--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/x509/X509Key.java Sun Aug 17 15:54:13 2014 +0100
@@ -0,0 +1,477 @@
+/*
+ * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.x509;
+
+import java.io.*;
+import java.util.Arrays;
+import java.util.Properties;
+import java.security.Key;
+import java.security.PublicKey;
+import java.security.KeyFactory;
+import java.security.Security;
+import java.security.Provider;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.X509EncodedKeySpec;
+
+import sun.misc.HexDumpEncoder;
+import sun.security.util.*;
+
+/**
+ * Holds an X.509 key, for example a public key found in an X.509
+ * certificate. Includes a description of the algorithm to be used
+ * with the key; these keys normally are used as
+ * "SubjectPublicKeyInfo".
+ *
+ * <P>While this class can represent any kind of X.509 key, it may be
+ * desirable to provide subclasses which understand how to parse keying
+ * data. For example, RSA public keys have two members, one for the
+ * public modulus and one for the prime exponent. If such a class is
+ * provided, it is used when parsing X.509 keys. If one is not provided,
+ * the key still parses correctly.
+ *
+ * @author David Brownell
+ */
+public class X509Key implements PublicKey {
+
+ /** use serialVersionUID from JDK 1.1. for interoperability */
+ private static final long serialVersionUID = -5359250853002055002L;
+
+ /* The algorithm information (name, parameters, etc). */
+ protected AlgorithmId algid;
+
+ /**
+ * The key bytes, without the algorithm information.
+ * @deprecated Use the BitArray form which does not require keys to
+ * be byte aligned.
+ * @see sun.security.x509.X509Key#setKey(BitArray)
+ * @see sun.security.x509.X509Key#getKey()
+ */
+ @Deprecated
+ protected byte[] key = null;
+
+ /*
+ * The number of bits unused in the last byte of the key.
+ * Added to keep the byte[] key form consistent with the BitArray
+ * form. Can de deleted when byte[] key is deleted.
+ */
+ @Deprecated
+ private int unusedBits = 0;
+
+ /* BitArray form of key */
+ private BitArray bitStringKey = null;
+
+ /* The encoding for the key. */
+ protected byte[] encodedKey;
+
+ /**
+ * Default constructor. The key constructed must have its key
+ * and algorithm initialized before it may be used, for example
+ * by using <code>decode</code>.
+ */
+ public X509Key() { }
+
+ /*
+ * Build and initialize as a "default" key. All X.509 key
+ * data is stored and transmitted losslessly, but no knowledge
+ * about this particular algorithm is available.
+ */
+ private X509Key(AlgorithmId algid, BitArray key)
+ throws InvalidKeyException {
+ this.algid = algid;
+ setKey(key);
+ encode();
+ }
+
+ /**
+ * Sets the key in the BitArray form.
+ */
+ protected void setKey(BitArray key) {
+ this.bitStringKey = (BitArray)key.clone();
+
+ /*
+ * Do this to keep the byte array form consistent with
+ * this. Can delete when byte[] key is deleted.
+ */
+ this.key = key.toByteArray();
+ int remaining = key.length() % 8;
+ this.unusedBits =
+ ((remaining == 0) ? 0 : 8 - remaining);
+ }
+
+ /**
+ * Gets the key. The key may or may not be byte aligned.
+ * @return a BitArray containing the key.
+ */
+ protected BitArray getKey() {
+ /*
+ * Do this for consistency in case a subclass
+ * modifies byte[] key directly. Remove when
+ * byte[] key is deleted.
+ * Note: the consistency checks fail when the subclass
+ * modifies a non byte-aligned key (into a byte-aligned key)
+ * using the deprecated byte[] key field.
+ */
+ this.bitStringKey = new BitArray(
+ this.key.length * 8 - this.unusedBits,
+ this.key);
+
+ return (BitArray)bitStringKey.clone();
+ }
+
+ /**
+ * Construct X.509 subject public key from a DER value. If
+ * the runtime environment is configured with a specific class for
+ * this kind of key, a subclass is returned. Otherwise, a generic
+ * X509Key object is returned.
+ *
+ * <P>This mechanism gurantees that keys (and algorithms) may be
+ * freely manipulated and transferred, without risk of losing
+ * information. Also, when a key (or algorithm) needs some special
+ * handling, that specific need can be accomodated.
