author | wetmore |
Fri, 11 May 2018 15:53:12 -0700 | |
branch | JDK-8145252-TLS13-branch |
changeset 56542 | 56aaa6cb3693 |
parent 47216 | 71c04702a3d5 |
child 56592 | b1902b22005e |
permissions | -rw-r--r-- |
2 | 1 |
/* |
56542 | 2 |
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package sun.security.rsa; |
|
27 |
||
28 |
import java.math.BigInteger; |
|
29 |
||
30 |
import java.security.*; |
|
31 |
import java.security.interfaces.*; |
|
32 |
import java.security.spec.*; |
|
33 |
||
2596 | 34 |
import sun.security.action.GetPropertyAction; |
56542 | 35 |
import sun.security.x509.AlgorithmId; |
36 |
import static sun.security.rsa.RSAUtil.KeyType; |
|
2596 | 37 |
|
2 | 38 |
/** |
56542 | 39 |
* KeyFactory for RSA keys, e.g. "RSA", "RSASSA-PSS". |
40 |
* Keys must be instances of PublicKey or PrivateKey |
|
41 |
* and getAlgorithm() must return a value which matches the type which are |
|
42 |
* specified during construction time of the KeyFactory object. |
|
43 |
* For such keys, it supports conversion |
|
2 | 44 |
* between the following: |
45 |
* |
|
46 |
* For public keys: |
|
47 |
* . PublicKey with an X.509 encoding |
|
48 |
* . RSAPublicKey |
|
49 |
* . RSAPublicKeySpec |
|
50 |
* . X509EncodedKeySpec |
|
51 |
* |
|
52 |
* For private keys: |
|
53 |
* . PrivateKey with a PKCS#8 encoding |
|
54 |
* . RSAPrivateKey |
|
55 |
* . RSAPrivateCrtKey |
|
56 |
* . RSAPrivateKeySpec |
|
57 |
* . RSAPrivateCrtKeySpec |
|
58 |
* . PKCS8EncodedKeySpec |
|
59 |
* (of course, CRT variants only for CRT keys) |
|
60 |
* |
|
61 |
* Note: as always, RSA keys should be at least 512 bits long |
|
62 |
* |
|
63 |
* @since 1.5 |
|
64 |
* @author Andreas Sterbenz |
|
65 |
*/ |
|
56542 | 66 |
public class RSAKeyFactory extends KeyFactorySpi { |
2 | 67 |
|
56542 | 68 |
private static final Class<?> RSA_PUB_KEYSPEC_CLS = RSAPublicKeySpec.class; |
69 |
private static final Class<?> RSA_PRIV_KEYSPEC_CLS = |
|
70 |
RSAPrivateKeySpec.class; |
|
71 |
private static final Class<?> RSA_PRIVCRT_KEYSPEC_CLS = |
|
72 |
RSAPrivateCrtKeySpec.class; |
|
73 |
private static final Class<?> X509_KEYSPEC_CLS = X509EncodedKeySpec.class; |
|
74 |
private static final Class<?> PKCS8_KEYSPEC_CLS = PKCS8EncodedKeySpec.class; |
|
2 | 75 |
|
32649
2ee9017c7597
8136583: Core libraries should use blessed modifier order
martin
parents:
30374
diff
changeset
|
76 |
public static final int MIN_MODLEN = 512; |
2ee9017c7597
8136583: Core libraries should use blessed modifier order
martin
parents:
30374
diff
changeset
|
77 |
public static final int MAX_MODLEN = 16384; |
2596 | 78 |
|
56542 | 79 |
private final KeyType type; |
80 |
||
2596 | 81 |
/* |
82 |
* If the modulus length is above this value, restrict the size of |
|
83 |
* the exponent to something that can be reasonably computed. We |
|
84 |
* could simply hardcode the exp len to something like 64 bits, but |
|
85 |
* this approach allows flexibility in case impls would like to use |
|
86 |
* larger module and exponent values. |
|
87 |
*/ |
|
32649
2ee9017c7597
8136583: Core libraries should use blessed modifier order
martin
parents:
30374
diff
changeset
|
88 |
public static final int MAX_MODLEN_RESTRICT_EXP = 3072; |
2ee9017c7597
8136583: Core libraries should use blessed modifier order
martin
parents:
30374
diff
changeset
|
89 |
