diff options
Diffstat (limited to 'libjava/classpath/gnu/java/security/key')
19 files changed, 783 insertions, 1036 deletions
diff --git a/libjava/classpath/gnu/java/security/key/IKeyPairCodec.java b/libjava/classpath/gnu/java/security/key/IKeyPairCodec.java index 965a317d4ff..f09743d2b60 100644 --- a/libjava/classpath/gnu/java/security/key/IKeyPairCodec.java +++ b/libjava/classpath/gnu/java/security/key/IKeyPairCodec.java @@ -44,16 +44,13 @@ import java.security.PrivateKey; import java.security.PublicKey; /** - * <p>The visible methods of an object that knows how to encode and decode + * The visible methods of an object that knows how to encode and decode * cryptographic asymmetric keypairs. Codecs are useful for (a) externalising * public and private keys for storage and on-the-wire transmission, as well as - * (b) re-creating their internal Java representation from external sources.</p> + * (b) re-creating their internal Java representation from external sources. */ public interface IKeyPairCodec { - // Constants - // ------------------------------------------------------------------------- - /** Constant identifying the <i>Raw</i> encoding format. */ int RAW_FORMAT = Registry.RAW_ENCODING_ID; @@ -69,62 +66,59 @@ public interface IKeyPairCodec */ int ASN1_FORMAT = Registry.ASN1_ENCODING_ID; - // Method(s) - // ------------------------------------------------------------------------- - /** - * <p>Returns the unique identifier (within this library) of the format used - * to externalise public and private keys.</p> - * + * Returns the unique identifier (within this library) of the format used to + * externalise public and private keys. + * * @return the identifier of the format, the object supports. */ int getFormatID(); /** - * <p>Encodes an instance of a public key for storage or transmission purposes.</p> - * + * Encodes an instance of a public key for storage or transmission purposes. + * * @param key the non-null key to encode. * @return a byte sequence representing the encoding of the designated key - * according to the format supported by this codec. + * according to the format supported by this codec. * @exception IllegalArgumentException if the designated key is not supported - * by this codec. + * by this codec. */ byte[] encodePublicKey(PublicKey key); /** - * <p>Encodes an instance of a private key for storage or transmission purposes.</p> - * + * Encodes an instance of a private key for storage or transmission purposes. + * * @param key the non-null key to encode. * @return a byte sequence representing the encoding of the designated key - * according to the format supported by this codec. + * according to the format supported by this codec. * @exception IllegalArgumentException if the designated key is not supported - * by this codec. + * by this codec. */ byte[] encodePrivateKey(PrivateKey key); /** - * <p>Decodes an instance of an external public key into its native Java - * representation.</p> - * + * Decodes an instance of an external public key into its native Java + * representation. + * * @param input the source of the externalised key to decode. * @return a concrete instance of a public key, reconstructed from the - * designated input. + * designated input. * @exception IllegalArgumentException if the designated input does not - * contain a known representation of a public key for the format supported by - * the concrete codec. + * contain a known representation of a public key for the format + * supported by the concrete codec. */ PublicKey decodePublicKey(byte[] input); /** - * <p>Decodes an instance of an external private key into its native Java - * representation.</p> - * + * Decodes an instance of an external private key into its native Java + * representation. + * * @param input the source of the externalised key to decode. * @return a concrete instance of a private key, reconstructed from the - * designated input. + * designated input. * @exception IllegalArgumentException if the designated input does not - * contain a known representation of a private key for the format supported - * by the concrete codec. + * contain a known representation of a private key for the format + * supported by the concrete codec. */ PrivateKey decodePrivateKey(byte[] input); } diff --git a/libjava/classpath/gnu/java/security/key/IKeyPairGenerator.java b/libjava/classpath/gnu/java/security/key/IKeyPairGenerator.java index 2e0b299286b..8d7842e935f 100644 --- a/libjava/classpath/gnu/java/security/key/IKeyPairGenerator.java +++ b/libjava/classpath/gnu/java/security/key/IKeyPairGenerator.java @@ -42,38 +42,31 @@ import java.security.KeyPair; import java.util.Map; /** - * The visible methods of every asymmetric keypair generator.<p> + * The visible methods of every asymmetric keypair generator. */ public interface IKeyPairGenerator { - - // Constants - // ------------------------------------------------------------------------- - - // Methods - // ------------------------------------------------------------------------- - /** - * Returns the canonical name of this keypair generator.<p> - * + * Returns the canonical name of this keypair generator. + * * @return the canonical name of this instance. */ String name(); /** - * [Re]-initialises this instance for use with a given set of attributes.<p> - * + * [Re]-initialises this instance for use with a given set of attributes. + * * @param attributes a map of name/value pairs to use for setting up the - * instance. + * instance. * @exception IllegalArgumentException if at least one of the mandatory - * attributes is missing or an invalid value was specified. + * attributes is missing or an invalid value was specified. */ void setup(Map attributes); /** * Generates a new keypair based on the attributes used to configure the * instance. - * + * * @return a new keypair. */ KeyPair generate(); diff --git a/libjava/classpath/gnu/java/security/key/KeyPairCodecFactory.java b/libjava/classpath/gnu/java/security/key/KeyPairCodecFactory.java index 1a8b8aa0388..e68a7d65c3a 100644 --- a/libjava/classpath/gnu/java/security/key/KeyPairCodecFactory.java +++ b/libjava/classpath/gnu/java/security/key/KeyPairCodecFactory.java @@ -207,10 +207,8 @@ public class KeyPairCodecFactory hs.add(Registry.RSA_KPG + "/" + Registry.PKCS8_ENCODING_SHORT_NAME); hs.add(Registry.DH_KPG + "/" + Registry.RAW_ENCODING_SHORT_NAME); hs.add(Registry.SRP_KPG + "/" + Registry.RAW_ENCODING_SHORT_NAME); - names = Collections.unmodifiableSet(hs); } - return names; } diff --git a/libjava/classpath/gnu/java/security/key/KeyPairGeneratorFactory.java b/libjava/classpath/gnu/java/security/key/KeyPairGeneratorFactory.java index 8c2f348c9c7..4872fc3d1a1 100644 --- a/libjava/classpath/gnu/java/security/key/KeyPairGeneratorFactory.java +++ b/libjava/classpath/gnu/java/security/key/KeyPairGeneratorFactory.java @@ -48,68 +48,48 @@ import java.util.HashSet; import java.util.Set; /** - * <p>A Factory to instantiate asymmetric keypair generators.</p> + * A Factory to instantiate asymmetric keypair generators. */ public class KeyPairGeneratorFactory { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - /** Trivial constructor to enforce Singleton pattern. */ private KeyPairGeneratorFactory() { super(); } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns an instance of a keypair generator given its name.</p> - * + * Returns an instance of a keypair generator given its name. + * * @param name the case-insensitive key generator name. - * @return an instance of the keypair generator, or <code>null</code> if none - * found. + * @return an instance of the keypair generator, or <code>null</code> if + * none found. */ public static IKeyPairGenerator getInstance(String name) { if (name == null) - { - return null; - } + return null; name = name.trim(); IKeyPairGenerator result = null; if (name.equalsIgnoreCase(Registry.DSA_KPG) || name.equalsIgnoreCase(Registry.DSS_KPG)) - { - result = new DSSKeyPairGenerator(); - } + result = new DSSKeyPairGenerator(); else if (name.equalsIgnoreCase(Registry.RSA_KPG)) - { - result = new RSAKeyPairGenerator(); - } + result = new RSAKeyPairGenerator(); else if (name.equalsIgnoreCase(Registry.DH_KPG)) - { - result = makeInstance ("gnu.javax.crypto.key.dh.GnuDHKeyPairGenerator"); - } + result = makeInstance("gnu.javax.crypto.key.dh.GnuDHKeyPairGenerator"); else if (name.equalsIgnoreCase(Registry.SRP_KPG)) - { - result = makeInstance ("gnu.javax.crypto.key.srp6.SRPKeyPairGenerator"); - } + result = makeInstance("gnu.javax.crypto.key.srp6.SRPKeyPairGenerator"); return result; } /** - * <p>Returns a {@link Set} of keypair generator names supported by this + * Returns a {@link Set} of keypair generator names supported by this * <i>Factory</i>. Those keypair generators may be used in conjunction with - * the digital signature schemes with appendix supported by this library.</p> - * + * the digital signature schemes with appendix supported by this library. + * * @return a {@link Set} of keypair generator names (Strings). */ public static final Set getNames() @@ -120,26 +100,21 @@ public class KeyPairGeneratorFactory hs.add(Registry.RSA_KPG); hs.add(Registry.DH_KPG); hs.add(Registry.SRP_KPG); - return Collections.unmodifiableSet(hs); } - private static IKeyPairGenerator makeInstance (String clazz) + private static IKeyPairGenerator makeInstance(String clazz) { try { - Class c = Class.forName (clazz); - Constructor ctor = c.getConstructor (new Class[0]); - return (IKeyPairGenerator) ctor.newInstance (new Object[0]); + Class c = Class.forName(clazz); + Constructor ctor = c.getConstructor(new Class[0]); + return (IKeyPairGenerator) ctor.newInstance(new Object[0]); } catch (Exception x) { throw new IllegalArgumentException( - "strong crypto key pair generator not available: " + clazz, - x); + "strong crypto key pair generator not available: " + clazz, x); } } - - // Instance methods - // ------------------------------------------------------------------------- } diff --git a/libjava/classpath/gnu/java/security/key/dss/DSSKey.java b/libjava/classpath/gnu/java/security/key/dss/DSSKey.java index 40aaea89352..657de8dd02d 100644 --- a/libjava/classpath/gnu/java/security/key/dss/DSSKey.java +++ b/libjava/classpath/gnu/java/security/key/dss/DSSKey.java @@ -38,74 +38,77 @@ exception statement from your version. */ package gnu.java.security.key.dss; -import gnu.classpath.SystemProperties; import gnu.java.security.Registry; +import gnu.java.security.action.GetPropertyAction; import gnu.java.security.util.FormatUtil; import java.math.BigInteger; +import java.security.AccessController; import java.security.Key; import java.security.interfaces.DSAKey; import java.security.interfaces.DSAParams; import java.security.spec.DSAParameterSpec; /** - * <p>A base asbtract class for both public and private DSS (Digital Signature + * A base asbtract class for both public and private DSS (Digital Signature * Standard) keys. It encapsulates the three DSS numbers: <code>p</code>, - * <code>q</code> and <code>g</code>.</p> - * - * <p>According to the JDK, cryptographic <i>Keys</i> all have a <i>format</i>. + * <code>q</code> and <code>g</code>. + * <p> + * According to the JDK, cryptographic <i>Keys</i> all have a <i>format</i>. * The format used in this implementation is called <i>Raw</i>, and basically * consists of the raw byte sequences of algorithm parameters. The exact order - * of the byte sequences and the implementation details are given in each of - * the relevant <code>getEncoded()</code> methods of each of the private and - * public keys.</p> - * + * of the byte sequences and the implementation details are given in each of the + * relevant <code>getEncoded()</code> methods of each of the private and + * public keys. + * <p> + * <b>IMPORTANT</b>: Under certain circumstances (e.g. in an X.509 certificate + * with inherited AlgorithmIdentifier's parameters of a SubjectPublicKeyInfo + * element) these three MPIs may be <code>null</code>. + * * @see DSSPrivateKey#getEncoded * @see DSSPublicKey#getEncoded */ -public abstract class DSSKey implements Key, DSAKey +public abstract class DSSKey + implements Key, DSAKey { - // Constants and variables - // ------------------------------------------------------------------------- - /** - * A prime modulus, where <code>2<sup>L-1</sup> < p < 2<sup>L</sup></code> - * for <code>512 <= L <= 1024</code> and <code>L</code> a multiple of + * A prime modulus, where + * <code>2<sup>L-1</sup> < p < 2<sup>L</sup></code> for + * <code>512 <= L <= 1024</code> and <code>L</code> a multiple of * <code>64</code>. */ protected final BigInteger p; /** - * A prime divisor of <code>p - 1</code>, where <code>2<sup>159</sup> < q + * A prime divisor of <code>p - 1</code>, where + * <code>2<sup>159</sup> < q * < 2<sup>160</sup></code>. */ protected final BigInteger q; /** - * <code>g = h<sup>(p-1)</sup>/q mod p</code>, where <code>h</code> is any - * integer with <code>1 < h < p - 1</code> such that <code>h<sup> - * (p-1)</sup>/q mod p > 1</code> (<code>g</code> has order <code>q mod p + * <code>g = h<sup>(p-1)</sup>/q mod p</code>, where <code>h</code> is + * any integer with <code>1 < h < p - 1</code> such that <code>h<sup> + * (p-1)</sup>/q mod p > 1</code> (<code>g</code> + * has order <code>q mod p * </code>). */ protected final BigInteger g; /** - * Identifier of the default encoding format to use when externalizing the - * key material. + * Identifier of the default encoding format to use when externalizing the key + * material. */ protected final int defaultFormat; /** String representation of this key. Cached for speed. */ private transient String str; - // Constructor(s) - // ------------------------------------------------------------------------- - /** * Trivial protected constructor. * * @param defaultFormat the identifier of the encoding format to use by - * default when externalizing the key. + * default when externalizing the key. * @param p the DSS parameter <code>p</code>. * @param q the DSS parameter <code>q</code>. * @param g the DSS parameter <code>g</code>. @@ -121,21 +124,11 @@ public abstract class DSSKey implements Key, DSAKey this.g = g; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // java.security.interfaces.DSAKey interface implementation ---------------- - public DSAParams getParams() { return new DSAParameterSpec(p, q, g); } - // java.security.Key interface implementation ------------------------------ - public String getAlgorithm() { return Registry.DSS_KPG; @@ -152,27 +145,31 @@ public abstract class DSSKey implements Key, DSAKey return FormatUtil.getEncodingShortName(defaultFormat); } - // Other instance methods -------------------------------------------------- - /** - * <p>Returns <code>true</code> if the designated object is an instance of + * Returns <code>true</code> if the designated object is an instance of * {@link DSAKey} and has the same DSS (Digital Signature Standard) parameter - * values as this one.