2006-02-23 Raif S. Naffah <raif@swiftdsl.com.au>

	* gnu/javax/crypto/key/dh/GnuDHKeyPairGenerator.java
	(DEFAULT_PRIME_SIZE): Made public.
	(DEFAULT_EXPONENT_SIZE): Likewise.
	(setup): Handle DHParameterSpec as well.
	* gnu/javax/crypto/key/dh/GnuDHKey.java (getEncoded): Return
	defaultFormat instead of Raw.
	* gnu/javax/crypto/key/dh/DHKeyPairX509Codec.java
	(checkIsConstructed): Removed.
	(checkIsBigInteger): Likewise.
	(decodePublicKey): Use DerUtil.
	* gnu/javax/crypto/key/dh/DHKeyPairPKCS8Codec.java
	(checkIsConstructed): Removed.
	(checkIsBigInteger): Likewise.
	(decodePrivateKey): Use DerUtil.
	* gnu/javax/crypto/jce/GnuCrypto.java (run): Updated mapping of
	KeyAgreement.DH.
	Added mappings for AlgorithmParameters.DH and
	AlgorithmParameterGenerator.DH.
	* gnu/javax/crypto/jce/DiffieHellmanImpl.java: New file.
	* gnu/javax/crypto/jce/sig/DHParametersGenerator.java: Likewise.
	* gnu/javax/crypto/jce/sig/DHParameters.java: Likewise.
	* gnu/javax/crypto/jce/sig/DHKeyFactory.java (engineGeneratePrivate):
	Return result.
	(engineGeneratePublic): Likewise.
	* gnu/java/security/util/DerUtil.java: New file.
	* gnu/java/security/sig/rsa/RSASignatureFactory.java (getNames):
	Include only valid RSA PKCS1 (v1.5) signature names.
	* gnu/java/security/sig/rsa/RSAPKCS1V1_5SignatureX509Codec.java
	(RSAPKCS1V1_5SignatureX509Codec): Removed.
	(checkIsConstructed): Likewise.
	* gnu/java/security/sig/dss/DSSSignatureX509Codec.java
	(checkIsConstructed): Removed.
	(checkIsBigInteger): Likewise.
	(decodeSignature): Use DerUtil.
	* gnu/java/security/key/rsa/RSAKeyPairX509Codec.java
	(checkIsConstructed): Removed.
	(checkIsBigInteger): Likewise.
	(decodePublicKey): Use DerUtil.
	* gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java
	(checkIsConstructed): Removed.
	(checkIsBigInteger): Likewise.
	(decodePrivateKey): Use DerUtil.
	* gnu/java/security/key/dss/DSSKeyPairX509Codec.java
	(checkIsConstructed): Removed.
	(checkIsBigInteger): Likewise.
	(decodePublicKey): Use DerUtil.
	* gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java
	(checkIsConstructed): Removed.
	(checkIsBigInteger): Likewise.
	(decodePrivateKey): Use DerUtil.
	* gnu/java/security/key/dss/DSSKeyPairGenerator.java
	(DEFAULT_MODULUS_LENGTH): Made it public.
	* gnu/java/security/key/dss/DSSKey.java (getEncoded): Return
	defaultFormat instead of Raw.
	* gnu/java/security/jce/sig/DSSParametersGenerator.java: New file.
	* gnu/java/security/jce/sig/DSSParameters.java: Likewise..
	* gnu/java/security/jce/sig/DSSKeyFactory.java (engineGeneratePrivate):
	Return result.
	(engineGeneratePublic): Likewise.
	* gnu/javax/crypto/DiffieHellmanImpl: Removed.