public static final int MAX_RESTRICTED_EXPLEN = 64; |
2596 | 90 |
|
91 |
private static final boolean restrictExpLen = |
|
37781
71ed5645f17c
8155775: Re-examine naming of privileged methods to access System properties
redestad
parents:
37593
diff
changeset
|
92 |
"true".equalsIgnoreCase(GetPropertyAction.privilegedGetProperty( |
37593
824750ada3d6
8154231: Simplify access to System properties from JDK code
redestad
parents:
32649
diff
changeset
|
93 |
"sun.security.rsa.restrictRSAExponent", "true")); |
2596 | 94 |
|
56542 | 95 |
static RSAKeyFactory getInstance(KeyType type) { |
96 |
return new RSAKeyFactory(type); |
|
97 |
} |
|
2 | 98 |
|
56542 | 99 |
// Internal utility method for checking key algorithm |
100 |
private static void checkKeyAlgo(Key key, String expectedAlg) |
|
101 |
throws InvalidKeyException { |
|
102 |
String keyAlg = key.getAlgorithm(); |
|
103 |
if (!(keyAlg.equalsIgnoreCase(expectedAlg))) { |
|
104 |
throw new InvalidKeyException("Expected a " + expectedAlg |
|
105 |
+ " key, but got " + keyAlg); |
|
106 |
} |
|
2 | 107 |
} |
108 |
||
109 |
/** |
|
2596 | 110 |
* Static method to convert Key into an instance of RSAPublicKeyImpl |
111 |
* or RSAPrivate(Crt)KeyImpl. If the key is not an RSA key or cannot be |
|
112 |
* used, throw an InvalidKeyException. |
|
2 | 113 |
* |
114 |
* Used by RSASignature and RSACipher. |
|
115 |
*/ |
|
116 |
public static RSAKey toRSAKey(Key key) throws InvalidKeyException { |
|
2596 | 117 |
if ((key instanceof RSAPrivateKeyImpl) || |
118 |
(key instanceof RSAPrivateCrtKeyImpl) || |
|
119 |
(key instanceof RSAPublicKeyImpl)) { |
|
120 |
return (RSAKey)key; |
|
2 | 121 |
} else { |
56542 | 122 |
try { |
123 |
String keyAlgo = key.getAlgorithm(); |
|
124 |
KeyType type = KeyType.lookup(keyAlgo); |
|
125 |
RSAKeyFactory kf = RSAKeyFactory.getInstance(type); |
|
126 |
return (RSAKey) kf.engineTranslateKey(key); |
|
127 |
} catch (ProviderException e) { |
|
128 |
throw new InvalidKeyException(e); |
|
129 |
} |
|
2 | 130 |
} |
131 |
} |
|
132 |
||
2596 | 133 |
/* |
134 |
* Single test entry point for all of the mechanisms in the SunRsaSign |
|
135 |
* provider (RSA*KeyImpls). All of the tests are the same. |
|
136 |
* |
|
137 |
* For compatibility, we round up to the nearest byte here: |
|
138 |
* some Key impls might pass in a value within a byte of the |
|
139 |
* real value. |
|
2 | 140 |
*/ |
2596 | 141 |
static void checkRSAProviderKeyLengths(int modulusLen, BigInteger exponent) |
142 |
throws InvalidKeyException { |
|
143 |
checkKeyLengths(((modulusLen + 7) & ~7), exponent, |
|
144 |
RSAKeyFactory.MIN_MODLEN, Integer.MAX_VALUE); |
|
2 | 145 |
} |
146 |
||
147 |
/** |
|
2596 | 148 |
* Check the length of an RSA key modulus/exponent to make sure it |
149 |
* is not too short or long. Some impls have their own min and |
|
150 |
* max key sizes that may or may not match with a system defined value. |
|
151 |
* |
|
152 |
* @param modulusLen the bit length of the RSA modulus. |
|
153 |
* @param exponent the RSA exponent |
|
30374 | 154 |
* @param minModulusLen if {@literal > 0}, check to see if modulusLen is at |
2596 | 155 |
* least this long, otherwise unused. |
156 |
* @param maxModulusLen caller will allow this max number of bits. |
|
157 |
* Allow the smaller of the system-defined maximum and this param. |