</p> - * + * values as this one. + * <p> + * Always returns <code>false</code> if the MPIs of this key are + * <i>inherited</i>. This may be the case when the key is re-constructed from + * an X.509 certificate with absent or NULL AlgorithmIdentifier's parameters + * field. + * * @param obj the other non-null DSS key to compare to. - * @return <code>true</code> if the designated object is of the same type and - * value as this one. + * @return <code>true</code> if the designated object is of the same type + * and value as this one. */ public boolean equals(Object obj) { + if (hasInheritedParameters()) + return false; + if (obj == null) - { - return false; - } - if (!(obj instanceof DSAKey)) - { - return false; - } + return false; + + if (! (obj instanceof DSAKey)) + return false; + DSAKey that = (DSAKey) obj; return p.equals(that.getParams().getP()) && q.equals(that.getParams().getQ()) @@ -183,19 +180,32 @@ public abstract class DSSKey implements Key, DSAKey { if (str == null) { - String ls = SystemProperties.getProperty("line.separator"); - str = new StringBuilder().append(ls) - .append("defaultFormat=").append(defaultFormat).append(",").append(ls) - .append("p=0x").append(p.toString(16)).append(",").append(ls) - .append("q=0x").append(q.toString(16)).append(",").append(ls) - .append("g=0x").append(g.toString(16)) - .toString(); + String ls = (String) AccessController.doPrivileged(new GetPropertyAction("line.separator")); + StringBuilder sb = new StringBuilder(ls) + .append("defaultFormat=").append(defaultFormat).append(",") + .append(ls); + if (hasInheritedParameters()) + sb.append("p=inherited,").append(ls) + .append("q=inherited,").append(ls) + .append("g=inherited"); + else + sb.append("p=0x").append(p.toString(16)).append(",").append(ls) + .append("q=0x").append(q.toString(16)).append(",").append(ls) + .append("g=0x").append(g.toString(16)); + str = sb.toString(); } - return str; } - // abstract methods to be implemented by subclasses ------------------------ - public abstract byte[] getEncoded(int format); + + /** + * @return <code>true</code> if <code>p</code>, <code>q</code> and + * <code>g</code> are all <code>null</code>. Returns + * <code>false</code> otherwise. + */ + public boolean hasInheritedParameters() + { + return p == null && q == null && g == null; + } } diff --git a/libjava/classpath/gnu/java/security/key/dss/DSSKeyPairGenerator.java b/libjava/classpath/gnu/java/security/key/dss/DSSKeyPairGenerator.java index 5aa746147eb..1bad0b62ed6 100644 --- a/libjava/classpath/gnu/java/security/key/dss/DSSKeyPairGenerator.java +++ b/libjava/classpath/gnu/java/security/key/dss/DSSKeyPairGenerator.java @@ -38,12 +38,12 @@ exception statement from your version. */ package gnu.java.security.key.dss; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.java.security.hash.Sha160; import gnu.java.security.key.IKeyPairGenerator; import gnu.java.security.util.PRNG; -import java.io.PrintWriter; import java.math.BigInteger; import java.security.KeyPair; import java.security.PrivateKey; @@ -51,76 +51,57 @@ import java.security.PublicKey; import java.security.SecureRandom; import java.security.spec.DSAParameterSpec; import java.util.Map; +import java.util.logging.Logger; /** - * <p>A key-pair generator for asymetric keys to use in conjunction with the DSS - * (Digital Signature Standard).</p> - * - * References:<br> + * A key-pair generator for asymetric keys to use in conjunction with the DSS + * (Digital Signature Standard). + * <p> + * References: + * <p> * <a href="http://www.itl.nist.gov/fipspubs/fip186.htm">Digital Signature - * Standard (DSS)</a>, Federal Information Processing Standards Publication 186. - * National Institute of Standards and Technology. + * Standard (DSS)</a>, Federal Information Processing Standards Publication + * 186. National Institute of Standards and Technology. */ -public class DSSKeyPairGenerator implements IKeyPairGenerator +public class DSSKeyPairGenerator + implements IKeyPairGenerator { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - private static final String NAME = "dss"; - - private static final boolean DEBUG = false; - - private static final int debuglevel = 5; - - private static final PrintWriter err = new PrintWriter(System.out, true); - - private static void debug(String s) - { - err.println(">>> " + NAME + ": " + s); - } - - // Constants and variables - // ------------------------------------------------------------------------- + private static final Logger log = Logger.getLogger(DSSKeyPairGenerator.class.getName()); /** The BigInteger constant 2. */ - private static final BigInteger TWO = new BigInteger("2"); + private static final BigInteger TWO = BigInteger.valueOf(2L); /** Property name of the length (Integer) of the modulus (p) of a DSS key. */ public static final String MODULUS_LENGTH = "gnu.crypto.dss.L"; /** * Property name of the Boolean indicating wether or not to use default pre- - * computed values of <code>p</code>, <code>q</code> and <code>g</code> for - * a given modulus length. The ultimate behaviour of this generator with + * computed values of <code>p</code>, <code>q</code> and <code>g</code> + * for a given modulus length. The ultimate behaviour of this generator with * regard to using pre-computed parameter sets will depend on the value of * this property and of the following one {@link #STRICT_DEFAULTS}: - * * <ol> - * <li>If this property is {@link Boolean#FALSE} then this generator - * will accept being setup for generating parameters for any modulus length - * provided the modulus length is between <code>512</code> and - * <code>1024</code>, and is of the form <code>512 + 64 * n</code>. In - * addition, a new paramter set will always be generated; i.e. no pre- - * computed values are used.</li> - * - * <li>If this property is {@link Boolean#TRUE} and the value of - * {@link #STRICT_DEFAULTS} is also {@link Boolean#TRUE} then this generator - * will only accept being setup for generating parameters for modulus - * lengths of <code>512</code>, <code>768</code> and <code>1024</code>. Any - * other value, of the modulus length, even if between <code>512</code> and - * <code>1024</code>, and of the form <code>512 + 64 * n</code>, will cause - * an {@link IllegalArgumentException} to be thrown. When those modulus - * length (<code>512</code>, <code>768</code>, and <code>1024</code>) are - * specified, the paramter set is always the same.</li> - * - * <li>Finally, if this property is {@link Boolean#TRUE} and the value of - * {@link #STRICT_DEFAULTS} is {@link Boolean#FALSE} then this generator - * will behave as in point 1 above, except that it will use pre-computed - * values when possible; i.e. the modulus length is one of <code>512</code>, - * <code>768</code>, or <code>1024</code>.</li> + * <li>If this property is {@link Boolean#FALSE} then this generator will + * accept being setup for generating parameters for any modulus length + * provided the modulus length is between <code>512</code> and + * <code>1024</code>, and is of the form <code>512 + 64 * n</code>. In + * addition, a new paramter set will always be generated; i.e. no pre- + * computed values are used.</li> + * <li>If this property is {@link Boolean#TRUE} and the value of + * {@link #STRICT_DEFAULTS} is also {@link Boolean#TRUE} then this generator + * will only accept being setup for generating parameters for modulus lengths + * of <code>512</code>, <code>768</code> and <code>1024</code>. Any + * other value, of the modulus length, even if between <code>512</code> and + * <code>1024</code>, and of the form <code>512 + 64 * n</code>, will + * cause an {@link IllegalArgumentException} to be thrown. When those modulus + * length (<code>512</code>, <code>768</code>, and <code>1024</code>) + * are specified, the paramter set is always the same.</li> + * <li>Finally, if this property is {@link Boolean#TRUE} and the value of + * {@link #STRICT_DEFAULTS} is {@link Boolean#FALSE} then this generator will + * behave as in point 1 above, except that it will use pre-computed values + * when possible; i.e. the modulus length is one of <code>512</code>, + * <code>768</code>, or <code>1024</code>.</li> * </ol> - * * The default value of this property is {@link Boolean#TRUE}. */ public static final String USE_DEFAULTS = "gnu.crypto.dss.use.defaults"; @@ -145,8 +126,8 @@ public class DSSKeyPairGenerator implements IKeyPairGenerator /** * Property name of an optional {@link DSAParameterSpec} instance to use for - * this generator's <code>p</code>, <code>q</code>, and <code>g</code> values. - * The default is to generate these values or use pre-computed ones, + * this generator's <code>p</code>, <code>q</code>, and <code>g</code> + * values. The default is to generate these values or use pre-computed ones, * depending on the value of the <code>USE_DEFAULTS</code> attribute. */ public static final String DSS_PARAMETERS = "gnu.crypto.dss.params"; @@ -165,55 +146,41 @@ public class DSSKeyPairGenerator implements IKeyPairGenerator private static final int DEFAULT_ENCODING_FORMAT = Registry.RAW_ENCODING_ID; /** Initial SHS context. */ - private static final int[] T_SHS = new int[] { 0x67452301, 0xEFCDAB89, - 0x98BADCFE, 0x10325476, - 0xC3D2E1F0 }; + private static final int[] T_SHS = new int[] { + 0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0 + }; // from jdk1.3.1/docs/guide/security/CryptoSpec.html#AppB public static final DSAParameterSpec KEY_PARAMS_512 = new DSAParameterSpec( - new BigInteger( - "fca682ce8e12caba26efccf7110e526db078b05edecbcd1eb4a208f3ae1617ae" - + "01f35b91a47e6df63413c5e12ed0899bcd132acd50d99151bdc43ee737592e17", - 16), - new BigInteger( - "962eddcc369cba8ebb260ee6b6a126d9346e38c5", - 16), - new BigInteger( - "678471b27a9cf44ee91a49c5147db1a9aaf244f05a434d6486931d2d14271b9e" - + "35030b71fd73da179069b32e2935630e1c2062354d0da20a6c416e50be794ca4", - 16)); - + new BigInteger( + "fca682ce8e12caba26efccf7110e526db078b05edecbcd1eb4a208f3ae1617ae" + + "01f35b91a47e6df63413c5e12ed0899bcd132acd50d99151bdc43ee737592e17", 16), + new BigInteger("962eddcc369cba8ebb260ee6b6a126d9346e38c5", 16), + new BigInteger( + "678471b27a9cf44ee91a49c5147db1a9aaf244f05a434d6486931d2d14271b9e" + + "35030b71fd73da179069b32e2935630e1c2062354d0da20a6c416e50be794ca4", 16)); public static final DSAParameterSpec KEY_PARAMS_768 = new DSAParameterSpec( - new BigInteger( - "e9e642599d355f37c97ffd3567120b8e25c9cd43e927b3a9670fbec5d8901419" - + "22d2c3b3ad2480093799869d1e846aab49fab0ad26d2ce6a22219d470bce7d77" - + "7d4a21fbe9c270b57f607002f3cef8393694cf45ee3688c11a8c56ab127a3daf", - 16), - new BigInteger( - "9cdbd84c9f1ac2f38d0f80f42ab952e7338bf511", - 16), - new BigInteger( - "30470ad5a005fb14ce2d9dcd87e38bc7d1b1c5facbaecbe95f190aa7a31d23c4" - + "dbbcbe06174544401a5b2c020965d8c2bd2171d3668445771f74ba084d2029d8" - + "3c1c158547f3a9f1a2715be23d51ae4d3e5a1f6a7064f316933a346d3f529252", - 16)); - + new BigInteger( + "e9e642599d355f37c97ffd3567120b8e25c9cd43e927b3a9670fbec5d8901419" + + "22d2c3b3ad2480093799869d1e846aab49fab0ad26d2ce6a22219d470bce7d77" + + "7d4a21fbe9c270b57f607002f3cef8393694cf45ee3688c11a8c56ab127a3daf", 16), + new BigInteger("9cdbd84c9f1ac2f38d0f80f42ab952e7338bf511", 16), + new BigInteger( + "30470ad5a005fb14ce2d9dcd87e38bc7d1b1c5facbaecbe95f190aa7a31d23c4" + + "dbbcbe06174544401a5b2c020965d8c2bd2171d3668445771f74ba084d2029d8" + + "3c1c158547f3a9f1a2715be23d51ae4d3e5a1f6a7064f316933a346d3f529252", 16)); public static final DSAParameterSpec KEY_PARAMS_1024 = new DSAParameterSpec( - new BigInteger( - "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669" - + "455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b7" - + "6b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb" - + "83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7", - 16), - new BigInteger( - "9760508f15230bccb292b982a2eb840bf0581cf5", - 16), - new BigInteger( - "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d078267" - + "5159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e1" - + "3c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243b" - + "cca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a", - 16)); + new BigInteger( + "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669" + + "455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b7" + + "6b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb" + + "83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7", 16), + new BigInteger("9760508f15230bccb292b982a2eb840bf0581cf5", 16), + new BigInteger( + "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d078267" + + "5159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e1" + + "3c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243b" + + "cca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a", 16)); private static final BigInteger TWO_POW_160 = TWO.pow(160); @@ -243,31 +210,18 @@ public class DSSKeyPairGenerator implements IKeyPairGenerator /** Preferred encoding format of generated keys. */ private int preferredFormat; - // Constructor(s) - // ------------------------------------------------------------------------- - - // implicit 0-arguments constructor - - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // gnu.crypto.key.IKeyPairGenerator interface implementation --------------- - public String name() { return Registry.DSS_KPG; } /** - * <p>Configures this instance.