1 /* 2 * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.provider; 27 28 import java.security.Key; 29 import java.security.PublicKey; 30 import java.security.PrivateKey; 31 import java.security.KeyFactorySpi; 32 import java.security.InvalidKeyException; 33 import java.security.AccessController; 34 import java.security.interfaces.DSAParams; 35 import java.security.spec.DSAPublicKeySpec; 36 import java.security.spec.DSAPrivateKeySpec; 37 import java.security.spec.KeySpec; 38 import java.security.spec.InvalidKeySpecException; 39 import java.security.spec.X509EncodedKeySpec; 40 import java.security.spec.PKCS8EncodedKeySpec; 41 42 import sun.security.action.GetPropertyAction; 43 44 /** 45 * This class implements the DSA key factory of the Sun provider. 46 * 47 * @author Jan Luehe 48 * 49 * 50 * @since 1.2 51 */ 52 53 public class DSAKeyFactory extends KeyFactorySpi { 54 55 // package private for DSAKeyPairGenerator 56 static final boolean SERIAL_INTEROP; 57 private static final String SERIAL_PROP = "sun.security.key.serial.interop"; 58 59 static { 60 61 /** 62 * Check to see if we need to maintain interoperability for serialized 63 * keys between JDK 5.0 -> JDK 1.4. In other words, determine whether 64 * a key object serialized in JDK 5.0 must be deserializable in 65 * JDK 1.4. 66 * 67 * If true, then we generate sun.security.provider.DSAPublicKey. 68 * If false, then we generate sun.security.provider.DSAPublicKeyImpl. 69 * 70 * By default this is false. 71 * This incompatibility was introduced by 4532506. 72 */ 73 String prop = AccessController.doPrivileged 74 (new GetPropertyAction(SERIAL_PROP, null)); 75 SERIAL_INTEROP = "true".equalsIgnoreCase(prop); 76 } 77 78 /** 79 * Generates a public key object from the provided key specification 80 * (key material). 81 * 82 * @param keySpec the specification (key material) of the public key 83 * 84 * @return the public key 85 * 86 * @exception InvalidKeySpecException if the given key specification 87 * is inappropriate for this key factory to produce a public key. 88 */ engineGeneratePublic(KeySpec keySpec)89 protected PublicKey engineGeneratePublic(KeySpec keySpec) 90 throws InvalidKeySpecException { 91 try { 92 if (keySpec instanceof DSAPublicKeySpec) { 93 DSAPublicKeySpec dsaPubKeySpec = (DSAPublicKeySpec)keySpec; 94 if (SERIAL_INTEROP) { 95 return new DSAPublicKey(dsaPubKeySpec.getY(), 96 dsaPubKeySpec.getP(), 97 dsaPubKeySpec.getQ(), 98 dsaPubKeySpec.getG()); 99 } else { 100 return new DSAPublicKeyImpl(dsaPubKeySpec.getY(), 101 dsaPubKeySpec.getP(), 102 dsaPubKeySpec.getQ(), 103 dsaPubKeySpec.getG()); 104 } 105 } else if (keySpec instanceof X509EncodedKeySpec) { 106 if (SERIAL_INTEROP) { 107 return new DSAPublicKey 108 (((X509EncodedKeySpec)keySpec).getEncoded()); 109 } else { 110 return new DSAPublicKeyImpl 111 (((X509EncodedKeySpec)keySpec).getEncoded()); 112 } 113 } else { 114 throw new InvalidKeySpecException 115 ("Inappropriate key specification"); 116 } 117 } catch (InvalidKeyException e) { 118 throw new InvalidKeySpecException 119 ("Inappropriate key specification: " + e.getMessage()); 120 } 121 } 122 123 /** 124 * Generates a private key object from the provided key specification 125 * (key material). 126 * 127 * @param keySpec the specification (key material) of the private key 128 * 129 * @return the private key 130 * 131 * @exception InvalidKeySpecException if the given key specification 132 * is inappropriate for this key factory to produce a private key. 133 */ engineGeneratePrivate(KeySpec keySpec)134 protected PrivateKey engineGeneratePrivate(KeySpec keySpec) 135 throws InvalidKeySpecException { 136 try { 137 if (keySpec instanceof DSAPrivateKeySpec) { 138 DSAPrivateKeySpec dsaPrivKeySpec = (DSAPrivateKeySpec)keySpec; 139 return new DSAPrivateKey(dsaPrivKeySpec.getX(), 140 dsaPrivKeySpec.getP(), 141 dsaPrivKeySpec.getQ(), 142 dsaPrivKeySpec.getG()); 143 144 } else if (keySpec instanceof PKCS8EncodedKeySpec) { 145 return new DSAPrivateKey 146 (((PKCS8EncodedKeySpec)keySpec).getEncoded()); 147 148 } else { 149 throw new InvalidKeySpecException 150 ("Inappropriate key specification"); 151 } 152 } catch (InvalidKeyException e) { 153 throw new InvalidKeySpecException 154 ("Inappropriate key specification: " + e.getMessage()); 155 } 156 } 157 158 /** 159 * Returns a specification (key material) of the given key object 160 * in the requested format. 