author | darcy |
Wed, 09 Oct 2019 09:57:41 -0700 | |
changeset 58519 | 6e017b301287 |
parent 57950 | 4612a3cfb927 |
child 58679 | 9c3209ff7550 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
57950
4612a3cfb927
8229999: Apply java.io.Serial annotations to security types in java.base
darcy
parents:
50918
diff
changeset
|
2 |
* Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package sun.security.rsa; |
|
27 |
||
28 |
import java.io.IOException; |
|
29 |
import java.math.BigInteger; |
|
30 |
||
31 |
import java.security.*; |
|
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
32 |
import java.security.spec.*; |
2 | 33 |
import java.security.interfaces.*; |
34 |
||
35 |
import sun.security.util.*; |
|
36 |
import sun.security.x509.X509Key; |
|
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
37 |
import sun.security.x509.AlgorithmId; |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
38 |
|
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
39 |
import static sun.security.rsa.RSAUtil.KeyType; |
2 | 40 |
|
41 |
/** |
|
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
42 |
* RSA public key implementation for "RSA", "RSASSA-PSS" algorithms. |
2 | 43 |
* |
44 |
* Note: RSA keys must be at least 512 bits long |
|
45 |
* |
|
46 |
* @see RSAPrivateCrtKeyImpl |
|
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
47 |
* @see RSAPrivateKeyImpl |
2 | 48 |
* @see RSAKeyFactory |
49 |
* |
|
50 |
* @since 1.5 |
|
51 |
* @author Andreas Sterbenz |
|
52 |
*/ |
|
53 |
public final class RSAPublicKeyImpl extends X509Key implements RSAPublicKey { |
|
54 |
||
57950
4612a3cfb927
8229999: Apply java.io.Serial annotations to security types in java.base
darcy
parents:
50918
diff
changeset
|
55 |
@java.io.Serial |
2 | 56 |
private static final long serialVersionUID = 2644735423591199609L; |
48567 | 57 |
private static final BigInteger THREE = BigInteger.valueOf(3); |
2 | 58 |
|
59 |
private BigInteger n; // modulus |
|
60 |
private BigInteger e; // public exponent |
|
61 |
||
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
62 |
// optional parameters associated with this RSA key |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
63 |
// specified in the encoding of its AlgorithmId |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
64 |
// must be null for "RSA" keys. |
58519
6e017b301287
8231262: Suppress warnings on non-serializable instance fields in security libs serializable classes
darcy
parents:
57950
diff
changeset
|
65 |
@SuppressWarnings("serial") // Not statically typed as Serializable |
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
66 |
private AlgorithmParameterSpec keyParams; |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
67 |
|
2 | 68 |
/** |
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
69 |
* Generate a new RSAPublicKey from the specified encoding. |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
70 |
* Used by SunPKCS11 provider. |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
71 |
*/ |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
72 |
public static RSAPublicKey newKey(byte[] encoded) |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
73 |
throws InvalidKeyException { |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
74 |
return new RSAPublicKeyImpl(encoded); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
75 |
} |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
76 |
|
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
77 |
/** |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
78 |
* Generate a new RSAPublicKey from the specified type and components. |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
79 |
* Used by SunPKCS11 provider. |
2 | 80 |
*/ |
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
81 |
public static RSAPublicKey newKey(KeyType type, |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
82 |
AlgorithmParameterSpec params, BigInteger n, BigInteger e) |
2596 | 83 |
throws InvalidKeyException { |
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
84 |
AlgorithmId rsaId = RSAUtil.createAlgorithmId(type, params); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
85 |
return new RSAPublicKeyImpl(rsaId, n, e); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
86 |
} |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
87 |
|
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
88 |
/** |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
89 |
* Construct a RSA key from AlgorithmId and its components. Used by |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
90 |
* RSAKeyFactory and RSAKeyPairGenerator. |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
91 |
*/ |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
92 |
RSAPublicKeyImpl(AlgorithmId rsaId, BigInteger n, BigInteger e) |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
93 |
throws InvalidKeyException { |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
94 |
RSAKeyFactory.checkRSAProviderKeyLengths(n.bitLength(), e); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
95 |
checkExponentRange(n, e); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
96 |
|
2 | 97 |
this.n = n; |
98 |
this.e = e; |
|
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
99 |
this.keyParams = RSAUtil.getParamSpec(rsaId); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
100 |
|
2 | 101 |
// generate the encoding |
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
102 |
algid = rsaId; |
2 | 103 |
try { |
104 |
DerOutputStream out = new DerOutputStream(); |
|
105 |
out.putInteger(n); |
|
106 |
out.putInteger(e); |
|
19375
cdfdb9c0590e
8022461: Fix lint warnings in sun.security.{provider,rsa,x509}
juh
parents:
5506
diff
changeset
|
107 |
byte[] keyArray = |
cdfdb9c0590e
8022461: Fix lint warnings in sun.security.{provider,rsa,x509}
juh
parents:
5506
diff
changeset
|
108 |
new DerValue(DerValue.tag_Sequence, |
cdfdb9c0590e
8022461: Fix lint warnings in sun.security.{provider,rsa,x509}
juh
parents:
5506
diff
changeset
|
109 |
