diff options
author | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
commit | 171aaece4f23709d33d180cf36eb3af5e454b0c9 (patch) | |
tree | 1485f9f0a7bd10de4ff25030db575dbb8dafae74 /pki/base/util/src/netscape/security/x509/X509Key.java | |
parent | adad2fcee8a29fdb82376fbce07dedb11fccc182 (diff) | |
download | pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.gz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.xz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.zip |
Revert "Formatting"
This reverts commit 32150d3ee32f8ac27118af7c792794b538c78a2f.
Diffstat (limited to 'pki/base/util/src/netscape/security/x509/X509Key.java')
-rw-r--r-- | pki/base/util/src/netscape/security/x509/X509Key.java | 681 |
1 files changed, 345 insertions, 336 deletions
diff --git a/pki/base/util/src/netscape/security/x509/X509Key.java b/pki/base/util/src/netscape/security/x509/X509Key.java index cc006053..9d5f86a9 100644 --- a/pki/base/util/src/netscape/security/x509/X509Key.java +++ b/pki/base/util/src/netscape/security/x509/X509Key.java @@ -36,19 +36,20 @@ import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; /** - * Holds an X.509 key, for example a public key found in an X.509 certificate. - * Includes a description of the algorithm to be used with the key; these keys - * normally are used as "SubjectPublicKeyInfo". - * - * <P> - * While this class can represent any kind of X.509 key, it may be desirable to - * provide subclasses which understand how to parse keying data. For example, - * RSA public keys have two members, one for the public modulus and one for the - * prime exponent. If such a class is provided, it is used when parsing X.509 - * keys. If one is not provided, the key still parses correctly. - * + * Holds an X.509 key, for example a public key found in an X.509 + * certificate. Includes a description of the algorithm to be used + * with the key; these keys normally are used as + * "SubjectPublicKeyInfo". + * + * <P>While this class can represent any kind of X.509 key, it may be + * desirable to provide subclasses which understand how to parse keying + * data. For example, RSA public keys have two members, one for the + * public modulus and one for the prime exponent. If such a class is + * provided, it is used when parsing X.509 keys. If one is not provided, + * the key still parses correctly. + * * @version 1.74, 97/12/10 - * @author David Brownell + * @author David Brownell */ public class X509Key implements PublicKey { @@ -65,205 +66,207 @@ public class X509Key implements PublicKey { protected byte[] encodedKey; /** - * Default constructor. The key constructed must have its key and algorithm - * initialized before it may be used, for example by using - * <code>decode</code>. + * Default constructor. The key constructed must have its key + * and algorithm initialized before it may be used, for example + * by using <code>decode</code>. */ - public X509Key() { - } + public X509Key() { } /* - * Build and initialize as a "default" key. All X.509 key data is stored and - * transmitted losslessly, but no knowledge about this particular algorithm - * is available. + * Build and initialize as a "default" key. All X.509 key + * data is stored and transmitted losslessly, but no knowledge + * about this particular algorithm is available. */ - public X509Key(AlgorithmId algid, byte[] key) throws InvalidKeyException { - this.algid = algid; - this.key = key; - encode(); + public X509Key(AlgorithmId algid, byte[] key) + throws InvalidKeyException { + this.algid = algid; + this.key = key; + encode(); } /** - * Construct X.509 subject public key from a DER value. If the runtime - * environment is configured with a specific class for this kind of key, a - * subclass is returned. Otherwise, a generic X509Key object is returned. - * - * <P> - * This mechanism gurantees that keys (and algorithms) may be freely - * manipulated and transferred, without risk of losing information. Also, - * when a key (or algorithm) needs some special handling, that specific need - * can be accomodated. + * Construct X.509 subject public key from a DER value. If + * the runtime environment is configured with a specific class for + * this kind of key, a