</p> - * + * Configures this instance. + * * @param attributes the map of name/value pairs to use. - * @exception IllegalArgumentException if the designated MODULUS_LENGTH - * value is not greater than 512, less than 1024 and not of the form - * <code>512 + 64j</code>. + * @exception IllegalArgumentException if the designated MODULUS_LENGTH value + * is not greater than 512, less than 1024 and not of the form + * <code>512 + 64j</code>. */ public void setup(Map attributes) { @@ -280,9 +234,7 @@ public class DSSKeyPairGenerator implements IKeyPairGenerator // should we use the default pre-computed params? Boolean useDefaults = (Boolean) attributes.get(USE_DEFAULTS); if (useDefaults == null) - { - useDefaults = Boolean.TRUE; - } + useDefaults = Boolean.TRUE; Boolean strictDefaults = (Boolean) attributes.get(STRICT_DEFAULTS); if (strictDefaults == null) @@ -334,16 +286,12 @@ public class DSSKeyPairGenerator implements IKeyPairGenerator q = null; g = null; } - // do we have a SecureRandom, or should we use our own? rnd = (SecureRandom) attributes.get(SOURCE_OF_RANDOMNESS); - // what is the preferred encoding format Integer formatID = (Integer) attributes.get(PREFERRED_ENCODING_FORMAT); - preferredFormat = formatID == null - ? DEFAULT_ENCODING_FORMAT - : formatID.intValue(); - + preferredFormat = formatID == null ? DEFAULT_ENCODING_FORMAT + : formatID.intValue(); // set the seed-key byte[] kb = new byte[20]; // we need 160 bits of randomness nextRandomBytes(kb); @@ -361,76 +309,65 @@ public class DSSKeyPairGenerator implements IKeyPairGenerator p = params[FIPS186.DSA_PARAMS_P]; e = params[FIPS186.DSA_PARAMS_E]; g = params[FIPS186.DSA_PARAMS_G]; - if (DEBUG && debuglevel > 0) + if (Configuration.DEBUG) { - debug("seed: " + seed.toString(16)); - debug("counter: " + counter.intValue()); - debug("q: " + q.toString(16)); - debug("p: " + p.toString(16)); - debug("e: " + e.toString(16)); - debug("g: " + g.toString(16)); + log.fine("seed: " + seed.toString(16)); + log.fine("counter: " + counter.intValue()); + log.fine("q: " + q.toString(16)); + log.fine("p: " + p.toString(16)); + log.fine("e: " + e.toString(16)); + log.fine("g: " + g.toString(16)); } } - BigInteger x = nextX(); BigInteger y = g.modPow(x, p); - PublicKey pubK = new DSSPublicKey(preferredFormat, p, q, g, y); PrivateKey secK = new DSSPrivateKey(preferredFormat, p, q, g, x); - return new KeyPair(pubK, secK); } - // Other instance methods -------------------------------------------------- - /** - * <p>This method applies the following algorithm described in 3.1 of - * FIPS-186:</p> - * + * This method applies the following algorithm described in 3.1 of FIPS-186: * <ol> - * <li>XSEED = optional user input.</li> - * <li>XVAL = (XKEY + XSEED) mod 2<sup>b</sup>.</li> - * <li>x = G(t, XVAL) mod q.</li> - * <li>XKEY = (1 + XKEY + x) mod 2<sup>b</sup>.</li> + * <li>XSEED = optional user input.</li> + * <li>XVAL = (XKEY + XSEED) mod 2<sup>b</sup>.</li> + * <li>x = G(t, XVAL) mod q.</li> + * <li>XKEY = (1 + XKEY + x) mod 2<sup>b</sup>.</li> * </ol> - * - * <p>Where <code>b</code> is the length of a secret b-bit seed-key (XKEY).</p> - * - * <p>Note that in this implementation, XSEED, the optional user input, is - * always zero.</p> + * <p> + * Where <code>b</code> is the length of a secret b-bit seed-key (XKEY). + * <p> + * Note that in this implementation, XSEED, the optional user input, is always + * zero. */ private synchronized BigInteger nextX() { byte[] xk = XKEY.toByteArray(); byte[] in = new byte[64]; // 512-bit block for SHS System.arraycopy(xk, 0, in, 0, xk.length); - int[] H = Sha160.G(T_SHS[0], T_SHS[1], T_SHS[2], T_SHS[3], T_SHS[4], in, 0); byte[] h = new byte[20]; for (int i = 0, j = 0; i < 5; i++) { - h[j++] = (byte) (H[i] >>> 24); - h[j++] = (byte) (H[i] >>> 16); - h[j++] = (byte) (H[i] >>> 8); + h[j++] = (byte)(H[i] >>> 24); + h[j++] = (byte)(H[i] >>> 16); + h[j++] = (byte)(H[i] >>> 8); h[j++] = (byte) H[i]; } BigInteger result = new BigInteger(1, h).mod(q); XKEY = XKEY.add(result).add(BigInteger.ONE).mod(TWO_POW_160); - return result; } /** - * <p>Fills the designated byte array with random data.</p> - * + * Fills the designated byte array with random data. + * * @param buffer the byte array to fill with random data. */ private void nextRandomBytes(byte[] buffer) { if (rnd != null) - { - rnd.nextBytes(buffer); - } + rnd.nextBytes(buffer); else getDefaultPRNG().nextBytes(buffer); } diff --git a/libjava/classpath/gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java b/libjava/classpath/gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java index 3a115b96378..06b8e849a50 100644 --- a/libjava/classpath/gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java +++ b/libjava/classpath/gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java @@ -38,6 +38,7 @@ exception statement from your version. */ package gnu.java.security.key.dss; +import gnu.java.security.Configuration; import gnu.java.security.OID; import gnu.java.security.Registry; import gnu.java.security.der.DER; @@ -158,11 +159,10 @@ public class DSSKeyPairPKCS8Codec } catch (IOException e) { - InvalidParameterException y = new InvalidParameterException(); + InvalidParameterException y = new InvalidParameterException(e.getMessage()); y.initCause(e); throw y; } - return result; } @@ -184,8 +184,8 @@ public class DSSKeyPairPKCS8Codec */ public PrivateKey decodePrivateKey(byte[] input) { - log.entering("DSSKeyPairPKCS8Codec", "decodePrivateKey"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "decodePrivateKey"); if (input == null) throw new InvalidParameterException("Input bytes MUST NOT be null"); @@ -226,9 +226,11 @@ public class DSSKeyPairPKCS8Codec g = (BigInteger) val.getValue(); val = der.read(); - log.finest("val = " + val); + if (Configuration.DEBUG) + log.fine("val = " + val); byte[] xBytes = (byte[]) val.getValue(); - log.finest(Util.dumpString(xBytes, "xBytes: ")); + if (Configuration.DEBUG) + log.fine(Util.dumpString(xBytes, "xBytes: ")); DERReader der2 = new DERReader(xBytes); val = der2.read(); DerUtil.checkIsBigInteger(val, "Wrong X field"); @@ -236,12 +238,12 @@ public class DSSKeyPairPKCS8Codec } catch (IOException e) { - InvalidParameterException y = new InvalidParameterException(); + InvalidParameterException y = new InvalidParameterException(e.getMessage()); y.initCause(e); throw y; } - - log.exiting("DSSKeyPairPKCS8Codec", "decodePrivateKey"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "decodePrivateKey"); return new DSSPrivateKey(Registry.PKCS8_ENCODING_ID, p, q, g, x); } } diff --git a/libjava/classpath/gnu/java/security/key/dss/DSSKeyPairRawCodec.java b/libjava/classpath/gnu/java/security/key/dss/DSSKeyPairRawCodec.java index 7c5491d6f37..b1135b75f1f 100644 --- a/libjava/classpath/gnu/java/security/key/dss/DSSKeyPairRawCodec.java +++ b/libjava/classpath/gnu/java/security/key/dss/DSSKeyPairRawCodec.java @@ -47,91 +47,72 @@ import java.security.PrivateKey; import java.security.PublicKey; /** - * <p>An object that implements the {@link IKeyPairCodec} operations for the - * <i>Raw</i> format to use with DSS keypairs.</p> + * An object that implements the {@link IKeyPairCodec} operations for the + * <i>Raw</i> format to use with DSS keypairs. */ -public class DSSKeyPairRawCodec implements IKeyPairCodec +public class DSSKeyPairRawCodec + implements IKeyPairCodec { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - // implicit 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // gnu.crypto.keys.IKeyPairCodec interface implementation ------------------ - public int getFormatID() { return RAW_FORMAT; } /** - * <p>Returns the encoded form of the designated DSS (Digital Signature - * Standard) public key according to the <i>Raw</i> format supported by - * this library.</p> - * - * <p>The <i>Raw</i> format for a DSA public key, in this implementation, is - * a byte sequence consisting of the following:</p> + * Returns the encoded form of the designated DSS (Digital Signature Standard) + * public key according to the <i>Raw</i> format supported by this library. + * <p> + * The <i>Raw</i> format for a DSA public key, in this implementation, is a + * byte sequence consisting of the following: * <ol> - * <li>4-byte magic consisting of the value of the literal - * {@link Registry#MAGIC_RAW_DSS_PUBLIC_KEY},<li> - * <li>1-byte version consisting of the constant: 0x01,</li> - * <li>4-byte count of following bytes representing the DSA parameter - * <code>p</code> in internet order,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the DSA parameter - * <code>p</code>,</li> - * <li>4-byte count of following bytes representing the DSA parameter - * <code>q</code>,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the DSA parameter - * <code>q</code>,</li> - * <li>4-byte count of following bytes representing the DSA parameter - * <code>g</code>,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the DSA parameter - * <code>g</code>,</li> - * <li>4-byte count of following bytes representing the DSA parameter - * <code>y</code>,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the DSA parameter - * <code>y</code>,</li> + * <li>4-byte magic consisting of the value of the literal + * {@link Registry#MAGIC_RAW_DSS_PUBLIC_KEY}, + * <li> + * <li>1-byte version consisting of the constant: 0x01,</li> + * <li>4-byte count of following bytes representing the DSA parameter + * <code>p</code> in internet order,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the DSA parameter <code>p</code>, + * </li> + * <li>4-byte count of following bytes representing the DSA parameter + * <code>q</code>,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the DSA parameter <code>q</code>, + * </li> + * <li>4-byte count of following bytes representing the DSA parameter + * <code>g</code>,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the DSA parameter <code>g</code>, + * </li> + * <li>4-byte count of following bytes representing the DSA parameter + * <code>y</code>,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the DSA parameter <code>y</code>, + * </li> * </ol> - * + * * @param key the key to encode. * @return the <i>Raw</i> format encoding of the designated key. * @throws IllegalArgumentException if the designated key is not a DSS - * (Digital Signature Standard) one. + * (Digital Signature Standard) one. * @see Registry#MAGIC_RAW_DSS_PUBLIC_KEY */ public byte[] encodePublicKey(PublicKey key) { - if (!(key instanceof DSSPublicKey)) - { - throw new IllegalArgumentException("key"); - } + if (! (key instanceof DSSPublicKey)) + throw new IllegalArgumentException("key"); DSSPublicKey dssKey = (DSSPublicKey) key; ByteArrayOutputStream baos = new ByteArrayOutputStream(); - // magic baos.write(Registry.MAGIC_RAW_DSS_PUBLIC_KEY[0]); baos.write(Registry.MAGIC_RAW_DSS_PUBLIC_KEY[1]); baos.write(Registry.MAGIC_RAW_DSS_PUBLIC_KEY[2]); baos.write(Registry.MAGIC_RAW_DSS_PUBLIC_KEY[3]); - // version baos.write(0x01); - // p byte[] buffer = dssKey.getParams().getP().toByteArray(); int length = buffer.length; @@ -140,7 +121,6 @@ public class DSSKeyPairRawCodec implements IKeyPairCodec baos.write((length >>> 8) & 0xFF); baos.write(length & 0xFF); baos.write(buffer, 0, length); - // q buffer = dssKey.getParams().getQ().toByteArray(); length = buffer.length; @@ -149,7 +129,6 @@ public class DSSKeyPairRawCodec implements IKeyPairCodec baos.write((length >>> 8) & 0xFF); baos.write(length & 0xFF); baos.write(buffer, 0, length); - // g buffer = dssKey.getParams().getG().toByteArray(); length = buffer.length; @@ -158,7 +137,6 @@ public class DSSKeyPairRawCodec implements IKeyPairCodec baos.write((length >>> 8) & 0xFF); baos.write(length & 0xFF); baos.write(buffer, 0, length); - // y buffer = dssKey.getY().toByteArray(); length = buffer.length; @@ -167,7 +145,6 @@ public class DSSKeyPairRawCodec implements IKeyPairCodec baos.write((length >>> 8) & 0xFF); baos.write(length & 0xFF); baos.write(buffer, 0, length); - return baos.toByteArray(); } @@ -178,112 +155,106 @@ public class DSSKeyPairRawCodec implements IKeyPairCodec || k[1] != Registry.MAGIC_RAW_DSS_PUBLIC_KEY[1] || k[2] != Registry.MAGIC_RAW_DSS_PUBLIC_KEY[2] || k[3] != Registry.MAGIC_RAW_DSS_PUBLIC_KEY[3]) - { - throw new IllegalArgumentException("magic"); - } + throw new IllegalArgumentException("magic"); // version if (k[4] != 0x01) - { - throw new IllegalArgumentException("version"); - } - int i = 5; + throw new IllegalArgumentException("version"); + int i = 5; int l; byte[] buffer; - // p - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger p = new BigInteger(1, buffer); - // q - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger q = new BigInteger(1, buffer); - // g - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger g = new BigInteger(1, buffer); - // y - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger y = new BigInteger(1, buffer); - return new DSSPublicKey(p, q, g, y); } /** - * <p>Returns the encoded form of the designated DSS (Digital Signature - * Standard) private key according to the <i>Raw</i> format supported by - * this library.