/** * @inheritDoc */ protected void engineInitSign(Key privateKey, SecureRandom secureRandom) throws XMLSignatureException { if (!(privateKey instanceof PrivateKey)) { String supplied = privateKey.getClass().getName(); String needed = PrivateKey.class.getName(); Object exArgs[] = { supplied, needed }; throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs); } try { this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom); } catch (InvalidKeyException ex) { throw new XMLSignatureException("empty", ex); } size = ((DSAKey)privateKey).getParams().getQ().bitLength(); }
/** * @inheritDoc */ protected void engineInitSign(Key privateKey) throws XMLSignatureException { if (!(privateKey instanceof PrivateKey)) { String supplied = privateKey.getClass().getName(); String needed = PrivateKey.class.getName(); Object exArgs[] = { supplied, needed }; throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs); } try { this.signatureAlgorithm.initSign((PrivateKey) privateKey); } catch (InvalidKeyException ex) { throw new XMLSignatureException("empty", ex); } size = ((DSAKey)privateKey).getParams().getQ().bitLength(); }
/** * @inheritDoc */ protected void engineInitSign(Key privateKey, SecureRandom secureRandom) throws XMLSignatureException { if (!(privateKey instanceof PrivateKey)) { String supplied = null; if (privateKey != null) { supplied = privateKey.getClass().getName(); } String needed = PrivateKey.class.getName(); Object exArgs[] = { supplied, needed }; throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs); } try { if (secureRandom == null) { this.signatureAlgorithm.initSign((PrivateKey) privateKey); } else { this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom); } } catch (InvalidKeyException ex) { throw new XMLSignatureException(ex); } size = ((DSAKey)privateKey).getParams().getQ().bitLength(); }
/** * Get the key size of a public key. * * @param pubKey The public key * @return The key size, {@link #UNKNOWN_KEY_SIZE} if not known */ public static int getKeyLength(PublicKey pubKey) { if (pubKey instanceof RSAKey) { return ((RSAKey) pubKey).getModulus().bitLength(); } else if (pubKey instanceof DSAKey) { return ((DSAKey) pubKey).getParams().getP().bitLength(); } else if (pubKey instanceof DHKey) { return ((DHKey) pubKey).getParams().getP().bitLength(); } else if (pubKey instanceof ECKey) { // TODO: how to get key size from these? return UNKNOWN_KEY_SIZE; } LOG.warning("Don't know how to get key size from key " + pubKey); return UNKNOWN_KEY_SIZE; }
/** * Returns <code>true</code> if the designated object is an instance of * {@link DSAKey} and has the same DSS (Digital Signature Standard) parameter * values as this one. * <p> * Always returns <code>false</code> if the MPIs of this key are * <i>inherited</i>. This may be the case when the key is re-constructed from * an X.509 certificate with absent or NULL AlgorithmIdentifier's parameters * field. * * @param obj the other non-null DSS key to compare to. * @return <code>true</code> if the designated object is of the same type * and value as this one. */ public boolean equals(Object obj) { if (hasInheritedParameters()) return false; if (obj == null) return false; if (! (obj instanceof DSAKey)) return false; DSAKey that = (DSAKey) obj; return p.equals(that.getParams().getP()) && q.equals(that.getParams().getQ()) && g.equals(that.getParams().getG()); }
protected void engineInitVerify( PublicKey publicKey) throws InvalidKeyException { CipherParameters param; if (publicKey instanceof DSAKey) { param = DSAUtil.generatePublicKeyParameter(publicKey); } else { try { byte[] bytes = publicKey.getEncoded(); publicKey = new BCDSAPublicKey(SubjectPublicKeyInfo.getInstance(bytes)); if (publicKey instanceof DSAKey) { param = DSAUtil.generatePublicKeyParameter(publicKey); } else { throw new InvalidKeyException("can't recognise key type in DSA based signer"); } } catch (Exception e) { throw new InvalidKeyException("can't recognise key type in DSA based signer"); } } digest.reset(); signer.init(false, param); }