|
158 |
* |
|
159 |
* @throws InvalidKeyException if any of the values are unacceptable. |
|
2 | 160 |
*/ |
2596 | 161 |
public static void checkKeyLengths(int modulusLen, BigInteger exponent, |
162 |
int minModulusLen, int maxModulusLen) throws InvalidKeyException { |
|
163 |
||
164 |
if ((minModulusLen > 0) && (modulusLen < (minModulusLen))) { |
|
165 |
throw new InvalidKeyException( "RSA keys must be at least " + |
|
166 |
minModulusLen + " bits long"); |
|
167 |
} |
|
168 |
||
169 |
// Even though our policy file may allow this, we don't want |
|
170 |
// either value (mod/exp) to be too big. |
|
171 |
||
172 |
int maxLen = Math.min(maxModulusLen, MAX_MODLEN); |
|
173 |
||
174 |
// If a RSAPrivateKey/RSAPublicKey, make sure the |
|
175 |
// modulus len isn't too big. |
|
176 |
if (modulusLen > maxLen) { |
|
177 |
throw new InvalidKeyException( |
|
178 |
"RSA keys must be no longer than " + maxLen + " bits"); |
|
179 |
} |
|
180 |
||
181 |
// If a RSAPublicKey, make sure the exponent isn't too big. |
|
182 |
if (restrictExpLen && (exponent != null) && |
|
183 |
(modulusLen > MAX_MODLEN_RESTRICT_EXP) && |
|
184 |
(exponent.bitLength() > MAX_RESTRICTED_EXPLEN)) { |
|
185 |
throw new InvalidKeyException( |
|
186 |
"RSA exponents can be no longer than " + |
|
187 |
MAX_RESTRICTED_EXPLEN + " bits " + |
|
188 |
" if modulus is greater than " + |
|
189 |
MAX_MODLEN_RESTRICT_EXP + " bits"); |
|
2 | 190 |
} |
191 |
} |
|
192 |
||
56542 | 193 |
// disallowed as KeyType is required |
194 |
private RSAKeyFactory() { |
|
195 |
this.type = KeyType.RSA; |
|
196 |
} |
|
197 |
||
198 |
public RSAKeyFactory(KeyType type) { |
|
199 |
this.type = type; |
|
200 |
} |
|
201 |
||
2 | 202 |
/** |
203 |
* Translate an RSA key into a SunRsaSign RSA key. If conversion is |
|
204 |
* not possible, throw an InvalidKeyException. |
|
205 |
* See also JCA doc. |
|
206 |
*/ |
|
207 |
protected Key engineTranslateKey(Key key) throws InvalidKeyException { |
|
208 |
if (key == null) { |
|
209 |
throw new InvalidKeyException("Key must not be null"); |
|
210 |
} |
|
56542 | 211 |
// ensure the key algorithm matches the current KeyFactory instance |
212 |
checkKeyAlgo(key, type.keyAlgo()); |
|
213 |
||
214 |
// no translation needed if the key is already our own impl |
|
215 |
if ((key instanceof RSAPrivateKeyImpl) || |
|
216 |
(key instanceof RSAPrivateCrtKeyImpl) || |
|
217 |
(key instanceof RSAPublicKeyImpl)) { |
|
218 |
return key; |
|
2 | 219 |
} |
220 |
if (key instanceof PublicKey) { |
|
221 |
return translatePublicKey((PublicKey)key); |
|
222 |
} else if (key instanceof PrivateKey) { |
|
223 |
return translatePrivateKey((PrivateKey)key); |
|
224 |
} else { |
|
225 |
throw new InvalidKeyException("Neither a public nor a private key"); |
|
226 |
} |
|
227 |
} |
|
228 |
||
229 |
// see JCA doc |
|
230 |
protected PublicKey engineGeneratePublic(KeySpec keySpec) |
|
231 |
throws InvalidKeySpecException { |
|
232 |
try { |
|
233 |
return generatePublic(keySpec); |
|
234 |
} catch (InvalidKeySpecException e) { |
|
235 |
throw e; |
|
236 |
} catch (GeneralSecurityException e) { |
|
237 |
throw new InvalidKeySpecException(e); |
|
238 |
} |
|
239 |
} |
|
240 |
||
241 |
// see JCA doc |
|
242 |
protected PrivateKey engineGeneratePrivate(KeySpec keySpec) |
|
243 |
throws InvalidKeySpecException { |
