summaryrefslogtreecommitdiff
path: root/gnu/java/security
diff options
context:
space:
mode:
authorRaif S. Naffah <raif@swiftdsl.com.au>2006-03-25 11:19:17 +0000
committerRaif S. Naffah <raif@swiftdsl.com.au>2006-03-25 11:19:17 +0000
commit4c6546e77c9f75fd2deda3883d8cb86dcf0dfd43 (patch)
tree1dd4227079f351746a87ba14975a17150a921fac /gnu/java/security
parentab9dc3bbbe7479e7129a75f6523afbafe316dc51 (diff)
downloadclasspath-4c6546e77c9f75fd2deda3883d8cb86dcf0dfd43.tar.gz
2006-03-25 Raif S. Naffah <raif@swiftdsl.com.au>
* gnu/java/security/pkcs/SignerInfo.java (log): New field. (DEBUG): Removed. (debug): Likewise. (SignerInfo(BERReader)): Updated javadoc. Use JDK logging. (SignerInfo(X500Principal,BigInteger,OID,byte[],OID,byte[],byte[])): New constructor. (encode): New method. * gnu/java/security/pkcs/PKCS7SignedData.java (log): New field. (PKCS7_DATA): Removed. (DEBUG): Likewise. (debug): Likewise. (PKCS7SignedData(BERReader)): Updated javadoc. Use JDK logging. (PKCS7SignedData(Set,PKCS7Data,Certificate[],X509CRL[],Set)): New constructor. (encode): New method. * gnu/java/security/pkcs/PKCS7Data.java: New file. * gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java (log): New field. (encodePrivateKey): Encode x (private MPN) as an OCTET STRING. (decodePrivateKey): Decode x from an OCTET STRING. * gnu/java/security/key/dss/DSSPublicKey.java (str): New field. (toString): New method. * gnu/java/security/key/dss/DSSPrivateKey.java (DEBUG): New field. (str): Likewise. (toString): New method. * gnu/java/security/key/dss/DSSKey.java (str): New Field. (toString): New method. * gnu/java/security/provider/DSAParameterGenerator.java: Removed.
Diffstat (limited to 'gnu/java/security')
-rw-r--r--gnu/java/security/key/dss/DSSKey.java21
-rw-r--r--gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java16
-rw-r--r--gnu/java/security/key/dss/DSSPrivateKey.java23
-rw-r--r--gnu/java/security/key/dss/DSSPublicKey.java21
-rw-r--r--gnu/java/security/pkcs/PKCS7Data.java69
-rw-r--r--gnu/java/security/pkcs/PKCS7SignedData.java231
-rw-r--r--gnu/java/security/pkcs/SignerInfo.java207
-rw-r--r--gnu/java/security/provider/DSAParameterGenerator.java128
8 files changed, 487 insertions, 229 deletions
diff --git a/gnu/java/security/key/dss/DSSKey.java b/gnu/java/security/key/dss/DSSKey.java
index 428cab1e7..f73df3584 100644
--- a/gnu/java/security/key/dss/DSSKey.java
+++ b/gnu/java/security/key/dss/DSSKey.java
@@ -38,6 +38,7 @@ exception statement from your version. */
package gnu.java.security.key.dss;
+import gnu.classpath.SystemProperties;
import gnu.java.security.Registry;
import gnu.java.security.util.FormatUtil;
@@ -59,7 +60,7 @@ import java.security.spec.DSAParameterSpec;
* the relevant <code>getEncoded()</code> methods of each of the private and
* public keys.</p>
*
- * @version $Revision: 1.4 $
+ * @version $Revision: 1.5 $
* @see DSSPrivateKey#getEncoded
* @see DSSPublicKey#getEncoded
*/
@@ -95,6 +96,9 @@ public abstract class DSSKey implements Key, DSAKey
*/
protected final int defaultFormat;
+ /** String representation of this key. Cached for speed. */
+ private transient String str;
+
// Constructor(s)
// -------------------------------------------------------------------------
@@ -176,6 +180,21 @@ public abstract class DSSKey implements Key, DSAKey
&& g.equals(that.getParams().getG());
}
+ public String toString()
+ {
+ if (str == null)
+ {
+ String ls = SystemProperties.getProperty("line.separator");
+ str = new StringBuilder().append(ls)
+ .append("p=0x").append(p.toString(16)).append(",").append(ls)
+ .append("q=0x").append(q.toString(16)).append(",").append(ls)
+ .append("g=0x").append(g.toString(16))
+ .toString();
+ }
+
+ return str;
+ }
+
// abstract methods to be implemented by subclasses ------------------------
public abstract byte[] getEncoded(int format);
diff --git a/gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java b/gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java
index 30e30bd14..3a115b963 100644
--- a/gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java
+++ b/gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java
@@ -55,6 +55,7 @@ import java.security.InvalidParameterException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.ArrayList;
+import java.util.logging.Logger;
/**
* An implementation of an {@link IKeyPairCodec} that knows how to encode /
@@ -65,6 +66,7 @@ import java.util.ArrayList;
public class DSSKeyPairPKCS8Codec
implements IKeyPairCodec
{
+ private static final Logger log = Logger.getLogger(DSSKeyPairPKCS8Codec.class.getName());
private static final OID DSA_ALG_OID = new OID(Registry.DSA_OID_STRING);
// implicit 0-arguments constructor
@@ -137,7 +139,9 @@ public class DSSKeyPairPKCS8Codec
DERValue derAlgorithmID = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE,
algorithmID);
- DERValue derPrivateKey = new DERValue(DER.OCTET_STRING, Util.trim(x));
+ // The OCTET STRING is the DER encoding of an INTEGER.