13 files changed, 461 insertions, 109 deletions

diff --git a/gnu/java/security/jce/sig/DSSKeyFactory.java b/gnu/java/security/jce/sig/DSSKeyFactory.java
index 818d0513d..bb4d85c89 100644
--- a/gnu/java/security/jce/sig/DSSKeyFactory.java
+++ b/gnu/java/security/jce/sig/DSSKeyFactory.java
@@ -89,6 +89,7 @@ public class DSSKeyFactory extends KeyFactorySpi
         try
           {
             result = new DSSKeyPairX509Codec().decodePublicKey(encoded);
+            return result;
           }
         catch (RuntimeException x)
           {
@@ -122,6 +123,7 @@ public class DSSKeyFactory extends KeyFactorySpi
         try
           {
             result = new DSSKeyPairPKCS8Codec().decodePrivateKey(encoded);
+            return result;
           }
         catch (RuntimeException x)
           {
diff --git a/gnu/java/security/jce/sig/DSSParameters.java b/gnu/java/security/jce/sig/DSSParameters.java
new file mode 100644
index 000000000..ba1f414fa
--- /dev/null
+++ b/gnu/java/security/jce/sig/DSSParameters.java
@@ -0,0 +1,220 @@
+/* DSSParameters.java -- DSS parameters DAO
+   Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.jce.sig;
+
+import gnu.java.security.Registry;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+import gnu.java.security.der.DERWriter;
+import gnu.java.security.util.DerUtil;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.AlgorithmParametersSpi;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.DSAParameterSpec;
+import java.security.spec.InvalidParameterSpecException;
+import java.util.ArrayList;
+
+/**
+ * A JCE-specific Data Access Object (DAO) for DSS parameters.
+ */
+public class DSSParameters
+    extends AlgorithmParametersSpi
+{
+  /**
+   * A prime modulus, where <code>2<sup>L-1</sup> &lt; p &lt; 2<sup>L</sup></code>
+   * for <code>512 &lt;= L &lt;= 1024</code> and <code>L</code> a multiple of
+   * <code>64</code>.
+   */
+  private BigInteger p;
+
+  /**
+   * A prime divisor of <code>p - 1</code>, where <code>2<sup>159</sup> &lt; q
+   * &lt; 2<sup>160</sup></code>.
+   */
+  private BigInteger q;
+
+  /**
+   * <code>g = h<sup>(p-1)</sup>/q mod p</code>, where <code>h</code> is any
+   * integer with <code>1 &lt; h &lt; p - 1</code> such that <code>h<sup>
+   * (p-1)</sup>/q mod p > 1</code> (<code>g</code> has order <code>q mod p
+   * </code>).
+   */
+  private BigInteger g;
+
+  // default 0-arguments constructor
+
+  protected void engineInit(AlgorithmParameterSpec spec)
+      throws InvalidParameterSpecException
+  {
+    if (! (spec instanceof DSAParameterSpec))
+      throw new InvalidParameterSpecException("Wrong AlgorithmParameterSpec type: "
+                                              + spec.getClass().getName());
+    DSAParameterSpec dsaSpec = (DSAParameterSpec) spec;
+    p = dsaSpec.getP();
+    q = dsaSpec.getQ();
+    g = dsaSpec.getG();
+  }
+
+  /**
+   * Decodes the set of DSS parameters as per RFC-2459; i.e. the DER-encoded
+   * form of the following ASN.1 construct: 
+   * 
+   * <pre>
+   *   DssParams ::= SEQUENCE {
+   *     p   INTEGER,
+   *     q   INTEGER,
+   *     g   INTEGER
+   *   }
+   * </pre>
+   */
+  protected void engineInit(byte[] params) throws IOException
+  {
+    DERReader der = new DERReader(params);
+
+    DERValue derParams = der.read();
+    DerUtil.checkIsConstructed(derParams, "Wrong DSS Parameters field");
+
+    DERValue val = der.read();
+    DerUtil.checkIsBigInteger(val, "Wrong P field");
+    p = (BigInteger) val.getValue();
+    val = der.read();
+    DerUtil.checkIsBigInteger(val, "Wrong Q field");
+    q = (BigInteger) val.getValue();
+    val = der.read();
+    DerUtil.checkIsBigInteger(val, "Wrong G field");
+    g = (BigInteger) val.getValue();
+  }
+
+  protected void engineInit(byte[] params, String format) throws IOException
+  {
+    if (format != null)
+      {
+        format = format.trim();
+        if (format.length() == 0)
+          throw new IOException("Format MUST NOT be an empty string");
+
+        if (! format.equalsIgnoreCase(Registry.ASN1_ENCODING_SHORT_NAME))
+          throw new IOException("Unknown or unsupported format: " + format);
+      }
+
+    engineInit(params);
+  }
+
+  protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec)
+      throws InvalidParameterSpecException
+  {
+    if (! paramSpec.isAssignableFrom(DSAParameterSpec.class))
+      throw new InvalidParameterSpecException("Wrong AlgorithmParameterSpec type: "
+                                              + paramSpec.getName());
+    return new DSAParameterSpec(p, q, g);
+  }
+
+  /**
+   * Encodes the set of DSS parameters as per RFC-2459; i.e. as the DER-encoded
+   * form of the following ASN.1 construct: 
+   * 
+   * <pre>
+   *   DssParams ::= SEQUENCE {
+   *     p   INTEGER,
+   *     q   INTEGER,
+   *     g   INTEGER
+   *   }
+   * </pre>
+   */