</p> - * - * <p>The <i>Raw</i> format for a DSA private key, in this implementation, is - * a byte sequence consisting of the following:</p> + * Returns the encoded form of the designated DSS (Digital Signature Standard) + * private key according to the <i>Raw</i> format supported by this library. + * <p> + * The <i>Raw</i> format for a DSA private key, in this implementation, is a + * byte sequence consisting of the following: * <ol> - * <li>4-byte magic consisting of the value of the literal - * {@link Registry#MAGIC_RAW_DSS_PRIVATE_KEY},<li> - * <li>1-byte version consisting of the constant: 0x01,</li> - * <li>4-byte count of following bytes representing the DSA parameter - * <code>p</code> in internet order,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the DSA parameter - * <code>p</code>,</li> - * <li>4-byte count of following bytes representing the DSA parameter - * <code>q</code>,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the DSA parameter - * <code>q</code>,</li> - * <li>4-byte count of following bytes representing the DSA parameter - * <code>g</code>,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the DSA parameter - * <code>g</code>,</li> - * <li>4-byte count of following bytes representing the DSA parameter - * <code>x</code>,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the DSA parameter - * <code>x</code>,</li> + * <li>4-byte magic consisting of the value of the literal + * {@link Registry#MAGIC_RAW_DSS_PRIVATE_KEY}, + * <li> + * <li>1-byte version consisting of the constant: 0x01,</li> + * <li>4-byte count of following bytes representing the DSA parameter + * <code>p</code> in internet order,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the DSA parameter <code>p</code>, + * </li> + * <li>4-byte count of following bytes representing the DSA parameter + * <code>q</code>,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the DSA parameter <code>q</code>, + * </li> + * <li>4-byte count of following bytes representing the DSA parameter + * <code>g</code>,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the DSA parameter <code>g</code>, + * </li> + * <li>4-byte count of following bytes representing the DSA parameter + * <code>x</code>,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the DSA parameter <code>x</code>, + * </li> * </ol> - * + * * @param key the key to encode. * @return the <i>Raw</i> format encoding of the designated key. * @throws IllegalArgumentException if the designated key is not a DSS - * (Digital Signature Standard) one. + * (Digital Signature Standard) one. */ public byte[] encodePrivateKey(PrivateKey key) { - if (!(key instanceof DSSPrivateKey)) - { - throw new IllegalArgumentException("key"); - } + if (! (key instanceof DSSPrivateKey)) + throw new IllegalArgumentException("key"); DSSPrivateKey dssKey = (DSSPrivateKey) key; ByteArrayOutputStream baos = new ByteArrayOutputStream(); - // magic baos.write(Registry.MAGIC_RAW_DSS_PRIVATE_KEY[0]); baos.write(Registry.MAGIC_RAW_DSS_PRIVATE_KEY[1]); baos.write(Registry.MAGIC_RAW_DSS_PRIVATE_KEY[2]); baos.write(Registry.MAGIC_RAW_DSS_PRIVATE_KEY[3]); - // version baos.write(0x01); - // p byte[] buffer = dssKey.getParams().getP().toByteArray(); int length = buffer.length; @@ -292,7 +263,6 @@ public class DSSKeyPairRawCodec implements IKeyPairCodec baos.write((length >>> 8) & 0xFF); baos.write(length & 0xFF); baos.write(buffer, 0, length); - // q buffer = dssKey.getParams().getQ().toByteArray(); length = buffer.length; @@ -301,7 +271,6 @@ public class DSSKeyPairRawCodec implements IKeyPairCodec baos.write((length >>> 8) & 0xFF); baos.write(length & 0xFF); baos.write(buffer, 0, length); - // g buffer = dssKey.getParams().getG().toByteArray(); length = buffer.length; @@ -310,7 +279,6 @@ public class DSSKeyPairRawCodec implements IKeyPairCodec baos.write((length >>> 8) & 0xFF); baos.write(length & 0xFF); baos.write(buffer, 0, length); - // x buffer = dssKey.getX().toByteArray(); length = buffer.length; @@ -319,7 +287,6 @@ public class DSSKeyPairRawCodec implements IKeyPairCodec baos.write((length >>> 8) & 0xFF); baos.write(length & 0xFF); baos.write(buffer, 0, length); - return baos.toByteArray(); } @@ -330,52 +297,51 @@ public class DSSKeyPairRawCodec implements IKeyPairCodec || k[1] != Registry.MAGIC_RAW_DSS_PRIVATE_KEY[1] || k[2] != Registry.MAGIC_RAW_DSS_PRIVATE_KEY[2] || k[3] != Registry.MAGIC_RAW_DSS_PRIVATE_KEY[3]) - { - throw new IllegalArgumentException("magic"); - } + throw new IllegalArgumentException("magic"); // version if (k[4] != 0x01) - { - throw new IllegalArgumentException("version"); - } - int i = 5; + throw new IllegalArgumentException("version"); + int i = 5; int l; byte[] buffer; - // p - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger p = new BigInteger(1, buffer); - // q - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger q = new BigInteger(1, buffer); - // g - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger g = new BigInteger(1, buffer); - // x - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger x = new BigInteger(1, buffer); - return new DSSPrivateKey(p, q, g, x); } } diff --git a/libjava/classpath/gnu/java/security/key/dss/DSSKeyPairX509Codec.java b/libjava/classpath/gnu/java/security/key/dss/DSSKeyPairX509Codec.java index 516ef92afd5..a5e8e9d47eb 100644 --- a/libjava/classpath/gnu/java/security/key/dss/DSSKeyPairX509Codec.java +++ b/libjava/classpath/gnu/java/security/key/dss/DSSKeyPairX509Codec.java @@ -94,9 +94,15 @@ public class DSSKeyPairX509Codec * g INTEGER * } * </pre> - * - * <p>The <i>subjectPublicKey</i> field, which is a BIT STRING, contains the - * DER-encoded form of the DSA public key as an INTEGER.</p> + * <p> + * Note that RFC-3280 (page 79) implies that some certificates MAY have an + * absent, or NULL, parameters field in their AlgorithmIdentifier element, + * implying that those parameters MUST be <i>inherited</i> from another + * certificate. This implementation, encodes a <i>NULL</i> element as the DER + * value of the parameters field when such is the case. + * <p> + * The <i>subjectPublicKey</i> field, which is a BIT STRING, contains the + * DER-encoded form of the DSA public key as an INTEGER. * * <pre> * DSAPublicKey ::= INTEGER -- public key, Y @@ -118,20 +124,25 @@ public class DSSKeyPairX509Codec DERValue derOID = new DERValue(DER.OBJECT_IDENTIFIER, DSA_ALG_OID); DSSPublicKey dssKey = (DSSPublicKey) key; - BigInteger p = dssKey.getParams().getP(); - BigInteger q = dssKey.getParams().getQ(); - BigInteger g = dssKey.getParams().getG(); - BigInteger y = dssKey.getY(); - - DERValue derP = new DERValue(DER.INTEGER, p); - DERValue derQ = new DERValue(DER.INTEGER, q); - DERValue derG = new DERValue(DER.INTEGER, g); - - ArrayList params = new ArrayList(3); - params.add(derP); - params.add(derQ); - params.add(derG); - DERValue derParams = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, params); + DERValue derParams; + if (dssKey.hasInheritedParameters()) + derParams = new DERValue(DER.NULL, null); + else + { + BigInteger p = dssKey.getParams().getP(); + BigInteger q = dssKey.getParams().getQ(); + BigInteger g = dssKey.getParams().getG(); + + DERValue derP = new DERValue(DER.INTEGER, p); + DERValue derQ = new DERValue(DER.INTEGER, q); + DERValue derG = new DERValue(DER.INTEGER, g); + + ArrayList params = new ArrayList(3); + params.add(derP); + params.add(derQ); + params.add(derG); + derParams = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, params); + } ArrayList algorithmID = new ArrayList(2); algorithmID.add(derOID); @@ -139,6 +150,7 @@ public class DSSKeyPairX509Codec DERValue derAlgorithmID = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, algorithmID); + BigInteger y = dssKey.getY(); DERValue derDSAPublicKey = new DERValue(DER.INTEGER, y); byte[] yBytes = derDSAPublicKey.getEncoded(); DERValue derSPK = new DERValue(DER.BIT_STRING, new BitString(yBytes)); @@ -157,11 +169,10 @@ public class DSSKeyPairX509Codec } catch (IOException x) { - InvalidParameterException e = new InvalidParameterException(); + InvalidParameterException e = new InvalidParameterException(x.getMessage()); e.initCause(x); throw e; } - return result; } @@ -186,7 +197,10 @@ public class DSSKeyPairX509Codec if (input == null) throw new InvalidParameterException("Input bytes MUST NOT be null"); - BigInteger p, g, q, y; + BigInteger p = null; + BigInteger g = null; + BigInteger q = null; + BigInteger y; DERReader der = new DERReader(input); try { @@ -204,20 +218,35 @@ public class DSSKeyPairX509Codec if (! algOID.equals(DSA_ALG_OID)) throw new InvalidParameterException("Unexpected OID: " + algOID); - DERValue derParams = der.read(); - DerUtil.checkIsConstructed(derParams, "Wrong DSS Parameters field"); - DERValue val = der.read(); - DerUtil.checkIsBigInteger(val, "Wrong P field"); - p = (BigInteger) val.getValue(); - val = der.read(); - DerUtil.checkIsBigInteger(val, "Wrong Q field"); - q = (BigInteger) val.getValue(); - val = der.read(); - DerUtil.checkIsBigInteger(val, "Wrong G field"); - g = (BigInteger) val.getValue(); - - val = der.read(); + // RFC-3280, page 79 states: "If the subjectPublicKeyInfo field of the + // certificate contains an algorithm field with null parameters or + // parameters are omitted, compare the certificate subjectPublicKey + // algorithm to the working_public_key_algorithm. If the certificate + // subjectPublicKey algorithm and the working_public_key_algorithm are + // different, set the working_public_key_parameters to null." + // in other words, the parameters field of an AlgorithmIdentifier + // element MAY NOT be present at all, or if present MAY be NULL! + // the Mauve test ValidDSAParameterInheritenceTest5, in + // gnu.testlet.java.security.cert.pkix.pkits, is/was failing because + // of this. + if (val.getTag() == DER.NULL) + val = der.read(); + else if (val.isConstructed()) + { + val = der.read(); + DerUtil.checkIsBigInteger(val, "Wrong P field"); + p = (BigInteger) val.getValue(); + val = der.read(); + DerUtil.checkIsBigInteger(val, "Wrong Q field"); + q = (BigInteger) val.getValue(); + val = der.read(); + DerUtil.checkIsBigInteger(val, "Wrong G field"); + g = (BigInteger) val.getValue(); + + val = der.read(); + } + if (! (val.getValue() instanceof BitString)) throw new InvalidParameterException("Wrong SubjectPublicKey field"); @@ -230,11 +259,10 @@ public class DSSKeyPairX509Codec } catch (IOException x) { - InvalidParameterException e = new InvalidParameterException(); + InvalidParameterException e = new InvalidParameterException(x.getMessage()); e.initCause(x); throw e; } - return new DSSPublicKey(Registry.X509_ENCODING_ID, p, q, g, y); } diff --git a/libjava/classpath/gnu/java/security/key/dss/DSSPrivateKey.java b/libjava/classpath/gnu/java/security/key/dss/DSSPrivateKey.java index fe59cb6d77b..6ed8de8460d 100644 --- a/libjava/classpath/gnu/java/security/key/dss/DSSPrivateKey.java +++ b/libjava/classpath/gnu/java/security/key/dss/DSSPrivateKey.java @@ -38,38 +38,34 @@ exception statement from your version. */ package gnu.java.security.key.dss; -import gnu.classpath.SystemProperties; +import gnu.java.security.Configuration; import gnu.java.security.Registry; +import gnu.java.security.action.GetPropertyAction; import gnu.java.security.key.IKeyPairCodec; import java.math.BigInteger; +import java.security.AccessController; import java.security.PrivateKey; import java.security.interfaces.DSAPrivateKey; /** - * <p>An object that embodies a DSS (Digital Signature Standard) private key.</p> - * + * An object that embodies a DSS (Digital Signature Standard) private key. + * * @see #getEncoded */ -public class DSSPrivateKey extends DSSKey implements PrivateKey, DSAPrivateKey +public class DSSPrivateKey + extends DSSKey + implements PrivateKey, DSAPrivateKey { - // Constants and variables - // ------------------------------------------------------------------------- - - private static final boolean DEBUG = false; - /** - * <p>A randomly or pseudorandomly generated integer with <code>0 < x < - * q</code>.</p> + * A randomly or pseudorandomly generated integer with <code>0 < x < + * q</code>. */ private final BigInteger x; /** String representation of this key. Cached for speed. */ private transient String str; - // Constructor(s) - // ------------------------------------------------------------------------- - /** * Convenience constructor. Calls the constructor with 5 arguments passing * {@link Registry#RAW_ENCODING_ID} as the identifier of the preferred @@ -104,13 +100,9 @@ public class DSSPrivateKey extends DSSKey implements PrivateKey, DSAPrivateKey super(preferredFormat == Registry.ASN1_ENCODING_ID ? Registry.PKCS8_ENCODING_ID : preferredFormat, p, q, g); - this.x = x; } - // Class methods - // ------------------------------------------------------------------------- - /** * A class method that takes the output of the <code>encodePrivateKey()</code> * method of a DSS keypair codec object (an instance implementing @@ -135,30 +127,22 @@ public class DSSPrivateKey extends DSSKey implements PrivateKey, DSAPrivateKey catch (IllegalArgumentException ignored) { } - // try PKCS#8 codec return (DSSPrivateKey) new DSSKeyPairPKCS8Codec().decodePrivateKey(k); } - // Instance methods - // ------------------------------------------------------------------------- - - // java.security.interfaces.DSAPrivateKey interface implementation --------- - public BigInteger getX() { return x; } - // Other instance methods -------------------------------------------------- - /** - * <p>Returns the encoded form of this private key according to the - * designated format.</p> - * + * Returns the encoded form of this private key according to the designated + * format. + * * @param format the desired format identifier of the resulting encoding. * @return the byte sequence encoding this key according to the designated - * format. + * format. * @exception IllegalArgumentException if the format is not supported. * @see DSSKeyPairRawCodec */ @@ -181,24 +165,22 @@ public class DSSPrivateKey extends DSSKey implements PrivateKey, DSAPrivateKey } /** - * <p>Returns <code>true</code> if the designated object is an instance of + * Returns <code>true</code> if the designated object is an instance of * {@link DSAPrivateKey} and has the same DSS (Digital Signature Standard) - * parameter values as this one.</p> - * + * parameter values as this one. + * * @param obj the other non-null DSS key to compare to. - * @return <code>true</code> if the designated object is of the same type and - * value as this one. + * @return <code>true</code> if the designated object is of the same type + * and value as this one. */ public boolean equals(Object obj) { if (obj == null) - { - return false; - } - if (!