161 * 162 * @param key the key 163 * 164 * @param keySpec the requested format in which the key material shall be 165 * returned 166 * 167 * @return the underlying key specification (key material) in the 168 * requested format 169 * 170 * @exception InvalidKeySpecException if the requested key specification is 171 * inappropriate for the given key, or the given key cannot be processed 172 * (e.g., the given key has an unrecognized algorithm or format). 173 */ 174 protected <T extends KeySpec> engineGetKeySpec(Key key, Class<T> keySpec)175 T engineGetKeySpec(Key key, Class<T> keySpec) 176 throws InvalidKeySpecException { 177 178 DSAParams params; 179 180 try { 181 182 if (key instanceof java.security.interfaces.DSAPublicKey) { 183 184 // Determine valid key specs 185 Class<?> dsaPubKeySpec = Class.forName 186 ("java.security.spec.DSAPublicKeySpec"); 187 Class<?> x509KeySpec = Class.forName 188 ("java.security.spec.X509EncodedKeySpec"); 189 190 if (dsaPubKeySpec.isAssignableFrom(keySpec)) { 191 java.security.interfaces.DSAPublicKey dsaPubKey 192 = (java.security.interfaces.DSAPublicKey)key; 193 params = dsaPubKey.getParams(); 194 return keySpec.cast(new DSAPublicKeySpec(dsaPubKey.getY(), 195 params.getP(), 196 params.getQ(), 197 params.getG())); 198 199 } else if (x509KeySpec.isAssignableFrom(keySpec)) { 200 return keySpec.cast(new X509EncodedKeySpec(key.getEncoded())); 201 202 } else { 203 throw new InvalidKeySpecException 204 ("Inappropriate key specification"); 205 } 206 207 } else if (key instanceof java.security.interfaces.DSAPrivateKey) { 208 209 // Determine valid key specs 210 Class<?> dsaPrivKeySpec = Class.forName 211 ("java.security.spec.DSAPrivateKeySpec"); 212 Class<?> pkcs8KeySpec = Class.forName 213 ("java.security.spec.PKCS8EncodedKeySpec"); 214 215 if (dsaPrivKeySpec.isAssignableFrom(keySpec)) { 216 java.security.interfaces.DSAPrivateKey dsaPrivKey 217 = (java.security.interfaces.DSAPrivateKey)key; 218 params = dsaPrivKey.getParams(); 219 return keySpec.cast(new DSAPrivateKeySpec(dsaPrivKey.getX(), 220 params.getP(), 221 params.getQ(), 222 params.getG())); 223 224 } else if (pkcs8KeySpec.isAssignableFrom(keySpec)) { 225 return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded())); 226 227 } else { 228 throw new InvalidKeySpecException 229 ("Inappropriate key specification"); 230 } 231 232 } else { 233 throw new InvalidKeySpecException("Inappropriate key type"); 234 } 235 236 } catch (ClassNotFoundException e) { 237 throw new InvalidKeySpecException 238 ("Unsupported key specification: " + e.getMessage()); 239 } 240 } 241 242 /** 243 * Translates a key object, whose provider may be unknown or potentially 244 * untrusted, into a corresponding key object of this key factory. 245 * 246 * @param key the key whose provider is unknown or untrusted 247 * 248 * @return the translated key 249 * 250 * @exception InvalidKeyException if the given key cannot be processed by 251 * this key factory. 252 */ engineTranslateKey(Key key)253 protected Key engineTranslateKey(Key key) throws InvalidKeyException { 254 255 try { 256 257 if (key instanceof java.security.interfaces.DSAPublicKey) { 258 // Check if key originates from this factory 259 if (key instanceof sun.security.provider.DSAPublicKey) { 260 return key; 261 } 262 // Convert key to spec 263 DSAPublicKeySpec dsaPubKeySpec 264 = engineGetKeySpec(key, DSAPublicKeySpec.class); 265 // Create key from spec, and return it 266 return engineGeneratePublic(dsaPubKeySpec); 267 268 } else if (key instanceof java.security.interfaces.DSAPrivateKey) { 269 // Check if key originates from this factory 270 if (key instanceof sun.security.provider.DSAPrivateKey) { 271 return key; 272 } 273 // Convert key to spec 274 DSAPrivateKeySpec dsaPrivKeySpec 275 = engineGetKeySpec(key, DSAPrivateKeySpec.class); 276 // Create key from spec, and return it 277 return engineGeneratePrivate(dsaPrivKeySpec); 278 279 } else { 280 throw new InvalidKeyException("Wrong algorithm type"); 281 } 282 283 } catch (InvalidKeySpecException e) { 284 throw new InvalidKeyException("Cannot translate key: " 285 + e.getMessage()); 286 } 287 } 288 } 289