+  protected byte[] engineGetEncoded() throws IOException
+  {
+    DERValue derP = new DERValue(DER.INTEGER, p);
+    DERValue derQ = new DERValue(DER.INTEGER, q);
+    DERValue derG = new DERValue(DER.INTEGER, g);
+
+    ArrayList params = new ArrayList(3);
+    params.add(derP);
+    params.add(derQ);
+    params.add(derG);
+    DERValue derParams = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, params);
+
+    ByteArrayOutputStream baos = new ByteArrayOutputStream();
+    DERWriter.write(baos, derParams);
+    byte[] result = baos.toByteArray();
+
+    return result;
+  }
+
+  protected byte[] engineGetEncoded(String format) throws IOException
+  {
+    if (format != null)
+      {
+        format = format.trim();
+        if (format.length() == 0)
+          throw new IOException("Format MUST NOT be an empty string");
+
+        if (! format.equalsIgnoreCase(Registry.ASN1_ENCODING_SHORT_NAME))
+          throw new IOException("Unknown or unsupported format: " + format);
+      }
+
+    return engineGetEncoded();
+  }
+
+  protected String engineToString()
+  {
+    StringBuffer sb = new StringBuffer("p=");
+    if (p == null)
+      sb.append("???");
+    else
+      sb.append("0x").append(p.toString(16));
+
+    sb.append(", q=");
+    if (q == null)
+      sb.append("???");
+    else
+      sb.append("0x").append(q.toString(16));
+
+    sb.append(", g=");
+    if (g == null)
+      sb.append("???");
+    else
+      sb.append("0x").append(g.toString(16));
+
+    return sb.toString();
+  }
+}
diff --git a/gnu/java/security/jce/sig/DSSParametersGenerator.java b/gnu/java/security/jce/sig/DSSParametersGenerator.java
new file mode 100644
index 000000000..09c138610
--- /dev/null
+++ b/gnu/java/security/jce/sig/DSSParametersGenerator.java
@@ -0,0 +1,125 @@
+/* DSSParametersGenerator.java -- JCE Adapter for a generator of DSS parameters
+   Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.jce.sig;
+
+import gnu.java.security.Registry;
+import gnu.java.security.key.dss.DSSKeyPairGenerator;
+import gnu.java.security.key.dss.FIPS186;
+import gnu.java.security.provider.Gnu;
+
+import java.math.BigInteger;
+import java.security.AlgorithmParameterGeneratorSpi;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.DSAParameterSpec;
+import java.security.spec.InvalidParameterSpecException;
+
+/**
+ * A JCE Adapter for a generator of DSS parameters.
+ */
+public class DSSParametersGenerator
+    extends AlgorithmParameterGeneratorSpi
+{
+  private static final Provider GNU = new Gnu();
+
+  /** Size of the public modulus in bits. */
+  private int modulusLength = -1;
+
+  /** User specified source of randomness. */
+  private SecureRandom rnd;
+
+  /** Our concrete DSS parameters generator. */
+  private FIPS186 fips;
+
+  // default 0-arguments constructor
+
+  protected void engineInit(int size, SecureRandom random)
+  {
+    if ((size % 64) != 0 || size < 512 || size > 1024)
+      throw new InvalidParameterException("Modulus size/length (in bits) MUST "
+                                          + "be a multiple of 64, greater than "
+                                          + "or equal to 512, and less than or "
+                                          + "equal to 1024");
+    this.modulusLength = size;
+    this.rnd = random;
+  }
+
+  protected void engineInit(AlgorithmParameterSpec spec, SecureRandom random)
+      throws InvalidAlgorithmParameterException
+  {
+    if (! (spec instanceof DSAParameterSpec))
+      throw new InvalidAlgorithmParameterException("Wrong AlgorithmParameterSpec type: "
+                                                   + spec.getClass().getName());
+    DSAParameterSpec dsaSpec = (DSAParameterSpec) spec;
+    BigInteger p = dsaSpec.getP();
+    int size = p.bitLength();
+    this.engineInit(size, random);
+  }
+
+  protected AlgorithmParameters engineGenerateParameters()
+  {
+    if (modulusLength < 1)
+      modulusLength = DSSKeyPairGenerator.DEFAULT_MODULUS_LENGTH;
+
+    fips = new FIPS186(modulusLength, rnd);
+    BigInteger[] params = fips.generateParameters();
+    BigInteger p = params[3];
+    BigInteger q = params[2];
+    BigInteger g = params[5];
+    DSAParameterSpec spec = new DSAParameterSpec(p, q, g);
+    AlgorithmParameters result = null;
+    try
+      {
+        result = AlgorithmParameters.getInstance(Registry.DSS_KPG, GNU);
+        result.init(spec);
+      }
+    catch (NoSuchAlgorithmException ignore)
+      {
+      }
+    catch (InvalidParameterSpecException ignore)
+      {
+      }
+    return result;
+  }
+}
diff --git a/gnu/java/security/key/dss/DSSKey.java b/gnu/java/security/key/dss/DSSKey.java
index 8c906a650..428cab1e7 100644
--- a/gnu/java/security/key/dss/DSSKey.java
+++ b/gnu/java/security/key/dss/DSSKey.java
@@ -39,7 +39,6 @@ exception statement from your version.  */
 package gnu.java.security.key.dss;
 
