @@
+/* RSAKeyPairRawCodec.java -- 
+   Copyright 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.  */
+
+
+package gnu.java.security.key.rsa;
+
+import gnu.java.security.Registry;
+import gnu.java.security.key.IKeyPairCodec;
+
+import java.io.ByteArrayOutputStream;
+import java.math.BigInteger;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
+/**
+ * <p>An object that implements the {@link IKeyPairCodec} interface for the
+ * <i>Raw</i> format to use with RSA keypairs.</p>
+ *
+ * @version $Revision: 1.1 $
+ */
+public class RSAKeyPairRawCodec implements IKeyPairCodec
+{
+
+  // Constants and variables
+  // -------------------------------------------------------------------------
+
+  // Constructor(s)
+  // -------------------------------------------------------------------------
+
+  // implicit 0-arguments constructor
+
+  // Class methods
+  // -------------------------------------------------------------------------
+
+  // Instance methods
+  // -------------------------------------------------------------------------
+
+  // gnu.crypto.key.IKeyPairCodec interface implementation -------------------
+
+  public int getFormatID()
+  {
+    return RAW_FORMAT;
+  }
+
+  /**
+   * <p>Returns the encoded form of the designated RSA public key according to
+   * the <i>Raw</i> format supported by this library.</p>
+   *
+   * <p>The <i>Raw</i> format for an RSA public key, in this implementation, is
+   * a byte sequence consisting of the following:</p>
+   *
+   * <ol>
+   *		<li>4-byte magic consisting of the value of the literal
+   *    {@link Registry#MAGIC_RAW_RSA_PUBLIC_KEY},<li>
+   *		<li>1-byte version consisting of the constant: 0x01,</li>
+   *		<li>4-byte count of following bytes representing the RSA parameter
+   *		<code>n</code> (the modulus) in internet order,</li>
+   *		<li>n-bytes representation of a {@link BigInteger} obtained by invoking
+   *    the <code>toByteArray()</code> method on the RSA parameter <code>n</code>,</li>
+   *		<li>4-byte count of following bytes representing the RSA parameter
+   *		<code>e</code> (the public exponent) in internet order,</li>
+   *		<li>n-bytes representation of a {@link BigInteger} obtained by invoking
+   *    the <code>toByteArray()</code> method on the RSA parameter <code>e</code>.</li>
+   * </ol>
+   *
+   * @param key the key to encode.
+   * @return the <i>Raw</i> format encoding of the designated key.
+   * @exception IllegalArgumentException if the designated key is not an RSA
+   * one.
+   */
+  public byte[] encodePublicKey(PublicKey key)
+  {
+    if (!(key instanceof GnuRSAPublicKey))
+      {
+        throw new IllegalArgumentException("key");
+      }
+
+    GnuRSAPublicKey rsaKey = (GnuRSAPublicKey) key;
+    ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+    // magic
+    baos.write(Registry.MAGIC_RAW_RSA_PUBLIC_KEY[0]);
+    baos.write(Registry.MAGIC_RAW_RSA_PUBLIC_KEY[1]);
+    baos.write(Registry.MAGIC_RAW_RSA_PUBLIC_KEY[2]);
+    baos.write(Registry.MAGIC_RAW_RSA_PUBLIC_KEY[3]);
+
+    // version
+    baos.write(0x01);
+
+    // n
+    byte[] buffer = rsaKey.getModulus().toByteArray();
+    int length = buffer.length;
+    baos.write(length >>> 24);
+    baos.write((length >>> 16) & 0xFF);
+    baos.write((length >>> 8) & 0xFF);
+    baos.write(length & 0xFF);