+ DERValue derX = new DERValue(DER.INTEGER, x);
+ DERValue derPrivateKey = new DERValue(DER.OCTET_STRING, derX.getEncoded());
ArrayList pki = new ArrayList(3);
pki.add(derVersion);
@@ -180,6 +184,8 @@ public class DSSKeyPairPKCS8Codec
*/
public PrivateKey decodePrivateKey(byte[] input)
{
+ log.entering("DSSKeyPairPKCS8Codec", "decodePrivateKey");
+
if (input == null)
throw new InvalidParameterException("Input bytes MUST NOT be null");
@@ -220,8 +226,13 @@ public class DSSKeyPairPKCS8Codec
g = (BigInteger) val.getValue();
val = der.read();
+ log.finest("val = " + val);
byte[] xBytes = (byte[]) val.getValue();
- x = new BigInteger(1, xBytes);
+ log.finest(Util.dumpString(xBytes, "xBytes: "));
+ DERReader der2 = new DERReader(xBytes);
+ val = der2.read();
+ DerUtil.checkIsBigInteger(val, "Wrong X field");
+ x = (BigInteger) val.getValue();
}
catch (IOException e)
{
@@ -230,6 +241,7 @@ public class DSSKeyPairPKCS8Codec
throw y;
}
+ log.exiting("DSSKeyPairPKCS8Codec", "decodePrivateKey");
return new DSSPrivateKey(Registry.PKCS8_ENCODING_ID, p, q, g, x);
}
}
diff --git a/gnu/java/security/key/dss/DSSPrivateKey.java b/gnu/java/security/key/dss/DSSPrivateKey.java
index c81eb93b0..e56250775 100644
--- a/gnu/java/security/key/dss/DSSPrivateKey.java
+++ b/gnu/java/security/key/dss/DSSPrivateKey.java
@@ -38,6 +38,7 @@ exception statement from your version. */
package gnu.java.security.key.dss;
+import gnu.classpath.SystemProperties;
import gnu.java.security.Registry;
import gnu.java.security.key.IKeyPairCodec;
@@ -48,21 +49,25 @@ import java.security.interfaces.DSAPrivateKey;
/**
* <p>An object that embodies a DSS (Digital Signature Standard) private key.</p>
*
- * @version $Revision: 1.2 $
+ * @version $Revision: 1.3 $
* @see #getEncoded
*/
public class DSSPrivateKey extends DSSKey implements PrivateKey, DSAPrivateKey
{
-
// Constants and variables
// -------------------------------------------------------------------------
+ private static final boolean DEBUG = false;
+
/**
* <p>A randomly or pseudorandomly generated integer with <code>0 &lt; x &lt;
* q</code>.</p>
*/
private final BigInteger x;
+ /** String representation of this key. Cached for speed. */
+ private transient String str;
+
// Constructor(s)
// -------------------------------------------------------------------------
@@ -198,4 +203,18 @@ public class DSSPrivateKey extends DSSKey implements PrivateKey, DSAPrivateKey
DSAPrivateKey that = (DSAPrivateKey) obj;
return super.equals(that) && x.equals(that.getX());
}
+
+ public String toString()
+ {
+ if (str == null)
+ {
+ String ls = SystemProperties.getProperty("line.separator");
+ str = new StringBuilder(this.getClass().getName()).append("(")
+ .append(super.toString()).append(",").append(ls)
+ .append("x=0x").append(DEBUG ? x.toString(16) : "**...*").append(ls)
+ .append(")").toString();
+ }
+
+ return str;
+ }
}
diff --git a/gnu/java/security/key/dss/DSSPublicKey.java b/gnu/java/security/key/dss/DSSPublicKey.java
index 93bb64022..058774535 100644
--- a/gnu/java/security/key/dss/DSSPublicKey.java
+++ b/gnu/java/security/key/dss/DSSPublicKey.java
@@ -38,6 +38,7 @@ exception statement from your version. */
package gnu.java.security.key.dss;
+import gnu.classpath.SystemProperties;
import gnu.java.security.Registry;
import gnu.java.security.key.IKeyPairCodec;
@@ -48,12 +49,11 @@ import java.security.interfaces.DSAPublicKey;
/**
* <p>An object that embodies a DSS (Digital Signature Standard) public key.</p>
*
- * @version $Revision: 1.2 $
+ * @version $Revision: 1.3 $
* @see #getEncoded
*/
public class DSSPublicKey extends DSSKey implements PublicKey, DSAPublicKey
{
-
// Constants and variables
// -------------------------------------------------------------------------
@@ -63,6 +63,9 @@ public class DSSPublicKey extends DSSKey implements PublicKey, DSAPublicKey
*/
private final BigInteger y;
+ /** String representation of this key. Cached for speed. */
+ private transient String str;
+
// Constructor(s)
// -------------------------------------------------------------------------
@@ -198,4 +201,18 @@ public class DSSPublicKey extends DSSKey implements PublicKey, DSAPublicKey
DSAPublicKey that = (DSAPublicKey) obj;
return super.equals(that) && y.equals(that.getY());
}
+
+ public String toString()
+ {
+ if (str == null)
+ {
+ String ls = SystemProperties.getProperty("line.separator");
+ str = new StringBuilder(this.getClass().getName()).append("(")
+ .append(super.toString()).append(",").append(ls)
+ .append("y=0x").append(y.toString(16)).append(ls)
+ .append(")").toString();
+ }
+
+ return str;
+ }
}
diff --git a/gnu/java/security/pkcs/PKCS7Data.java b/gnu/java/security/pkcs/PKCS7Data.java
new file mode 100644
index 000000000..3d3052b96
--- /dev/null
+++ b/gnu/java/security/pkcs/PKCS7Data.java
@@ -0,0 +1,69 @@
+/* PKCS7Data.java -- Reader/writer for PKCS#7 Data objects
+ Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.pkcs;
+
+import gnu.java.security.OID;
+
+/**
+ * A read/write helper class for PKCS#7 Data ASN.1 structures.
