1 /*
2 * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.tools.keytool;
27
28 import java.io.IOException;
29 import java.security.cert.X509Certificate;
30 import java.security.cert.CertificateException;
31 import java.security.cert.CertificateEncodingException;
32 import java.security.*;
33 import java.util.Date;
34
35 import sun.security.pkcs10.PKCS10;
36 import sun.security.x509.*;
37
38 /**
39 * Generate a pair of keys, and provide access to them. This class is
40 * provided primarily for ease of use.
41 *
42 * <P>This provides some simple certificate management functionality.
43 * Specifically, it allows you to create self-signed X.509 certificates
44 * as well as PKCS 10 based certificate signing requests.
45 *
46 * <P>Keys for some public key signature algorithms have algorithm
47 * parameters, such as DSS/DSA. Some sites' Certificate Authorities
48 * adopt fixed algorithm parameters, which speeds up some operations
49 * including key generation and signing. <em>At this time, this interface
50 * does not provide a way to provide such algorithm parameters, e.g.
51 * by providing the CA certificate which includes those parameters.</em>
52 *
105 }
106 }
107 this.sigAlg = sigAlg;
108 }
109
110 /**
111 * Sets the source of random numbers used when generating keys.
112 * If you do not provide one, a system default facility is used.
113 * You may wish to provide your own source of random numbers
114 * to get a reproducible sequence of keys and signatures, or
115 * because you may be able to take advantage of strong sources
116 * of randomness/entropy in your environment.
117 */
118 public void setRandom (SecureRandom generator)
119 {
120 prng = generator;
121 }
122
123 // want "public void generate (X509Certificate)" ... inherit DSA/D-H param
124
125 /**
126 * Generates a random public/private key pair, with a given key
127 * size. Different algorithms provide different degrees of security
128 * for the same key size, because of the "work factor" involved in
129 * brute force attacks. As computers become faster, it becomes
130 * easier to perform such attacks. Small keys are to be avoided.
131 *
132 * <P>Note that not all values of "keyBits" are valid for all
133 * algorithms, and not all public key algorithms are currently
134 * supported for use in X.509 certificates. If the algorithm
135 * you specified does not produce X.509 compatible keys, an
136 * invalid key exception is thrown.
137 *
138 * @param keyBits the number of bits in the keys.
139 * @exception InvalidKeyException if the environment does not
140 * provide X.509 public keys for this signature algorithm.
141 */
142 public void generate (int keyBits)
143 throws InvalidKeyException
144 {
145 KeyPair pair;
146
147 try {
148 if (prng == null) {
149 prng = new SecureRandom();
150 }
151 keyGen.initialize(keyBits, prng);
152 pair = keyGen.generateKeyPair();
153
154 } catch (Exception e) {
155 throw new IllegalArgumentException(e.getMessage());
156 }
157
158 publicKey = pair.getPublic();
159 privateKey = pair.getPrivate();
160
161 // publicKey's format must be X.509 otherwise
162 // the whole CertGen part of this class is broken.
163 if (!"X.509".equalsIgnoreCase(publicKey.getFormat())) {
164 throw new IllegalArgumentException("Public key format is "
165 + publicKey.getFormat() + ", must be X.509");
166 }
167
168 if (sigAlg == null) {
169 sigAlg = AlgorithmId.getDefaultSigAlgForKey(privateKey);
170 if (sigAlg == null) {
171 throw new IllegalArgumentException(
172 "Cannot derive signature algorithm from "
173 + privateKey.getAlgorithm());
174 }
175 }
176 }
|
1 /*
2 * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.tools.keytool;
27
28 import java.io.IOException;
29 import java.security.cert.X509Certificate;
30 import java.security.cert.CertificateException;
31 import java.security.cert.CertificateEncodingException;
32 import java.security.*;
33 import java.security.spec.AlgorithmParameterSpec;
34 import java.util.Date;
35
36 import sun.security.pkcs10.PKCS10;
37 import sun.security.x509.*;
38
39 /**
40 * Generate a pair of keys, and provide access to them. This class is
41 * provided primarily for ease of use.
42 *
43 * <P>This provides some simple certificate management functionality.
44 * Specifically, it allows you to create self-signed X.509 certificates
45 * as well as PKCS 10 based certificate signing requests.
46 *
47 * <P>Keys for some public key signature algorithms have algorithm
48 * parameters, such as DSS/DSA. Some sites' Certificate Authorities
49 * adopt fixed algorithm parameters, which speeds up some operations
50 * including key generation and signing. <em>At this time, this interface
51 * does not provide a way to provide such algorithm parameters, e.g.
52 * by providing the CA certificate which includes those parameters.</em>
53 *
106 }
107 }
108 this.sigAlg = sigAlg;
109 }
110
111 /**
112 * Sets the source of random numbers used when generating keys.
113 * If you do not provide one, a system default facility is used.
114 * You may wish to provide your own source of random numbers
115 * to get a reproducible sequence of keys and signatures, or
116 * because you may be able to take advantage of strong sources
117 * of randomness/entropy in your environment.
118 */
119 public void setRandom (SecureRandom generator)
120 {
121 prng = generator;
122 }
123
124 // want "public void generate (X509Certificate)" ... inherit DSA/D-H param
125
126 public void generate(int keyBits) {
127 if (keyBits != -1) {
128 try {
129 if (prng == null) {
130 prng = new SecureRandom();
131 }
132 keyGen.initialize(keyBits, prng);
133
134 } catch (Exception e) {
135 throw new IllegalArgumentException(e.getMessage());
136 }
137 }
138 generateInternal();
139 }
140
141 /**
142 * Generates a random public/private key pair, with a given key
143 * size. Different algorithms provide different degrees of security
144 * for the same key size, because of the "work factor" involved in
145 * brute force attacks. As computers become faster, it becomes
146 * easier to perform such attacks. Small keys are to be avoided.
147 *
148 * <P>Note that not all values of "keyBits" are valid for all
149 * algorithms, and not all public key algorithms are currently
150 * supported for use in X.509 certificates. If the algorithm
151 * you specified does not produce X.509 compatible keys, an
152 * invalid key exception is thrown.
153 *
154 * @param keyBits the number of bits in the keys.
155 * @exception InvalidKeyException if the environment does not
156 * provide X.509 public keys for this signature algorithm.
157 */
158 public void generateInternal() {
159 KeyPair pair = keyGen.generateKeyPair();
160
161 publicKey = pair.getPublic();
162 privateKey = pair.getPrivate();
163
164 // publicKey's format must be X.509 otherwise
165 // the whole CertGen part of this class is broken.
166 if (!"X.509".equalsIgnoreCase(publicKey.getFormat())) {
167 throw new IllegalArgumentException("Public key format is "
168 + publicKey.getFormat() + ", must be X.509");
169 }
170
171 if (sigAlg == null) {
172 sigAlg = AlgorithmId.getDefaultSigAlgForKey(privateKey);
173 if (sigAlg == null) {
174 throw new IllegalArgumentException(
175 "Cannot derive signature algorithm from "
176 + privateKey.getAlgorithm());
177 }
178 }
179 }
|