 import gnu.java.security.Registry;
-import gnu.java.security.key.IKeyPairCodec;
 import gnu.java.security.util.FormatUtil;
 
 import java.math.BigInteger;
@@ -60,7 +59,7 @@ import java.security.spec.DSAParameterSpec;
  * the relevant <code>getEncoded()</code> methods of each of the private and
  * public keys.</p>
  *
- * @version $Revision: 1.3 $
+ * @version $Revision: 1.4 $
  * @see DSSPrivateKey#getEncoded
  * @see DSSPublicKey#getEncoded
  */
@@ -142,7 +141,7 @@ public abstract class DSSKey implements Key, DSAKey
   /** @deprecated see getEncoded(int). */
   public byte[] getEncoded()
   {
-    return getEncoded(IKeyPairCodec.RAW_FORMAT);
+    return getEncoded(defaultFormat);
   }
 
   public String getFormat()
diff --git a/gnu/java/security/key/dss/DSSKeyPairGenerator.java b/gnu/java/security/key/dss/DSSKeyPairGenerator.java
index 23dd12796..5aa746147 100644
--- a/gnu/java/security/key/dss/DSSKeyPairGenerator.java
+++ b/gnu/java/security/key/dss/DSSKeyPairGenerator.java
@@ -159,7 +159,7 @@ public class DSSKeyPairGenerator implements IKeyPairGenerator
   public static final String PREFERRED_ENCODING_FORMAT = "gnu.crypto.dss.encoding";
 
   /** Default value for the modulus length. */
-  private static final int DEFAULT_MODULUS_LENGTH = 1024;
+  public static final int DEFAULT_MODULUS_LENGTH = 1024;
 
   /** Default encoding format to use when none was specified. */
   private static final int DEFAULT_ENCODING_FORMAT = Registry.RAW_ENCODING_ID;
diff --git a/gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java b/gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java
index 671b5d66d..30e30bd14 100644
--- a/gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java
+++ b/gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java
@@ -45,6 +45,7 @@ import gnu.java.security.der.DERReader;
 import gnu.java.security.der.DERValue;
 import gnu.java.security.der.DERWriter;
 import gnu.java.security.key.IKeyPairCodec;
+import gnu.java.security.util.DerUtil;
 import gnu.java.security.util.Util;
 
 import java.io.ByteArrayOutputStream;
@@ -68,18 +69,6 @@ public class DSSKeyPairPKCS8Codec
 
   // implicit 0-arguments constructor
 
-  private static void checkIsConstructed(DERValue v, String msg)
-  {
-    if (! v.isConstructed())
-      throw new InvalidParameterException(msg);
-  }
-
-  private static void checkIsBigInteger(DERValue v, String msg)
-  {
-    if (! (v.getValue() instanceof BigInteger))
-      throw new InvalidParameterException(msg);
-  }
-
   public int getFormatID()
   {
     return PKCS8_FORMAT;
@@ -199,7 +188,7 @@ public class DSSKeyPairPKCS8Codec
     try
       {
         DERValue derPKI = der.read();
-        checkIsConstructed(derPKI, "Wrong PrivateKeyInfo field");
+        DerUtil.checkIsConstructed(derPKI, "Wrong PrivateKeyInfo field");
 