+ */
+public class PKCS7Data
+{
+ public static final OID PKCS7_DATA = new OID("1.2.840.113549.1.7.1");
+
+ private byte[] content;
+
+ /**
+ * Constructs a new instance of <code>PKCS7Data</code> with the possibly
+ * null (implicetly referenced) content data.
+ *
+ * @param data the raw bytes of the data to use in a PKCS#7 framework.
+ */
+ public PKCS7Data(byte[] data)
+ {
+ super();
+
+ this.content = data;
+ }
+
+ public byte[] getEncoded()
+ {
+ return content;
+ }
+}
diff --git a/gnu/java/security/pkcs/PKCS7SignedData.java b/gnu/java/security/pkcs/PKCS7SignedData.java
index ba5efc722..0781f4ba9 100644
--- a/gnu/java/security/pkcs/PKCS7SignedData.java
+++ b/gnu/java/security/pkcs/PKCS7SignedData.java
@@ -1,5 +1,5 @@
-/* PKCS7SignedData.java -- reader for PKCS#7 signedData objects
- Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+/* PKCS7SignedData.java -- reader/writer for PKCS#7 signedData objects
+ Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc.
This file is part of GNU Classpath.
@@ -42,19 +42,26 @@ import gnu.java.security.ber.BER;
import gnu.java.security.ber.BEREncodingException;
import gnu.java.security.ber.BERReader;
import gnu.java.security.ber.BERValue;
+import gnu.java.security.der.DER;
import gnu.java.security.der.DERValue;
+import gnu.java.security.der.DERWriter;
+import gnu.java.security.util.Util;
import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.io.OutputStream;
import java.math.BigInteger;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
+import java.security.cert.X509CRL;
import java.util.ArrayList;
import java.util.Collections;
@@ -63,6 +70,7 @@ import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
+import java.util.logging.Logger;
/**
* The SignedData object in PKCS #7. This is a read-only implementation of
@@ -72,8 +80,8 @@ import java.util.Set;
*/
public class PKCS7SignedData
{
+ private static final Logger log = Logger.getLogger(PKCS7SignedData.class.getName());
- public static final OID PKCS7_DATA = new OID("1.2.840.113549.1.7.1");
public static final OID PKCS7_SIGNED_DATA = new OID("1.2.840.113549.1.7.2");
private BigInteger version;
@@ -84,13 +92,6 @@ public class PKCS7SignedData
private CRL[] crls;
private Set signerInfos;
- private static final boolean DEBUG = false;
- private static void debug(String msg)
- {
- System.err.print("PKCS7SignedData >> ");
- System.err.println(msg);
- }
-
public PKCS7SignedData(InputStream in)
throws CRLException, CertificateException, IOException
{
@@ -103,14 +104,12 @@ public class PKCS7SignedData
*
* <pre>
* SignedData ::= SEQUENCE {
- * version Version,
- * digestAlgorithms DigestAlgorithmIdentifiers,
- * contentInfo ContentInfo,
- * certificates
- * [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL,
- * crls
- * [1] IMPLICIT CertificateRevocationLists OPTIONAL,
- * signerInfos SignerInfos }
+ * version Version, -- always 1 for PKCS7 v1.5
+ * digestAlgorithms DigestAlgorithmIdentifiers,
+ * contentInfo ContentInfo,
+ * certificates [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL,
+ * crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
+ * signerInfos SignerInfos }
*
* Version ::= INTEGER
*
@@ -119,8 +118,8 @@ public class PKCS7SignedData
* DigestAlgorithmIdentifier ::= AlgorithmIdentifier
*
* ContentInfo ::= SEQUENCE {
- * contentType ContentType,
- * content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
+ * contentType ContentType,
+ * content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
*
* ContentType ::= OBJECT IDENTIFIER
*
@@ -128,7 +127,7 @@ public class PKCS7SignedData
* SET OF ExtendedCertificatesAndCertificate
*
* ExtendedCertificatesAndCertificate ::= CHOICE {
- * certificate Certificate, -- from X.509
+ * certificate Certificate, -- from X.509
* extendedCertificate [0] IMPLICIT ExtendedCertificate }
*
* CertificateRevocationLists ::= SET OF CertificateRevocationList
@@ -137,15 +136,13 @@ public class PKCS7SignedData
* SignerInfos ::= SET OF SignerInfo
*
* SignerInfo ::= SEQUENCE {
- * version Version,
- * issuerAndSerialNumber IssuerAndSerialNumber,
- * digestAlgorithm DigestAlgorithmIdentifier,
- * authenticatedAttributes
- * [0] IMPLICIT Attributes OPTIONAL,
- * digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
- * encryptedDigest EncryptedDigest,
- * unauthenticatedAttributes
- * [1] IMPLICIT Attributes OPTIONAL }
+ * version Version, -- always 1 for PKCS7 v1.5
+ * issuerAndSerialNumber IssuerAndSerialNumber,
+ * digestAlgorithm DigestAlgorithmIdentifier,
+ * authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
+ * digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
+ * encryptedDigest EncryptedDigest,
+ * unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL }
*
* EncryptedDigest ::= OCTET STRING
* </pre>
@@ -177,23 +174,21 @@ public class PKCS7SignedData
if (!val.isConstructed())
throw new BEREncodingException("malformed SignedData");
- if (DEBUG)
- debug("SignedData: " + val);
+ log.finest("SignedData: " + val);
val = ber.read();
if (val.getTag() != BER.INTEGER)
throw new BEREncodingException("expecting Version");
version = (BigInteger) val.getValue();
- if (DEBUG)
- debug(" Version: " + version);
+ log.finest(" Version: " + version);
digestAlgorithms = new HashSet();
val = ber.read();
if (!val.isConstructed())
throw new BEREncodingException("malformed DigestAlgorithmIdentifiers");
- if (DEBUG)
- debug(" DigestAlgorithmIdentifiers: " + val);
+
+ log.finest(" DigestAlgorithmIdentifiers: " + val);
int count = 0;
DERValue val2 = ber.read();
while (val2 != BER.END_OF_SEQUENCE &&
@@ -201,14 +196,14 @@ public class PKCS7SignedData
{
if (!val2.isConstructed())
throw new BEREncodingException("malformed AlgorithmIdentifier");
- if (DEBUG)
- debug(" AlgorithmIdentifier: " + val2);
+
+ log.finest(" AlgorithmIdentifier: " + val2);
count += val2.getEncodedLength();
val2 = ber.read();
if (val2.getTag() != BER.OBJECT_IDENTIFIER)
throw new BEREncodingException("malformed AlgorithmIdentifier");
- if (DEBUG)
- debug(" ID: " + val2.getValue());
+
+ log.finest(" digestAlgorithmIdentifiers OID: " + val2.getValue());
List algId = new ArrayList(2);
algId.add(val2.getValue());
val2 = ber.read();
@@ -219,29 +214,33 @@ public class PKCS7SignedData
algId.add(null);
else
algId.add(val2.getEncoded());
- if (DEBUG)
- debug(" params: " + new BigInteger(1, val2.getEncoded()).toString(16));
+
if (val2.isConstructed())
ber.skip(val2.getLength());
+
if (BERValue.isIndefinite(val))
val2 = ber.read();
}
else
algId.add(null);
+
+ log.finest(" digestAlgorithmIdentifiers params: ");
+ log.finest(Util.dumpString((byte[]) algId.get(1),
+ " digestAlgorithmIdentifiers params: "));
digestAlgorithms.add(algId);
}
val = ber.read();
if (!val.isConstructed())
throw new BEREncodingException("malformed ContentInfo");
- if (DEBUG)
- debug(" ContentInfo: " + val);
+
+ log.finest(" ContentInfo: " + val);
val2 = ber.read();
if (val2.getTag() != BER.OBJECT_IDENTIFIER)
throw new BEREncodingException("malformed ContentType");
+
contentType = (OID) val2.getValue();
- if (DEBUG)
- debug(" ContentType: " + contentType);
+ log.finest(" ContentType OID: " + contentType);
if (BERValue.isIndefinite(val)
|| (val.getLength() > 0 && val.getLength() > val2.getEncodedLength()))
{
@@ -251,18 +250,19 @@ public class PKCS7SignedData
content = val2.getEncoded();
if (BERValue.isIndefinite(val))
val2 = ber.read();
- if (DEBUG)
- debug(" Content: " + new BigInteger(1, content).toString(16));
}
}
+ log.finest(" Content: ");
+ log.finest(Util.dumpString(content, " Content: "));
+
val = ber.read();
if (val.getTag() == 0)
{
if (!val.isConstructed())
throw new BEREncodingException("malformed ExtendedCertificatesAndCertificates");
- if (DEBUG)
- debug(" ExtendedCertificatesAndCertificates: " + val);
+
+ log.finest(" ExtendedCertificatesAndCertificates: " + val);
count = 0;
val2 = ber.read();
List certs = new LinkedList();
@@ -271,8 +271,7 @@ public class PKCS7SignedData
{
Certificate cert =
x509.generateCertificate(new ByteArrayInputStream(val2.getEncoded()));
- if (DEBUG)
- debug(" Certificate: " + cert);
+ log.finest(" Certificate: " + cert);
certs.add(cert);
count += val2.getEncodedLength();
ber.skip(val2.getLength());
@@ -287,8 +286,8 @@ public class PKCS7SignedData
{
if (!val.isConstructed())
throw new BEREncodingException("malformed CertificateRevocationLists");
- if (DEBUG)
- debug(" CertificateRevocationLists: " + val);
+
+ log.finest(" CertificateRevocationLists: " + val);
count = 0;
val2 = ber.read();
List crls = new LinkedList();
@@ -296,8 +295,7 @@ public class PKCS7SignedData
(val.getLength() > 0 && val.getLength() > count))
{
CRL crl = x509.generateCRL(new ByteArrayInputStream(val2.getEncoded()));
- if (DEBUG)
- debug (" CRL: " + crl);
+ log.finest(" CRL: " + crl);
crls.add(crl);
count += val2.getEncodedLength();
ber.skip(val2.getLength());
@@ -312,8 +310,7 @@ public class PKCS7SignedData
if (!val.isConstructed())
throw new BEREncodingException("malformed SignerInfos");
- if (DEBUG)
- debug(" SignerInfos: " + val);
+ log.finest(" SignerInfos: " + val);
// FIXME read this more carefully.