(obj instanceof DSAPrivateKey)) - { - return false; - } + return false; + + if (! (obj instanceof DSAPrivateKey)) + return false; + DSAPrivateKey that = (DSAPrivateKey) obj; return super.equals(that) && x.equals(that.getX()); } @@ -207,13 +189,15 @@ public class DSSPrivateKey extends DSSKey implements PrivateKey, DSAPrivateKey { if (str == null) { - String ls = SystemProperties.getProperty("line.separator"); + String ls = (String) AccessController.doPrivileged + (new GetPropertyAction("line.separator")); str = new StringBuilder(this.getClass().getName()).append("(") - .append(super.toString()).append(",").append(ls) - .append("x=0x").append(DEBUG ? x.toString(16) : "**...*").append(ls) - .append(")").toString(); + .append(super.toString()).append(",").append(ls) + .append("x=0x").append(Configuration.DEBUG ? x.toString(16) + : "**...*").append(ls) + .append(")") + .toString(); } - return str; } } diff --git a/libjava/classpath/gnu/java/security/key/dss/DSSPublicKey.java b/libjava/classpath/gnu/java/security/key/dss/DSSPublicKey.java index 52292131336..9e1c4cf0a04 100644 --- a/libjava/classpath/gnu/java/security/key/dss/DSSPublicKey.java +++ b/libjava/classpath/gnu/java/security/key/dss/DSSPublicKey.java @@ -38,36 +38,33 @@ exception statement from your version. */ package gnu.java.security.key.dss; -import gnu.classpath.SystemProperties; import gnu.java.security.Registry; +import gnu.java.security.action.GetPropertyAction; import gnu.java.security.key.IKeyPairCodec; import java.math.BigInteger; +import java.security.AccessController; import java.security.PublicKey; import java.security.interfaces.DSAPublicKey; /** - * <p>An object that embodies a DSS (Digital Signature Standard) public key.</p> + * An object that embodies a DSS (Digital Signature Standard) public key. * * @see #getEncoded */ -public class DSSPublicKey extends DSSKey implements PublicKey, DSAPublicKey +public class DSSPublicKey + extends DSSKey + implements PublicKey, DSAPublicKey { - // Constants and variables - // ------------------------------------------------------------------------- - /** - * <code>y = g<sup>x</sup> mod p</code> where <code>x</code> is the private - * part of the DSA key. + * <code>y = g<sup>x</sup> mod p</code> where <code>x</code> is the + * private part of the DSA key. */ private final BigInteger y; /** String representation of this key. Cached for speed. */ private transient String str; - // Constructor(s) - // ------------------------------------------------------------------------- - /** * Conveience constructor. Calls the constructor with 5 arguments passing * {@link Registry#RAW_ENCODING_ID} as the identifier of the preferred @@ -85,8 +82,8 @@ public class DSSPublicKey extends DSSKey implements PublicKey, DSAPublicKey } /** - * Constructs a new instance of <code>DSSPublicKey</code> given the designated - * arguments. + * Constructs a new instance of <code>DSSPublicKey</code> given the + * designated arguments. * * @param preferredFormat the identifier of the preferred encoding format to * use when externalizing this key. @@ -102,13 +99,9 @@ public class DSSPublicKey extends DSSKey implements PublicKey, DSAPublicKey super(preferredFormat == Registry.ASN1_ENCODING_ID ? Registry.X509_ENCODING_ID : preferredFormat, p, q, g); - this.y = y; } - // Class methods - // ------------------------------------------------------------------------- - /** * A class method that takes the output of the <code>encodePublicKey()</code> * method of a DSS keypair codec object (an instance implementing @@ -133,30 +126,22 @@ public class DSSPublicKey extends DSSKey implements PublicKey, DSAPublicKey catch (IllegalArgumentException ignored) { } - // try X.509 codec return (DSSPublicKey) new DSSKeyPairX509Codec().decodePublicKey(k); } - // Instance methods - // ------------------------------------------------------------------------- - - // java.security.interfaces.DSAPublicKey interface implementation ---------- - public BigInteger getY() { return y; } - // Other instance methods -------------------------------------------------- - /** - * <p>Returns the encoded form of this public key according to the designated - * format.</p> + * Returns the encoded form of this public key according to the designated + * format. * * @param format the desired format identifier of the resulting encoding. * @return the byte sequence encoding this key according to the designated - * format. + * format. * @exception IllegalArgumentException if the format is not supported. * @see DSSKeyPairRawCodec */ @@ -179,24 +164,22 @@ public class DSSPublicKey extends DSSKey implements PublicKey, DSAPublicKey } /** - * <p>Returns <code>true</code> if the designated object is an instance of + * Returns <code>true</code> if the designated object is an instance of * {@link DSAPublicKey} and has the same DSS (Digital Signature Standard) - * parameter values as this one.</p> + * parameter values as this one. * * @param obj the other non-null DSS key to compare to. - * @return <code>true</code> if the designated object is of the same type and - * value as this one. + * @return <code>true</code> if the designated object is of the same type + * and value as this one. */ public boolean equals(Object obj) { if (obj == null) - { - return false; - } - if (!(obj instanceof DSAPublicKey)) - { - return false; - } + return false; + + if (! (obj instanceof DSAPublicKey)) + return false; + DSAPublicKey that = (DSAPublicKey) obj; return super.equals(that) && y.equals(that.getY()); } @@ -205,13 +188,14 @@ public class DSSPublicKey extends DSSKey implements PublicKey, DSAPublicKey { if (str == null) { - String ls = SystemProperties.getProperty("line.separator"); + String ls = (String) AccessController.doPrivileged + (new GetPropertyAction("line.separator")); str = new StringBuilder(this.getClass().getName()).append("(") - .append(super.toString()).append(",").append(ls) - .append("y=0x").append(y.toString(16)).append(ls) - .append(")").toString(); + .append(super.toString()).append(",").append(ls) + .append("y=0x").append(y.toString(16)).append(ls) + .append(")") + .toString(); } - return str; } } diff --git a/libjava/classpath/gnu/java/security/key/dss/FIPS186.java b/libjava/classpath/gnu/java/security/key/dss/FIPS186.java index 5984bcc9393..7277599bd54 100644 --- a/libjava/classpath/gnu/java/security/key/dss/FIPS186.java +++ b/libjava/classpath/gnu/java/security/key/dss/FIPS186.java @@ -40,26 +40,21 @@ package gnu.java.security.key.dss; import gnu.java.security.hash.Sha160; import gnu.java.security.util.PRNG; -import gnu.java.security.util.Prime2; import java.math.BigInteger; import java.security.SecureRandom; /** - * <p>An implementation of the DSA parameters generation as described in - * FIPS-186.</p> - * - * References:<br> + * An implementation of the DSA parameters generation as described in FIPS-186. + * <p> + * References: + * <p> * <a href="http://www.itl.nist.gov/fipspubs/fip186.htm">Digital Signature - * Standard (DSS)</a>, Federal Information Processing Standards Publication 186. - * National Institute of Standards and Technology. + * Standard (DSS)</a>, Federal Information Processing Standards Publication + * 186. National Institute of Standards and Technology. */ public class FIPS186 { - - // Constants and variables - // ------------------------------------------------------------------------- - public static final int DSA_PARAMS_SEED = 0; public static final int DSA_PARAMS_COUNTER = 1; @@ -73,7 +68,7 @@ public class FIPS186 public static final int DSA_PARAMS_G = 5; /** The BigInteger constant 2. */ - private static final BigInteger TWO = new BigInteger("2"); + private static final BigInteger TWO = BigInteger.valueOf(2L); private static final BigInteger TWO_POW_160 = TWO.pow(160); @@ -89,9 +84,6 @@ public class FIPS186 /** Our default source of randomness. */ private PRNG prng = null; - // Constructor(s) - // ------------------------------------------------------------------------- - public FIPS186(int L, SecureRandom rnd) { super(); @@ -100,38 +92,31 @@ public class FIPS186 this.rnd = rnd; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - /** * This method generates the DSS <code>p</code>, <code>q</code>, and * <code>g</code> parameters only when <code>L</code> (the modulus length) * is not one of the following: <code>512</code>, <code>768</code> and - * <code>1024</code>. For those values of <code>L</code>, this implementation - * uses pre-computed values of <code>p</code>, <code>q</code>, and - * <code>g</code> given in the document <i>CryptoSpec</i> included in the - * security guide documentation of the standard JDK distribution.<p> - * + * <code>1024</code>. For those values of <code>L</code>, this + * implementation uses pre-computed values of <code>p</code>, + * <code>q</code>, and <code>g</code> given in the document <i>CryptoSpec</i> + * included in the security guide documentation of the standard JDK + * distribution. + * <p> * The DSS requires two primes , <code>p</code> and <code>q</code>, * satisfying the following three conditions: - * * <ul> - * <li><code>2<sup>159</sup> < q < 2<sup>160</sup></code></li> - * <li><code>2<sup>L-1</sup> < p < 2<sup>L</sup></code> for a - * specified <code>L</code>, where <code>L = 512 + 64j</code> for some - * <code>0 <= j <= 8</code></li> - * <li>q divides p - 1.</li> + * <li><code>2<sup>159</sup> < q < 2<sup>160</sup></code></li> + * <li><code>2<sup>L-1</sup> < p < 2<sup>L</sup></code> for a + * specified <code>L</code>, where <code>L = 512 + 64j</code> for some + * <code>0 <= j <= 8</code></li> + * <li>q divides p - 1.</li> * </ul> - * * The algorithm used to find these primes is as described in FIPS-186, * section 2.2: GENERATION OF PRIMES. This prime generation scheme starts by - * using the {@link Sha160} and a user supplied <i>SEED</i> - * to construct a prime, <code>q</code>, in the range 2<sup>159</sup> < q - * < 2<sup>160</sup>. Once this is accomplished, the same <i>SEED</i> - * value is used to construct an <code>X</code> in the range <code>2<sup>L-1 + * using the {@link Sha160} and a user supplied <i>SEED</i> to construct a + * prime, <code>q</code>, in the range 2<sup>159</sup> < q < 2<sup>160</sup>. + * Once this is accomplished, the same <i>SEED</i> value is used to construct + * an <code>X</code> in the range <code>2<sup>L-1 * </sup> < X < 2<sup>L</sup>. The prime, <code>p</code>, is then * formed by rounding <code>X</code> to a number congruent to <code>1 mod * 2q</code>. In this implementation we use the same <i>SEED</i> value given @@ -169,9 +154,8 @@ public class FIPS186 u = sha.digest(); } for (int i = 0; i < a.length; i++) - { - a[i] ^= u[i]; - } + a[i] ^= u[i]; + U = new BigInteger(1, a); // 3. Form q from U by setting the most significant bit (the // 2**159 bit) and the least significant bit to 1. In terms of @@ -183,12 +167,9 @@ public class FIPS186 // probability of a non-prime number passing the test is at // most 1/2**80. // 5. If q is not prime, go to step 1. - if (Prime2.isProbablePrime(q)) - { - break step1; - } + if (q.isProbablePrime(80)) + break step1; } // step1 - // 6. Let counter = 0 and offset = 2. counter = 0; offset = 2; @@ -201,9 +182,9 @@ public class FIPS186 { for (int k = 0; k <= n; k++) { - a = SEED_PLUS_OFFSET.add( - BigInteger.valueOf(k & 0xFFFFFFFFL)).mod( - TWO_POW_160).toByteArray(); + a = SEED_PLUS_OFFSET + .add(BigInteger.valueOf(k & 0xFFFFFFFFL)) + .mod(TWO_POW_160).toByteArray(); sha.update(a, 0, a.length); V[k] = new BigInteger(1, sha.digest()); } @@ -214,9 +195,8 @@ public class FIPS186 // Note that 0 <= W < 2**(L-1) and hence 2**(L-1) <= X < 2**L. W = V[0]; for (int k = 1; k < n; k++) - { - W = W.add(V[k].multiply(TWO.pow(k * 160))); - } + W = W.add(V[k].multiply(TWO.pow(k * 160))); + W = W.add(V[n].mod(TWO.pow(b)).multiply(TWO.pow(n * 160))); X = W.add(TWO.pow(L - 1)); // 9. Let c = X mod 2q and set p = X - (c - 1). @@ -228,22 +208,17 @@ public class FIPS186 { // 11. Perform a robust primality test on p. // 12. If p passes the test performed in step 11, go to step 15. - if (Prime2.isProbablePrime(p)) - { - break algorithm; - } + if (p.isProbablePrime(80)) + break algorithm; } // 13. Let counter = counter + 1 and offset = offset + n + 1. counter++; offset += n + 1; // 14. If counter >= 4096 go to step 1, otherwise go to step 7. if (counter >= 4096) - { - continue algorithm; - } + continue algorithm; } // step7 } // algorithm - // compute g. from FIPS-186, Appendix 4: // 1. Generate p and q as specified in Appendix 2. // 2. Let e = (p - 1) / q @@ -258,28 +233,21 @@ public class FIPS186 // 4. Set g = h**e mod p g = h.modPow(e, p); // 5. If g = 1, go to step 3 - if (!g.equals(BigInteger.ONE)) - { - break; - } + if (! g.equals(BigInteger.ONE)) + break; } - return new BigInteger[] { SEED, BigInteger.valueOf(counter), q, p, e, g }; } - // helper methods ---------------------------------------------------------- - /** * Fills the designated byte array with random data. - * + * * @param buffer the byte array to fill with random data. */ private void nextRandomBytes(byte[] buffer) { if (rnd != null) - { - rnd.nextBytes(buffer); - } + rnd.nextBytes(buffer); else getDefaultPRNG().nextBytes(buffer); } diff --git a/libjava/classpath/gnu/java/security/key/rsa/GnuRSAKey.java b/libjava/classpath/gnu/java/security/key/rsa/GnuRSAKey.java index 3009dd71fa0..4bdce4011a5 100644 --- a/libjava/classpath/gnu/java/security/key/rsa/GnuRSAKey.java +++ b/libjava/classpath/gnu/java/security/key/rsa/GnuRSAKey.java @@ -38,23 +38,21 @@ exception statement from your version. */ package gnu.java.security.key.rsa; -import gnu.classpath.SystemProperties; import gnu.java.security.Registry; +import gnu.java.security.action.GetPropertyAction; import gnu.java.security.util.FormatUtil; import java.math.BigInteger; +import java.security.AccessController; import java.security.Key; import java.security.interfaces.RSAKey; /** - * <p>A base asbtract class for both public and private RSA keys.