subclass is returned. Otherwise, a generic + * X509Key object is returned. * + * <P>This mechanism gurantees that keys (and algorithms) may be + * freely manipulated and transferred, without risk of losing + * information. Also, when a key (or algorithm) needs some special + * handling, that specific need can be accomodated. + * * @param in the DER-encoded SubjectPublicKeyInfo value * @exception IOException on data format errors */ - public static X509Key parse(DerValue in) throws IOException { - AlgorithmId algorithm; - X509Key subjectKey; + public static X509Key parse(DerValue in) throws IOException + { + AlgorithmId algorithm; + X509Key subjectKey; - if (in.tag != DerValue.tag_Sequence) - throw new IOException("corrupt subject key"); + if (in.tag != DerValue.tag_Sequence) + throw new IOException("corrupt subject key"); - algorithm = AlgorithmId.parse(in.data.getDerValue()); - try { - subjectKey = buildX509Key(algorithm, in.data.getBitString()); + algorithm = AlgorithmId.parse(in.data.getDerValue ()); + try { + subjectKey = buildX509Key(algorithm, in.data.getBitString ()); - } catch (InvalidKeyException e) { - throw new IOException("subject key, " + e.getMessage()); - } + } catch (InvalidKeyException e) { + throw new IOException("subject key, " + e.getMessage()); + } - if (in.data.available() != 0) - throw new IOException("excess subject key"); - return subjectKey; + if (in.data.available () != 0) + throw new IOException ("excess subject key"); + return subjectKey; } /** - * Parse the key bits. This may be redefined by subclasses to take advantage - * of structure within the key. For example, RSA public keys encapsulate two - * unsigned integers (modulus and exponent) as DER values within the - * <code>key</code> bits; Diffie-Hellman and DSS/DSA keys encapsulate a - * single unsigned integer. - * - * <P> - * This function is called when creating X.509 SubjectPublicKeyInfo values - * using the X509Key member functions, such as <code>parse</code> and - * <code>decode</code>. - * + * Parse the key bits. This may be redefined by subclasses to take + * advantage of structure within the key. For example, RSA public + * keys encapsulate two unsigned integers (modulus and exponent) as + * DER values within the <code>key</code> bits; Diffie-Hellman and + * DSS/DSA keys encapsulate a single unsigned integer. + * + * <P>This function is called when creating X.509 SubjectPublicKeyInfo + * values using the X509Key member functions, such as <code>parse</code> + * and <code>decode</code>. + * * @exception IOException on parsing errors. * @exception InvalidKeyException on invalid key encodings. */ protected void parseKeyBits() throws IOException, InvalidKeyException { - encode(); + encode(); } /* - * Factory interface, building the kind of key associated with this specific - * algorithm ID or else returning this generic base class. See the - * description above. + * Factory interface, building the kind of key associated with this + * specific algorithm ID or else returning this generic base class. + * See the description above. */ static X509Key buildX509Key(AlgorithmId algid, byte[] key) - throws IOException, InvalidKeyException { - /* - * Use the algid and key parameters to produce the ASN.1 encoding of the - * key, which will then be used as the input to the key factory. - */ - DerOutputStream x509EncodedKeyStream = new DerOutputStream(); - encode(x509EncodedKeyStream, algid, key); - X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec( - x509EncodedKeyStream.toByteArray()); - - try { - // Instantiate the key factory of the appropriate algorithm - KeyFactory keyFac = null; - if (Security.getProvider("Mozilla-JSS") == null) { - keyFac = KeyFactory.getInstance(algid.getName()); - } else { - keyFac = KeyFactory.getInstance(algid.getName(), "Mozilla-JSS"); - } - - // Generate the public key - PublicKey pubKey = keyFac.generatePublic(x509KeySpec); - - if (pubKey instanceof X509Key) { - /* - * Return specialized X509Key, where the structure within the - * key has been parsed - */ - return (X509Key) pubKey; + throws IOException, InvalidKeyException + { + /* + * Use the algid and key parameters to produce the ASN.1 encoding + * of the key, which