+    baos.write(buffer, 0, length);
+
+    // e
+    buffer = rsaKey.getPublicExponent().toByteArray();
+    length = buffer.length;
+    baos.write(length >>> 24);
+    baos.write((length >>> 16) & 0xFF);
+    baos.write((length >>> 8) & 0xFF);
+    baos.write(length & 0xFF);
+    baos.write(buffer, 0, length);
+
+    return baos.toByteArray();
+  }
+
+  public PublicKey decodePublicKey(byte[] k)
+  {
+    // magic
+    if (k[0] != Registry.MAGIC_RAW_RSA_PUBLIC_KEY[0]
+        || k[1] != Registry.MAGIC_RAW_RSA_PUBLIC_KEY[1]
+        || k[2] != Registry.MAGIC_RAW_RSA_PUBLIC_KEY[2]
+        || k[3] != Registry.MAGIC_RAW_RSA_PUBLIC_KEY[3])
+      {
+        throw new IllegalArgumentException("magic");
+      }
+
+    // version
+    if (k[4] != 0x01)
+      {
+        throw new IllegalArgumentException("version");
+      }
+    int i = 5;
+
+    int l;
+    byte[] buffer;
+
+    // n
+    l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8
+        | (k[i++] & 0xFF);
+    buffer = new byte[l];
+    System.arraycopy(k, i, buffer, 0, l);
+    i += l;
+    BigInteger n = new BigInteger(1, buffer);
+
+    // e
+    l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8
+        | (k[i++] & 0xFF);
+    buffer = new byte[l];
+    System.arraycopy(k, i, buffer, 0, l);
+    i += l;
+    BigInteger e = new BigInteger(1, buffer);
+
+    return new GnuRSAPublicKey(n, e);
+  }
+
+  /**
+   * <p>Returns the encoded form of the designated RSA private key according to
+   * the <i>Raw</i> format supported by this library.</p>
+   *
+   * <p>The <i>Raw</i> format for an RSA private key, in this implementation,
+   * is a byte sequence consisting of the following:</p>
+   *
+   * <ol>
+   *		<li>4-byte magic consisting of the value of the literal
+   *    {@link Registry#MAGIC_RAW_RSA_PRIVATE_KEY},<li>
+   *		<li>1-byte version consisting of the constant: 0x01,</li>
+   *		<li>4-byte count of following bytes representing the RSA parameter
+   *		<code>p</code> (the first prime factor of the modulus) in internet
+   *    order,</li>
+   *		<li>n-bytes representation of a {@link BigInteger} obtained by invoking
+   *    the <code>toByteArray()</code> method on the RSA parameter <code>p</code>,</li>
+   *		<li>4-byte count of following bytes representing the RSA parameter
+   *		<code>q</code> (the second prime factor of the modulus) in internet
+   *    order,</li>
+   *		<li>n-bytes representation of a {@link BigInteger} obtained by invoking
+   *    the <code>toByteArray()</code> method on the RSA parameter <code>q</code>,</li>
+   *		<li>4-byte count of following bytes representing the RSA parameter
+   *		<code>e</code> (the public exponent) in internet order,</li>
+   *		<li>n-bytes representation of a {@link BigInteger} obtained by invoking
+   *    the <code>toByteArray()</code> method on the RSA parameter <code>e</code>,</li>
+   *		<li>4-byte count of following bytes representing the RSA parameter
+   *		<code>d</code> (the private exponent) in internet order,</li>
+   *		<li>n-bytes representation of a {@link BigInteger} obtained by invoking
+   *    the <code>toByteArray()</code> method on the RSA parameter <code>d</code>,</li>
+   * </ol>
+   *
+   * @param key the key to encode.
+   * @return the <i>Raw</i> format encoding of the designated key.