// Since we are just reading a file (probably) we just read until we
@@ -327,6 +324,39 @@ public class PKCS7SignedData
}
}
+ /**
+ * Constructs a new instance of <code>PKCS7SignedData</code> given a
+ * designated set of fields.
+ *
+ * @param digestAlgorithms the collection of DigestAlgorithm elements. Each
+ * DigestAlgorithm is a {@link List} of two elements, the first is an
+ * OID while the second is dependent on the value of the OID element.
+ * @param data an instance of a PKCS#7 (non-signed) data. In its simplest form
+ * such an ASN.1 structure would consist of just the OID of a
+ * non-signed PKCS#7 Data.
+ * @param certificates the array of Certificates used to authenticate the
+ * enclosed (or referenced, in case the content is null) data.
+ * @param crls the array of certificate-revocation lists of the used
+ * certificates.
+ * @param signerInfos a set of {@link SignerInfo} elements, one per signer of
+ * the data referenced by this <code>PKCS7SignedData</code>
+ * instance.
+ */
+ public PKCS7SignedData(Set digestAlgorithms, PKCS7Data data,
+ Certificate[] certificates, X509CRL[] crls,
+ Set signerInfos)
+ {
+ super();
+
+ this.version = BigInteger.ONE;
+ this.digestAlgorithms = digestAlgorithms;
+ this.contentType = PKCS7_SIGNED_DATA;
+ this.content = data == null ? null : data.getEncoded();
+ this.certificates = certificates;
+ this.crls = crls;
+ this.signerInfos = signerInfos;
+ }
+
public BigInteger getVersion()
{
return version;
@@ -361,4 +391,89 @@ public class PKCS7SignedData
copy.add(it.next());
return Collections.unmodifiableSet(copy);
}
+
+ /**
+ * Writes to the designated output stream the DER encoding of the current
+ * contents of this instance.
+ *
+ * @param out the destination output stream.
+ * @throws IOException if an I/O related exception occurs during the process.
+ * @throws CRLException if an exception occurs while encoding the certificate
+ * revocation lists associated with this instance.
+ * @throws CertificateEncodingException if an exception occurs while encoding
+ * the certificate chains associated with this instance.
+ */
+ public void encode(OutputStream out) throws IOException, CRLException,
+ CertificateEncodingException
+ {
+ DERValue derVersion = new DERValue(DER.INTEGER, version);
+
+ DERValue derDigestAlgorithms = new DERValue(DER.CONSTRUCTED | DER.SET,
+ digestAlgorithms);
+
+ DERValue derContentType = new DERValue(DER.OBJECT_IDENTIFIER,
+ PKCS7Data.PKCS7_DATA);
+ ArrayList contentInfo = new ArrayList(2);
+ contentInfo.add(derContentType);
+ if (content == null)
+ contentInfo.add(new DERValue(DER.NULL, null));
+ else
+ contentInfo.add(content);
+
+ DERValue derContentInfo = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE,
+ contentInfo);
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream(4096);
+ for (int i = 0; i < certificates.length; i++)
+ baos.write(certificates[i].getEncoded());
+
+ baos.flush();
+ byte[] b = baos.toByteArray();
+ DERValue derExtendedCertificatesAndCertificates =
+ new DERValue(DER.CONSTRUCTED | DER.CONTEXT | 0, b.length, b, null);
+
+ DERValue derCertificateRevocationLists = null;
+ if (crls != null && crls.length > 0)
+ {
+ baos.reset();
+ for (int i = 0; i < crls.length; i++)
+ baos.write(((X509CRL) crls[i]).getEncoded());
+
+ baos.flush();
+ byte[] b2 = baos.toByteArray();
+ derCertificateRevocationLists =
+ new DERValue(DER.CONSTRUCTED | DER.CONTEXT | 1, b2.length, b2, null);
+ }
+
+ baos.reset();
+ for (Iterator it = signerInfos.iterator(); it.hasNext();)
+ {
+ SignerInfo signerInfo = (SignerInfo) it.next();
+ signerInfo.encode(baos);
+ }
+ baos.flush();
+ byte[] b3 = baos.toByteArray();
+ DERValue derSignerInfos = new DERValue(DER.CONSTRUCTED | DER.SET,
+ b3.length, b3, null);
+
+ ArrayList signedData = new ArrayList(6);
+ signedData.add(derVersion);
+ signedData.add(derDigestAlgorithms);
+ signedData.add(derContentInfo);
+ signedData.add(derExtendedCertificatesAndCertificates);
+ if (derCertificateRevocationLists != null)
+ signedData.add(derCertificateRevocationLists);
+
+ signedData.add(derSignerInfos);
+ DERValue derSignedData = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE,
+ signedData);
+ // now the outer contents
+ ArrayList outer = new ArrayList(3);
+ outer.add(new DERValue(DER.OBJECT_IDENTIFIER, PKCS7_SIGNED_DATA));
+ outer.add(new DERValue(DER.CONTEXT | 0, null));
+ outer.add(derSignedData);
+ DERValue derOuter = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, outer);
+
+ DERWriter.write(out, derOuter);
+ }
}
diff --git a/gnu/java/security/pkcs/SignerInfo.java b/gnu/java/security/pkcs/SignerInfo.java
index c976799bb..7b38bfefd 100644
--- a/gnu/java/security/pkcs/SignerInfo.java
+++ b/gnu/java/security/pkcs/SignerInfo.java
@@ -42,16 +42,25 @@ import gnu.java.security.ber.BER;
import gnu.java.security.ber.BEREncodingException;
import gnu.java.security.ber.BERReader;
import gnu.java.security.ber.BERValue;
+import gnu.java.security.der.DER;
import gnu.java.security.der.DERValue;
+import gnu.java.security.der.DERWriter;
+import gnu.java.security.util.Util;
+import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.io.OutputStream;
import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
public class SignerInfo
{
+ private static final Logger log = Logger.getLogger(SignerInfo.class.getName());
+
private final BigInteger version;
private final BigInteger serialNumber;
private final X500Principal issuer;
@@ -63,67 +72,80 @@ public class SignerInfo
private final byte[] encryptedDigest;
private final byte[] unauthenticatedAttributes;
- private static final boolean DEBUG = false;
- private static void debug(String msg)
- {
- System.err.print("SignerInfo >> ");
- System.err.println(msg);
- }
-
/**
* Parse a SignerInfo object.