/** * @inheritDoc */ protected void engineInitVerify(Key publicKey) throws XMLSignatureException { if (!(publicKey instanceof PublicKey)) { String supplied = publicKey.getClass().getName(); String needed = PublicKey.class.getName(); Object exArgs[] = { supplied, needed }; throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs); } try { this.signatureAlgorithm.initVerify((PublicKey) publicKey); } catch (InvalidKeyException ex) { // reinstantiate Signature object to work around bug in JDK // see: http://bugs.sun.com/view_bug.do?bug_id=4953555 Signature sig = this.signatureAlgorithm; try { this.signatureAlgorithm = Signature.getInstance(signatureAlgorithm.getAlgorithm()); } catch (Exception e) { // this shouldn't occur, but if it does, restore previous // Signature if (log.isLoggable(java.util.logging.Level.FINE)) { log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e); } this.signatureAlgorithm = sig; } throw new XMLSignatureException("empty", ex); } size = ((DSAKey)publicKey).getParams().getQ().bitLength(); }
@Override byte[] postSignFormat(Key key, byte[] sig) throws IOException { // If signature is in ASN.1 (i.e., if the fallback algorithm // was used), convert the signature to the P1363 format if (asn1) { int size = ((DSAKey) key).getParams().getQ().bitLength(); return JavaUtils.convertDsaASN1toXMLDSIG(sig, size / 8); } else { return sig; } }
@Override byte[] preVerifyFormat(Key key, byte[] sig) throws IOException { // If signature needs to be in ASN.1 (i.e., if the fallback // algorithm will be used to verify the sig), convert the signature // to the ASN.1 format if (asn1) { int size = ((DSAKey) key).getParams().getQ().bitLength(); return JavaUtils.convertDsaXMLDSIGtoASN1(sig, size / 8); } else { return sig; } }
@Override public final Key getSecretKey(String algorithmURI, XMLSecurityConstants.AlgorithmUsage algorithmUsage, String correlationID) throws XMLSecurityException { if (correlationID == null) { throw new IllegalArgumentException("correlationID must not be null"); } testAndSetInvocation(); Key key = getKey(algorithmURI, algorithmUsage, correlationID); if (key != null && this.inboundSecurityContext != null) { AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent(); algorithmSuiteSecurityEvent.setAlgorithmURI(algorithmURI); algorithmSuiteSecurityEvent.setAlgorithmUsage(algorithmUsage); algorithmSuiteSecurityEvent.setCorrelationID(correlationID); if (SecurityTokenConstants.DerivedKeyToken.equals(getTokenType())) { algorithmSuiteSecurityEvent.setDerivedKey(true); } if (key instanceof RSAKey) { algorithmSuiteSecurityEvent.setKeyLength(((RSAKey) key).getModulus().bitLength()); } else if (key instanceof DSAKey) { algorithmSuiteSecurityEvent.setKeyLength(((DSAKey) key).getParams().getP().bitLength()); } else if (key instanceof ECKey) { algorithmSuiteSecurityEvent.setKeyLength(((ECKey) key).getParams().getOrder().bitLength()); } else if (key instanceof SecretKey) { algorithmSuiteSecurityEvent.setKeyLength(key.getEncoded().length * 8); } else { throw new XMLSecurityException("java.security.UnknownKeyType", new Object[] {key.getClass().getName()}); } this.inboundSecurityContext.registerSecurityEvent(algorithmSuiteSecurityEvent); } unsetInvocation(); return key; }
@Override public final PublicKey getPublicKey(String algorithmURI, XMLSecurityConstants.AlgorithmUsage algorithmUsage, String correlationID) throws XMLSecurityException { if (correlationID == null) { throw new IllegalArgumentException("correlationID must not be null"); } testAndSetInvocation(); PublicKey publicKey = getPubKey(algorithmURI, algorithmUsage, correlationID); if (publicKey != null && this.inboundSecurityContext != null) { AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent(); algorithmSuiteSecurityEvent.setAlgorithmURI(algorithmURI); algorithmSuiteSecurityEvent.setAlgorithmUsage(algorithmUsage); algorithmSuiteSecurityEvent.setCorrelationID(correlationID); if (publicKey instanceof RSAKey) { algorithmSuiteSecurityEvent.setKeyLength(((RSAKey) publicKey).getModulus().bitLength()); } else if (publicKey instanceof DSAKey) { algorithmSuiteSecurityEvent.setKeyLength(((DSAKey) publicKey).getParams().getP().bitLength()); } else if (publicKey instanceof ECKey) { algorithmSuiteSecurityEvent.setKeyLength(((ECKey) publicKey).getParams().getOrder().bitLength()); } else { throw new XMLSecurityException("java.security.UnknownKeyType", new Object[] {publicKey.getClass().getName()}); } inboundSecurityContext.registerSecurityEvent(algorithmSuiteSecurityEvent); } unsetInvocation(); return publicKey; }
/** * @inheritDoc */ protected void engineInitVerify(Key publicKey) throws XMLSignatureException { if (!(publicKey instanceof PublicKey)) { String supplied = null; if (publicKey != null) { supplied = publicKey.getClass().getName(); } String needed = PublicKey.class.getName(); Object exArgs[] = { supplied, needed }; throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs); } try { this.signatureAlgorithm.initVerify((PublicKey) publicKey); } catch (InvalidKeyException ex) { // reinstantiate Signature object to work around bug in JDK // see: http://bugs.sun.com/view_bug.do?bug_id=4953555 Signature sig = this.signatureAlgorithm; try { this.signatureAlgorithm = Signature.getInstance(signatureAlgorithm.getAlgorithm()); } catch (Exception e) { // this shouldn't occur, but if it does, restore previous // Signature if (log.isDebugEnabled()) { log.debug("Exception when reinstantiating Signature:" + e); } this.signatureAlgorithm = sig; } throw new XMLSignatureException(ex); } size = ((DSAKey)publicKey).getParams().getQ().bitLength(); }
/** * Returns the type of digital signature used with the specified signing key. * * @param signingKey private key that will be used to sign a certificate (or something else) * @return a string representing the digital signature type (ECDSA, RSA, etc.) */ public static String getDigitalSignatureType(Key signingKey) { if (signingKey instanceof ECKey) { return "ECDSA"; } else if (signingKey instanceof RSAKey) { return "RSA"; } else if (signingKey instanceof DSAKey) { return "DSA"; } else { throw new IllegalArgumentException("Cannot determine digital signature encryption type for unknown key type: " + signingKey.getClass().getCanonicalName()); } }
@Override public boolean supportsParameter(Object param) { if (! (param instanceof PKCS11SessionChild)) return false; if (param instanceof RSAKey) return super.getAlgorithm().endsWith("RSA"); if (param instanceof DSAKey) return super.getAlgorithm().endsWith("DSA"); return false; }
/** * Initializes this signature object with PrivateKey object * passed as argument to the method. * * @params * privateKey DSAPrivateKey object * @throws * InvalidKeyException if privateKey is not DSAPrivateKey object */ protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException { DSAParams params; // parameters and private key BigInteger p, q, x; int n; if (privateKey == null || !(privateKey instanceof DSAPrivateKey)) { throw new InvalidKeyException(); } params = ((DSAPrivateKey) privateKey).getParams(); p = params.getP(); q = params.getQ(); x = ((DSAPrivateKey) privateKey).getX(); // checks described in DSA standard n = p.bitLength(); if (p.compareTo(BigInteger.valueOf(1)) != 1 || n < 512 || n > 1024 || (n & 077) != 0) { throw new InvalidKeyException("bad p"); } if (q.signum() != 1 && q.bitLength() != 160) { throw new InvalidKeyException("bad q"); } if (x.signum() != 1 || x.compareTo(q) != -1) { throw new InvalidKeyException("x <= 0 || x >= q"); } dsaKey = (DSAKey) privateKey; msgDigest.reset(); }