out.toByteArray()).toByteArray(); |
cdfdb9c0590e
8022461: Fix lint warnings in sun.security.{provider,rsa,x509}
juh
parents:
5506
diff
changeset
|
110 |
setKey(new BitArray(keyArray.length*8, keyArray)); |
2 | 111 |
} catch (IOException exc) { |
112 |
// should never occur |
|
113 |
throw new InvalidKeyException(exc); |
|
114 |
} |
|
115 |
} |
|
116 |
||
117 |
/** |
|
118 |
* Construct a key from its encoding. Used by RSAKeyFactory. |
|
119 |
*/ |
|
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
120 |
RSAPublicKeyImpl(byte[] encoded) throws InvalidKeyException { |
50918
ebff24bd9302
8205720: KeyFactory#getKeySpec and translateKey thorws NullPointerException with Invalid key
valeriep
parents:
50204
diff
changeset
|
121 |
if (encoded == null || encoded.length == 0) { |
ebff24bd9302
8205720: KeyFactory#getKeySpec and translateKey thorws NullPointerException with Invalid key
valeriep
parents:
50204
diff
changeset
|
122 |
throw new InvalidKeyException("Missing key encoding"); |
ebff24bd9302
8205720: KeyFactory#getKeySpec and translateKey thorws NullPointerException with Invalid key
valeriep
parents:
50204
diff
changeset
|
123 |
} |
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
124 |
decode(encoded); // this sets n and e value |
2596 | 125 |
RSAKeyFactory.checkRSAProviderKeyLengths(n.bitLength(), e); |
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
126 |
checkExponentRange(n, e); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
127 |
|
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
128 |
try { |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
129 |
// this will check the validity of params |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
130 |
this.keyParams = RSAUtil.getParamSpec(algid); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
131 |
} catch (ProviderException e) { |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
132 |
throw new InvalidKeyException(e); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
133 |
} |
48567 | 134 |
} |
135 |
||
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
136 |
// pkg private utility method for checking RSA modulus and public exponent |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
137 |
static void checkExponentRange(BigInteger mod, BigInteger exp) |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
138 |
throws InvalidKeyException { |
48567 | 139 |
// the exponent should be smaller than the modulus |
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
140 |
if (exp.compareTo(mod) >= 0) { |
48567 | 141 |
throw new InvalidKeyException("exponent is larger than modulus"); |
142 |
} |
|
143 |
||
144 |
// the exponent should be at least 3 |
|
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
145 |
if (exp.compareTo(THREE) < 0) { |
48567 | 146 |
throw new InvalidKeyException("exponent is smaller than 3"); |
147 |
} |
|
2 | 148 |
} |
149 |
||
150 |
// see JCA doc |
|
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
151 |
@Override |
2 | 152 |
public String getAlgorithm() { |
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
153 |
return algid.getName(); |
2 | 154 |
} |
155 |
||
156 |
// see JCA doc |
|
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
157 |
@Override |
2 | 158 |
public BigInteger getModulus() { |
159 |
return n; |
|
160 |
} |
|
161 |
||
162 |
// see JCA doc |
|
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
163 |
@Override |
2 | 164 |
public BigInteger getPublicExponent() { |
165 |
return e; |
|
166 |
} |
|
167 |
||
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
168 |
// see JCA doc |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
169 |
@Override |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
170 |
public AlgorithmParameterSpec getParams() { |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
171 |
return keyParams; |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
172 |
} |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
173 |
|
2 | 174 |
/** |
175 |
* Parse the key. Called by X509Key. |
|
176 |
*/ |
|
177 |
protected void parseKeyBits() throws InvalidKeyException { |
|
178 |
try { |
|
19375
cdfdb9c0590e
8022461: Fix lint warnings in sun.security.{provider,rsa,x509}
juh
parents:
5506
diff
changeset
|
179 |
DerInputStream in = new DerInputStream(getKey().toByteArray()); |
2 | 180 |
DerValue derValue = in.getDerValue(); |
181 |
if (derValue.tag != DerValue.tag_Sequence) { |
|
182 |
throw new IOException("Not a SEQUENCE"); |
|
183 |
} |
|
184 |
DerInputStream data = derValue.data; |
|
44260
dd947f766e11
8175251: Failed to load RSA private key from pkcs12
valeriep
parents:
25859
diff
changeset
|
185 |
n = data.getPositiveBigInteger(); |
dd947f766e11
8175251: Failed to load RSA private key from pkcs12
valeriep
parents:
25859
diff
changeset
|
186 |
e = data.getPositiveBigInteger(); |
2 | 187 |
if (derValue.data.available() != 0) { |
188 |
throw new IOException("Extra data available"); |
|
189 |
} |
|
190 |
} catch (IOException e) { |
|
191 |
throw new InvalidKeyException("Invalid RSA public key", e); |
|
192 |
} |
|
193 |
} |
|
194 |
||
195 |
// return a string representation of this key for debugging |
|
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
196 |
@Override |
2 | 197 |
public String toString() { |
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
198 |
return "Sun " + getAlgorithm() + " public key, " + n.bitLength() |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
199 |
+ " bits" + "\n params: " + keyParams + "\n modulus: " + n |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
48567
diff
changeset
|
200 |
+ "\n public exponent: " + e; |
2 | 201 |
} |
202 |
||
57950
4612a3cfb927
8229999: Apply java.io.Serial annotations to security types in java.base
darcy
parents:
50918
diff
changeset
|
203 |
@java.io.Serial |
2 | 204 |
protected Object writeReplace() throws java.io.ObjectStreamException { |
205 |
return new KeyRep(KeyRep.Type.PUBLIC, |
|
206 |
getAlgorithm(), |
|
207 |
getFormat(), |
|
208 |
getEncoded()); |
|
209 |
} |
|
210 |
} |