will then be used as the input to the + * key factory. + */ + DerOutputStream x509EncodedKeyStream = new DerOutputStream(); + encode(x509EncodedKeyStream, algid, key); + X509EncodedKeySpec x509KeySpec + = new X509EncodedKeySpec(x509EncodedKeyStream.toByteArray()); + + try { + // Instantiate the key factory of the appropriate algorithm + KeyFactory keyFac = null; + if (Security.getProvider("Mozilla-JSS") == null) { + keyFac = KeyFactory.getInstance(algid.getName()); + } else { + keyFac = KeyFactory.getInstance(algid.getName(), + "Mozilla-JSS"); } - } catch (NoSuchAlgorithmException e) { - // Return generic X509Key with opaque key data (see below) - } catch (InvalidKeySpecException e) { - throw new InvalidKeyException(e.toString()); - } catch (Exception e) { - throw new InvalidKeyException(e.toString()); - } - - /* - * Try again using JDK1.1-style for backwards compatibility. - */ - String classname = ""; - try { - Properties props; - String keytype; - Provider sunProvider; - - sunProvider = Security.getProvider("SUN"); - if (sunProvider == null) - throw new InstantiationException(); - classname = sunProvider.getProperty("PublicKey.X.509." - + algid.getName()); - if (classname == null) { - throw new InstantiationException(); - } - - Class keyClass = Class.forName(classname); - Object inst; - X509Key result; - - inst = keyClass.newInstance(); - if (inst instanceof X509Key) { - result = (X509Key) inst; - result.algid = algid; - result.key = key; - result.parseKeyBits(); - return result; - } - } catch (ClassNotFoundException e) { - } catch (InstantiationException e) { - } catch (IllegalAccessException e) { - // this should not happen. - throw new IOException(classname + " [internal error]"); - } - - X509Key result = new X509Key(); - result.algid = algid; - result.key = key; - return result; + + // Generate the public key + PublicKey pubKey = keyFac.generatePublic(x509KeySpec); + + if (pubKey instanceof X509Key) { + /* + * Return specialized X509Key, where the structure within the + * key has been parsed + */ + return (X509Key)pubKey; + } + } catch (NoSuchAlgorithmException e) { + // Return generic X509Key with opaque key data (see below) + } catch (InvalidKeySpecException e) { + throw new InvalidKeyException(e.toString()); + } catch (Exception e) { + throw new InvalidKeyException(e.toString()); + } + + /* + * Try again using JDK1.1-style for backwards compatibility. + */ + String classname = ""; + try { + Properties props; + String keytype; + Provider sunProvider; + + sunProvider = Security.getProvider("SUN"); + if (sunProvider == null) + throw new InstantiationException(); + classname = sunProvider.getProperty("PublicKey.X.509." + + algid.getName()); + if (classname == null) { + throw new InstantiationException(); + } + + Class keyClass = Class.forName(classname); + Object inst; + X509Key result; + + inst = keyClass.newInstance(); + if (inst instanceof X509Key) { + result = (X509Key) inst; + result.algid = algid; + result.key = key; + result.parseKeyBits(); + return result; + } + } catch (ClassNotFoundException e) { + } catch (InstantiationException e) { + } catch (IllegalAccessException e) { + // this should not happen. + throw new IOException (classname + " [internal error]"); + } + + X509Key result = new X509Key(); + result.algid = algid; + result.key = key; + return result; } /** * Returns the algorithm to be used with this key. */ - public String getAlgorithm() { - return algid.getName(); + public String getAlgorithm() { + return algid.getName(); } /** * Returns the algorithm ID to be used with this key. */ - public AlgorithmId getAlgorithmId() { - return algid; - } + public AlgorithmId getAlgorithmId () { return algid; } /** * Encode SubjectPublicKeyInfo sequence on the DER output stream. - * + * * @exception IOException on encoding errors. */ - public final void encode(DerOutputStream out) throws IOException { - encode(out, this.algid, this.key); + public final void encode(DerOutputStream out) throws IOException + { + encode(out, this.algid, this.key); } /** * Returns the DER-encoded form of the key as a byte array. */ public synchronized byte[] getEncoded() { - byte[] result = null; - try { - result = encode(); - } catch (InvalidKeyException e) { - } - return result; + byte[] result = null; + try { + result = encode(); + } catch (InvalidKeyException e) { + } + return result; } /** * Returns the format for this key: "X.509" */ public String getFormat() { - return "X.509"; + return "X.509"; } - + /** * Returns the raw key as a byte array */ @@ -273,236 +276,242 @@ public class X509Key implements PublicKey { /** * Returns the DER-encoded form of the key as a byte array. - * + * * @exception InvalidKeyException on encoding errors. */ public byte[] encode() throws InvalidKeyException { - if (encodedKey == null) { - try { - DerOutputStream out; - - out = new DerOutputStream(); - encode(out); - encodedKey = out.toByteArray(); - - } catch (IOException e) { - throw new InvalidKeyException("IOException : " + e.getMessage()); - } - } - return copyEncodedKey(encodedKey); + if (encodedKey == null) { + try { + DerOutputStream out; + + out = new DerOutputStream (); + encode (out); + encodedKey = out.toByteArray(); + + } catch (IOException e) { + throw new InvalidKeyException ("IOException : " + + e.getMessage()); + } + } + return copyEncodedKey(encodedKey); } /* * Returns a printable representation of the key */ - public String toString() { - netscape.security.util.PrettyPrintFormat pp = new netscape.security.util.PrettyPrintFormat( - " ", 20); - String keybits = pp.toHexString(key); - - return "algorithm = " + algid.toString() + ", unparsed keybits = \n" - + keybits; + public String toString () + { + netscape.security.util.PrettyPrintFormat pp = + new netscape.security.util.PrettyPrintFormat(" ", 20); + String keybits = pp.toHexString(key); + + return "algorithm = " + algid.toString () + + ", unparsed keybits = \n" + keybits; } - /** - * Initialize an X509Key object from an input stream. The data on that input - * stream must be encoded using DER, obeying the X.509 - * <code>SubjectPublicKeyInfo</code> format. That is, the data is a sequence - * consisting of an algorithm ID and a bit string which holds the key. (That - * bit string is often used to encapsulate another DER encoded sequence.) - * - * <P> - * Subclasses should not normally redefine this method; they should instead - * provide a <code>parseKeyBits</code> method to parse any fields inside the - * <code>key</code> member. - * - * <P> - * The exception to this rule is that since private keys need not be encoded - * using the X.509 <code>SubjectPublicKeyInfo</code> format, private keys - * may override this method, <code>encode</code>, and of course - * <code>getFormat</code>. - * - * @param in an input stream with a DER-encoded X.509 SubjectPublicKeyInfo - * value + /** + * Initialize an X509Key object from an input stream. The data on that + * input stream must be encoded using DER, obeying the X.509 + * <code>SubjectPublicKeyInfo</code> format. That is, the data is a + * sequence consisting of an algorithm ID and a bit string which holds + * the key. (That bit string is often used to encapsulate another DER + * encoded sequence.) + * + * <P>Subclasses should not normally redefine this method; they should + * instead provide a <code>parseKeyBits</code> method to parse any + * fields inside the <code>key</code> member. + * + * <P>The exception to this rule is that since private keys need not + * be encoded using the X.509 <code>SubjectPublicKeyInfo</code> format, + * private keys may override this method, <code>encode</code>, and + * of course <code>getFormat</code>. + * + * @param in an input stream with a DER-encoded X.509 + * SubjectPublicKeyInfo value * @exception InvalidKeyException on parsing errors. */ - public void decode(InputStream in) throws InvalidKeyException { - DerValue val; - - try { - val = new DerValue(in); - if (val.tag != DerValue.tag_Sequence) - throw new InvalidKeyException("invalid key format"); - - algid = AlgorithmId.parse(val.data.getDerValue()); - key = val.data.getBitString(); - parseKeyBits(); - if (val.data.available() != 0) - throw new InvalidKeyException("excess key data"); - - } catch (IOException e) { - // e.printStackTrace (); - throw new InvalidKeyException("IOException : " + e.getMessage()); - } + public void decode(InputStream in) + throws InvalidKeyException + { + DerValue