mirror of
https://github.com/openjdk/jdk.git
synced 2026-01-30 04:58:25 +00:00
56b7960496
Changed SunRsaSign provider to accept RSA signature oid in RSA key encoding for backward compatibility Reviewed-by: weijun
166 lines
5.7 KiB
Java
166 lines
5.7 KiB
Java
/*
|
|
* Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation. Oracle designates this
|
|
* particular file as subject to the "Classpath" exception as provided
|
|
* by Oracle in the LICENSE file that accompanied this code.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
package sun.security.rsa;
|
|
|
|
import java.io.IOException;
|
|
import java.security.*;
|
|
import java.security.spec.*;
|
|
import sun.security.util.ObjectIdentifier;
|
|
import sun.security.x509.AlgorithmId;
|
|
|
|
/**
|
|
* Utility class for SunRsaSign provider.
|
|
* Currently used by RSAKeyPairGenerator and RSAKeyFactory.
|
|
*
|
|
* @since 11
|
|
*/
|
|
public class RSAUtil {
|
|
|
|
public enum KeyType {
|
|
RSA ("RSA", AlgorithmId.RSAEncryption_oid, null),
|
|
PSS ("RSASSA-PSS", AlgorithmId.RSASSA_PSS_oid, PSSParameterSpec.class)
|
|
;
|
|
|
|
final String keyAlgo;
|
|
final ObjectIdentifier oid;
|
|
final Class<? extends AlgorithmParameterSpec> paramSpecCls;
|
|
|
|
KeyType(String keyAlgo, ObjectIdentifier oid,
|
|
Class<? extends AlgorithmParameterSpec> paramSpecCls) {
|
|
this.keyAlgo = keyAlgo;
|
|
this.oid = oid;
|
|
this.paramSpecCls = paramSpecCls;
|
|
}
|
|
|
|
public static KeyType lookup(String name) throws ProviderException {
|
|
|
|
requireNonNull(name, "Key algorithm should not be null");
|
|
|
|
// match loosely in order to work with 3rd party providers which
|
|
// may not follow the standard names
|
|
if (name.indexOf("PSS") != -1) {
|
|
return PSS;
|
|
} else if (name.indexOf("RSA") != -1) {
|
|
return RSA;
|
|
} else { // no match
|
|
throw new ProviderException("Unsupported algorithm " + name);
|
|
}
|
|
}
|
|
}
|
|
|
|
private static void requireNonNull(Object obj, String msg) {
|
|
if (obj == null) throw new ProviderException(msg);
|
|
}
|
|
|
|
public static AlgorithmParameterSpec checkParamsAgainstType(KeyType type,
|
|
AlgorithmParameterSpec paramSpec) throws ProviderException {
|
|
|
|
// currently no check for null parameter spec
|
|
// assumption is parameter spec is optional and can be null
|
|
if (paramSpec == null) return null;
|
|
|
|
Class<? extends AlgorithmParameterSpec> expCls = type.paramSpecCls;
|
|
if (expCls == null) {
|
|
throw new ProviderException("null params expected for " +
|
|
type.keyAlgo);
|
|
} else if (!expCls.isInstance(paramSpec)) {
|
|
throw new ProviderException
|
|
(expCls + " expected for " + type.keyAlgo);
|
|
}
|
|
return paramSpec;
|
|
}
|
|
|
|
public static AlgorithmParameters getParams(KeyType type,
|
|
AlgorithmParameterSpec spec) throws ProviderException {
|
|
|
|
if (spec == null) return null;
|
|
|
|
try {
|
|
AlgorithmParameters params =
|
|
AlgorithmParameters.getInstance(type.keyAlgo);
|
|
params.init(spec);
|
|
return params;
|
|
} catch (NoSuchAlgorithmException | InvalidParameterSpecException ex) {
|
|
throw new ProviderException(ex);
|
|
}
|
|
}
|
|
|
|
public static AlgorithmId createAlgorithmId(KeyType type,
|
|
AlgorithmParameterSpec paramSpec) throws ProviderException {
|
|
|
|
checkParamsAgainstType(type, paramSpec);
|
|
|
|
ObjectIdentifier oid = type.oid;
|
|
AlgorithmParameters params = getParams(type, paramSpec);
|
|
return new AlgorithmId(oid, params);
|
|
}
|
|
|
|
public static AlgorithmParameterSpec getParamSpec(
|
|
AlgorithmParameters params) throws ProviderException {
|
|
|
|
if (params == null) return null;
|
|
|
|
String algName = params.getAlgorithm();
|
|
|
|
KeyType type = KeyType.lookup(algName);
|
|
Class<? extends AlgorithmParameterSpec> specCls = type.paramSpecCls;
|
|
if (specCls == null) {
|
|
throw new ProviderException("No params accepted for " +
|
|
type.keyAlgo);
|
|
}
|
|
try {
|
|
return params.getParameterSpec(specCls);
|
|
} catch (InvalidParameterSpecException ex) {
|
|
throw new ProviderException(ex);
|
|
}
|
|
}
|
|
|
|
public static Object[] getTypeAndParamSpec(AlgorithmId algid)
|
|
throws ProviderException {
|
|
|
|
requireNonNull(algid, "AlgorithmId should not be null");
|
|
|
|
Object[] result = new Object[2];
|
|
|
|
String algName = algid.getName();
|
|
try {
|
|
result[0] = KeyType.lookup(algName);
|
|
} catch (ProviderException pe) {
|
|
// accommodate RSA keys encoded with various RSA signature oids
|
|
// for backward compatibility
|
|
if (algName.indexOf("RSA") != -1) {
|
|
result[0] = KeyType.RSA;
|
|
} else {
|
|
// pass it up
|
|
throw pe;
|
|
}
|
|
}
|
|
|
|
result[1] = getParamSpec(algid.getParameters());
|
|
return result;
|
|
}
|
|
}
|