         DERValue derVersion = der.read();
         if (! (derVersion.getValue() instanceof BigInteger))
@@ -210,7 +199,7 @@ public class DSSKeyPairPKCS8Codec
           throw new InvalidParameterException("Unexpected Version: " + version);
 
         DERValue derAlgoritmID = der.read();
-        checkIsConstructed(derAlgoritmID, "Wrong AlgorithmIdentifier field");
+        DerUtil.checkIsConstructed(derAlgoritmID, "Wrong AlgorithmIdentifier field");
 
         DERValue derOID = der.read();
         OID algOID = (OID) derOID.getValue();
@@ -218,16 +207,16 @@ public class DSSKeyPairPKCS8Codec
           throw new InvalidParameterException("Unexpected OID: " + algOID);
 
         DERValue derParams = der.read();
-        checkIsConstructed(derParams, "Wrong DSS Parameters field");
+        DerUtil.checkIsConstructed(derParams, "Wrong DSS Parameters field");
 
         DERValue val = der.read();
-        checkIsBigInteger(val, "Wrong P field");
+        DerUtil.checkIsBigInteger(val, "Wrong P field");
         p = (BigInteger) val.getValue();
         val = der.read();
-        checkIsBigInteger(val, "Wrong Q field");
+        DerUtil.checkIsBigInteger(val, "Wrong Q field");
         q = (BigInteger) val.getValue();
         val = der.read();
-        checkIsBigInteger(val, "Wrong G field");
+        DerUtil.checkIsBigInteger(val, "Wrong G field");
         g = (BigInteger) val.getValue();
 
         val = der.read();
diff --git a/gnu/java/security/key/dss/DSSKeyPairX509Codec.java b/gnu/java/security/key/dss/DSSKeyPairX509Codec.java
index baf58a026..516ef92af 100644
--- a/gnu/java/security/key/dss/DSSKeyPairX509Codec.java
+++ b/gnu/java/security/key/dss/DSSKeyPairX509Codec.java
@@ -46,6 +46,7 @@ import gnu.java.security.der.DERReader;
 import gnu.java.security.der.DERValue;
 import gnu.java.security.der.DERWriter;
 import gnu.java.security.key.IKeyPairCodec;
+import gnu.java.security.util.DerUtil;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -66,18 +67,6 @@ public class DSSKeyPairX509Codec
 
   // implicit 0-arguments constructor
 
-  private static void checkIsConstructed(DERValue v, String msg)
-  {
-    if (! v.isConstructed())
-      throw new InvalidParameterException(msg);
-  }
-
-  private static void checkIsBigInteger(DERValue v, String msg)
-  {
-    if (! (v.getValue() instanceof BigInteger))
-      throw new InvalidParameterException(msg);
-  }
-
   public int getFormatID()
   {
     return X509_FORMAT;
@@ -202,10 +191,10 @@ public class DSSKeyPairX509Codec
     try
       {
         DERValue derSPKI = der.read();
-        checkIsConstructed(derSPKI, "Wrong SubjectPublicKeyInfo field");
+        DerUtil.checkIsConstructed(derSPKI, "Wrong SubjectPublicKeyInfo field");
 
         DERValue derAlgorithmID = der.read();
-        checkIsConstructed(derAlgorithmID, "Wrong AlgorithmIdentifier field");
+        DerUtil.checkIsConstructed(derAlgorithmID, "Wrong AlgorithmIdentifier field");
 
         DERValue derOID = der.read();
         if (! (derOID.getValue() instanceof OID))
@@ -216,16 +205,16 @@ public class DSSKeyPairX509Codec
           throw new InvalidParameterException("Unexpected OID: " + algOID);
 
         DERValue derParams = der.read();
-        checkIsConstructed(derParams, "Wrong DSS Parameters field");
+        DerUtil.checkIsConstructed(derParams, "Wrong DSS Parameters field");
 
