hello all, the attached patch --already committed-- fixes the problem reported by MW re broken HTTPS connection with new crypto classes.
2006-03-01 Raif S. Naffah <[EMAIL PROTECTED]>
* gnu/java/security/sig/rsa/RSAPKCS1V1_5SignatureX509Codec.java:
Amended class documentation.
(encodeSignature): Emit the ASN.1 raw bytes not the DER-encoded BIT
STRING.
(decodeSignature): Parse the ASN.1 raw bytes of a BIT STRING and not
a BIT STRING construct.
* gnu/java/security/sig/dss/DSSSignatureX509Codec.java: Amended class
documentation.
(encodeSignature): Emit the ASN.1 raw bytes not the DER-encoded BIT
STRING.
(decodeSignature): Parse the ASN.1 raw bytes of a BIT STRING and not
a BIT STRING construct.
* gnu/java/security/jce/sig/SignatureAdapter.java (log): New field.
(engineVerify): Added logging.
i will be checking soon an additional Mauve test (TestOfHttps) to
test/verify this fix. all other Mauve (crypto) tests should continue
to pass.
cheers;
rsn
Index: SignatureAdapter.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/java/security/jce/sig/SignatureAdapter.java,v
retrieving revision 1.1
diff -u -r1.1 SignatureAdapter.java
--- SignatureAdapter.java 26 Jan 2006 02:25:10 -0000 1.1
+++ SignatureAdapter.java 28 Feb 2006 13:26:44 -0000
@@ -53,6 +53,7 @@
import java.security.SignatureSpi;
import java.security.spec.AlgorithmParameterSpec;
import java.util.HashMap;
+import java.util.logging.Logger;
/**
* The implementation of a generic [EMAIL PROTECTED] java.security.Signature} adapter class
@@ -73,6 +74,7 @@
*/
class SignatureAdapter extends SignatureSpi implements Cloneable
{
+ private static final Logger log = Logger.getLogger(SignatureAdapter.class.getName());
// Constants and variables
// -------------------------------------------------------------------------
@@ -223,6 +225,8 @@
public boolean engineVerify(byte[] sigBytes) throws SignatureException
{
+ log.entering("SignatureAdapter", "engineVerify");
+
Object signature = codec.decodeSignature(sigBytes);
boolean result = false;
try
@@ -234,6 +238,7 @@
throw new SignatureException(String.valueOf(x));
}
+ log.exiting("SignatureAdapter", "engineVerify", new Boolean(result));
return result;
}
Index: DSSSignatureX509Codec.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/java/security/sig/dss/DSSSignatureX509Codec.java,v
retrieving revision 1.2
diff -u -r1.2 DSSSignatureX509Codec.java
--- DSSSignatureX509Codec.java 23 Feb 2006 12:54:46 -0000 1.2
+++ DSSSignatureX509Codec.java 28 Feb 2006 13:34:01 -0000
@@ -39,7 +39,6 @@
package gnu.java.security.sig.dss;
import gnu.java.security.Registry;
-import gnu.java.security.der.BitString;
import gnu.java.security.der.DER;
import gnu.java.security.der.DERReader;
import gnu.java.security.der.DERValue;
@@ -55,8 +54,9 @@
/**
* An implementation of an [EMAIL PROTECTED] ISignatureCodec} that knows to encode and
- * decode DSS signatures into the DER-encoded form of the ASN.1 structure
- * defined in RFC-2459 as described in the next paragraphs.
+ * decode DSS signatures into the raw bytes which would constitute a DER-encoded
+ * form of the ASN.1 structure defined in RFC-2459, and RFC-2313 as described in
+ * the next paragraphs.
* <p>
* Digital signatures when transmitted in an X.509 certificates are encoded
* in DER (Distinguished Encoding Rules) as a BIT STRING; i.e.
@@ -70,7 +70,8 @@
* </pre>
* <p>
* The output of the encoder, and the input of the decoder, of this codec are
- * then the bytes of such a BIT STRING.
+ * then the <i>raw</i> bytes of such a BIT STRING; i.e. not the DER-encoded
+ * form itself.
