[cp-patches] FYI: RSA key-pair X.509 codec to handle optional params field

Sat, 25 Feb 2006 20:17:32 -0800 

hello all,

the attached patch --already committed-- adds logging to the 
RSAKeyPairX509Codec and clarifies that RSA parameters if/when present 
in an Algorithm element MUST be null.  it also amends the parsing code 
to handle the fact that this field is optional.

the changes in the EncodedKeyFactory are only for adding logging 
statements.

2006-02-26  Raif S. Naffah  <[EMAIL PROTECTED]>

        * gnu/java/security/jce/sig/EncodedKeyFactory.java (log): New field.
        (engineGeneratePublic): Added logging.
        (engineGeneratePrivate): Likewise.
        * gnu/java/security/key/rsa/RSAKeyPairX509Codec.java (log): New field.
        (encodePublicKey): Added logging.
        Clarified in method documentation that params is optional, but is
        always NULL if present.
        (decodePublicKey): Added logging.
        Handle optional NULL element.


cheers;
rsn

Index: RSAKeyPairX509Codec.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java,v
retrieving revision 1.3
diff -u -r1.3 RSAKeyPairX509Codec.java
--- RSAKeyPairX509Codec.java	23 Feb 2006 12:54:46 -0000	1.3
+++ RSAKeyPairX509Codec.java	26 Feb 2006 04:02:28 -0000
@@ -55,6 +55,7 @@
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.util.ArrayList;
+import java.util.logging.Logger;

 /**
  * An implementation of an [EMAIL PROTECTED] IKeyPairCodec} that knows how to encode /
@@ -63,6 +64,7 @@
 public class RSAKeyPairX509Codec
     implements IKeyPairCodec
 {
+  private static final Logger log = Logger.getLogger(RSAKeyPairX509Codec.class.getName());
   private static final OID RSA_ALG_OID = new OID(Registry.RSA_OID_STRING);

   // implicit 0-arguments constructor
@@ -88,9 +90,12 @@
    *     parameters  ANY DEFINED BY algorithm OPTIONAL
    *   }
    * </pre>
-   *
-   * <p>The <i>subjectPublicKey</i> field, which is a BIT STRING, contains the
-   * DER-encoded form of the RSA public key defined as:</p>
+   * <p>
+   * As indicated in RFC-2459: "The parameters field shall have ASN.1 type NULL
+   * for this algorithm identifier.".
+   * <p>
+   * The <i>subjectPublicKey</i> field, which is a BIT STRING, contains the
+   * DER-encoded form of the RSA public key defined as:
    *
    * <pre>
    *   RSAPublicKey ::= SEQUENCE {
@@ -109,6 +114,8 @@
    */
   public byte[] encodePublicKey(PublicKey key)
   {
+    log.entering(this.getClass().getName(), "encodePublicKey()", key);
+
     if (! (key instanceof GnuRSAPublicKey))
       throw new InvalidParameterException("key");

@@ -153,6 +160,7 @@
         throw y;
       }

+    log.exiting(this.getClass().getName(), "encodePublicKey()", result);
     return result;
   }

@@ -174,6 +182,8 @@
    */
   public PublicKey decodePublicKey(byte[] input)
   {
+    log.entering(this.getClass().getName(), "decodePublicKey()", input);
+
     if (input == null)
       throw new InvalidParameterException("Input bytes MUST NOT be null");

@@ -195,7 +205,11 @@
         if (! algOID.equals(RSA_ALG_OID))
           throw new InvalidParameterException("Unexpected OID: " + algOID);

+        // rfc-2459 states that this field is OPTIONAL but NULL if/when present
         DERValue val = der.read();
+        if (val.getTag() == DER.NULL)
+          val = der.read();
+
         if (! (val.getValue() instanceof BitString))
           throw new InvalidParameterException("Wrong SubjectPublicKey field");

@@ -219,7 +233,9 @@
         throw y;
       }

-    return new GnuRSAPublicKey(Registry.X509_ENCODING_ID, n, e);
+    PublicKey result = new GnuRSAPublicKey(Registry.X509_ENCODING_ID, n, e);
+    log.exiting(this.getClass().getName(), "decodePublicKey()", result);
+    return result;
   }

   /**
Index: EncodedKeyFactory.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/java/security/jce/sig/EncodedKeyFactory.java,v
retrieving revision 1.4
diff -u -r1.4 EncodedKeyFactory.java
--- EncodedKeyFactory.java	12 Feb 2006 08:57:57 -0000	1.4
+++ EncodedKeyFactory.java	26 Feb 2006 04:06:59 -0000
@@ -62,6 +62,8 @@
 import java.security.spec.RSAPrivateCrtKeySpec;
 import java.security.spec.RSAPublicKeySpec;
 import java.security.spec.X509EncodedKeySpec;
+import java.util.logging.Level;
+import java.util.logging.Logger;

 import javax.crypto.interfaces.DHPrivateKey;
 import javax.crypto.interfaces.DHPublicKey;
@@ -75,6 +77,8 @@
 public class EncodedKeyFactory
     extends KeyFactorySpi
 {
+  private static final Logger log = Logger.getLogger(EncodedKeyFactory.class.getName());
+
   // implicit 0-arguments constructor

   // Class methods
@@ -192,79 +196,105 @@
   protected PublicKey engineGeneratePublic(KeySpec keySpec)
       throws InvalidKeySpecException
   {
-    if (keySpec instanceof DSAPublicKeySpec)
-      return decodeDSSPublicKey((DSAPublicKeySpec) keySpec);
-
-    if (keySpec instanceof RSAPublicKeySpec)
-      return decodeRSAPublicKey((RSAPublicKeySpec) keySpec);
-
-    if (keySpec instanceof DHPublicKeySpec)
-      return decodeDHPublicKey((DHPublicKeySpec) keySpec);
+    log.entering(this.getClass().getName(), "engineGeneratePublic()", keySpec);

