/**
* The method generates a DSAPublicKey object from the provided key.
*
* @param key - a DSAPublicKey object or DSAPrivateKey object.
* @return object of the same type as the "key" argument
* @throws InvalidKeyException if "key" is neither DSAPublicKey nor DSAPrivateKey
*/
protected Key engineTranslateKey(Key key) throws InvalidKeyException {
if (key != null) {
if (key instanceof DSAPrivateKey) {
DSAPrivateKey privateKey = (DSAPrivateKey) key;
DSAParams params = privateKey.getParams();
try {
return engineGeneratePrivate(
new DSAPrivateKeySpec(
privateKey.getX(), params.getP(), params.getQ(), params.getG()));
} catch (InvalidKeySpecException e) {
// Actually this exception shouldn't be thrown
throw new InvalidKeyException(Messages.getString("security.1A0", e)); // $NON-NLS-1$
}
}
if (key instanceof DSAPublicKey) {
DSAPublicKey publicKey = (DSAPublicKey) key;
DSAParams params = publicKey.getParams();
try {
return engineGeneratePublic(
new DSAPublicKeySpec(publicKey.getY(), params.getP(), params.getQ(), params.getG()));
} catch (InvalidKeySpecException e) {
// Actually this exception shouldn't be thrown
throw new InvalidKeyException(Messages.getString("security.1A1", e)); // $NON-NLS-1$
}
}
}
throw new InvalidKeyException(Messages.getString("security.19F")); // $NON-NLS-1$
}
/**
* Creates a {@code KeyValueType} that wraps the specified public key. This method supports DSA
* and RSA keys.
*
* @param key the {@code PublicKey} that will be represented as a {@code KeyValueType}.
* @return the constructed {@code KeyValueType} or {@code null} if the specified key is neither a
* DSA nor a RSA key.
*/
public static KeyValueType createKeyValue(PublicKey key) {
if (key instanceof RSAPublicKey) {
RSAPublicKey pubKey = (RSAPublicKey) key;
byte[] modulus = pubKey.getModulus().toByteArray();
byte[] exponent = pubKey.getPublicExponent().toByteArray();
RSAKeyValueType rsaKeyValue = new RSAKeyValueType();
rsaKeyValue.setModulus(Base64.encodeBytes(modulus).getBytes());
rsaKeyValue.setExponent(Base64.encodeBytes(exponent).getBytes());
return rsaKeyValue;
} else if (key instanceof DSAPublicKey) {
DSAPublicKey pubKey = (DSAPublicKey) key;
byte[] P = pubKey.getParams().getP().toByteArray();
byte[] Q = pubKey.getParams().getQ().toByteArray();
byte[] G = pubKey.getParams().getG().toByteArray();
byte[] Y = pubKey.getY().toByteArray();
DSAKeyValueType dsaKeyValue = new DSAKeyValueType();
dsaKeyValue.setP(Base64.encodeBytes(P).getBytes());
dsaKeyValue.setQ(Base64.encodeBytes(Q).getBytes());
dsaKeyValue.setG(Base64.encodeBytes(G).getBytes());
dsaKeyValue.setY(Base64.encodeBytes(Y).getBytes());
return dsaKeyValue;
}
throw logger.unsupportedType(key.toString());
}
protected void assertsDsaKey(DSAPublicKey pubKey) {
final String y =
"4075820517720311789755060432555041302495713535036194101055101600952719"
+ "8027506134078097330328538489864134942817893994891118803853518548361792777130885"
+ "0845452847199857520010376744070518762657897263318144714919719488458432611731877"
+ "3733795914935443964469170020723158291398484608457816805394280489144894060446820"
+ "2";
final String p =
"1562763388678684549676999956870179987376000994454452811488079320239653"
+ "8931971498715717466033996067243932790630000740882000826960832106054102246126902"
+ "3050793071435716238554837246001821695252267029019836147068133782812531548770882"
+ "6153064920839234179080884223223263305562612862165508525479239452754625899807548"
+ "07";
final String q = "1325486242274701569333126235614816814166592776627";
final String g =
"1053939190524437845710740492266780383434946918308472822218659846206636"
+ "3468617688992758226678340652253001602083786669177050081112107298337364078312067"
+ "8593218571928390833559198136388601343715984061418418925932387956796945760464070"
+ "8605211665506462942166129968135830426818793738520715937903855564717876010412364"
+ "82";
Assert.assertEquals(new BigInteger(y), pubKey.getY());
Assert.assertEquals(new BigInteger(p), pubKey.getParams().getP());
Assert.assertEquals(new BigInteger(q), pubKey.getParams().getQ());
Assert.assertEquals(new BigInteger(g), pubKey.getParams().getG());
}
/**
* The method generates a DSAPublicKey object from the provided key.
