1 /*
2 * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.provider;
27
28 import java.security.Key;
29 import java.security.PublicKey;
30 import java.security.PrivateKey;
31 import java.security.KeyFactorySpi;
32 import java.security.InvalidKeyException;
33 import java.security.AccessController;
34 import java.security.interfaces.DSAParams;
35 import java.security.spec.DSAPublicKeySpec;
36 import java.security.spec.DSAPrivateKeySpec;
37 import java.security.spec.KeySpec;
38 import java.security.spec.InvalidKeySpecException;
39 import java.security.spec.X509EncodedKeySpec;
40 import java.security.spec.PKCS8EncodedKeySpec;
41
42 import sun.security.action.GetPropertyAction;
43
44 /**
45 * This class implements the DSA key factory of the Sun provider.
46 *
47 * @author Jan Luehe
48 *
49 *
50 * @since 1.2
51 */
52
53 public class DSAKeyFactory extends KeyFactorySpi {
54
55 // package private for DSAKeyPairGenerator
56 static final boolean SERIAL_INTEROP;
57 private static final String SERIAL_PROP = "sun.security.key.serial.interop";
58
59 static {
60
61 /**
62 * Check to see if we need to maintain interoperability for serialized
63 * keys between JDK 5.0 -> JDK 1.4. In other words, determine whether
64 * a key object serialized in JDK 5.0 must be deserializable in
65 * JDK 1.4.
66 *
67 * If true, then we generate sun.security.provider.DSAPublicKey.
68 * If false, then we generate sun.security.provider.DSAPublicKeyImpl.
69 *
70 * By default this is false.
71 * This incompatibility was introduced by 4532506.
72 */
73 String prop = AccessController.doPrivileged
74 (new GetPropertyAction(SERIAL_PROP, null));
75 SERIAL_INTEROP = "true".equalsIgnoreCase(prop);
76 }
77
78 /**
79 * Generates a public key object from the provided key specification
80 * (key material).
81 *
82 * @param keySpec the specification (key material) of the public key
83 *
84 * @return the public key
85 *
86 * @exception InvalidKeySpecException if the given key specification
87 * is inappropriate for this key factory to produce a public key.
88 */
89 protected PublicKey engineGeneratePublic(KeySpec keySpec)
90 throws InvalidKeySpecException {
91 try {
92 if (keySpec instanceof DSAPublicKeySpec) {
93 DSAPublicKeySpec dsaPubKeySpec = (DSAPublicKeySpec)keySpec;
94 if (SERIAL_INTEROP) {
95 return new DSAPublicKey(dsaPubKeySpec.getY(),
96 dsaPubKeySpec.getP(),
97 dsaPubKeySpec.getQ(),
98 dsaPubKeySpec.getG());
99 } else {
100 return new DSAPublicKeyImpl(dsaPubKeySpec.getY(),
101 dsaPubKeySpec.getP(),
102 dsaPubKeySpec.getQ(),
103 dsaPubKeySpec.getG());
104 }
105 } else if (keySpec instanceof X509EncodedKeySpec) {
106 if (SERIAL_INTEROP) {
107 return new DSAPublicKey
108 (((X509EncodedKeySpec)keySpec).getEncoded());
109 } else {
110 return new DSAPublicKeyImpl
111 (((X509EncodedKeySpec)keySpec).getEncoded());
112 }
113 } else {
114 throw new InvalidKeySpecException
115 ("Inappropriate key specification");
116 }
117 } catch (InvalidKeyException e) {
118 throw new InvalidKeySpecException
119 ("Inappropriate key specification: " + e.getMessage());
120 }
121 }
122
123 /**
124 * Generates a private key object from the provided key specification
125 * (key material).
126 *
127 * @param keySpec the specification (key material) of the private key
128 *
129 * @return the private key
130 *
131 * @exception InvalidKeySpecException if the given key specification
132 * is inappropriate for this key factory to produce a private key.
133 */
134 protected PrivateKey engineGeneratePrivate(KeySpec keySpec)
135 throws InvalidKeySpecException {
136 try {
137 if (keySpec instanceof DSAPrivateKeySpec) {
138 DSAPrivateKeySpec dsaPrivKeySpec = (DSAPrivateKeySpec)keySpec;
139 return new DSAPrivateKey(dsaPrivKeySpec.getX(),
140 dsaPrivKeySpec.getP(),
141 dsaPrivKeySpec.getQ(),
142 dsaPrivKeySpec.getG());
143
144 } else if (keySpec instanceof PKCS8EncodedKeySpec) {
145 return new DSAPrivateKey
146 (((PKCS8EncodedKeySpec)keySpec).getEncoded());
147
148 } else {
149 throw new InvalidKeySpecException
150 ("Inappropriate key specification");
151 }
152 } catch (InvalidKeyException e) {
153 throw new InvalidKeySpecException
154 ("Inappropriate key specification: " + e.getMessage());
155 }
156 }
157
158 /**
159 * Returns a specification (key material) of the given key object
160 * in the requested format.