+ * <p>
+ * A SignerInfo is a structure with the following ASN.1 syntax:
+ * <pre>
+ * SignerInfo ::= SEQUENCE {
+ * version Version, -- always 1 for PKCS7 v1.5
+ * issuerAndSerialNumber IssuerAndSerialNumber, -- an INTEGER
+ * digestAlgorithm DigestAlgorithmIdentifier,
+ * authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
+ * digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
+ * encryptedDigest EncryptedDigest,
+ * unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL }
+ *
+ * IssuerAndSerialNumber ::= SEQUENCE {
+ * issuer Name,
+ * serialNumber CertificateSerialNumber
+ * }
+ *
+ * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+ *
+ * DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+ *
+ * EncryptedDigest ::= OCTET STRING
+ * </pre>
*/
public SignerInfo(BERReader ber) throws IOException
{
DERValue val = ber.read();
- if (DEBUG)
- debug("SignerInfo: " + val);
+ log.finest("SignerInfo: " + val);
if (!val.isConstructed())
throw new BEREncodingException("malformed SignerInfo");
val = ber.read();
if (val.getTag() != BER.INTEGER)
throw new BEREncodingException("malformed Version");
- version = (BigInteger) val.getValue();
- if (DEBUG)
- debug(" Version: " + version);
+ version = (BigInteger) val.getValue();
+ log.finest(" Version: " + version);
val = ber.read();
if (!val.isConstructed())
throw new BEREncodingException("malformed IssuerAndSerialNumber");
- if (DEBUG)
- debug(" IssuerAndSerialNumber: " + val);
+ log.finest(" IssuerAndSerialNumber: " + val);
val = ber.read();
if (!val.isConstructed())
throw new BEREncodingException("malformed Issuer");
+
issuer = new X500Principal(val.getEncoded());
ber.skip(val.getLength());
- if (DEBUG)
- debug(" Issuer: " + issuer);
+ log.finest(" Issuer: " + issuer);
val = ber.read();
if (val.getTag() != BER.INTEGER)
throw new BEREncodingException("malformed SerialNumber");
+
serialNumber = (BigInteger) val.getValue();
- if (DEBUG)
- debug(" SerialNumber: " + serialNumber);
+ log.finest(" SerialNumber: " + serialNumber);
val = ber.read();
if (!val.isConstructed())
throw new BEREncodingException("malformed DigestAlgorithmIdentifier");
- if (DEBUG)
- debug(" DigestAlgorithmIdentifier: " + val);
+
+ log.finest(" DigestAlgorithmIdentifier: " + val);
int count = 0;
DERValue val2 = ber.read();
if (val2.getTag() != BER.OBJECT_IDENTIFIER)
throw new BEREncodingException("malformed AlgorithmIdentifier");
+
digestAlgorithmId = (OID) val2.getValue();
- if (DEBUG)
- debug(" OID: " + digestAlgorithmId);
+ log.finest(" digestAlgorithm OID: " + digestAlgorithmId);
if (BERValue.isIndefinite(val))
{
@@ -147,9 +169,10 @@ public class SignerInfo
}
else
digestAlgorithmParams = null;
- if(DEBUG)
- debug(" params: " + (digestAlgorithmParams == null ? null
- : new BigInteger(digestAlgorithmParams).toString(16)));
+
+ log.finest(" digestAlgorithm params: ");
+ log.finest(Util.dumpString(digestAlgorithmParams,
+ " digestAlgorithm params: "));
val = ber.read();
if (val.getTag() == 0)
@@ -158,24 +181,27 @@ public class SignerInfo
val = ber.read();
if (val.isConstructed())
ber.skip(val.getLength());
- if (DEBUG)
- debug(" AuthenticatedAttributes: " + val);
+
val = ber.read();
}
else
authenticatedAttributes = null;
+ log.finest(" AuthenticatedAttributes: ");
+ log.finest(Util.dumpString(authenticatedAttributes,
+ " AuthenticatedAttributes: "));
+
if (!val.isConstructed())
throw new BEREncodingException("malformed DigestEncryptionAlgorithmIdentifier");
- if (DEBUG)
- debug(" DigestEncryptionAlgorithmIdentifier: " + val);
+
+ log.finest(" DigestEncryptionAlgorithmIdentifier: " + val);