         DERValue val = der.read();
-        checkIsBigInteger(val, "Wrong P field");
+        DerUtil.checkIsBigInteger(val, "Wrong P field");
         p = (BigInteger) val.getValue();
         val = der.read();
-        checkIsBigInteger(val, "Wrong Q field");
+        DerUtil.checkIsBigInteger(val, "Wrong Q field");
         q = (BigInteger) val.getValue();
         val = der.read();
-        checkIsBigInteger(val, "Wrong G field");
+        DerUtil.checkIsBigInteger(val, "Wrong G field");
         g = (BigInteger) val.getValue();
 
         val = der.read();
@@ -236,7 +225,7 @@ public class DSSKeyPairX509Codec
 
         DERReader dsaPub = new DERReader(yBytes);
         val = dsaPub.read();
-        checkIsBigInteger(val, "Wrong Y field");
+        DerUtil.checkIsBigInteger(val, "Wrong Y field");
         y = (BigInteger) val.getValue();
       }
     catch (IOException x)
diff --git a/gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java b/gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java
index 40a67625d..a7f65b610 100644
--- a/gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java
+++ b/gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java
@@ -53,6 +53,7 @@ import gnu.java.security.der.DERReader;
 import gnu.java.security.der.DERValue;
 import gnu.java.security.der.DERWriter;
 import gnu.java.security.key.IKeyPairCodec;
+import gnu.java.security.util.DerUtil;
 
 /**
  * An implementation of an {@link IKeyPairCodec} that knows how to encode /
@@ -65,18 +66,6 @@ public class RSAKeyPairPKCS8Codec
 
   // implicit 0-arguments constructor
 
-  private static void checkIsConstructed(DERValue v, String msg)
-  {
-    if (! v.isConstructed())
-      throw new InvalidParameterException(msg);
-  }
-
-  private static void checkIsBigInteger(DERValue v, String msg)
-  {
-    if (! (v.getValue() instanceof BigInteger))
-      throw new InvalidParameterException(msg);
-  }
-
   public int getFormatID()
   {
     return PKCS8_FORMAT;
@@ -227,16 +216,16 @@ public class RSAKeyPairPKCS8Codec
     try
       {
         DERValue derPKI = der.read();
-        checkIsConstructed(derPKI, "Wrong PrivateKeyInfo field");
+        DerUtil.checkIsConstructed(derPKI, "Wrong PrivateKeyInfo field");
 
         DERValue derVersion = der.read();
-        checkIsBigInteger(derVersion, "Wrong Version field");
+        DerUtil.checkIsBigInteger(derVersion, "Wrong Version field");
         version = (BigInteger) derVersion.getValue();
         if (version.compareTo(BigInteger.ZERO) != 0)
           throw new InvalidParameterException("Unexpected Version: " + version);
 
         DERValue derAlgoritmID = der.read();
-        checkIsConstructed(derAlgoritmID, "Wrong AlgorithmIdentifier field");
+        DerUtil.checkIsConstructed(derAlgoritmID, "Wrong AlgorithmIdentifier field");
 
         DERValue derOID = der.read();
         OID algOID = (OID) derOID.getValue();
@@ -248,38 +237,38 @@ public class RSAKeyPairPKCS8Codec
 
         der = new DERReader(pkBytes);
         DERValue derRSAPrivateKey = der.read();
-        checkIsConstructed(derRSAPrivateKey, "Wrong RSAPrivateKey field");
+        DerUtil.checkIsConstructed(derRSAPrivateKey, "Wrong RSAPrivateKey field");
         
         val = der.read();
-        checkIsBigInteger(val, "Wrong RSAPrivateKey Version field");
+        DerUtil.checkIsBigInteger(val, "Wrong RSAPrivateKey Version field");
         version = (BigInteger) val.getValue();
         if (version.compareTo(BigInteger.ZERO) != 0)
           throw new InvalidParameterException("Unexpected RSAPrivateKey Version: "
                                               + version);
 
