OpenCores
URL https://opencores.org/ocsvn/openrisc/openrisc/trunk

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [gnu-dev/] [or1k-gcc/] [libjava/] [classpath/] [gnu/] [java/] [security/] [key/] [dss/] [DSSKeyPairX509Codec.java] - Blame information for rev 769

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 769 jeremybenn 
/* DSSKeyPairX509Codec.java -- X.509 Encoding/Decoding handler
2 
   Copyright (C) 2006 Free Software Foundation, Inc.
3 
 
4 
This file is part of GNU Classpath.
5 
 
6 
GNU Classpath is free software; you can redistribute it and/or modify
7 
it under the terms of the GNU General Public License as published by
8 
the Free Software Foundation; either version 2, or (at your option)
9 
any later version.
10 
 
11 
GNU Classpath is distributed in the hope that it will be useful, but
12 
WITHOUT ANY WARRANTY; without even the implied warranty of
13 
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 
General Public License for more details.
15 
 
16 
You should have received a copy of the GNU General Public License
17 
along with GNU Classpath; see the file COPYING.  If not, write to the
18 
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 
02110-1301 USA.
20 
 
21 
Linking this library statically or dynamically with other modules is
22 
making a combined work based on this library.  Thus, the terms and
23 
conditions of the GNU General Public License cover the whole
24 
combination.
25 
 
26 
As a special exception, the copyright holders of this library give you
27 
permission to link this library with independent modules to produce an
28 
executable, regardless of the license terms of these independent
29 
modules, and to copy and distribute the resulting executable under
30 
terms of your choice, provided that you also meet, for each linked
31 
independent module, the terms and conditions of the license of that
32 
module.  An independent module is a module which is not derived from
33 
or based on this library.  If you modify this library, you may extend
34 
this exception to your version of the library, but you are not
35 
obligated to do so.  If you do not wish to do so, delete this
36 
exception statement from your version. */
37 
 
38 
 
39 
package gnu.java.security.key.dss;
40 
 
41 
import gnu.java.security.OID;
42 
import gnu.java.security.Registry;
43 
import gnu.java.security.der.BitString;
44 
import gnu.java.security.der.DER;
45 
import gnu.java.security.der.DERReader;
46 
import gnu.java.security.der.DERValue;
47 
import gnu.java.security.der.DERWriter;
48 
import gnu.java.security.key.IKeyPairCodec;
49 
import gnu.java.security.util.DerUtil;
50 
 
51 
import java.io.ByteArrayOutputStream;
52 
import java.io.IOException;
53 
import java.math.BigInteger;
54 
import java.security.InvalidParameterException;
55 
import java.security.PrivateKey;
56 
import java.security.PublicKey;
57 
import java.util.ArrayList;
58 
 
59 
/**
60 
 * An implementation of an {@link IKeyPairCodec} that knows how to encode /
61 
 * decode X.509 ASN.1 external representation of DSS public keys.
62 
 */
63 
public class DSSKeyPairX509Codec
64 
    implements IKeyPairCodec
65 
{
66 
  private static final OID DSA_ALG_OID = new OID(Registry.DSA_OID_STRING);
67 
 