+ *
+ * @param in the DER-encoded SubjectPublicKeyInfo value
+ * @exception IOException on data format errors
+ */
+ public static PublicKey parse(DerValue in) throws IOException
+ {
+ AlgorithmId algorithm;
+ PublicKey subjectKey;
+
+ if (in.tag != DerValue.tag_Sequence)
+ throw new IOException("corrupt subject key");
+
+ algorithm = AlgorithmId.parse(in.data.getDerValue());
+ try {
+ subjectKey = buildX509Key(algorithm,
+ in.data.getUnalignedBitString());
+
+ } catch (InvalidKeyException e) {
+ throw new IOException("subject key, " + e.getMessage(), e);
+ }
+
+ if (in.data.available() != 0)
+ throw new IOException("excess subject key");
+ return subjectKey;
+ }
+
+ /**
+ * Parse the key bits. This may be redefined by subclasses to take
+ * advantage of structure within the key. For example, RSA public
+ * keys encapsulate two unsigned integers (modulus and exponent) as
+ * DER values within the <code>key</code> bits; Diffie-Hellman and
+ * DSS/DSA keys encapsulate a single unsigned integer.
+ *
+ * <P>This function is called when creating X.509 SubjectPublicKeyInfo
+ * values using the X509Key member functions, such as <code>parse</code>
+ * and <code>decode</code>.
+ *
+ * @exception IOException on parsing errors.
+ * @exception InvalidKeyException on invalid key encodings.
+ */
+ protected void parseKeyBits() throws IOException, InvalidKeyException {
+ encode();
+ }
+
+ /*
+ * Factory interface, building the kind of key associated with this
+ * specific algorithm ID or else returning this generic base class.
+ * See the description above.
+ */
+ static PublicKey buildX509Key(AlgorithmId algid, BitArray key)
+ throws IOException, InvalidKeyException
+ {
+ /*
+ * Use the algid and key parameters to produce the ASN.1 encoding
+ * of the key, which will then be used as the input to the
+ * key factory.
+ */
+ DerOutputStream x509EncodedKeyStream = new DerOutputStream();
+ encode(x509EncodedKeyStream, algid, key);
+ X509EncodedKeySpec x509KeySpec
+ = new X509EncodedKeySpec(x509EncodedKeyStream.toByteArray());
+
+ try {
+ // Instantiate the key factory of the appropriate algorithm
+ KeyFactory keyFac = KeyFactory.getInstance(algid.getName());
+
+ // Generate the public key
+ return keyFac.generatePublic(x509KeySpec);
+ } catch (NoSuchAlgorithmException e) {
+ // Return generic X509Key with opaque key data (see below)
+ } catch (InvalidKeySpecException e) {
+ throw new InvalidKeyException(e.getMessage(), e);
+ }
+
+ /*
+ * Try again using JDK1.1-style for backwards compatibility.
+ */
+ String classname = "";
+ try {
+ Properties props;
+ String keytype;
+ Provider sunProvider;
+
+ sunProvider = Security.getProvider("SUN");
+ if (sunProvider == null)
+ throw new InstantiationException();
+ classname = sunProvider.getProperty("PublicKey.X.509." +
+ algid.getName());
+ if (classname == null) {
+ throw new InstantiationException();
+ }
+
+ Class<?> keyClass = null;
+ try {
+ keyClass = Class.forName(classname);
+ } catch (ClassNotFoundException e) {
+ ClassLoader cl = ClassLoader.getSystemClassLoader();
+ if (cl != null) {
+ keyClass = cl.loadClass(classname);
+ }
+ }
+
+ Object inst = null;
+ X509Key result;
+
+ if (keyClass != null)
+ inst = keyClass.newInstance();
+ if (inst instanceof X509Key) {
+ result = (X509Key) inst;
+ result.algid = algid;
+ result.setKey(key);
+ result.parseKeyBits();
+ return result;
+ }
+ } catch (ClassNotFoundException e) {
+ } catch (InstantiationException e) {
+ } catch (IllegalAccessException e) {
+ // this should not happen.
+ throw new IOException (classname + " [internal error]");
+ }
+
+ X509Key result = new X509Key(algid, key);
+ return result;
+ }
+
+ /**
+ * Returns the algorithm to be used with this key.
+ */
+ public String getAlgorithm() {
+ return algid.getName();
+ }
+
+ /**
+ * Returns the algorithm ID to be used with this key.
+ */
+ public AlgorithmId getAlgorithmId() { return algid; }
+
+ /**
+ * Encode SubjectPublicKeyInfo sequence on the DER output stream.
+ *
+ * @exception IOException on encoding errors.
+ */
+ public final void encode(DerOutputStream out) throws IOException
+ {
+ encode(out, this.algid, getKey());
+ }
+
+ /**
+ * Returns the DER-encoded form of the key as a byte array.
+ */
+ public byte[] getEncoded() {
+ try {
+ return getEncodedInternal().clone();
+ } catch (InvalidKeyException e) {
+ // XXX
+ }
+ return null;
+ }
+
+ public byte[] getEncodedInternal() throws InvalidKeyException {
+ byte[] encoded = encodedKey;
+ if (encoded == null) {
+ try {
+ DerOutputStream out = new DerOutputStream();
+ encode(out);
+ encoded = out.toByteArray();
+ } catch (IOException e) {
+ throw new InvalidKeyException("IOException : " +
+ e.getMessage());
+ }
+ encodedKey = encoded;
+ }
+ return encoded;
+ }
+
+ /**
+ * Returns the format for this key: "X.509"
+ */
+ public String getFormat() {
+ return "X.509";
+ }
+
+ /**
+ * Returns the DER-encoded form of the key as a byte array.