         val = der.read();
-        checkIsBigInteger(val, "Wrong modulus field");
+        DerUtil.checkIsBigInteger(val, "Wrong modulus field");
         n = (BigInteger) val.getValue();
         val = der.read();
-        checkIsBigInteger(val, "Wrong publicExponent field");
+        DerUtil.checkIsBigInteger(val, "Wrong publicExponent field");
         e = (BigInteger) val.getValue();
         val = der.read();
-        checkIsBigInteger(val, "Wrong privateExponent field");
+        DerUtil.checkIsBigInteger(val, "Wrong privateExponent field");
         d = (BigInteger) val.getValue();
         val = der.read();
-        checkIsBigInteger(val, "Wrong prime1 field");
+        DerUtil.checkIsBigInteger(val, "Wrong prime1 field");
         p = (BigInteger) val.getValue();
         val = der.read();
-        checkIsBigInteger(val, "Wrong prime2 field");
+        DerUtil.checkIsBigInteger(val, "Wrong prime2 field");
         q = (BigInteger) val.getValue();
         val = der.read();
-        checkIsBigInteger(val, "Wrong exponent1 field");
+        DerUtil.checkIsBigInteger(val, "Wrong exponent1 field");
         dP = (BigInteger) val.getValue();
         val = der.read();
-        checkIsBigInteger(val, "Wrong exponent2 field");
+        DerUtil.checkIsBigInteger(val, "Wrong exponent2 field");
         dQ = (BigInteger) val.getValue();
         val = der.read();
-        checkIsBigInteger(val, "Wrong coefficient field");
+        DerUtil.checkIsBigInteger(val, "Wrong coefficient field");
         qInv = (BigInteger) val.getValue();
       }
     catch (IOException x)
diff --git a/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java b/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java
index 5845e7c95..f0a454992 100644
--- a/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java
+++ b/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java
@@ -46,6 +46,7 @@ import gnu.java.security.der.DERReader;
 import gnu.java.security.der.DERValue;
 import gnu.java.security.der.DERWriter;
 import gnu.java.security.key.IKeyPairCodec;
+import gnu.java.security.util.DerUtil;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -66,18 +67,6 @@ public class RSAKeyPairX509Codec
 
   // implicit 0-arguments constructor
 
-  private static void checkIsConstructed(DERValue v, String msg)
-  {
-    if (! v.isConstructed())
-      throw new InvalidParameterException(msg);
-  }
-
-  private static void checkIsBigInteger(DERValue v, String msg)
-  {
-    if (! (v.getValue() instanceof BigInteger))
-      throw new InvalidParameterException(msg);
-  }
-
   public int getFormatID()
   {
     return X509_FORMAT;
@@ -193,10 +182,10 @@ public class RSAKeyPairX509Codec
     try
       {
         DERValue derSPKI = der.read();
-        checkIsConstructed(derSPKI, "Wrong SubjectPublicKeyInfo field");
+        DerUtil.checkIsConstructed(derSPKI, "Wrong SubjectPublicKeyInfo field");
 
         DERValue derAlgorithmID = der.read();
-        checkIsConstructed(derAlgorithmID, "Wrong AlgorithmIdentifier field");
+        DerUtil.checkIsConstructed(derAlgorithmID, "Wrong AlgorithmIdentifier field");
 
         DERValue derOID = der.read();
         if (! (derOID.getValue() instanceof OID))
@@ -214,13 +203,13 @@ public class RSAKeyPairX509Codec
 
         der = new DERReader(spkBytes);
         val = der.read();
-        checkIsConstructed(derAlgorithmID, "Wrong subjectPublicKey field");
+        DerUtil.checkIsConstructed(derAlgorithmID, "Wrong subjectPublicKey field");
 
         val = der.read();
-        checkIsBigInteger(val, "Wrong modulus field");
+        DerUtil.checkIsBigInteger(val, "Wrong modulus field");
         n = (BigInteger) val.getValue();
         val = der.read();
-        checkIsBigInteger(val, "Wrong publicExponent field");
+        DerUtil.checkIsBigInteger(val, "Wrong publicExponent field");
         e = (BigInteger) val.getValue();
       }
     catch (IOException x)
diff --git a/gnu/java/security/sig/dss/DSSSignatureX509Codec.java b/gnu/java/security/sig/dss/DSSSignatureX509Codec.java
index e499c2630..81a11da42 100644
--- a/gnu/java/security/sig/dss/DSSSignatureX509Codec.java
+++ b/gnu/java/security/sig/dss/DSSSignatureX509Codec.java
@@ -45,6 +45,7 @@ import gnu.java.security.der.DERReader;
 import gnu.java.security.der.DERValue;
 import gnu.java.security.der.DERWriter;
 import gnu.java.security.sig.ISignatureCodec;
+import gnu.java.security.util.DerUtil;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -88,18 +89,6 @@ public class DSSSignatureX509Codec
 {
   // implicit 0-arguments constructor
 
-  private static void checkIsConstructed(DERValue v, String msg)
-  {
-    if (! v.isConstructed())
-      throw new InvalidParameterException(msg);
-  }
-
-  private static void checkIsBigInteger(DERValue v, String msg)
-  {
-    if (! (v.getValue() instanceof BigInteger))
-      throw new InvalidParameterException(msg);
-  }
-
   public int getFormatID()
   {
     return Registry.X509_ENCODING_ID;
@@ -182,13 +171,13 @@ public class DSSSignatureX509Codec
         der = new DERReader(sBytes);
 