count = 0;
val2 = ber.read();
if (val2.getTag() != BER.OBJECT_IDENTIFIER)
throw new BEREncodingException("malformed AlgorithmIdentifier");
+
digestEncryptionAlgorithmId = (OID) val2.getValue();
- if (DEBUG)
- debug(" OID: " + digestEncryptionAlgorithmId);
+ log.finest(" digestEncryptionAlgorithm OID: " + digestEncryptionAlgorithmId);
if (BERValue.isIndefinite(val))
{
@@ -199,26 +225,74 @@ public class SignerInfo
}
else
digestEncryptionAlgorithmParams = null;
- if(DEBUG)
- debug(" params: " + (digestEncryptionAlgorithmParams == null ? null
- : new BigInteger(digestEncryptionAlgorithmParams).toString(16)));
+
+ log.finest(" digestEncryptionAlgorithm params: ");
+ log.finest(Util.dumpString(digestEncryptionAlgorithmParams,
+ " digestEncryptionAlgorithm params: "));
val = ber.read();
if (val.getTag() != BER.OCTET_STRING)
throw new BEREncodingException("malformed EncryptedDigest");
+
encryptedDigest = (byte[]) val.getValue();
- if (DEBUG)
- debug(" EncryptedDigest: " + new BigInteger(1, encryptedDigest).toString(16));
+ log.finest(" EncryptedDigest: ");
+ log.finest(Util.dumpString(encryptedDigest, " EncryptedDigest: "));
if (ber.peek() == 1)
unauthenticatedAttributes = ber.read().getEncoded();
else
unauthenticatedAttributes = null;
+ log.finest(" UnauthenticatedAttributes: ");
+ log.finest(Util.dumpString(unauthenticatedAttributes,
+ " UnauthenticatedAttributes: "));
+
if (ber.peek() == 0)
ber.read();
}
+ /**
+ * Constructs a new instance of <code>SignerInfo</code> given a designated
+ * set of fields.
+ *
+ * @param issuer the X.500 Principal name of the signer referenced by this
+ * instance.
+ * @param serialNumber the serial number of the certificate being used. Both
+ * this and the previous arguments are gleaned from the signer's
+ * certificate.
+ * @param digestAlgorithmOID the OID of the digest algorithm. When
+ * constructing the DigestAlgorithmIdentifier with this OID, the
+ * parameters part will be NULL.
+ * @param authenticatedAttributes the encoding of the set of authenticated
+ * attributes to use.
+ * @param digestEncryptionAlgorithmOID the OID of the digest encryption
+ * algorithm. When constructing the
+ * DigestEncryptionAlgorithmIdentifier with this OID, the parameters
+ * part will be NULL.
+ * @param encryptedDigest the encrypted hash generated with this signer's
+ * private key.
+ * @param unauthenticatedAttributes the encoding of the set of
+ * unauthencticated attributes.
+ */
+ public SignerInfo(X500Principal issuer, BigInteger serialNumber,
+ OID digestAlgorithmOID, byte[] authenticatedAttributes,
+ OID digestEncryptionAlgorithmOID,
+ byte[] encryptedDigest, byte[] unauthenticatedAttributes)
+ {
+ super();
+
+ this.version = BigInteger.ONE;
+ this.issuer = issuer;
+ this.serialNumber = serialNumber;
+ this.digestAlgorithmId = digestAlgorithmOID;
+ this.digestAlgorithmParams = null;
+ this.authenticatedAttributes = authenticatedAttributes;
+ this.digestEncryptionAlgorithmId = digestEncryptionAlgorithmOID;
+ this.digestEncryptionAlgorithmParams = null;
+ this.encryptedDigest = encryptedDigest;
+ this.unauthenticatedAttributes = unauthenticatedAttributes;
+ }
+
public BigInteger getVersion()
{
return version;
@@ -276,4 +350,65 @@ public class SignerInfo
? (byte[]) unauthenticatedAttributes.clone()
: null);
}
+
+ /**
+ * Writes to the designated output stream the DER encoding of the current
+ * contents of this instance.
+ *
+ * @param out the destination output stream.
+ * @throws IOException if an I/O related exception occurs during the process.