|
244 |
try { |
|
245 |
return generatePrivate(keySpec); |
|
246 |
} catch (InvalidKeySpecException e) { |
|
247 |
throw e; |
|
248 |
} catch (GeneralSecurityException e) { |
|
249 |
throw new InvalidKeySpecException(e); |
|
250 |
} |
|
251 |
} |
|
252 |
||
253 |
// internal implementation of translateKey() for public keys. See JCA doc |
|
254 |
private PublicKey translatePublicKey(PublicKey key) |
|
255 |
throws InvalidKeyException { |
|
256 |
if (key instanceof RSAPublicKey) { |
|
257 |
RSAPublicKey rsaKey = (RSAPublicKey)key; |
|
258 |
try { |
|
259 |
return new RSAPublicKeyImpl( |
|
56542 | 260 |
RSAUtil.createAlgorithmId(type, rsaKey.getParams()), |
2 | 261 |
rsaKey.getModulus(), |
56542 | 262 |
rsaKey.getPublicExponent()); |
263 |
} catch (ProviderException e) { |
|
2 | 264 |
// catch providers that incorrectly implement RSAPublicKey |
265 |
throw new InvalidKeyException("Invalid key", e); |
|
266 |
} |
|
267 |
} else if ("X.509".equals(key.getFormat())) { |
|
268 |
byte[] encoded = key.getEncoded(); |
|
56542 | 269 |
RSAPublicKey translated = new RSAPublicKeyImpl(encoded); |
270 |
// ensure the key algorithm matches the current KeyFactory instance |
|
271 |
checkKeyAlgo(translated, type.keyAlgo()); |
|
272 |
return translated; |
|
2 | 273 |
} else { |
274 |
throw new InvalidKeyException("Public keys must be instance " |
|
275 |
+ "of RSAPublicKey or have X.509 encoding"); |
|
276 |
} |
|
277 |
} |
|
278 |
||
279 |
// internal implementation of translateKey() for private keys. See JCA doc |
|
280 |
private PrivateKey translatePrivateKey(PrivateKey key) |
|
281 |
throws InvalidKeyException { |
|
282 |
if (key instanceof RSAPrivateCrtKey) { |
|
283 |
RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey)key; |
|
284 |
try { |
|
285 |
return new RSAPrivateCrtKeyImpl( |
|
56542 | 286 |
RSAUtil.createAlgorithmId(type, rsaKey.getParams()), |
2 | 287 |
rsaKey.getModulus(), |
288 |
rsaKey.getPublicExponent(), |
|
289 |
rsaKey.getPrivateExponent(), |
|
290 |
rsaKey.getPrimeP(), |
|
291 |
rsaKey.getPrimeQ(), |
|
292 |
rsaKey.getPrimeExponentP(), |
|
293 |
rsaKey.getPrimeExponentQ(), |
|
294 |
rsaKey.getCrtCoefficient() |
|
295 |
); |
|
56542 | 296 |
} catch (ProviderException e) { |
2 | 297 |
// catch providers that incorrectly implement RSAPrivateCrtKey |
298 |
throw new InvalidKeyException("Invalid key", e); |
|
299 |
} |
|
300 |
} else if (key instanceof RSAPrivateKey) { |
|
301 |
RSAPrivateKey rsaKey = (RSAPrivateKey)key; |
|
302 |
try { |
|
303 |
return new RSAPrivateKeyImpl( |
|
56542 | 304 |
RSAUtil.createAlgorithmId(type, rsaKey.getParams()), |
2 | 305 |
rsaKey.getModulus(), |
306 |
rsaKey.getPrivateExponent() |
|
307 |
); |
|
56542 | 308 |
} catch (ProviderException e) { |
2 | 309 |
// catch providers that incorrectly implement RSAPrivateKey |
310 |
throw new InvalidKeyException("Invalid key", e); |
|
311 |
} |
|
312 |
} else if ("PKCS#8".equals(key.getFormat())) { |
|
313 |
byte[] encoded = key.getEncoded(); |
|
56542 | 314 |
RSAPrivateKey translated = RSAPrivateCrtKeyImpl.newKey(encoded); |
315 |
// ensure the key algorithm matches the current KeyFactory instance |
|
316 |
checkKeyAlgo(translated, type.keyAlgo()); |
|
317 |
return translated; |
|
2 | 318 |
} else { |
319 |
throw new InvalidKeyException("Private keys must be instance " |