</p> + * A base asbtract class for both public and private RSA keys. */ -public abstract class GnuRSAKey implements Key, RSAKey +public abstract class GnuRSAKey + implements Key, RSAKey { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The public modulus of an RSA key pair. */ private final BigInteger n; @@ -62,17 +60,14 @@ public abstract class GnuRSAKey implements Key, RSAKey private final BigInteger e; /** - * Identifier of the default encoding format to use when externalizing the - * key material. + * Identifier of the default encoding format to use when externalizing the key + * material. */ protected final int defaultFormat; /** String representation of this key. Cached for speed. */ private transient String str; - // Constructor(s) - // ------------------------------------------------------------------------- - /** * Trivial protected constructor. * @@ -91,21 +86,11 @@ public abstract class GnuRSAKey implements Key, RSAKey this.e = e; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // java.security.interfaces.RSAKey interface implementation ---------------- - public BigInteger getModulus() { return getN(); } - // java.security.Key interface implementation ------------------------------ - public String getAlgorithm() { return Registry.RSA_KPG; @@ -122,11 +107,9 @@ public abstract class GnuRSAKey implements Key, RSAKey return FormatUtil.getEncodingShortName(defaultFormat); } - // Other instance methods -------------------------------------------------- - /** - * <p>Returns the modulus <code>n</code>.</p> - * + * Returns the modulus <code>n</code>. + * * @return the modulus <code>n</code>. */ public BigInteger getN() @@ -135,8 +118,8 @@ public abstract class GnuRSAKey implements Key, RSAKey } /** - * <p>Returns the public exponent <code>e</code>.</p> - * + * Returns the public exponent <code>e</code>. + * * @return the public exponent <code>e</code>. */ public BigInteger getPublicExponent() @@ -145,8 +128,8 @@ public abstract class GnuRSAKey implements Key, RSAKey } /** - * <p>Same as {@link #getPublicExponent()}.</p> - * + * Same as {@link #getPublicExponent()}. + * * @return the public exponent <code>e</code>. */ public BigInteger getE() @@ -155,23 +138,21 @@ public abstract class GnuRSAKey implements Key, RSAKey } /** - * <p>Returns <code>true</code> if the designated object is an instance of - * {@link RSAKey} and has the same RSA parameter values as this one.</p> - * + * Returns <code>true</code> if the designated object is an instance of + * {@link RSAKey} and has the same RSA parameter values as this one. + * * @param obj the other non-null RSA key to compare to. - * @return <code>true</code> if the designated object is of the same type and - * value as this one. + * @return <code>true</code> if the designated object is of the same type + * and value as this one. */ public boolean equals(final Object obj) { if (obj == null) - { - return false; - } - if (!(obj instanceof RSAKey)) - { - return false; - } + return false; + + if (! (obj instanceof RSAKey)) + return false; + final RSAKey that = (RSAKey) obj; return n.equals(that.getModulus()); } @@ -180,8 +161,9 @@ public abstract class GnuRSAKey implements Key, RSAKey { if (str == null) { - String ls = SystemProperties.getProperty("line.separator"); - str = new StringBuilder().append(ls) + String ls = (String) AccessController.doPrivileged + (new GetPropertyAction("line.separator")); + str = new StringBuilder(ls) .append("defaultFormat=").append(defaultFormat).append(",").append(ls) .append("n=0x").append(n.toString(16)).append(",").append(ls) .append("e=0x").append(e.toString(16)) @@ -190,7 +172,5 @@ public abstract class GnuRSAKey implements Key, RSAKey return str; } - // abstract methods to be implemented by subclasses ------------------------ - public abstract byte[] getEncoded(int format); } diff --git a/libjava/classpath/gnu/java/security/key/rsa/GnuRSAPrivateKey.java b/libjava/classpath/gnu/java/security/key/rsa/GnuRSAPrivateKey.java index 92053448763..00a1b822ad0 100644 --- a/libjava/classpath/gnu/java/security/key/rsa/GnuRSAPrivateKey.java +++ b/libjava/classpath/gnu/java/security/key/rsa/GnuRSAPrivateKey.java @@ -38,42 +38,39 @@ exception statement from your version. */ package gnu.java.security.key.rsa; -import gnu.classpath.SystemProperties; +import gnu.java.security.Configuration; +import gnu.java.security.action.GetPropertyAction; import gnu.java.security.Registry; import gnu.java.security.key.IKeyPairCodec; import java.math.BigInteger; +import java.security.AccessController; import java.security.PrivateKey; import java.security.interfaces.RSAPrivateCrtKey; import java.security.interfaces.RSAPrivateKey; /** - * <p>An object that embodies an RSA private key.</p> - * - * <p>References:</p> + * An object that embodies an RSA private key. + * <p> + * References: * <ol> - * <li><a href="http://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/rsa-pss.zip"> - * RSA-PSS Signature Scheme with Appendix, part B.</a><br> - * Primitive specification and supporting documentation.<br> - * Jakob Jonsson and Burt Kaliski.</li> + * <li><a + * href="http://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/rsa-pss.zip"> + * RSA-PSS Signature Scheme with Appendix, part B.</a><br> + * Primitive specification and supporting documentation.<br> + * Jakob Jonsson and Burt Kaliski.</li> * </ol> */ -public class GnuRSAPrivateKey extends GnuRSAKey implements PrivateKey, - RSAPrivateCrtKey +public class GnuRSAPrivateKey + extends GnuRSAKey + implements PrivateKey, RSAPrivateCrtKey { - // Constants and variables - // ------------------------------------------------------------------------- - - private static final boolean DEBUG = false; - /** The first prime divisor of the modulus. */ private final BigInteger p; /** The second prime divisor of the modulus. */ private final BigInteger q; - /** The public exponent of an RSA key. */ - // private final BigInteger e; /** The private exponent of an RSA private key. */ private final BigInteger d; @@ -89,21 +86,17 @@ public class GnuRSAPrivateKey extends GnuRSAKey implements PrivateKey, /** String representation of this key. Cached for speed. */ private transient String str; - // Constructor(s) - // ------------------------------------------------------------------------- - /** * Convenience constructor. Calls the constructor with 5 arguments passing * {@link Registry#RAW_ENCODING_ID} as the identifier of the preferred * encoding format. - * + * * @param p the modulus first prime divisor. * @param q the modulus second prime divisor. * @param e the public exponent. * @param d the private exponent. */ - public GnuRSAPrivateKey(BigInteger p, BigInteger q, BigInteger e, - BigInteger d) + public GnuRSAPrivateKey(BigInteger p, BigInteger q, BigInteger e, BigInteger d) { this(Registry.RAW_ENCODING_ID, p, q, e, d); } @@ -122,7 +115,9 @@ public class GnuRSAPrivateKey extends GnuRSAKey implements PrivateKey, public GnuRSAPrivateKey(int preferredFormat, BigInteger p, BigInteger q, BigInteger e, BigInteger d) { - this(preferredFormat, p.multiply(q), e, d, p, q, + this(preferredFormat, + p.multiply(q), + e, d, p, q, e.modInverse(p.subtract(BigInteger.ONE)), e.modInverse(q.subtract(BigInteger.ONE)), q.modInverse(p)); @@ -135,19 +130,20 @@ public class GnuRSAPrivateKey extends GnuRSAKey implements PrivateKey, * @param preferredFormat the indetifier of the preferred encoding format to * use when externalizing this key. * @param n the public modulus, which is also the product of <code>p</code> - * and <code>q</code>. + * and <code>q</code>. * @param e the public exponent. * @param d the private exponent. * @param p the modulus first prime divisor. * @param q the modulus second prime divisor. * @param dP the first prime's exponen. A positive integer less than - * <code>p</code> and <code>q</code>, satisfying <code>e * dP = 1 (mod p-1) - * </code>. + * <code>p</code> and <code>q</code>, satisfying + * <code>e * dP = 1 (mod p-1)</code>. * @param dQ the second prime's exponent. A positive integer less than - * <code>p</code> and <code>q</code>, satisfying <code>e * dQ = 1 (mod p-1) - * </code>. + * <code>p</code> and <code>q</code>, satisfying + * <code>e * dQ = 1 (mod p-1)</code>. * @param qInv the Chinese Remainder Theorem coefiicient. A positive integer - * less than <code>p</code>, satisfying <code>q * qInv = 1 (mod p)</code>. + * less than <code>p</code>, satisfying + * <code>q * qInv = 1 (mod p)</code>. */ public GnuRSAPrivateKey(int preferredFormat, BigInteger n, BigInteger e, BigInteger d, BigInteger p, BigInteger q, @@ -156,24 +152,20 @@ public class GnuRSAPrivateKey extends GnuRSAKey implements PrivateKey, super(preferredFormat == Registry.ASN1_ENCODING_ID ? Registry.PKCS8_ENCODING_ID : preferredFormat, n, e); - this.d = d; this.p = p; this.q = q; // the exponents dP and dQ are positive integers less than p and q // respectively satisfying - // e * dP = 1 (mod p-1); - // e * dQ = 1 (mod q-1), + // e * dP = 1 (mod p-1); + // e * dQ = 1 (mod q-1), this.dP = dP; this.dQ = dQ; // the CRT coefficient qInv is a positive integer less than p satisfying - // q * qInv = 1 (mod p). + // q * qInv = 1 (mod p). this.qInv = qInv; } - // Class methods - // ------------------------------------------------------------------------- - /** * A class method that takes the output of the <code>encodePrivateKey()</code> * method of an RSA keypair codec object (an instance implementing @@ -198,14 +190,10 @@ public class GnuRSAPrivateKey extends GnuRSAKey implements PrivateKey, catch (IllegalArgumentException ignored) { } - // try PKCS#8 codec return (GnuRSAPrivateKey) new RSAKeyPairPKCS8Codec().decodePrivateKey(k); } - // Instance methods - // ------------------------------------------------------------------------- - public BigInteger getPrimeP() { return p; @@ -231,22 +219,18 @@ public class GnuRSAPrivateKey extends GnuRSAKey implements PrivateKey, return qInv; } - // java.security.interfaces.RSAPrivateKey interface implementation --------- - public BigInteger getPrivateExponent() { return d; } - // Other instance methods -------------------------------------------------- - /** - * Returns the encoded form of this private key according to the - * designated format. - * + * Returns the encoded form of this private key according to the designated + * format. + * * @param format the desired format identifier of the resulting encoding. * @return the byte sequence encoding this key according to the designated - * format. + * format. * @throws IllegalArgumentException if the format is not supported. * @see RSAKeyPairRawCodec * @see RSAKeyPairPKCS8Codec @@ -270,19 +254,18 @@ public class GnuRSAPrivateKey extends GnuRSAKey implements PrivateKey, } /** - * <p>Returns <code>true</code> if the designated object is an instance of - * this class and has the same RSA parameter values as this one.</p> - * + * Returns <code>true</code> if the designated object is an instance of this + * class and has the same RSA parameter values as this one. + * * @param obj the other non-null RSA key to compare to. * @return <code>true</code> if the designated object is of the same type - * and value as this one. + * and value as this one. */ public boolean equals(final Object obj) { if (obj == null) - { - return false; - } + return false; + if (obj instanceof RSAPrivateKey) { final RSAPrivateKey that = (RSAPrivateKey) obj; @@ -304,16 +287,24 @@ public class GnuRSAPrivateKey extends GnuRSAKey implements PrivateKey, { if (str == null) { - String ls = SystemProperties.getProperty("line.separator"); + String ls = (String) AccessController.doPrivileged + (new GetPropertyAction("line.separator")); str = new StringBuilder(this.getClass().getName()).append("(") .append(super.toString()).append(",").append(ls) - .append("d=0x").append(DEBUG ? d.toString(16) : "**...*").append(ls) - .append("p=0x").append(DEBUG ? p.toString(16) : "**...*").append(ls) - .append("q=0x").append(DEBUG ? q.toString(16) : "**...*").append(ls) - .append("dP=0x").append(DEBUG ? dP.toString(16) : "**...*").append(ls) - .append("dQ=0x").append(DEBUG ? dQ.toString(16) : "**...*").append(ls) - .append("qInv=0x").append(DEBUG ? qInv.toString(16) : "**...*").append(ls) - .append(")").toString(); + .append("d=0x").append(Configuration.DEBUG ? d.toString(16) + : "**...*").append(ls) + .append("p=0x").append(Configuration.DEBUG ? p.toString(16) + : "**...*").append(ls) + .append("q=0x").append(Configuration.DEBUG ? q.toString(16) + : "**...*").append(ls) + .append("dP=0x").append(Configuration.DEBUG ? dP.toString(16) + : "**...*").append(ls) + .append("dQ=0x").append(Configuration.DEBUG ? dQ.toString(16) + : "**...*").append(ls) + .append("qInv=0x").append(Configuration.DEBUG ? qInv.toString(16) + : "**...*").append(ls) + .append(")") + .toString(); } return str; } diff --git a/libjava/classpath/gnu/java/security/key/rsa/GnuRSAPublicKey.java b/libjava/classpath/gnu/java/security/key/rsa/GnuRSAPublicKey.java index 8badede1422..fe28d0ba3b0 100644 --- a/libjava/classpath/gnu/java/security/key/rsa/GnuRSAPublicKey.java +++ b/libjava/classpath/gnu/java/security/key/rsa/GnuRSAPublicKey.java @@ -38,42 +38,39 @@ exception statement from your version. */ package gnu.java.security.key.rsa; -import gnu.classpath.SystemProperties; import gnu.java.security.Registry; +import gnu.java.security.action.GetPropertyAction; import gnu.java.security.key.IKeyPairCodec; import java.math.BigInteger; +import java.security.AccessController; import java.security.PublicKey; import java.security.interfaces.RSAPublicKey; /** - * <p>An object that encapsulates an RSA public key.</p> - * - * <p>References:</p> + * An object that encapsulates an RSA public key. + * <p> + * References: * <ol> - * <li><a href="http://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/rsa-pss.zip"> - * RSA-PSS Signature Scheme with Appendix, part B.</a><br> - * Primitive specification and supporting documentation.<br> - * Jakob Jonsson and Burt Kaliski.</li> + * <li><a + * href="http://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/rsa-pss.zip"> + * RSA-PSS Signature Scheme with Appendix, part B.</a><br> + * Primitive specification and supporting documentation.<br> + * Jakob Jonsson and Burt Kaliski.