         DERValue derDssSigValue = der.read();
-        checkIsConstructed(derDssSigValue, "Wrong Dss-Sig-Value field");
+        DerUtil.checkIsConstructed(derDssSigValue, "Wrong Dss-Sig-Value field");
 
         DERValue val = der.read();
-        checkIsBigInteger(val, "Wrong R field");
+        DerUtil.checkIsBigInteger(val, "Wrong R field");
         r = (BigInteger) val.getValue();
         val = der.read();
-        checkIsBigInteger(val, "Wrong S field");
+        DerUtil.checkIsBigInteger(val, "Wrong S field");
         s = (BigInteger) val.getValue();
       }
     catch (IOException x)
diff --git a/gnu/java/security/sig/rsa/RSAPKCS1V1_5SignatureX509Codec.java b/gnu/java/security/sig/rsa/RSAPKCS1V1_5SignatureX509Codec.java
index 8b93c2a73..90797e2d5 100644
--- a/gnu/java/security/sig/rsa/RSAPKCS1V1_5SignatureX509Codec.java
+++ b/gnu/java/security/sig/rsa/RSAPKCS1V1_5SignatureX509Codec.java
@@ -79,16 +79,7 @@ import java.security.InvalidParameterException;
 public class RSAPKCS1V1_5SignatureX509Codec
     implements ISignatureCodec
 {
-  public RSAPKCS1V1_5SignatureX509Codec()
-  {
-    super();
-  }
-
-  private static void checkIsConstructed(DERValue v, String msg)
-  {
-    if (! v.isConstructed())
-      throw new InvalidParameterException(msg);
-  }
+  // default 0-arguments constructor
 
   public int getFormatID()
   {
diff --git a/gnu/java/security/sig/rsa/RSASignatureFactory.java b/gnu/java/security/sig/rsa/RSASignatureFactory.java
index b81ff85d4..b8e12caf7 100644
--- a/gnu/java/security/sig/rsa/RSASignatureFactory.java
+++ b/gnu/java/security/sig/rsa/RSASignatureFactory.java
@@ -114,10 +114,16 @@ public class RSASignatureFactory
         for (Iterator it = hashNames.iterator(); it.hasNext();)
           {
             String mdName = (String) it.next();
-            hs.add(Registry.RSA_PKCS1_V1_5_SIG + "-" + mdName);
             hs.add(Registry.RSA_PSS_SIG + "-" + mdName);
           }
 
+        hs.add(Registry.RSA_PKCS1_V1_5_SIG + "-" + Registry.MD2_HASH);
+        hs.add(Registry.RSA_PKCS1_V1_5_SIG + "-" + Registry.MD5_HASH);
+        hs.add(Registry.RSA_PKCS1_V1_5_SIG + "-" + Registry.SHA160_HASH);
+        hs.add(Registry.RSA_PKCS1_V1_5_SIG + "-" + Registry.SHA256_HASH);
+        hs.add(Registry.RSA_PKCS1_V1_5_SIG + "-" + Registry.SHA384_HASH);
+        hs.add(Registry.RSA_PKCS1_V1_5_SIG + "-" + Registry.SHA512_HASH);
+
         names = Collections.unmodifiableSet(hs);
       }
 
diff --git a/gnu/java/security/util/DerUtil.java b/gnu/java/security/util/DerUtil.java
new file mode 100644
index 000000000..26232ba98
--- /dev/null
+++ b/gnu/java/security/util/DerUtil.java
@@ -0,0 +1,64 @@
+/* DerUtil.java -- Utility methods for DER read/write operations
+   Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.util;
+
+import gnu.java.security.der.DEREncodingException;
+import gnu.java.security.der.DERValue;
+
+import java.math.BigInteger;
+
+/**
+ * Utility methods for DER encoding handling.
+ */
+public abstract class DerUtil
+{
+  public static final void checkIsConstructed(DERValue v, String msg)
+      throws DEREncodingException
+  {
+    if (! v.isConstructed())
+      throw new DEREncodingException(msg);
+  }
+
+  public static final void checkIsBigInteger(DERValue v, String msg)
+      throws DEREncodingException
+  {
+    if (! (v.getValue() instanceof BigInteger))
+      throw new DEREncodingException(msg);
+  }
+}