val; + + try { + val = new DerValue (in); + if (val.tag != DerValue.tag_Sequence) + throw new InvalidKeyException ("invalid key format"); + + algid = AlgorithmId.parse (val.data.getDerValue ()); + key = val.data.getBitString (); + parseKeyBits (); + if (val.data.available () != 0) + throw new InvalidKeyException ("excess key data"); + + } catch (IOException e) { + // e.printStackTrace (); + throw new InvalidKeyException("IOException : " + + e.getMessage()); + } } public void decode(byte[] encodedKey) throws InvalidKeyException { - decode(new ByteArrayInputStream(encodedKey)); + decode(new ByteArrayInputStream(encodedKey)); } /** - * Serialization write ... X.509 keys serialize as themselves, and they're - * parsed when they get read back. + * Serialization write ... X.509 keys serialize as + * themselves, and they're parsed when they get read back. */ - private synchronized void writeObject(java.io.ObjectOutputStream stream) - throws IOException { - stream.write(getEncoded()); + private synchronized void + writeObject (java.io.ObjectOutputStream stream) + throws IOException { + stream.write(getEncoded()); } /** - * Serialization read ... X.509 keys serialize as themselves, and they're - * parsed when they get read back. + * Serialization read ... X.509 keys serialize as + * themselves, and they're parsed when they get read back. */ - private synchronized void readObject(ObjectInputStream stream) - throws IOException { - - try { - decode(stream); - - } catch (InvalidKeyException e) { - e.printStackTrace(); - throw new IOException("deserialized key is invalid: " - + e.getMessage()); - } + private synchronized void + readObject (ObjectInputStream stream) + throws IOException { + + try { + decode(stream); + + } catch (InvalidKeyException e) { + e.printStackTrace(); + throw new IOException("deserialized key is invalid: " + + e.getMessage()); + } } public boolean equals(Object object) { - if (this == object) { - return true; - } - - if (object instanceof Key) { - Key key = (Key) object; - - byte[] b1; - if (encodedKey != null) { - b1 = encodedKey; - } else { - b1 = getEncoded(); - } - byte[] b2 = key.getEncoded(); - - return java.security.MessageDigest.isEqual(b1, b2); - } - - return false; + if (this == object) { + return true; + } + + if (object instanceof Key) { + Key key = (Key)object; + + byte[] b1; + if (encodedKey != null) { + b1 = encodedKey; + } else { + b1 = getEncoded(); + } + byte[] b2 = key.getEncoded(); + + return java.security.MessageDigest.isEqual(b1, b2); + } + + return false; } - + /** - * Calculates a hash code value for the object. Objects which are equal will - * also have the same hashcode. + * Calculates a hash code value for the object. Objects + * which are equal will also have the same hashcode. */ public int hashCode() { int retval = 0; - byte[] b1 = getEncoded(); + byte[] b1 = getEncoded(); for (int i = 1; i < b1.length; i++) { retval += b1[i] * i; } - return (retval); + return(retval); } /* * Make a copy of the encoded key. */ private byte[] copyEncodedKey(byte[] encodedKey) { - int len = encodedKey.length; - byte[] copy = new byte[len]; - System.arraycopy(encodedKey, 0, copy, 0, len); - return copy; + int len = encodedKey.length; + byte[] copy = new byte[len]; + System.arraycopy(encodedKey, 0, copy, 0, len); + return copy; } /* * Produce SubjectPublicKey encoding from algorithm id and key material. */ static void encode(DerOutputStream out, AlgorithmId algid, byte[] key) - throws IOException { - DerOutputStream tmp = new DerOutputStream(); - algid.encode(tmp); - tmp.putBitString(key); - out.write(DerValue.tag_Sequence, tmp); - } - - /* - * parsePublicKey returns a PublicKey for use with package JSS from within - * netscape.security.*. This function provide an interim solution for - * migrating from using the netscape.security.