</li> * </ol> */ -public class GnuRSAPublicKey extends GnuRSAKey implements PublicKey, - RSAPublicKey +public class GnuRSAPublicKey + extends GnuRSAKey + implements PublicKey, RSAPublicKey { - // Constants and variables - // ------------------------------------------------------------------------- - /** String representation of this key. Cached for speed. */ private transient String str; - // Constructor(s) - // ------------------------------------------------------------------------- - /** * Conveience constructor. Calls the constructor with 3 arguments passing * {@link Registry#RAW_ENCODING_ID} as the identifier of the preferred * encoding format. - * + * * @param n the modulus. * @param e the public exponent. */ @@ -98,9 +95,6 @@ public class GnuRSAPublicKey extends GnuRSAKey implements PublicKey, n, e); } - // Class methods - // ------------------------------------------------------------------------- - /** * A class method that takes the output of the <code>encodePublicKey()</code> * method of an RSA keypair codec object (an instance implementing @@ -125,21 +119,17 @@ public class GnuRSAPublicKey extends GnuRSAKey implements PublicKey, catch (IllegalArgumentException ignored) { } - // try X.509 codec return (GnuRSAPublicKey) new RSAKeyPairX509Codec().decodePublicKey(k); } - // Instance methods - // ------------------------------------------------------------------------- - /** - * <p>Returns the encoded form of this public key according to the designated - * format.</p> - * + * Returns the encoded form of this public key according to the designated + * format. + * * @param format the desired format identifier of the resulting encoding. * @return the byte sequence encoding this key according to the designated - * format. + * format. * @throws IllegalArgumentException if the format is not supported. * @see RSAKeyPairRawCodec */ @@ -162,23 +152,21 @@ public class GnuRSAPublicKey extends GnuRSAKey implements PublicKey, } /** - * <p>Returns <code>true</code> if the designated object is an instance of - * this class and has the same RSA parameter values as this one.</p> - * + * Returns <code>true</code> if the designated object is an instance of this + * class and has the same RSA parameter values as this one. + * * @param obj the other non-null RSA key to compare to. - * @return <code>true</code> if the designated object is of the same type and - * value as this one. + * @return <code>true</code> if the designated object is of the same type + * and value as this one. */ public boolean equals(final Object obj) { if (obj == null) - { - return false; - } - if (!(obj instanceof RSAPublicKey)) - { - return false; - } + return false; + + if (! (obj instanceof RSAPublicKey)) + return false; + final RSAPublicKey that = (RSAPublicKey) obj; return super.equals(that) && getPublicExponent().equals(that.getPublicExponent()); @@ -188,10 +176,12 @@ public class GnuRSAPublicKey extends GnuRSAKey implements PublicKey, { if (str == null) { - String ls = SystemProperties.getProperty("line.separator"); + String ls = (String) AccessController.doPrivileged + (new GetPropertyAction("line.separator")); str = new StringBuilder(this.getClass().getName()).append("(") .append(super.toString()).append(",").append(ls) - .append(")").toString(); + .append(")") + .toString(); } return str; } diff --git a/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairGenerator.java b/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairGenerator.java index 39063381f37..c31cc4cc1e0 100644 --- a/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairGenerator.java +++ b/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairGenerator.java @@ -38,10 +38,10 @@ exception statement from your version. */ package gnu.java.security.key.rsa; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.java.security.key.IKeyPairGenerator; import gnu.java.security.util.PRNG; -import gnu.java.security.util.Prime2; import java.math.BigInteger; import java.security.KeyPair; @@ -53,25 +53,23 @@ import java.util.Map; import java.util.logging.Logger; /** - * <p>A key-pair generator for asymetric keys to use in conjunction with the RSA - * scheme.</p> - * - * <p>Reference:</p> + * A key-pair generator for asymetric keys to use in conjunction with the RSA + * scheme. + * <p> + * Reference: * <ol> - * <li><a href="http://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/rsa-pss.zip"> - * RSA-PSS Signature Scheme with Appendix</a>, part B. Primitive - * specification and supporting documentation. Jakob Jonsson and Burt Kaliski. - * </li> - * <li><a href="http://www.cacr.math.uwaterloo.ca/hac/">Handbook of Applied - * Cryptography</a>, Alfred J. Menezes, Paul C. van Oorschot and Scott A. - * Vanstone. Section 11.3 RSA and related signature schemes.</li> + * <li><a + * href="http://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/rsa-pss.zip"> + * RSA-PSS Signature Scheme with Appendix</a>, part B. Primitive specification + * and supporting documentation. Jakob Jonsson and Burt Kaliski. </li> + * <li><a href="http://www.cacr.math.uwaterloo.ca/hac/">Handbook of Applied + * Cryptography</a>, Alfred J. Menezes, Paul C. van Oorschot and Scott A. + * Vanstone. Section 11.3 RSA and related signature schemes.</li> * </ol> */ -public class RSAKeyPairGenerator implements IKeyPairGenerator +public class RSAKeyPairGenerator + implements IKeyPairGenerator { - // Constants and variables - // ------------------------------------------------------------------------- - private static final Logger log = Logger.getLogger(RSAKeyPairGenerator.class.getName()); /** The BigInteger constant 1. */ @@ -90,8 +88,8 @@ public class RSAKeyPairGenerator implements IKeyPairGenerator public static final String SOURCE_OF_RANDOMNESS = "gnu.crypto.rsa.prng"; /** - * Property name of an optional {@link RSAKeyGenParameterSpec} instance to - * use for this generator's <code>n</code>, and <code>e</code> values. The + * Property name of an optional {@link RSAKeyGenParameterSpec} instance to use + * for this generator's <code>n</code>, and <code>e</code> values. The * default is to generate <code>n</code> and use a fixed value for * <code>e</.code> (Fermat's F4 number). */ @@ -128,38 +126,28 @@ public class RSAKeyPairGenerator implements IKeyPairGenerator /** Preferred encoding format of generated keys. */ private int preferredFormat; - // Constructor(s) - // ------------------------------------------------------------------------- - // implicit 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - - // gnu.crypto.key.IKeyPairGenerator interface implementation --------------- - public String name() { return Registry.RSA_KPG; } /** - * <p>Configures this instance.</p> - * + * Configures this instance. + * * @param attributes the map of name/value pairs to use. - * @exception IllegalArgumentException if the designated MODULUS_LENGTH - * value is less than 1024. + * @exception IllegalArgumentException if the designated MODULUS_LENGTH value + * is less than 1024. */ public void setup(Map attributes) { - log.entering(this.getClass().getName(), "setup", attributes); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "setup", attributes); // do we have a SecureRandom, or should we use our own? rnd = (SecureRandom) attributes.get(SOURCE_OF_RANDOMNESS); - // are we given a set of RSA params or we shall use our own? RSAKeyGenParameterSpec params = (RSAKeyGenParameterSpec) attributes.get(RSA_PARAMETERS); - // find out the modulus length if (params != null) { @@ -171,32 +159,30 @@ public class RSAKeyPairGenerator implements IKeyPairGenerator Integer l = (Integer) attributes.get(MODULUS_LENGTH); L = (l == null ? DEFAULT_MODULUS_LENGTH : l.intValue()); } - if (L < 1024) - { - throw new IllegalArgumentException(MODULUS_LENGTH); - } + throw new IllegalArgumentException(MODULUS_LENGTH); // what is the preferred encoding format Integer formatID = (Integer) attributes.get(PREFERRED_ENCODING_FORMAT); preferredFormat = formatID == null ? DEFAULT_ENCODING_FORMAT : formatID.intValue(); - - log.exiting(this.getClass().getName(), "setup"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "setup"); } /** - * <p>The algorithm used here is described in <i>nessie-pss-B.pdf</i> - * document which is part of the RSA-PSS submission to NESSIE.</p> - * + * <p> + * The algorithm used here is described in <i>nessie-pss-B.pdf</i> document + * which is part of the RSA-PSS submission to NESSIE. + * </p> + * * @return an RSA keypair. */ public KeyPair generate() { - log.entering(this.getClass().getName(), "generate"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "generate"); BigInteger p, q, n, d; - // 1. Generate a prime p in the interval [2**(M-1), 2**M - 1], where // M = CEILING(L/2), and such that GCD(p, e) = 1 int M = (L + 1) / 2; @@ -208,12 +194,9 @@ public class RSAKeyPairGenerator implements IKeyPairGenerator nextRandomBytes(kb); p = new BigInteger(1, kb).setBit(0); if (p.compareTo(lower) >= 0 && p.compareTo(upper) <= 0 - && Prime2.isProbablePrime(p) && p.gcd(e).equals(ONE)) - { - break step1; - } + && p.isProbablePrime(80) && p.gcd(e).equals(ONE)) + break step1; } - // 2. Generate a prime q such that the product of p and q is an L-bit // number, and such that GCD(q, e) = 1 step2: while (true) @@ -221,45 +204,34 @@ public class RSAKeyPairGenerator implements IKeyPairGenerator nextRandomBytes(kb); q = new BigInteger(1, kb).setBit(0); n = p.multiply(q); - if (n.bitLength() == L && Prime2.isProbablePrime(q) - && q.gcd(e).equals(ONE)) - { - break step2; - } - + if (n.bitLength() == L && q.isProbablePrime(80) && q.gcd(e).equals(ONE)) + break step2; // TODO: test for p != q } - // TODO: ensure p < q - // 3. Put n = pq. The public key is (n, e). // 4. Compute the parameters necessary for the private key K (see // Section 2.2). BigInteger phi = p.subtract(ONE).multiply(q.subtract(ONE)); d = e.modInverse(phi); - // 5. Output the public key and the private key. PublicKey pubK = new GnuRSAPublicKey(preferredFormat, n, e); PrivateKey secK = new GnuRSAPrivateKey(preferredFormat, p, q, e, d); - KeyPair result = new KeyPair(pubK, secK); - log.exiting(this.getClass().getName(), "generate", result); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "generate", result); return result; } - // helper methods ---------------------------------------------------------- - /** - * <p>Fills the designated byte array with random data.</p> - * + * Fills the designated byte array with random data. + * * @param buffer the byte array to fill with random data. */ private void nextRandomBytes(byte[] buffer) { if (rnd != null) - { - rnd.nextBytes(buffer); - } + rnd.nextBytes(buffer); else getDefaultPRNG().nextBytes(buffer); } diff --git a/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java b/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java index 0b980903251..7a51d0a0dd0 100644 --- a/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java +++ b/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java @@ -38,15 +38,7 @@ exception statement from your version. */ package gnu.java.security.key.rsa; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidParameterException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.util.ArrayList; -import java.util.logging.Logger; - +import gnu.java.security.Configuration; import gnu.java.security.OID; import gnu.java.security.Registry; import gnu.java.security.der.DER; @@ -56,6 +48,15 @@ import gnu.java.security.der.DERWriter; import gnu.java.security.key.IKeyPairCodec; import gnu.java.security.util.DerUtil; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.security.InvalidParameterException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.util.ArrayList; +import java.util.logging.Logger; + /** * An implementation of an {@link IKeyPairCodec} that knows how to encode / * decode PKCS#8 ASN.1 external representation of RSA private keys. @@ -84,7 +85,6 @@ public class RSAKeyPairPKCS8Codec /** * Returns the PKCS#8 ASN.1 <i>PrivateKeyInfo</i> representation of an RSA * private key. The ASN.1 specification is as follows: - * * <pre> * PrivateKeyInfo ::= SEQUENCE { * version INTEGER, -- MUST be 0 @@ -97,10 +97,12 @@ public class RSAKeyPairPKCS8Codec * parameters ANY DEFINED BY algorithm OPTIONAL * } * </pre> - * - * <p>The <i>privateKey</i> field, which is an OCTET STRING, contains the - * DER-encoded form of the RSA private key defined as:</p> - * + * <p> + * As indicated in RFC-2459: "The parameters field shall have ASN.1 type NULL + * for this algorithm identifier.". + * <p> + * The <i>privateKey</i> field, which is an OCTET STRING, contains the + * DER-encoded form of the RSA private key defined as: * <pre> * RSAPrivateKey ::= SEQUENCE { * version INTEGER, -- MUST be 0 @@ -122,8 +124,8 @@ public class RSAKeyPairPKCS8Codec */ public byte[] encodePrivateKey(PrivateKey key) { - log.entering(this.getClass().getName(), "encodePrivateKey()", key); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "encodePrivateKey()", key); if (! (key instanceof GnuRSAPrivateKey)) throw new InvalidParameterException("Wrong key type"); @@ -141,8 +143,9 @@ public class RSAKeyPairPKCS8Codec DERValue derOID = new DERValue(DER.OBJECT_IDENTIFIER, RSA_ALG_OID); - ArrayList algorithmID = new ArrayList(1); + ArrayList algorithmID = new ArrayList(2); algorithmID.add(derOID); + algorithmID.add(new DERValue(DER.NULL, null)); DERValue derAlgorithmID = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, algorithmID); @@ -190,8 +193,8 @@ public class RSAKeyPairPKCS8Codec y.initCause(x); throw y; } - - log.exiting(this.getClass().getName(), "encodePrivateKey()", result); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "encodePrivateKey()", result); return result; } @@ -213,8 +216,8 @@ public class RSAKeyPairPKCS8Codec */ public PrivateKey decodePrivateKey(byte[] input) { - log.entering(this.getClass().getName(), "decodePrivateKey()", input); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "decodePrivateKey()", input); if (input == null) throw new InvalidParameterException("Input bytes MUST NOT be null"); @@ -239,9 +242,12 @@ public class RSAKeyPairPKCS8Codec if (! algOID.equals(RSA_ALG_OID)) throw new InvalidParameterException("Unexpected OID: " + algOID); + // rfc-2459 states that this field is OPTIONAL but NULL if/when present DERValue val = der.read(); - byte[] pkBytes = (byte[]) val.getValue(); + if (val.getTag() == DER.NULL) + val = der.read(); + byte[] pkBytes = (byte[]) val.getValue(); der = new DERReader(pkBytes); DERValue derRSAPrivateKey = der.read(); DerUtil.checkIsConstructed(derRSAPrivateKey, "Wrong RSAPrivateKey field"); @@ -284,10 +290,10 @@ public class RSAKeyPairPKCS8Codec y.initCause(x); throw y; } - - PrivateKey result = new GnuRSAPrivateKey(Registry.PKCS8_ENCODING_ID, n, e, - d, p, q, dP, dQ, qInv); - log.exiting(this.getClass().getName(), "decodePrivateKey()", result); + PrivateKey result = new GnuRSAPrivateKey(Registry.PKCS8_ENCODING_ID, + n, e, d, p, q, dP, dQ, qInv); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "decodePrivateKey()", result); return result; } } diff --git a/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairRawCodec.java b/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairRawCodec.java index fb7cea99edd..c2650e6a49c 100644 --- a/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairRawCodec.java +++ b/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairRawCodec.java @@ -47,80 +47,60 @@ import java.security.PrivateKey; import java.security.PublicKey; /** - * <p>An object that implements the {@link IKeyPairCodec} interface for the - * <i>Raw</i> format to use with RSA keypairs.