+ */
+ public void encode(OutputStream out) throws IOException
+ {
+ DERValue derVersion = new DERValue(DER.INTEGER, version);
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream(4096);
+ baos.write(issuer.getEncoded());
+ DERValue derSerialNumber = new DERValue(DER.INTEGER, serialNumber);
+ DERWriter.write(baos, derSerialNumber);
+ baos.flush();
+ byte[] b = baos.toByteArray();
+ DERValue derIssuerAndSerialNumber =
+ new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, b.length, b, null);
+
+ DERValue derDigestAlgorithmOID = new DERValue(DER.OBJECT_IDENTIFIER,
+ digestAlgorithmId);
+ ArrayList digestAlgorithmIdentifier = new ArrayList(1);
+ digestAlgorithmIdentifier.add(derDigestAlgorithmOID);
+ DERValue derDigestAlgorithmIdentifier =
+ new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, digestAlgorithmIdentifier);
+
+ DERValue derAuthenticatedAttributes;
+ if (authenticatedAttributes == null)
+ derAuthenticatedAttributes = new DERValue(DER.NULL, null);
+ else
+ derAuthenticatedAttributes = new DERValue(DER.CONSTRUCTED | DER.SET,
+ authenticatedAttributes);
+
+ DERValue derDigestEncryptionAlgorithmOID =
+ new DERValue(DER.OBJECT_IDENTIFIER, digestEncryptionAlgorithmId);
+ ArrayList digestEncryptionAlgorithmIdentifier = new ArrayList(1);
+ digestEncryptionAlgorithmIdentifier.add(derDigestEncryptionAlgorithmOID);
+ DERValue derDigestEncryptionAlgorithmIdentifier =
+ new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, digestEncryptionAlgorithmIdentifier);
+
+ DERValue derEncryptedDigest = new DERValue(DER.OCTET_STRING, encryptedDigest);
+
+ DERValue derUnauthenticatedAttributes;
+ if (unauthenticatedAttributes == null)
+ derUnauthenticatedAttributes = new DERValue(DER.NULL, null);
+ else
+ derUnauthenticatedAttributes = new DERValue(DER.CONSTRUCTED | DER.SET,
+ unauthenticatedAttributes);
+
+ ArrayList signerInfo = new ArrayList(5);
+ signerInfo.add(derVersion);
+ signerInfo.add(derIssuerAndSerialNumber);
+ signerInfo.add(derDigestAlgorithmIdentifier);
+ signerInfo.add(derDigestEncryptionAlgorithmIdentifier);
+ signerInfo.add(derEncryptedDigest);
+ DERValue derSignerInfo = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE,
+ signerInfo);
+ DERWriter.write(out, derSignerInfo);
+ }
}
diff --git a/gnu/java/security/provider/DSAParameterGenerator.java b/gnu/java/security/provider/DSAParameterGenerator.java
deleted file mode 100644
index ccec1136c..000000000
--- a/gnu/java/security/provider/DSAParameterGenerator.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/* DSAParameterGenerator.java --- DSA Parameter Generator Implementation
- Copyright (C) 1999 Free Software Foundation, Inc.
-
-This file is part of GNU Classpath.
-
-GNU Classpath is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2, or (at your option)
-any later version.
-
-GNU Classpath is distributed in the hope that it will be useful, but
-WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with GNU Classpath; see the file COPYING. If not, write to the
-Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-02110-1301 USA.
-
-Linking this library statically or dynamically with other modules is
-making a combined work based on this library. Thus, the terms and
-conditions of the GNU General Public License cover the whole
-combination.
-
-As a special exception, the copyright holders of this library give you
-permission to link this library with independent modules to produce an
-executable, regardless of the license terms of these independent
-modules, and to copy and distribute the resulting executable under
-terms of your choice, provided that you also meet, for each linked
-independent module, the terms and conditions of the license of that
-module. An independent module is a module which is not derived from
-or based on this library. If you modify this library, you may extend
-this exception to your version of the library, but you are not
-obligated to do so. If you do not wish to do so, delete this
-exception statement from your version. */
-
-
-package gnu.java.security.provider;
-
-import gnu.java.security.util.Prime;
-
-import java.math.BigInteger;
-import java.security.AlgorithmParameterGeneratorSpi;
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.DSAParameterSpec;
-import java.security.spec.InvalidParameterSpecException;
-import java.util.Random;
-
-public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi
-{
- private int size;
- private SecureRandom random = null;
-
- public DSAParameterGenerator()
- {
- size = 1024;
- }
-
- public void engineInit(int size, SecureRandom random)
- {
- if( (size < 512) || (size > 1024) || ( (size % 64) != 0) )
- //throw new InvalidAlgorithmParameterException("Invalid Size");
- return;
- this.size = size;
- this.random = random;
- }
-
- public void engineInit(AlgorithmParameterSpec genParamSpec, SecureRandom random)
- throws InvalidAlgorithmParameterException
- {
- if( !( genParamSpec instanceof DSAParameterSpec ) )
- throw new InvalidAlgorithmParameterException("Must be DSAParameterSpec");
-
- DSAParameterSpec dsaparameterspec = (DSAParameterSpec)genParamSpec;
- int tmp = dsaparameterspec.getP().bitLength();
-
- if( (tmp < 512) || (tmp > 1024) || ( (tmp % 64) != 0) )
- throw new InvalidAlgorithmParameterException("Invalid Size");
-
- this.random = random;
- }
-
- //For more information see IEEE P1363 A.16.1 (10/05/98 Draft)
- public AlgorithmParameters engineGenerateParameters()
- {
- DSAParameterSpec dsaparameterspec;
-
- int L = size;
- BigInteger r, p, k, h, g;
-
- //q 2^159 < q < 2^160
- r = Prime.generateRandomPrime( 159, 160, BigInteger.valueOf(1));
-
- // 2^(L-1) < p < 2^L
- p = Prime.generateRandomPrime( r, BigInteger.valueOf(1), L - 1, L, BigInteger.valueOf(1));
-
- k = p.subtract( BigInteger.valueOf(1) );
- k = k.divide( r );
-
- Random rand = new Random();
- h = BigInteger.valueOf(1);
-
- for(;;) {
- h = h.add(BigInteger.valueOf( 1 ) );
-
- g = h.modPow(k, p);
-
- if( g.compareTo( BigInteger.valueOf(1) ) != 1 )
- break;
- }
-
- try {
- dsaparameterspec = new DSAParameterSpec(p, r, g);
- AlgorithmParameters ap = AlgorithmParameters.getInstance("DSA");
- ap.init( dsaparameterspec );
- return ap;
- } catch ( NoSuchAlgorithmException nsae ) {
- return null;
- } catch ( InvalidParameterSpecException ipse) {
- return null;
- }
- }
-}
View Lorry Controller Status