|
320 |
+ "of RSAPrivate(Crt)Key or have PKCS#8 encoding"); |
|
321 |
} |
|
322 |
} |
|
323 |
||
324 |
// internal implementation of generatePublic. See JCA doc |
|
325 |
private PublicKey generatePublic(KeySpec keySpec) |
|
326 |
throws GeneralSecurityException { |
|
327 |
if (keySpec instanceof X509EncodedKeySpec) { |
|
328 |
X509EncodedKeySpec x509Spec = (X509EncodedKeySpec)keySpec; |
|
56542 | 329 |
RSAPublicKey generated = new RSAPublicKeyImpl(x509Spec.getEncoded()); |
330 |
// ensure the key algorithm matches the current KeyFactory instance |
|
331 |
checkKeyAlgo(generated, type.keyAlgo()); |
|
332 |
return generated; |
|
2 | 333 |
} else if (keySpec instanceof RSAPublicKeySpec) { |
334 |
RSAPublicKeySpec rsaSpec = (RSAPublicKeySpec)keySpec; |
|
56542 | 335 |
try { |
336 |
return new RSAPublicKeyImpl( |
|
337 |
RSAUtil.createAlgorithmId(type, rsaSpec.getParams()), |
|
338 |
rsaSpec.getModulus(), |
|
339 |
rsaSpec.getPublicExponent() |
|
340 |
); |
|
341 |
} catch (ProviderException e) { |
|
342 |
throw new InvalidKeySpecException(e); |
|
343 |
} |
|
2 | 344 |
} else { |
345 |
throw new InvalidKeySpecException("Only RSAPublicKeySpec " |
|
346 |
+ "and X509EncodedKeySpec supported for RSA public keys"); |
|
347 |
} |
|
348 |
} |
|
349 |
||
350 |
// internal implementation of generatePrivate. See JCA doc |
|
351 |
private PrivateKey generatePrivate(KeySpec keySpec) |
|
352 |
throws GeneralSecurityException { |
|
353 |
if (keySpec instanceof PKCS8EncodedKeySpec) { |
|
354 |
PKCS8EncodedKeySpec pkcsSpec = (PKCS8EncodedKeySpec)keySpec; |
|
56542 | 355 |
RSAPrivateKey generated = RSAPrivateCrtKeyImpl.newKey(pkcsSpec.getEncoded()); |
356 |
// ensure the key algorithm matches the current KeyFactory instance |
|
357 |
checkKeyAlgo(generated, type.keyAlgo()); |
|
358 |
return generated; |
|
2 | 359 |
} else if (keySpec instanceof RSAPrivateCrtKeySpec) { |
360 |
RSAPrivateCrtKeySpec rsaSpec = (RSAPrivateCrtKeySpec)keySpec; |
|
56542 | 361 |
try { |
362 |
return new RSAPrivateCrtKeyImpl( |
|
363 |
RSAUtil.createAlgorithmId(type, rsaSpec.getParams()), |
|
364 |
rsaSpec.getModulus(), |
|
365 |
rsaSpec.getPublicExponent(), |
|
366 |
rsaSpec.getPrivateExponent(), |
|
367 |
rsaSpec.getPrimeP(), |
|
368 |
rsaSpec.getPrimeQ(), |
|
369 |
rsaSpec.getPrimeExponentP(), |
|
370 |
rsaSpec.getPrimeExponentQ(), |
|
371 |
rsaSpec.getCrtCoefficient() |
|
372 |
); |
|
373 |
} catch (ProviderException e) { |
|
374 |
throw new InvalidKeySpecException(e); |
|
375 |
} |
|
2 | 376 |
} else if (keySpec instanceof RSAPrivateKeySpec) { |
377 |
RSAPrivateKeySpec rsaSpec = (RSAPrivateKeySpec)keySpec; |
|
56542 | 378 |
try { |
379 |
return new RSAPrivateKeyImpl( |
|
380 |
RSAUtil.createAlgorithmId(type, rsaSpec.getParams()), |
|
381 |
rsaSpec.getModulus(), |
|
382 |
rsaSpec.getPrivateExponent() |
|
383 |
); |
|
384 |
} catch (ProviderException e) { |
|
385 |
throw new InvalidKeySpecException(e); |
|
386 |
} |
|
2 | 387 |
} else { |
388 |
throw new InvalidKeySpecException("Only RSAPrivate(Crt)KeySpec " |
|
389 |
+ "and PKCS8EncodedKeySpec supported for RSA private keys"); |
|
390 |
} |
|
391 |
} |
|
392 |
||
393 |
protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec) |
|
394 |
throws InvalidKeySpecException { |
|
395 |
try { |
|
396 |
// convert key to one of our keys |