*
* @param key - a DSAPublicKey object or DSAPrivateKey object.
* @return object of the same type as the "key" argument
* @throws InvalidKeyException if "key" is neither DSAPublicKey nor DSAPrivateKey
*/
protected Key engineTranslateKey(Key key) throws InvalidKeyException {
if (key != null) {
if (key instanceof DSAPrivateKey) {
DSAPrivateKey privateKey = (DSAPrivateKey) key;
DSAParams params = privateKey.getParams();
try {
return engineGeneratePrivate(
new DSAPrivateKeySpec(
privateKey.getX(), params.getP(), params.getQ(), params.getG()));
} catch (InvalidKeySpecException e) {
// Actually this exception shouldn't be thrown
throw new InvalidKeyException("ATTENTION: InvalidKeySpecException: " + e);
}
}
if (key instanceof DSAPublicKey) {
DSAPublicKey publicKey = (DSAPublicKey) key;
DSAParams params = publicKey.getParams();
try {
return engineGeneratePublic(
new DSAPublicKeySpec(publicKey.getY(), params.getP(), params.getQ(), params.getG()));
} catch (InvalidKeySpecException e) {
// Actually this exception shouldn't be thrown
throw new InvalidKeyException("ATTENTION: InvalidKeySpecException: " + e);
}
}
}
throw new InvalidKeyException("'key' is neither DSAPublicKey nor DSAPrivateKey");
}
private String getString(PublicKey key) throws FailedLoginException {
try {
if (key instanceof DSAPublicKey) {
DSAPublicKey dsa = (DSAPublicKey) key;
ByteArrayOutputStream baos = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(baos);
write(dos, "ssh-dss");
write(dos, dsa.getParams().getP());
write(dos, dsa.getParams().getQ());
write(dos, dsa.getParams().getG());
write(dos, dsa.getY());
dos.close();
return base64Encode(baos.toByteArray());
} else if (key instanceof RSAKey) {
RSAPublicKey rsa = (RSAPublicKey) key;
ByteArrayOutputStream baos = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(baos);
write(dos, "ssh-rsa");
write(dos, rsa.getPublicExponent());
write(dos, rsa.getModulus());
dos.close();
return base64Encode(baos.toByteArray());
} else {
throw new FailedLoginException("Unsupported key type " + key.getClass().toString());
}
} catch (IOException e) {
throw new FailedLoginException("Unable to check public key");
}
}
/**
* This method returns a specification for the supplied key.
*
* <p>The specification will be returned in the form of an object of the type specified by
* keySpec.
*
* @param key - either DSAPrivateKey or DSAPublicKey
* @param keySpec - either DSAPrivateKeySpec.class or DSAPublicKeySpec.class
* @return either a DSAPrivateKeySpec or a DSAPublicKeySpec
* @throws InvalidKeySpecException if "keySpec" is not a specification for DSAPublicKey or
* DSAPrivateKey
*/
protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec)
throws InvalidKeySpecException {
BigInteger p, q, g, x, y;
if (key != null) {
if (keySpec == null) {
throw new NullPointerException("keySpec == null");
}
if (key instanceof DSAPrivateKey) {
DSAPrivateKey privateKey = (DSAPrivateKey) key;
if (keySpec.equals(DSAPrivateKeySpec.class)) {
x = privateKey.getX();
DSAParams params = privateKey.getParams();
p = params.getP();
q = params.getQ();
g = params.getG();
return (T) (new DSAPrivateKeySpec(x, p, q, g));
}
if (keySpec.equals(PKCS8EncodedKeySpec.class)) {
return (T) (new PKCS8EncodedKeySpec(key.getEncoded()));
}
throw new InvalidKeySpecException(
"'keySpec' is neither DSAPrivateKeySpec nor PKCS8EncodedKeySpec");
}
if (key instanceof DSAPublicKey) {
DSAPublicKey publicKey = (DSAPublicKey) key;
if (keySpec.equals(DSAPublicKeySpec.class)) {
y = publicKey.getY();
DSAParams params = publicKey.getParams();
p = params.getP();
q = params.getQ();
g = params.getG();
return (T) (new DSAPublicKeySpec(y, p, q, g));
}
if (keySpec.equals(X509EncodedKeySpec.class)) {
return (T) (new X509EncodedKeySpec(key.getEncoded()));
}
throw new InvalidKeySpecException(
"'keySpec' is neither DSAPublicKeySpec nor X509EncodedKeySpec");
}
}
throw new InvalidKeySpecException("'key' is neither DSAPublicKey nor DSAPrivateKey");
}
/**
* This method returns a specification for the supplied key.