* package to using the JSS - * package. - */ - - public static PublicKey parsePublicKey(DerValue in) throws IOException { - AlgorithmId algorithm; - PublicKey subjectKey; - - if (in.tag != DerValue.tag_Sequence) - throw new IOException("corrupt subject key"); - - algorithm = AlgorithmId.parse(in.data.getDerValue()); - try { - subjectKey = buildPublicKey(algorithm, in.data.getBitString()); - - } catch (InvalidKeyException e) { - throw new IOException("subject key, " + e.getMessage()); - } - - if (in.data.available() != 0) - throw new IOException("excess subject key"); - return subjectKey; + throws IOException { + DerOutputStream tmp = new DerOutputStream(); + algid.encode(tmp); + tmp.putBitString(key); + out.write(DerValue.tag_Sequence, tmp); } - - /* - * buildPublicKey returns a PublicKey for use with the JSS package from - * within netscape.security.*. This function provide an interim solution for - * migrating from using the netscape.security.* package to using the JSS - * package. + /* + * parsePublicKey returns a PublicKey for use with package JSS from within netscape.security.*. + * This function provide an interim solution for migrating from using the netscape.security.* package + * to using the JSS package. */ - static PublicKey buildPublicKey(AlgorithmId algid, byte[] key) - throws IOException, InvalidKeyException { - /* - * Use the algid and key parameters to produce the ASN.1 encoding of the - * key, which will then be used as the input to the key factory. - */ - DerOutputStream x509EncodedKeyStream = new DerOutputStream(); - encode(x509EncodedKeyStream, algid, key); - X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec( - x509EncodedKeyStream.toByteArray()); - - try { - // Instantiate the key factory of the appropriate algorithm - KeyFactory keyFac = null; - if (Security.getProvider("Mozilla-JSS") == null) { - keyFac = KeyFactory.getInstance(algid.getName()); - } else { - keyFac = KeyFactory.getInstance(algid.getName(), "Mozilla-JSS"); - } + + public static PublicKey parsePublicKey(DerValue in) throws IOException + { + AlgorithmId algorithm; + PublicKey subjectKey; + + if (in.tag != DerValue.tag_Sequence) + throw new IOException("corrupt subject key"); + + algorithm = AlgorithmId.parse(in.data.getDerValue ()); + try { + subjectKey = buildPublicKey(algorithm, in.data.getBitString ()); + + } catch (InvalidKeyException e) { + throw new IOException("subject key, " + e.getMessage()); + } + + if (in.data.available () != 0) + throw new IOException ("excess subject key"); + return subjectKey; + } + /* buildPublicKey returns a PublicKey for use with the JSS package from within netscape.security.*. + * This function provide an interim solution for migrating from using the netscape.security.* package + * to using the JSS package. + */ + static PublicKey buildPublicKey(AlgorithmId algid, byte[] key) + throws IOException, InvalidKeyException + { + /* + * Use the algid and key parameters to produce the ASN.1 encoding + * of the key, which will then be used as the input to the + * key factory. + */ + DerOutputStream x509EncodedKeyStream = new DerOutputStream(); + encode(x509EncodedKeyStream, algid, key); + X509EncodedKeySpec x509KeySpec + = new X509EncodedKeySpec(x509EncodedKeyStream.toByteArray()); + + try { + // Instantiate the key factory of the appropriate algorithm + KeyFactory keyFac = null; + if (Security.getProvider("Mozilla-JSS") == null) { + keyFac = KeyFactory.getInstance(algid.getName()); + } else { + keyFac = KeyFactory.getInstance(algid.getName(), + "Mozilla-JSS"); + } + + // Generate the public key + PublicKey pubKey = keyFac.generatePublic(x509KeySpec); + + /* + * Return specialized X509Key, where the structure within the + * key has been parsed + */ + return pubKey; + } catch (NoSuchAlgorithmException e) { + // Return generic X509Key with opaque key data (see below) + throw new InvalidKeyException(e.toString()); + } catch (InvalidKeySpecException e) { + throw new InvalidKeyException(e.toString()); + } catch (Exception e) { + throw new InvalidKeyException(e.toString()); + } + + } - // Generate the public key - PublicKey pubKey = keyFac.generatePublic(x509KeySpec); - - /* - * Return specialized X509Key, where the structure within the key - * has been parsed - */ - return pubKey; - } catch (NoSuchAlgorithmException e) { - // Return generic X509Key with opaque key data (see below) - throw new InvalidKeyException(e.toString()); - } catch (InvalidKeySpecException e) { - throw new InvalidKeyException(e.toString()); - } catch (Exception e) { - throw new InvalidKeyException(e.toString()); - } - - } } |