</p> - * - * @version $Revision: 1.1 $ + * An object that implements the {@link IKeyPairCodec} interface for the <i>Raw</i> + * format to use with RSA keypairs. */ -public class RSAKeyPairRawCodec implements IKeyPairCodec +public class RSAKeyPairRawCodec + implements IKeyPairCodec { - - // Constants and variables - // ------------------------------------------------------------------------- - - // Constructor(s) - // ------------------------------------------------------------------------- - // implicit 0-arguments constructor - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // gnu.crypto.key.IKeyPairCodec interface implementation ------------------- - public int getFormatID() { return RAW_FORMAT; } /** - * <p>Returns the encoded form of the designated RSA public key according to - * the <i>Raw</i> format supported by this library.</p> - * - * <p>The <i>Raw</i> format for an RSA public key, in this implementation, is - * a byte sequence consisting of the following:</p> - * + * Returns the encoded form of the designated RSA public key according to the + * <i>Raw</i> format supported by this library. + * <p> + * The <i>Raw</i> format for an RSA public key, in this implementation, is a + * byte sequence consisting of the following: * <ol> - * <li>4-byte magic consisting of the value of the literal - * {@link Registry#MAGIC_RAW_RSA_PUBLIC_KEY},<li> - * <li>1-byte version consisting of the constant: 0x01,</li> - * <li>4-byte count of following bytes representing the RSA parameter - * <code>n</code> (the modulus) in internet order,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the RSA parameter <code>n</code>,</li> - * <li>4-byte count of following bytes representing the RSA parameter - * <code>e</code> (the public exponent) in internet order,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the RSA parameter <code>e</code>.</li> + * <li>4-byte magic consisting of the value of the literal + * {@link Registry#MAGIC_RAW_RSA_PUBLIC_KEY},</li> + * <li>1-byte version consisting of the constant: 0x01,</li> + * <li>4-byte count of following bytes representing the RSA parameter + * <code>n</code> (the modulus) in internet order,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the RSA parameter <code>n</code>, + * </li> + * <li>4-byte count of following bytes representing the RSA parameter + * <code>e</code> (the public exponent) in internet order,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the RSA parameter <code>e</code>. + * </li> * </ol> - * + * * @param key the key to encode. * @return the <i>Raw</i> format encoding of the designated key. * @exception IllegalArgumentException if the designated key is not an RSA - * one. + * one. */ public byte[] encodePublicKey(PublicKey key) { - if (!(key instanceof GnuRSAPublicKey)) - { - throw new IllegalArgumentException("key"); - } + if (! (key instanceof GnuRSAPublicKey)) + throw new IllegalArgumentException("key"); GnuRSAPublicKey rsaKey = (GnuRSAPublicKey) key; ByteArrayOutputStream baos = new ByteArrayOutputStream(); - // magic baos.write(Registry.MAGIC_RAW_RSA_PUBLIC_KEY[0]); baos.write(Registry.MAGIC_RAW_RSA_PUBLIC_KEY[1]); baos.write(Registry.MAGIC_RAW_RSA_PUBLIC_KEY[2]); baos.write(Registry.MAGIC_RAW_RSA_PUBLIC_KEY[3]); - // version baos.write(0x01); - // n byte[] buffer = rsaKey.getModulus().toByteArray(); int length = buffer.length; @@ -129,7 +109,6 @@ public class RSAKeyPairRawCodec implements IKeyPairCodec baos.write((length >>> 8) & 0xFF); baos.write(length & 0xFF); baos.write(buffer, 0, length); - // e buffer = rsaKey.getPublicExponent().toByteArray(); length = buffer.length; @@ -138,7 +117,6 @@ public class RSAKeyPairRawCodec implements IKeyPairCodec baos.write((length >>> 8) & 0xFF); baos.write(length & 0xFF); baos.write(buffer, 0, length); - return baos.toByteArray(); } @@ -149,92 +127,87 @@ public class RSAKeyPairRawCodec implements IKeyPairCodec || k[1] != Registry.MAGIC_RAW_RSA_PUBLIC_KEY[1] || k[2] != Registry.MAGIC_RAW_RSA_PUBLIC_KEY[2] || k[3] != Registry.MAGIC_RAW_RSA_PUBLIC_KEY[3]) - { - throw new IllegalArgumentException("magic"); - } + throw new IllegalArgumentException("magic"); // version if (k[4] != 0x01) - { - throw new IllegalArgumentException("version"); - } - int i = 5; + throw new IllegalArgumentException("version"); + int i = 5; int l; byte[] buffer; - // n - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger n = new BigInteger(1, buffer); - // e - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger e = new BigInteger(1, buffer); - return new GnuRSAPublicKey(n, e); } /** - * <p>Returns the encoded form of the designated RSA private key according to - * the <i>Raw</i> format supported by this library.</p> - * - * <p>The <i>Raw</i> format for an RSA private key, in this implementation, - * is a byte sequence consisting of the following:</p> - * + * Returns the encoded form of the designated RSA private key according to the + * <i>Raw</i> format supported by this library. + * <p> + * The <i>Raw</i> format for an RSA private key, in this implementation, is a + * byte sequence consisting of the following: * <ol> - * <li>4-byte magic consisting of the value of the literal - * {@link Registry#MAGIC_RAW_RSA_PRIVATE_KEY},<li> - * <li>1-byte version consisting of the constant: 0x01,</li> - * <li>4-byte count of following bytes representing the RSA parameter - * <code>p</code> (the first prime factor of the modulus) in internet - * order,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the RSA parameter <code>p</code>,</li> - * <li>4-byte count of following bytes representing the RSA parameter - * <code>q</code> (the second prime factor of the modulus) in internet - * order,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the RSA parameter <code>q</code>,</li> - * <li>4-byte count of following bytes representing the RSA parameter - * <code>e</code> (the public exponent) in internet order,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the RSA parameter <code>e</code>,</li> - * <li>4-byte count of following bytes representing the RSA parameter - * <code>d</code> (the private exponent) in internet order,</li> - * <li>n-bytes representation of a {@link BigInteger} obtained by invoking - * the <code>toByteArray()</code> method on the RSA parameter <code>d</code>,</li> + * <li>4-byte magic consisting of the value of the literal + * {@link Registry#MAGIC_RAW_RSA_PRIVATE_KEY},</li> + * <li>1-byte version consisting of the constant: 0x01,</li> + * <li>4-byte count of following bytes representing the RSA parameter + * <code>p</code> (the first prime factor of the modulus) in internet order, + * </li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the RSA parameter <code>p</code>, + * </li> + * <li>4-byte count of following bytes representing the RSA parameter + * <code>q</code> (the second prime factor of the modulus) in internet + * order,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the RSA parameter <code>q</code>, + * </li> + * <li>4-byte count of following bytes representing the RSA parameter + * <code>e</code> (the public exponent) in internet order,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the RSA parameter <code>e</code>, + * </li> + * <li>4-byte count of following bytes representing the RSA parameter + * <code>d</code> (the private exponent) in internet order,</li> + * <li>n-bytes representation of a {@link BigInteger} obtained by invoking + * the <code>toByteArray()</code> method on the RSA parameter <code>d</code>, + * </li> * </ol> - * + * * @param key the key to encode. * @return the <i>Raw</i> format encoding of the designated key. */ public byte[] encodePrivateKey(PrivateKey key) { - if (!(key instanceof GnuRSAPrivateKey)) - { - throw new IllegalArgumentException("key"); - } + if (! (key instanceof GnuRSAPrivateKey)) + throw new IllegalArgumentException("key"); GnuRSAPrivateKey rsaKey = (GnuRSAPrivateKey) key; ByteArrayOutputStream baos = new ByteArrayOutputStream(); - // magic baos.write(Registry.MAGIC_RAW_RSA_PRIVATE_KEY[0]); baos.write(Registry.MAGIC_RAW_RSA_PRIVATE_KEY[1]); baos.write(Registry.MAGIC_RAW_RSA_PRIVATE_KEY[2]); baos.write(Registry.MAGIC_RAW_RSA_PRIVATE_KEY[3]); - // version baos.write(0x01); - // p byte[] buffer = rsaKey.getPrimeP().toByteArray(); int length = buffer.length; @@ -243,7 +216,6 @@ public class RSAKeyPairRawCodec implements IKeyPairCodec baos.write((length >>> 8) & 0xFF); baos.write(length & 0xFF); baos.write(buffer, 0, length); - // q buffer = rsaKey.getPrimeQ().toByteArray(); length = buffer.length; @@ -252,7 +224,6 @@ public class RSAKeyPairRawCodec implements IKeyPairCodec baos.write((length >>> 8) & 0xFF); baos.write(length & 0xFF); baos.write(buffer, 0, length); - // e buffer = rsaKey.getPublicExponent().toByteArray(); length = buffer.length; @@ -261,7 +232,6 @@ public class RSAKeyPairRawCodec implements IKeyPairCodec baos.write((length >>> 8) & 0xFF); baos.write(length & 0xFF); baos.write(buffer, 0, length); - // d buffer = rsaKey.getPrivateExponent().toByteArray(); length = buffer.length; @@ -270,7 +240,6 @@ public class RSAKeyPairRawCodec implements IKeyPairCodec baos.write((length >>> 8) & 0xFF); baos.write(length & 0xFF); baos.write(buffer, 0, length); - return baos.toByteArray(); } @@ -281,52 +250,51 @@ public class RSAKeyPairRawCodec implements IKeyPairCodec || k[1] != Registry.MAGIC_RAW_RSA_PRIVATE_KEY[1] || k[2] != Registry.MAGIC_RAW_RSA_PRIVATE_KEY[2] || k[3] != Registry.MAGIC_RAW_RSA_PRIVATE_KEY[3]) - { - throw new IllegalArgumentException("magic"); - } + throw new IllegalArgumentException("magic"); // version if (k[4] != 0x01) - { - throw new IllegalArgumentException("version"); - } - int i = 5; + throw new IllegalArgumentException("version"); + int i = 5; int l; byte[] buffer; - // p - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger p = new BigInteger(1, buffer); - // q - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger q = new BigInteger(1, buffer); - // e - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger e = new BigInteger(1, buffer); - // d - l = k[i++] << 24 | (k[i++] & 0xFF) << 16 | (k[i++] & 0xFF) << 8 - | (k[i++] & 0xFF); + l = k[i++] << 24 + | (k[i++] & 0xFF) << 16 + | (k[i++] & 0xFF) << 8 + | (k[i++] & 0xFF); buffer = new byte[l]; System.arraycopy(k, i, buffer, 0, l); i += l; BigInteger d = new BigInteger(1, buffer); - return new GnuRSAPrivateKey(p, q, e, d); } } diff --git a/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java b/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java index 882d9c7b2ca..b11e1c01371 100644 --- a/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java +++ b/libjava/classpath/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java @@ -38,6 +38,7 @@ exception statement from your version. */ package gnu.java.security.key.rsa; +import gnu.java.security.Configuration; import gnu.java.security.OID; import gnu.java.security.Registry; import gnu.java.security.der.BitString; @@ -114,8 +115,8 @@ public class RSAKeyPairX509Codec */ public byte[] encodePublicKey(PublicKey key) { - log.entering(this.getClass().getName(), "encodePublicKey()", key); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "encodePublicKey()", key); if (! (key instanceof GnuRSAPublicKey)) throw new InvalidParameterException("key"); @@ -156,12 +157,12 @@ public class RSAKeyPairX509Codec } catch (IOException x) { - InvalidParameterException y = new InvalidParameterException(); + InvalidParameterException y = new InvalidParameterException(x.getMessage()); y.initCause(x); throw y; } - - log.exiting(this.getClass().getName(), "encodePublicKey()", result); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "encodePublicKey()", result); return result; } @@ -183,8 +184,8 @@ public class RSAKeyPairX509Codec */ public PublicKey decodePublicKey(byte[] input) { - log.entering(this.getClass().getName(), "decodePublicKey()", input); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "decodePublicKey()", input); if (input == null) throw new InvalidParameterException("Input bytes MUST NOT be null"); @@ -229,13 +230,13 @@ public class RSAKeyPairX509Codec } catch (IOException x) { - InvalidParameterException y = new InvalidParameterException(); + InvalidParameterException y = new InvalidParameterException(x.getMessage()); y.initCause(x); throw y; } - PublicKey result = new GnuRSAPublicKey(Registry.X509_ENCODING_ID, n, e); - log.exiting(this.getClass().getName(), "decodePublicKey()", result); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "decodePublicKey()", result); return result; } |