*
* <p>The specification will be returned in the form of an object of the type specified by
* keySpec.
*
* @param key - either DSAPrivateKey or DSAPublicKey
* @param keySpec - either DSAPrivateKeySpec.class or DSAPublicKeySpec.class
* @return either a DSAPrivateKeySpec or a DSAPublicKeySpec
* @throws InvalidKeySpecException if "keySpec" is not a specification for DSAPublicKey or
* DSAPrivateKey
*/
protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec)
throws InvalidKeySpecException {
BigInteger p, q, g, x, y;
if (key != null) {
if (keySpec == null) {
throw new NullPointerException(Messages.getString("security.19E")); // $NON-NLS-1$
}
if (key instanceof DSAPrivateKey) {
DSAPrivateKey privateKey = (DSAPrivateKey) key;
if (keySpec.equals(DSAPrivateKeySpec.class)) {
x = privateKey.getX();
DSAParams params = privateKey.getParams();
p = params.getP();
q = params.getQ();
g = params.getG();
return (T) (new DSAPrivateKeySpec(x, p, q, g));
}
if (keySpec.equals(PKCS8EncodedKeySpec.class)) {
return (T) (new PKCS8EncodedKeySpec(key.getEncoded()));
}
throw new InvalidKeySpecException(Messages.getString("security.19C")); // $NON-NLS-1$
}
if (key instanceof DSAPublicKey) {
DSAPublicKey publicKey = (DSAPublicKey) key;
if (keySpec.equals(DSAPublicKeySpec.class)) {
y = publicKey.getY();
DSAParams params = publicKey.getParams();
p = params.getP();
q = params.getQ();
g = params.getG();
return (T) (new DSAPublicKeySpec(y, p, q, g));
}
if (keySpec.equals(X509EncodedKeySpec.class)) {
return (T) (new X509EncodedKeySpec(key.getEncoded()));
}
throw new InvalidKeySpecException(Messages.getString("security.19D")); // $NON-NLS-1$
}
}
throw new InvalidKeySpecException(Messages.getString("security.19F")); // $NON-NLS-1$
}
/** 根据公钥获取key */
private static byte[] getPKBytes(PublicKey pk) {
if (pk instanceof RSAPublicKey) {
RSAPublicKey k = (RSAPublicKey) pk;
return k.getModulus().toByteArray();
} else if (pk instanceof DSAPublicKey) {
DSAPublicKey k = (DSAPublicKey) pk;
return k.getY().toByteArray();
}
return null;
}
/**
* Returns <code>true</code> if the designated object is an instance of {@link DSAPublicKey} and
* has the same DSS (Digital Signature Standard) parameter values as this one.
*
* @param obj the other non-null DSS key to compare to.
* @return <code>true</code> if the designated object is of the same type and value as this one.