+   */
+  public byte[] encodePrivateKey(PrivateKey key)
+  {
+    if (!(key instanceof GnuRSAPrivateKey))
+      {
+        throw new IllegalArgumentException("key");
+      }
+
+    GnuRSAPrivateKey rsaKey = (GnuRSAPrivateKey) key;
+    ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+    // magic
+    baos.write(Registry.MAGIC_RAW_RSA_PRIVATE_KEY[0]);
+    baos.write(Registry.MAGIC_RAW_RSA_PRIVATE_KEY[1]);
+    baos.write(Registry.MAGIC_RAW_RSA_PRIVATE_KEY[2]);
+    baos.write(Registry.MAGIC_RAW_RSA_PRIVATE_KEY[3]);
+
+    // version
+    baos.write(0x01);
+
+    // p
+    byte[] buffer = rsaKey.getPrimeP().toByteArray();
+    int length = buffer.length;
+    baos.write(length >>> 24);
+    baos.write((length >>> 16) & 0xFF);
+    baos.write((length >>> 8) & 0xFF);
+    baos.write(length & 0xFF);
+    baos.write(buffer, 0, length);
+
+    // q
+    buffer = rsaKey.getPrimeQ().toByteArray();
+    length = buffer.length;
+    baos.write(length >>> 24);
+    baos.write((length >>> 16) & 0xFF);
+    baos.write((length >>> 8) & 0xFF);
+    baos.write(length & 0xFF);
+    baos.write(buffer, 0, length);
+
+    // e
+    buffer = rsaKey.getPublicExponent().toByteArray();
+    length = buffer.length;
+    baos.write(length >>> 24);
+    baos.write((length >>> 16) & 0xFF);
+    baos.write((length >>> 8) & 0xFF);
+    baos.write(length & 0xFF);
+    baos.write(buffer, 0, length);
+
+    // d
+    buffer = rsaKey.getPrivateExponent().toByteArray();
+    length = buffer.length;
+    baos.write(length >>> 24);
+    baos.write((length >>> 16) & 0xFF);
+    baos.write((length >>> 8) & 0xFF);
+    baos.write(length & 0xFF);
+    baos.write(buffer, 0, length);
+
+    return baos.toByteArray();
+  }
+
+  public PrivateKey decodePrivateKey(byte[] k)
+  {
+    // magic
+    if (k[0] != Registry.MAGIC_RAW_RSA_PRIVATE_KEY[0]
+        || k[1] != Registry.MAGIC_RAW_RSA_PRIVATE_KEY[1]
+        || k[2] != Registry.MAGIC_RAW_RSA_PRIVATE_KEY[2]
+        || k[3] != Registry.MAGIC_RAW_RSA_PRIVATE_KEY[3])
+      {
+        throw new IllegalArgumentException("magic");
+      }
+
+    // version
+    if (k[4] != 0x01)
+      {
+        throw new IllegalArgumentException("version");
+      }
+    int i = 5;
+
+    int l;
+    byte[] buffer;
+
+    // p
+    l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8
+        | (k[i++] & 0xFF);
+    buffer = new byte[l];
+    System.arraycopy(k, i, buffer, 0, l);
+    i += l;
+    BigInteger p = new BigInteger(1, buffer);
+
+    // q
+    l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8
+        | (k[i++] & 0xFF);
+    buffer = new byte[l];
+    System.arraycopy(k, i, buffer, 0, l);
+    i += l;
+    BigInteger q = new BigInteger(1, buffer);
+
+    // e
+    l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8
+        | (k[i++] & 0xFF);
+    buffer = new byte[l];
+    System.arraycopy(k, i, buffer, 0, l);
+    i += l;
+    BigInteger e = new BigInteger(1, buffer);
+
+    // d
+    l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8
+        | (k[i++] & 0xFF);
+    buffer = new byte[l];
+    System.arraycopy(k, i, buffer, 0, l);
+    i += l;
+    BigInteger d = new BigInteger(1, buffer);
+
+    return new GnuRSAPrivateKey(p, q, e, d);
+  }
+}
diff --git a/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java b/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java
new file mode 100644
index 00000000000..1c362784b35
--- /dev/null
+++ b/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java
@@ -0,0 +1,248 @@
+/* RSAKeyPairX509Codec.java -- X.509 Encoding/Decoding handler
+   Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.key.rsa;
+
+import gnu.java.security.OID;
+import gnu.java.security.Registry;
+import gnu.java.security.der.BitString;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+import gnu.java.security.der.DERWriter;
+import gnu.java.security.key.IKeyPairCodec;
+import gnu.java.security.util.DerUtil;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidParameterException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.util.ArrayList;
+import java.util.logging.Logger;
+
+/**
+ * An implementation of an {@link IKeyPairCodec} that knows how to encode /
+ * decode X.509 ASN.1 external representation of RSA public keys.