* <p>
* RFC-2459 states that, for the Digital Signature Standard (DSS), which
* generates two MPIs, commonly called <code>r</code> and <code>s</code>, as the
@@ -83,6 +84,19 @@
* s INTEGER
* }
* </pre>
+ * <p>
+ * Client code that needs to build a DER BIT STRING <b>MUST</b> construct such
+ * an ASN.1 value. The following is an example of how to do this:
+ * <p>
+ * <pre>
+ * ...
+ * import gnu.java.security.der.BitString;
+ * import gnu.java.security.der.DER;
+ * import gnu.java.security.der.DERValue;
+ * ...
+ * DERValue bitString = new DERValue(DER.BIT_STRING, new BitString(sigBytes));
+ * ...
+ * </pre>
*/
public class DSSSignatureX509Codec
implements ISignatureCodec
@@ -95,15 +109,17 @@
}
/**
- * Encodes a DSS Signature output as a <i>signature</i> BIT STRING as defined
- * in the documentation of this class.
+ * Encodes a DSS Signature output as the <i>signature</i> raw bytes which can
+ * be used to construct an ASN.1 DER-encoded BIT STRING as defined in the
+ * documentation of this class.
*
* @param signature the output of the DSS signature algorithm; i.e. the value
* returned by the invocation of
* [EMAIL PROTECTED] gnu.java.security.sig.ISignature#sign()} method. In the
* case of a DSS signature this is an array of two MPIs called
* <code>r</code> and <code>s</code>.
- * @return the DER-encoded output of a DSS signature as defined in rfc-2459.
+ * @return the raw bytes of a DSS signature which could be then used as the
+ * contents of a BIT STRING as per rfc-2459.
* @throws InvalidParameterException if an exception occurs during the
* marshalling process.
*/
@@ -125,13 +141,6 @@
{
DERWriter.write(baos, derDssSigValue);
result = baos.toByteArray();
-
- // put it in a BIT STRING
- DERValue derSignature = new DERValue(DER.BIT_STRING,
- new BitString(result));
- baos.reset();
- DERWriter.write(baos, derSignature);
- result = baos.toByteArray();
}
catch (IOException x)
{
@@ -144,8 +153,7 @@
}
/**
- * Decodes a <i>signature</i> BIT STRING as defined in the documentation of
- * this class.
+ * Decodes a <i>signature</i> as defined in the documentation of this class.
*
* @param input the byte array to unmarshall into a valid DSS signature
* instance; i.e. an array of two MPIs. MUST NOT be null.
@@ -163,13 +171,6 @@
DERReader der = new DERReader(input);
try
{
- DERValue derSignature = der.read();
- if (! (derSignature.getValue() instanceof BitString))
- throw new InvalidParameterException("Wrong signature field");
-
- byte[] sBytes = ((BitString) derSignature.getValue()).toByteArray();
- der = new DERReader(sBytes);
-
DERValue derDssSigValue = der.read();
DerUtil.checkIsConstructed(derDssSigValue, "Wrong Dss-Sig-Value field");
Index: RSAPKCS1V1_5SignatureX509Codec.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/java/security/sig/rsa/RSAPKCS1V1_5SignatureX509Codec.java,v
retrieving revision 1.2
diff -u -r1.2 RSAPKCS1V1_5SignatureX509Codec.java
--- RSAPKCS1V1_5SignatureX509Codec.java 23 Feb 2006 12:54:46 -0000 1.2
+++ RSAPKCS1V1_5SignatureX509Codec.java 28 Feb 2006 13:34:32 -0000
@@ -39,22 +39,15 @@
package gnu.java.security.sig.rsa;
import gnu.java.security.Registry;
-import gnu.java.security.der.BitString;
-import gnu.java.security.der.DER;
-import gnu.java.security.der.DERReader;
-import gnu.java.security.der.DERValue;
-import gnu.java.security.der.DERWriter;
import gnu.java.security.sig.ISignatureCodec;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
import java.security.InvalidParameterException;
/**
* An implementation of an [EMAIL PROTECTED] ISignatureCodec} that knows to encode and
- * decode RSA PKCS1 (v1.5) signatures into the DER-encoded form of the ASN.1
- * structure defined in RFC-2459, and RFC-2313 as described in the next
- * paragraphs.
+ * decode RSA PKCS1 (v1.5) signatures into the raw bytes which would constitute
+ * a DER-encoded form of the ASN.1 structure defined in RFC-2459, and RFC-2313
+ * as described in the next paragraphs.