68 
  // implicit 0-arguments constructor
69 
 
70 
  public int getFormatID()
71 
  {
72 
    return X509_FORMAT;
73 
  }
74 
 
75 
  /**
76 
   * Returns the X.509 ASN.1 <i>SubjectPublicKeyInfo</i> representation of a
77 
   * DSA public key. The ASN.1 specification, as defined in RFC-3280, and
78 
   * RFC-2459, is as follows:
79 
   *
80 
   * <pre>
81 
   *   SubjectPublicKeyInfo ::= SEQUENCE {
82 
   *     algorithm         AlgorithmIdentifier,
83 
   *     subjectPublicKey  BIT STRING
84 
   *   }
85 
   *
86 
   *   AlgorithmIdentifier ::= SEQUENCE {
87 
   *     algorithm   OBJECT IDENTIFIER,
88 
   *     parameters  ANY DEFINED BY algorithm OPTIONAL
89 
   *   }
90 
   *
91 
   *   DssParams ::= SEQUENCE {
92 
   *     p   INTEGER,
93 
   *     q   INTEGER,
94 
   *     g   INTEGER
95 
   *   }
96 
   * </pre>
97 
   * <p>
98 
   * Note that RFC-3280 (page 79) implies that some certificates MAY have an
99 
   * absent, or NULL, parameters field in their AlgorithmIdentifier element,
100 
   * implying that those parameters MUST be <i>inherited</i> from another
101 
   * certificate. This implementation, encodes a <i>NULL</i> element as the DER
102 
   * value of the parameters field when such is the case.
103 
   * <p>
104 
   * The <i>subjectPublicKey</i> field, which is a BIT STRING, contains the
105 
   * DER-encoded form of the DSA public key as an INTEGER.
106 
   *
107 
   * <pre>
108 
   *       DSAPublicKey ::= INTEGER -- public key, Y
109 
   * </pre>
110 
   *
111 
   * @param key the {@link PublicKey} instance to encode. MUST be an instance of
112 
   *          {@link DSSPublicKey}.
113 
   * @return the ASN.1 representation of the <i>SubjectPublicKeyInfo</i> in an
114 
   *         X.509 certificate.
115 
   * @throw InvalidParameterException if <code>key</code> is not an instance
116 
   *        of {@link DSSPublicKey} or if an exception occurs during the
117 
   *        marshalling process.
118 
   */
119 
  public byte[] encodePublicKey(PublicKey key)
120 
  {
121 
    if (! (key instanceof DSSPublicKey))
122 
      throw new InvalidParameterException("key");
123 
 
124 
    DERValue derOID = new DERValue(DER.OBJECT_IDENTIFIER, DSA_ALG_OID);
125 
 
126 
    DSSPublicKey dssKey = (DSSPublicKey) key;
127 
    DERValue derParams;
128 
    if (dssKey.hasInheritedParameters())
129 
      derParams = new DERValue(DER.NULL, null);
130 
    else
131 
      {
132 
        BigInteger p = dssKey.getParams().getP();
133 
        BigInteger q = dssKey.getParams().getQ();
134 
        BigInteger g = dssKey.getParams().getG();
135 
 
136 
        DERValue derP = new DERValue(DER.INTEGER, p);
137 
        DERValue derQ = new DERValue(DER.INTEGER, q);
138 
        DERValue derG = new DERValue(DER.INTEGER, g);
139 
 
140 
        ArrayList params = new ArrayList(3);
141 
        params.add(derP);
142 
        params.add(derQ);
143 
        params.add(derG);
144 
        derParams = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, params);
145 
      }
146 
 
147 
    ArrayList algorithmID = new ArrayList(2);
148 
    algorithmID.add(derOID);
149 
    algorithmID.add(derParams);
150 
    DERValue derAlgorithmID = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE,
151 
                                           algorithmID);
152 
 
153 
    BigInteger y = dssKey.getY();
154 
    DERValue derDSAPublicKey = new DERValue(DER.INTEGER, y);
155 
    byte[] yBytes = derDSAPublicKey.getEncoded();
156 
    DERValue derSPK = new DERValue(DER.BIT_STRING, new BitString(yBytes));
157 
 
158 
    ArrayList spki = new ArrayList(2);
159 
    spki.add(derAlgorithmID);
160 
    spki.add(derSPK);
161 
    DERValue derSPKI = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, spki);
162 
 
163 
    byte[] result;
164 
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
165 
    try
166 
      {
167 
        DERWriter.write(baos, derSPKI);
168 
        result = baos.toByteArray();
169 
      }
170 
    catch (IOException x)
171 
      {
172 
        InvalidParameterException e = new InvalidParameterException(x.getMessage());
173 
        e.initCause(x);
174 
        throw e;
175 
      }
176 
    return result;
177 
  }
178 
 
179 
  /**
180 
   * @throws InvalidParameterException ALWAYS.
181 
   */
182 
  public byte[] encodePrivateKey(PrivateKey key)
183 
  {
184 
    throw new InvalidParameterException("Wrong format for private keys");
185 
  }
186 
 