+ */
+public class RSAKeyPairX509Codec
+    implements IKeyPairCodec
+{
+  private static final Logger log = Logger.getLogger(RSAKeyPairX509Codec.class.getName());
+  private static final OID RSA_ALG_OID = new OID(Registry.RSA_OID_STRING);
+
+  // implicit 0-arguments constructor
+
+  public int getFormatID()
+  {
+    return X509_FORMAT;
+  }
+
+  /**
+   * Returns the X.509 ASN.1 <i>SubjectPublicKeyInfo</i> representation of an
+   * RSA public key. The ASN.1 specification, as defined in RFC-3280, and
+   * RFC-2459, is as follows:
+   *
+   * <pre>
+   *   SubjectPublicKeyInfo ::= SEQUENCE {
+   *     algorithm         AlgorithmIdentifier,
+   *     subjectPublicKey  BIT STRING
+   *   }
+   *
+   *   AlgorithmIdentifier ::= SEQUENCE {
+   *     algorithm   OBJECT IDENTIFIER,
+   *     parameters  ANY DEFINED BY algorithm OPTIONAL
+   *   }
+   * </pre>
+   * <p>
+   * As indicated in RFC-2459: "The parameters field shall have ASN.1 type NULL
+   * for this algorithm identifier.".
+   * <p>
+   * The <i>subjectPublicKey</i> field, which is a BIT STRING, contains the
+   * DER-encoded form of the RSA public key defined as:
+   * 
+   * <pre>
+   *   RSAPublicKey ::= SEQUENCE {
+   *     modulus         INTEGER, -- n
+   *     publicExponent  INTEGER  -- e
+   *   }
+   * </pre>
+   * 
+   * @param key the {@link PublicKey} instance to encode. MUST be an instance of
+   *          {@link GnuRSAPublicKey}.
+   * @return the ASN.1 representation of the <i>SubjectPublicKeyInfo</i> in an
+   *         X.509 certificate.
+   * @throw InvalidParameterException if <code>key</code> is not an instance
+   *        of {@link GnuRSAPublicKey} or if an exception occurs during the
+   *        marshalling process.
+   */
+  public byte[] encodePublicKey(PublicKey key)
+  {
+    log.entering(this.getClass().getName(), "encodePublicKey()", key);
+
+    if (! (key instanceof GnuRSAPublicKey))
+      throw new InvalidParameterException("key");
+
+    DERValue derOID = new DERValue(DER.OBJECT_IDENTIFIER, RSA_ALG_OID);
+
+    GnuRSAPublicKey rsaKey = (GnuRSAPublicKey) key;
+    BigInteger n = rsaKey.getN();
+    BigInteger e = rsaKey.getE();
+
+    DERValue derN = new DERValue(DER.INTEGER, n);
+    DERValue derE = new DERValue(DER.INTEGER, e);
+
+    ArrayList algorithmID = new ArrayList(1);
+    algorithmID.add(derOID);
+    DERValue derAlgorithmID = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE,
+                                           algorithmID);
+
+    ArrayList publicKey = new ArrayList(2);
+    publicKey.add(derN);
+    publicKey.add(derE);
+    DERValue derPublicKey = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE,
+                                         publicKey);
+    byte[] spkBytes = derPublicKey.getEncoded();
+    DERValue derSPK = new DERValue(DER.BIT_STRING, new BitString(spkBytes));
+
+    ArrayList spki = new ArrayList(2);
+    spki.add(derAlgorithmID);
+    spki.add(derSPK);
+    DERValue derSPKI = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, spki);
+
+    byte[] result;
+    ByteArrayOutputStream baos = new ByteArrayOutputStream();
+    try
+      {
+        DERWriter.write(baos, derSPKI);
+        result = baos.toByteArray();
+      }
+    catch (IOException x)
+      {
+        InvalidParameterException y = new InvalidParameterException();
+        y.initCause(x);
+        throw y;
+      }
+
+    log.exiting(this.getClass().getName(), "encodePublicKey()", result);
+    return result;
+  }
+
+  /**
+   * @throws InvalidParameterException ALWAYS.