-    if (! (keySpec instanceof X509EncodedKeySpec))
-      throw new InvalidKeySpecException("Unsupported key specification");
-
-    byte[] input = ((X509EncodedKeySpec) keySpec).getEncoded();
-
-    // try DSS
-    try
-      {
-        return DSSPublicKey.valueOf(input);
-      }
-    catch (InvalidParameterException ignored)
-      {
-      }
+    PublicKey result = null;
+    if (keySpec instanceof DSAPublicKeySpec)
+      result = decodeDSSPublicKey((DSAPublicKeySpec) keySpec);
+    else if (keySpec instanceof RSAPublicKeySpec)
+      result = decodeRSAPublicKey((RSAPublicKeySpec) keySpec);
+    else if (keySpec instanceof DHPublicKeySpec)
+      result = decodeDHPublicKey((DHPublicKeySpec) keySpec);
+    else
+      {
+        if (! (keySpec instanceof X509EncodedKeySpec))
+          throw new InvalidKeySpecException("Unsupported key specification");
+
+        byte[] input = ((X509EncodedKeySpec) keySpec).getEncoded();
+        boolean ok = false;
+        // try DSS
+        try
+          {
+            result = DSSPublicKey.valueOf(input);
+            ok = true;
+          }
+        catch (InvalidParameterException ignored)
+          {
+            log.log(Level.FINE, "Exception in DSSPublicKey.valueOf(). Ignore",
+                    ignored);
+          }
+
+        if (! ok) // try RSA
+          try
+            {
+              result = GnuRSAPublicKey.valueOf(input);
+              ok = true;
+            }
+          catch (InvalidParameterException ignored)
+            {
+              log.log(Level.FINE,
+                      "Exception in GnuRSAPublicKey.valueOf(). Ignore",
+                      ignored);
+            }

-    // try RSA
-    try
-      {
-        return GnuRSAPublicKey.valueOf(input);
-      }
-    catch (InvalidParameterException ignored)
-      {
+          if (! ok) // try DH
+            result = decodeDHPublicKey(input);
       }

-    // try DH
-    return decodeDHPublicKey(input);
+    log.exiting(this.getClass().getName(), "engineGeneratePublic()", result);
+    return result;
   }

   protected PrivateKey engineGeneratePrivate(KeySpec keySpec)
       throws InvalidKeySpecException
   {
-    if (keySpec instanceof DSAPrivateKeySpec)
-      return decodeDSSPrivateKey((DSAPrivateKeySpec) keySpec);
-
-    if (keySpec instanceof RSAPrivateCrtKeySpec)
-      return decodeRSAPrivateKey((RSAPrivateCrtKeySpec) keySpec);
-
-    if (keySpec instanceof DHPrivateKeySpec)
-      return decodeDHPrivateKey((DHPrivateKeySpec) keySpec);
-
-    if (! (keySpec instanceof PKCS8EncodedKeySpec))
-      throw new InvalidKeySpecException("Unsupported key specification");
+    log.entering(this.getClass().getName(), "engineGeneratePrivate()", keySpec);

-    byte[] input = ((PKCS8EncodedKeySpec) keySpec).getEncoded();
-
-    // try DSS
-    try
-      {
-        return DSSPrivateKey.valueOf(input);
-      }
-    catch (InvalidParameterException ignored)
-      {
-      }
+    PrivateKey result = null;
+    if (keySpec instanceof DSAPrivateKeySpec)
+      result = decodeDSSPrivateKey((DSAPrivateKeySpec) keySpec);
+    else if (keySpec instanceof RSAPrivateCrtKeySpec)
+      result = decodeRSAPrivateKey((RSAPrivateCrtKeySpec) keySpec);
+    else if (keySpec instanceof DHPrivateKeySpec)
+      result = decodeDHPrivateKey((DHPrivateKeySpec) keySpec);
+    else
+      {
+        if (! (keySpec instanceof PKCS8EncodedKeySpec))
+          throw new InvalidKeySpecException("Unsupported key specification");
+
+        byte[] input = ((PKCS8EncodedKeySpec) keySpec).getEncoded();
+        boolean ok = false;
+        // try DSS
+        try
+          {
+            result = DSSPrivateKey.valueOf(input);
+            ok = true;
+          }
+        catch (InvalidParameterException ignored)
+          {
+            log.log(Level.FINE, "Exception in DSSPrivateKey.valueOf(). Ignore",
+                    ignored);
+          }
+
+        if (! ok) // try RSA
+          try
+            {
+              result = GnuRSAPrivateKey.valueOf(input);
+              ok = true;
+            }
+          catch (InvalidParameterException ignored)
+            {
+              log.log(Level.FINE,
+                      "Exception in GnuRSAPrivateKey.valueOf(). Ignore",
+                      ignored);
+            }

-    // try RSA
-    try
-      {
-        return GnuRSAPrivateKey.valueOf(input);
-      }
-    catch (InvalidParameterException ignored)
-      {
+        if (! ok) // try DH
+          result = decodeDHPrivateKey(input);
       }

-    // try DH
-    return decodeDHPrivateKey(input);
+    log.exiting(this.getClass().getName(), "engineGeneratePrivate()", result);
+    return result;
   }

   protected KeySpec engineGetKeySpec(Key key, Class keySpec)

Attachment: pgpNobjUlpHkx.pgp
Description: PGP signature

Reply via email to