* <p>
* Digital signatures when transmitted in an X.509 certificates are encoded
* in DER (Distinguished Encoding Rules) as a BIT STRING; i.e.
@@ -68,13 +61,26 @@
* </pre>
* <p>
* The output of the encoder, and the input of the decoder, of this codec are
- * then the bytes of such a BIT STRING.
+ * then the <i>raw</i> bytes of such a BIT STRING; i.e. not the DER-encoded
+ * form itself.
* <p>
* Our implementation of the RSA PKCS1 signature algorithm outputs a byte array
* as the result of generating a digital signature, in accordance with RFC-2313.
- * As a consequence, the encoder and decoder of this codec, simply marshall and
- * unmarshall such a byte array into the DER-encoded BIT STRING expected (or
- * supplied) by an X.509 certificate.
+ * As a consequence, the encoder and decoder of this codec, simply pass through
+ * such a byte array.
+ * <p>
+ * Client code that needs to build a DER BIT STRING <b>MUST</b> construct such
+ * an ASN.1 value. The following is an example of how to do this:
+ * <p>
+ * <pre>
+ * ...
+ * import gnu.java.security.der.BitString;
+ * import gnu.java.security.der.DER;
+ * import gnu.java.security.der.DERValue;
+ * ...
+ * DERValue bitString = new DERValue(DER.BIT_STRING, new BitString(sigBytes));
+ * ...
+ * </pre>
*/
public class RSAPKCS1V1_5SignatureX509Codec
implements ISignatureCodec
@@ -87,71 +93,36 @@
}
/**
- * Encodes an RSA Signature output as a <i>signature</i> BIT STRING as defined
- * in the documentation of this class.
+ * Encodes an RSA Signature output as a <i>signature</i> BIT STRING as
+ * defined in the documentation of this class.
*
* @param signature the output of the RSA PKCS1 (v1.5) signature algorithm;
* i.e. the value returned by the invocation of
* [EMAIL PROTECTED] gnu.java.security.sig.ISignature#sign()} method. In the
* case of the RSA PKCS1 (v1.5) signature this is an array of bytes.
- * @return the DER-encoded output of an RSA signature as defined in rfc-2459.
- * @throws InvalidParameterException if an exception occurs during the
- * marshalling process.
+ * @return the raw bytes of an RSA signature which could be then used as the
+ * contents of a BIT STRING as per rfc-2459.
*/
public byte[] encodeSignature(Object signature)
{
- byte[] sBytes = (byte[]) signature;
- DERValue derSignature = new DERValue(DER.BIT_STRING,
- new BitString(sBytes));
- byte[] result;
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- try
- {
- DERWriter.write(baos, derSignature);
- result = baos.toByteArray();
- }
- catch (IOException x)
- {
- InvalidParameterException y = new InvalidParameterException();
- y.initCause(x);
- throw y;
- }
-
+ byte[] result = (byte[]) signature;
return result;
}
/**
- * Decodes a <i>signature</i> BIT STRING as defined in the documentation of
- * this class.
+ * Decodes a <i>signature</i> as defined in the documentation of this class.
*
* @param input the byte array to unmarshall into a valid RSA PKCS1 (v1.5)
- * signature instance; i.e. an array of two MPIs. MUST NOT be null.
- * @return an array of bytes decoded from the designated <code>input</code>.
- * @throw InvalidParameterException if an exception occurs during the
- * unmarshalling process.
+ * signature instance; i.e. a byte array. MUST NOT be null.
+ * @return an array of raw bytes decoded from the designated input. In the
+ * case of RSA PKCS1 (v1.5) this is the same as the input.
+ * @throw InvalidParameterException if the <code>input</code> array is null.
*/
public Object decodeSignature(byte[] input)
{
if (input == null)
throw new InvalidParameterException("Input bytes MUST NOT be null");
- byte[] result;
- DERReader der = new DERReader(input);
- try
- {
- DERValue derSignature = der.read();
- if (! (derSignature.getValue() instanceof BitString))
- throw new InvalidParameterException("Wrong signature field");
-
- result = ((BitString) derSignature.getValue()).toByteArray();
- }
- catch (IOException x)
- {
- InvalidParameterException y = new InvalidParameterException();
- y.initCause(x);
- throw y;
- }
-
- return result;
+ return input;
}
}
pgpbYDzFb1m6d.pgp
Description: PGP signature