161 *
162 * @param key the key
163 *
164 * @param keySpec the requested format in which the key material shall be
165 * returned
166 *
167 * @return the underlying key specification (key material) in the
168 * requested format
169 *
170 * @exception InvalidKeySpecException if the requested key specification is
171 * inappropriate for the given key, or the given key cannot be processed
172 * (e.g., the given key has an unrecognized algorithm or format).
173 */
174 protected <T extends KeySpec>
175 T engineGetKeySpec(Key key, Class<T> keySpec)
176 throws InvalidKeySpecException {
177
178 DSAParams params;
179
180 try {
181
182 if (key instanceof java.security.interfaces.DSAPublicKey) {
183
184 // Determine valid key specs
185 Class<?> dsaPubKeySpec = Class.forName
186 ("java.security.spec.DSAPublicKeySpec");
187 Class<?> x509KeySpec = Class.forName
188 ("java.security.spec.X509EncodedKeySpec");
189
190 if (dsaPubKeySpec.isAssignableFrom(keySpec)) {
191 java.security.interfaces.DSAPublicKey dsaPubKey
192 = (java.security.interfaces.DSAPublicKey)key;
193 params = dsaPubKey.getParams();
194 return keySpec.cast(new DSAPublicKeySpec(dsaPubKey.getY(),
195 params.getP(),
196 params.getQ(),
197 params.getG()));
198
199 } else if (x509KeySpec.isAssignableFrom(keySpec)) {
200 return keySpec.cast(new X509EncodedKeySpec(key.getEncoded()));
201
202 } else {
203 throw new InvalidKeySpecException
204 ("Inappropriate key specification");
205 }
206
207 } else if (key instanceof java.security.interfaces.DSAPrivateKey) {
208
209 // Determine valid key specs
210 Class<?> dsaPrivKeySpec = Class.forName
211 ("java.security.spec.DSAPrivateKeySpec");
212 Class<?> pkcs8KeySpec = Class.forName
213 ("java.security.spec.PKCS8EncodedKeySpec");
214
215 if (dsaPrivKeySpec.isAssignableFrom(keySpec)) {
216 java.security.interfaces.DSAPrivateKey dsaPrivKey
217 = (java.security.interfaces.DSAPrivateKey)key;
218 params = dsaPrivKey.getParams();
219 return keySpec.cast(new DSAPrivateKeySpec(dsaPrivKey.getX(),
220 params.getP(),
221 params.getQ(),
222 params.getG()));
223
224 } else if (pkcs8KeySpec.isAssignableFrom(keySpec)) {
225 return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded()));
226
227 } else {
228 throw new InvalidKeySpecException
229 ("Inappropriate key specification");
230 }
231
232 } else {
233 throw new InvalidKeySpecException("Inappropriate key type");
234 }
235
236 } catch (ClassNotFoundException e) {
237 throw new InvalidKeySpecException
238 ("Unsupported key specification: " + e.getMessage());
239 }
240 }
241
242 /**
243 * Translates a key object, whose provider may be unknown or potentially
244 * untrusted, into a corresponding key object of this key factory.
245 *
246 * @param key the key whose provider is unknown or untrusted
247 *
248 * @return the translated key
249 *
250 * @exception InvalidKeyException if the given key cannot be processed by
251 * this key factory.
252 */
253 protected Key engineTranslateKey(Key key) throws InvalidKeyException {
254
255 try {
256
257 if (key instanceof java.security.interfaces.DSAPublicKey) {
258 // Check if key originates from this factory
259 if (key instanceof sun.security.provider.DSAPublicKey) {
260 return key;
261 }
262 // Convert key to spec
263 DSAPublicKeySpec dsaPubKeySpec
264 = engineGetKeySpec(key, DSAPublicKeySpec.class);
265 // Create key from spec, and return it
266 return engineGeneratePublic(dsaPubKeySpec);
267
268 } else if (key instanceof java.security.interfaces.DSAPrivateKey) {
269 // Check if key originates from this factory
270 if (key instanceof sun.security.provider.DSAPrivateKey) {
271 return key;
272 }
273 // Convert key to spec
274 DSAPrivateKeySpec dsaPrivKeySpec
275 = engineGetKeySpec(key, DSAPrivateKeySpec.class);
276 // Create key from spec, and return it
277 return engineGeneratePrivate(dsaPrivKeySpec);
278
279 } else {
280 throw new InvalidKeyException("Wrong algorithm type");
281 }
282
283 } catch (InvalidKeySpecException e) {
284 throw new InvalidKeyException("Cannot translate key: "
285 + e.getMessage());
286 }
287 }
288 }