187 
  /**
188 
   * @param input the byte array to unmarshall into a valid DSS
189 
   *          {@link PublicKey} instance. MUST NOT be null.
190 
   * @return a new instance of a {@link DSSPublicKey} decoded from the
191 
   *         <i>SubjectPublicKeyInfo</i> material in an X.509 certificate.
192 
   * @throw InvalidParameterException if an exception occurs during the
193 
   *        unmarshalling process.
194 
   */
195 
  public PublicKey decodePublicKey(byte[] input)
196 
  {
197 
    if (input == null)
198 
      throw new InvalidParameterException("Input bytes MUST NOT be null");
199 
 
200 
    BigInteger p = null;
201 
    BigInteger g = null;
202 
    BigInteger q = null;
203 
    BigInteger y;
204 
    DERReader der = new DERReader(input);
205 
    try
206 
      {
207 
        DERValue derSPKI = der.read();
208 
        DerUtil.checkIsConstructed(derSPKI, "Wrong SubjectPublicKeyInfo field");
209 
 
210 
        DERValue derAlgorithmID = der.read();
211 
        DerUtil.checkIsConstructed(derAlgorithmID, "Wrong AlgorithmIdentifier field");
212 
 
213 
        DERValue derOID = der.read();
214 
        if (! (derOID.getValue() instanceof OID))
215 
          throw new InvalidParameterException("Wrong Algorithm field");
216 
 
217 
        OID algOID = (OID) derOID.getValue();
218 
        if (! algOID.equals(DSA_ALG_OID))
219 
          throw new InvalidParameterException("Unexpected OID: " + algOID);
220 
 
221 
        DERValue val = der.read();
222 
        // RFC-3280, page 79 states: "If the subjectPublicKeyInfo field of the
223 
        // certificate contains an algorithm field with null parameters or
224 
        // parameters are omitted, compare the certificate subjectPublicKey
225 
        // algorithm to the working_public_key_algorithm.  If the certificate
226 
        // subjectPublicKey algorithm and the working_public_key_algorithm are
227 
        // different, set the working_public_key_parameters to null."
228 
        // in other words, the parameters field of an AlgorithmIdentifier
229 
        // element MAY NOT be present at all, or if present MAY be NULL!
230 
        // the Mauve test ValidDSAParameterInheritenceTest5, in
231 
        // gnu.testlet.java.security.cert.pkix.pkits, is/was failing because
232 
        // of this.
233 
        if (val.getTag() == DER.NULL)
234 
          val = der.read();
235 
        else if (val.isConstructed())
236 
          {
237 
            val = der.read();
238 
            DerUtil.checkIsBigInteger(val, "Wrong P field");
239 
            p = (BigInteger) val.getValue();
240 
            val = der.read();
241 
            DerUtil.checkIsBigInteger(val, "Wrong Q field");
242 
            q = (BigInteger) val.getValue();
243 
            val = der.read();
244 
            DerUtil.checkIsBigInteger(val, "Wrong G field");
245 
            g = (BigInteger) val.getValue();
246 
 
247 
            val = der.read();
248 
          }
249 
 
250 
        if (! (val.getValue() instanceof BitString))
251 
          throw new InvalidParameterException("Wrong SubjectPublicKey field");
252 
 
253 
        byte[] yBytes = ((BitString) val.getValue()).toByteArray();
254 
 
255 
        DERReader dsaPub = new DERReader(yBytes);
256 
        val = dsaPub.read();
257 
        DerUtil.checkIsBigInteger(val, "Wrong Y field");
258 
        y = (BigInteger) val.getValue();
259 
      }
260 
    catch (IOException x)
261 
      {
262 
        InvalidParameterException e = new InvalidParameterException(x.getMessage());
263 
        e.initCause(x);
264 
        throw e;
265 
      }
266 
    return new DSSPublicKey(Registry.X509_ENCODING_ID, p, q, g, y);
267 
  }
268 
 
269 
  /**
270 
   * @throws InvalidParameterException ALWAYS.
271 
   */
272 
  public PrivateKey decodePrivateKey(byte[] input)
273 
  {
274 
    throw new InvalidParameterException("Wrong format for private keys");
275 
  }
276 
}

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.