|
397 |
// this also verifies that the key is a valid RSA key and ensures |
|
398 |
// that the encoding is X.509/PKCS#8 for public/private keys |
|
399 |
key = engineTranslateKey(key); |
|
400 |
} catch (InvalidKeyException e) { |
|
401 |
throw new InvalidKeySpecException(e); |
|
402 |
} |
|
403 |
if (key instanceof RSAPublicKey) { |
|
404 |
RSAPublicKey rsaKey = (RSAPublicKey)key; |
|
56542 | 405 |
if (RSA_PUB_KEYSPEC_CLS.isAssignableFrom(keySpec)) { |
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
406 |
return keySpec.cast(new RSAPublicKeySpec( |
2 | 407 |
rsaKey.getModulus(), |
56542 | 408 |
rsaKey.getPublicExponent(), |
409 |
rsaKey.getParams() |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
410 |
)); |
56542 | 411 |
} else if (X509_KEYSPEC_CLS.isAssignableFrom(keySpec)) { |
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
412 |
return keySpec.cast(new X509EncodedKeySpec(key.getEncoded())); |
2 | 413 |
} else { |
414 |
throw new InvalidKeySpecException |
|
415 |
("KeySpec must be RSAPublicKeySpec or " |
|
416 |
+ "X509EncodedKeySpec for RSA public keys"); |
|
417 |
} |
|
418 |
} else if (key instanceof RSAPrivateKey) { |
|
56542 | 419 |
if (PKCS8_KEYSPEC_CLS.isAssignableFrom(keySpec)) { |
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
420 |
return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded())); |
56542 | 421 |
} else if (RSA_PRIVCRT_KEYSPEC_CLS.isAssignableFrom(keySpec)) { |
2 | 422 |
if (key instanceof RSAPrivateCrtKey) { |
423 |
RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)key; |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
424 |
return keySpec.cast(new RSAPrivateCrtKeySpec( |
2 | 425 |
crtKey.getModulus(), |
426 |
crtKey.getPublicExponent(), |
|
427 |
crtKey.getPrivateExponent(), |
|
428 |
crtKey.getPrimeP(), |
|
429 |
crtKey.getPrimeQ(), |
|
430 |
crtKey.getPrimeExponentP(), |
|
431 |
crtKey.getPrimeExponentQ(), |
|
56542 | 432 |
crtKey.getCrtCoefficient(), |
433 |
crtKey.getParams() |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
434 |
)); |
2 | 435 |
} else { |
436 |
throw new InvalidKeySpecException |
|
437 |
("RSAPrivateCrtKeySpec can only be used with CRT keys"); |
|
438 |
} |
|
56542 | 439 |
} else if (RSA_PRIV_KEYSPEC_CLS.isAssignableFrom(keySpec)) { |
2 | 440 |
RSAPrivateKey rsaKey = (RSAPrivateKey)key; |
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
441 |
return keySpec.cast(new RSAPrivateKeySpec( |
2 | 442 |
rsaKey.getModulus(), |
56542 | 443 |
rsaKey.getPrivateExponent(), |
444 |
rsaKey.getParams() |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
445 |
)); |
2 | 446 |
} else { |
447 |
throw new InvalidKeySpecException |
|
448 |
("KeySpec must be RSAPrivate(Crt)KeySpec or " |
|
449 |
+ "PKCS8EncodedKeySpec for RSA private keys"); |
|
450 |
} |
|
451 |
} else { |
|
452 |
// should not occur, caught in engineTranslateKey() |
|
453 |
throw new InvalidKeySpecException("Neither public nor private key"); |
|
454 |
} |
|
455 |
} |
|
56542 | 456 |
|
457 |
public static final class Legacy extends RSAKeyFactory { |
|
458 |
public Legacy() { |
|
459 |
super(KeyType.RSA); |
|
460 |
} |
|
461 |
} |
|
462 |
||
463 |
public static final class PSS extends RSAKeyFactory { |
|
464 |
public PSS() { |
|
465 |
super(KeyType.PSS); |
|
466 |
} |
|
467 |
} |
|
2 | 468 |
} |