+ *
+ * @exception InvalidKeyException on encoding errors.
+ */
+ public byte[] encode() throws InvalidKeyException {
+ return getEncodedInternal().clone();
+ }
+
+ /*
+ * Returns a printable representation of the key
+ */
+ public String toString()
+ {
+ HexDumpEncoder encoder = new HexDumpEncoder();
+
+ return "algorithm = " + algid.toString()
+ + ", unparsed keybits = \n" + encoder.encodeBuffer(key);
+ }
+
+ /**
+ * Initialize an X509Key object from an input stream. The data on that
+ * input stream must be encoded using DER, obeying the X.509
+ * <code>SubjectPublicKeyInfo</code> format. That is, the data is a
+ * sequence consisting of an algorithm ID and a bit string which holds
+ * the key. (That bit string is often used to encapsulate another DER
+ * encoded sequence.)
+ *
+ * <P>Subclasses should not normally redefine this method; they should
+ * instead provide a <code>parseKeyBits</code> method to parse any
+ * fields inside the <code>key</code> member.
+ *
+ * <P>The exception to this rule is that since private keys need not
+ * be encoded using the X.509 <code>SubjectPublicKeyInfo</code> format,
+ * private keys may override this method, <code>encode</code>, and
+ * of course <code>getFormat</code>.
+ *
+ * @param in an input stream with a DER-encoded X.509
+ * SubjectPublicKeyInfo value
+ * @exception InvalidKeyException on parsing errors.
+ */
+ public void decode(InputStream in)
+ throws InvalidKeyException
+ {
+ DerValue val;
+
+ try {
+ val = new DerValue(in);
+ if (val.tag != DerValue.tag_Sequence)
+ throw new InvalidKeyException("invalid key format");
+
+ algid = AlgorithmId.parse(val.data.getDerValue());
+ setKey(val.data.getUnalignedBitString());
+ parseKeyBits();
+ if (val.data.available() != 0)
+ throw new InvalidKeyException ("excess key data");
+
+ } catch (IOException e) {
+ // e.printStackTrace ();
+ throw new InvalidKeyException("IOException: " +
+ e.getMessage());
+ }
+ }
+
+ public void decode(byte[] encodedKey) throws InvalidKeyException {
+ decode(new ByteArrayInputStream(encodedKey));
+ }
+
+ /**
+ * Serialization write ... X.509 keys serialize as
+ * themselves, and they're parsed when they get read back.
+ */
+ private void writeObject(ObjectOutputStream stream) throws IOException {
+ stream.write(getEncoded());
+ }
+
+ /**
+ * Serialization read ... X.509 keys serialize as
+ * themselves, and they're parsed when they get read back.
+ */
+ private void readObject(ObjectInputStream stream) throws IOException {
+ try {
+ decode(stream);
+ } catch (InvalidKeyException e) {
+ e.printStackTrace();
+ throw new IOException("deserialized key is invalid: " +
+ e.getMessage());
+ }
+ }
+
+ public boolean equals(Object obj) {
+ if (this == obj) {
+ return true;
+ }
+ if (obj instanceof Key == false) {
+ return false;
+ }
+ try {
+ byte[] thisEncoded = this.getEncodedInternal();
+ byte[] otherEncoded;
+ if (obj instanceof X509Key) {
+ otherEncoded = ((X509Key)obj).getEncodedInternal();
+ } else {
+ otherEncoded = ((Key)obj).getEncoded();
+ }
+ return Arrays.equals(thisEncoded, otherEncoded);
+ } catch (InvalidKeyException e) {
+ return false;
+ }
+ }
+
+ /**
+ * Calculates a hash code value for the object. Objects
+ * which are equal will also have the same hashcode.
+ */
+ public int hashCode() {
+ try {
+ byte[] b1 = getEncodedInternal();
+ int r = b1.length;
+ for (int i = 0; i < b1.length; i++) {
+ r += (b1[i] & 0xff) * 37;
+ }
+ return r;
+ } catch (InvalidKeyException e) {
+ // should not happen
+ return 0;
+ }
+ }
+
+ /*
+ * Produce SubjectPublicKey encoding from algorithm id and key material.
+ */
+ static void encode(DerOutputStream out, AlgorithmId algid, BitArray key)
+ throws IOException {
+ DerOutputStream tmp = new DerOutputStream();
+ algid.encode(tmp);
+ tmp.putUnalignedBitString(key);
+ out.write(DerValue.tag_Sequence, tmp);
+ }
+}