+   */
+  public byte[] encodePrivateKey(PrivateKey key)
+  {
+    throw new InvalidParameterException("Wrong format for private keys");
+  }
+
+  /**
+   * @param input the byte array to unmarshall into a valid RSA
+   *          {@link PublicKey} instance. MUST NOT be null.
+   * @return a new instance of a {@link GnuRSAPublicKey} decoded from the
+   *         <i>SubjectPublicKeyInfo</i> material in an X.509 certificate.
+   * @throw InvalidParameterException if an exception occurs during the
+   *        unmarshalling process.
+   */
+  public PublicKey decodePublicKey(byte[] input)
+  {
+    log.entering(this.getClass().getName(), "decodePublicKey()", input);
+
+    if (input == null)
+      throw new InvalidParameterException("Input bytes MUST NOT be null");
+
+    BigInteger n, e;
+    DERReader der = new DERReader(input);
+    try
+      {
+        DERValue derSPKI = der.read();
+        DerUtil.checkIsConstructed(derSPKI, "Wrong SubjectPublicKeyInfo field");
+
+        DERValue derAlgorithmID = der.read();
+        DerUtil.checkIsConstructed(derAlgorithmID, "Wrong AlgorithmIdentifier field");
+
+        DERValue derOID = der.read();
+        if (! (derOID.getValue() instanceof OID))
+          throw new InvalidParameterException("Wrong Algorithm field");
+
+        OID algOID = (OID) derOID.getValue();
+        if (! algOID.equals(RSA_ALG_OID))
+          throw new InvalidParameterException("Unexpected OID: " + algOID);
+
+        // rfc-2459 states that this field is OPTIONAL but NULL if/when present
+        DERValue val = der.read();
+        if (val.getTag() == DER.NULL)
+          val = der.read();
+
+        if (! (val.getValue() instanceof BitString))
+          throw new InvalidParameterException("Wrong SubjectPublicKey field");
+
+        byte[] spkBytes = ((BitString) val.getValue()).toByteArray();
+
+        der = new DERReader(spkBytes);
+        val = der.read();
+        DerUtil.checkIsConstructed(derAlgorithmID, "Wrong subjectPublicKey field");
+
+        val = der.read();
+        DerUtil.checkIsBigInteger(val, "Wrong modulus field");
+        n = (BigInteger) val.getValue();
+        val = der.read();
+        DerUtil.checkIsBigInteger(val, "Wrong publicExponent field");
+        e = (BigInteger) val.getValue();
+      }
+    catch (IOException x)
+      {
+        InvalidParameterException y = new InvalidParameterException();
+        y.initCause(x);
+        throw y;
+      }
+
+    PublicKey result = new GnuRSAPublicKey(Registry.X509_ENCODING_ID, n, e);
+    log.exiting(this.getClass().getName(), "decodePublicKey()", result);
+    return result;
+  }
+
+  /**
+   * @throws InvalidParameterException ALWAYS.
+   */
+  public PrivateKey decodePrivateKey(byte[] input)
+  {
+    throw new InvalidParameterException("Wrong format for private keys");
+  }
+}