/** * Initializes this signature object with PublicKey object * passed as argument to the method. * * @params * publicKey DSAPublicKey object * @throws * InvalidKeyException if publicKey is not DSAPublicKey object */ protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException { // parameters and public key BigInteger p, q, y; int n1; if (publicKey == null || !(publicKey instanceof DSAPublicKey)) { throw new InvalidKeyException("publicKey is not an instance of DSAPublicKey"); } DSAParams params = ((DSAPublicKey) publicKey).getParams(); p = params.getP(); q = params.getQ(); y = ((DSAPublicKey) publicKey).getY(); // checks described in DSA standard n1 = p.bitLength(); if (p.compareTo(BigInteger.valueOf(1)) != 1 || n1 < 512 || n1 > 1024 || (n1 & 077) != 0) { throw new InvalidKeyException("bad p"); } if (q.signum() != 1 || q.bitLength() != 160) { throw new InvalidKeyException("bad q"); } if (y.signum() != 1) { throw new InvalidKeyException("y <= 0"); } dsaKey = (DSAKey) publicKey; msgDigest.reset(); }
/** * Initializes this signature object with PrivateKey object * passed as argument to the method. * * @param * privateKey DSAPrivateKey object * @throws * InvalidKeyException if privateKey is not DSAPrivateKey object */ protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException { DSAParams params; // parameters and private key BigInteger p, q, x; int n; if (privateKey == null || !(privateKey instanceof DSAPrivateKey)) { throw new InvalidKeyException( Messages.getString("security.168")); //$NON-NLS-1$ } params = ((DSAPrivateKey) privateKey).getParams(); p = params.getP(); q = params.getQ(); x = ((DSAPrivateKey) privateKey).getX(); // checks described in DSA standard n = p.bitLength(); if (p.compareTo(BigInteger.valueOf(1)) != 1 || n < 512 || n > 1024 || (n & 077) != 0) { throw new InvalidKeyException(Messages.getString("security.169")); //$NON-NLS-1$ } if (q.signum() != 1 && q.bitLength() != 160) { throw new InvalidKeyException(Messages.getString("security.16A")); //$NON-NLS-1$ } if (x.signum() != 1 || x.compareTo(q) != -1) { throw new InvalidKeyException(Messages.getString("security.16B")); //$NON-NLS-1$ } dsaKey = (DSAKey) privateKey; msgDigest.reset(); }
/** * Initializes this signature object with PublicKey object * passed as argument to the method. * * @param * publicKey DSAPublicKey object * @throws * InvalidKeyException if publicKey is not DSAPublicKey object */ protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException { // parameters and public key BigInteger p, q, y; int n1; if (publicKey == null || !(publicKey instanceof DSAPublicKey)) { throw new InvalidKeyException( Messages.getString("security.16C")); //$NON-NLS-1$ } DSAParams params = ((DSAPublicKey) publicKey).getParams(); p = params.getP(); q = params.getQ(); y = ((DSAPublicKey) publicKey).getY(); // checks described in DSA standard n1 = p.bitLength(); if (p.compareTo(BigInteger.valueOf(1)) != 1 || n1 < 512 || n1 > 1024 || (n1 & 077) != 0) { throw new InvalidKeyException(Messages.getString("security.169")); //$NON-NLS-1$ } if (q.signum() != 1 || q.bitLength() != 160) { throw new InvalidKeyException(Messages.getString("security.16A")); //$NON-NLS-1$ } if (y.signum() != 1) { throw new InvalidKeyException(Messages.getString("security.16D")); //$NON-NLS-1$ } dsaKey = (DSAKey) publicKey; msgDigest.reset(); }
/** @since 0.9.9 */ private static String getRawAlgo(Key key) { if (key instanceof DSAKey) return "NONEwithDSA"; if (key instanceof ECKey) return "NONEwithECDSA"; if (key instanceof RSAKey) return "NONEwithRSA"; throw new IllegalArgumentException(); }
/** @since 0.9.9 */ private static String getRawAlgo(Key key) { if (key instanceof DSAKey) return "NONEwithDSA"; if (key instanceof ECKey) return "NONEwithECDSA"; if (key instanceof EdDSAKey) return "NONEwithEdDSA"; if (key instanceof RSAKey) return "NONEwithRSA"; throw new UnsupportedOperationException("Raw signatures unsupported for " + key.getClass().getName()); }
private String getKeyType() { Object key = keyPair.getPrivate() != null ? keyPair.getPrivate() : keyPair.getPublic(); if (key instanceof DSAKey) { return SSH_DSS; } else if (key instanceof RSAKey) { return SSH_RSA; } return null; }