*/
public boolean equals(Object obj) {
if (obj == null) {
return false;
}
if (!(obj instanceof DSAPublicKey)) {
return false;
}
DSAPublicKey that = (DSAPublicKey) obj;
return super.equals(that) && y.equals(that.getY());
}
private static DsaPublicKey readDsaX509Certificate(PublicKey publicKey) throws KeyczarException {
DSAPublicKey jcePublicKey = (DSAPublicKey) publicKey;
DsaPublicKey key = new DsaPublicKey();
key.set(
jcePublicKey.getY(),
jcePublicKey.getParams().getP(),
jcePublicKey.getParams().getQ(),
jcePublicKey.getParams().getG());
return key;
}
/** {@inheritDoc} */
public void initVerify() {
if (verifyKey == null) {
throw new IllegalStateException("Verify key must be set prior to initialization.");
}
final DSAPublicKey pubKey = (DSAPublicKey) verifyKey;
final DSAParams params = pubKey.getParams();
final DSAPublicKeyParameters bcParams =
new DSAPublicKeyParameters(
pubKey.getY(), new DSAParameters(params.getP(), params.getQ(), params.getG()));
init(false, bcParams);
}
@JRubyMethod(name = "pub_key")
public synchronized IRubyObject get_pub_key() {
DSAPublicKey key;
BigInteger param;
if ((key = this.pubKey) != null) {
return BN.newBN(getRuntime(), key.getY());
} else if (specValues != null) {
if ((param = specValues[SPEC_Y]) != null) {
return BN.newBN(getRuntime(), param);
}
}
return getRuntime().getNil();
}
static byte[] buildDSA(DSAPublicKey key) {
DataByteOutputStream out = new DataByteOutputStream();
BigInteger q = key.getParams().getQ();
BigInteger p = key.getParams().getP();
BigInteger g = key.getParams().getG();
BigInteger y = key.getY();
int t = (p.toByteArray().length - 64) / 8;
out.writeByte(t);
out.writeBigInteger(q);
out.writeBigInteger(p);
out.writeBigInteger(g);
out.writeBigInteger(y);
return out.toByteArray();
}
private void checkPublic(DSAPublicKey k1, PublicKey vKey) {
if (!k1.getY().equals(((DSAPublicKey) vKey).getY())) {
fail("public number not decoded properly");
}
if (!k1.getParams().getG().equals(((DSAPublicKey) vKey).getParams().getG())) {
fail("public generator not decoded properly");
}
if (!k1.getParams().getP().equals(((DSAPublicKey) vKey).getParams().getP())) {
fail("public p value not decoded properly");
}
if (!k1.getParams().getQ().equals(((DSAPublicKey) vKey).getParams().getQ())) {
fail("public q value not decoded properly");
}
}
@JRubyMethod
public IRubyObject to_text() {
StringBuilder result = new StringBuilder();
if (privKey != null) {
int len = privKey.getParams().getP().bitLength();
result.append("Private-Key: (").append(len).append(" bit)").append("\n");
result.append("priv:");
addSplittedAndFormatted(result, privKey.getX());
}
result.append("pub:");
addSplittedAndFormatted(result, pubKey.getY());
result.append("P:");
addSplittedAndFormatted(result, pubKey.getParams().getP());
result.append("Q:");
addSplittedAndFormatted(result, pubKey.getParams().getQ());
result.append("G:");
addSplittedAndFormatted(result, pubKey.getParams().getG());
return getRuntime().newString(result.toString());
}
/**
* Create a PGPPublicKey from the passed in JCA one.
*
* <p>Note: the time passed in affects the value of the key's keyID, so you probably only want to
* do this once for a JCA key, or make sure you keep track of the time you used.
*
* @param algorithm asymmetric algorithm type representing the public key.
* @param pubKey actual public key to associate.
* @param time date of creation.
* @throws PGPException on key creation problem.
*/
public PGPPublicKey getPGPPublicKey(int algorithm, PublicKey pubKey, Date time)
throws PGPException {
BCPGKey bcpgKey;
if (pubKey instanceof RSAPublicKey) {
RSAPublicKey rK = (RSAPublicKey) pubKey;
bcpgKey = new RSAPublicBCPGKey(rK.getModulus(), rK.getPublicExponent());
} else if (pubKey instanceof DSAPublicKey) {
DSAPublicKey dK = (DSAPublicKey) pubKey;
DSAParams dP = dK.getParams();
bcpgKey = new DSAPublicBCPGKey(dP.getP(), dP.getQ(), dP.getG(), dK.getY());
} else if (pubKey instanceof ElGamalPublicKey) {
ElGamalPublicKey eK = (ElGamalPublicKey) pubKey;
ElGamalParameterSpec eS = eK.getParameters();
bcpgKey = new ElGamalPublicBCPGKey(eS.getP(), eS.getG(), eK.getY());
} else {
throw new PGPException("unknown key class");
}
return new PGPPublicKey(new PublicKeyPacket(algorithm, time, bcpgKey), fingerPrintCalculator);
}
/** Given a DSA key pair, return the BIND9-style text encoding */
private String generatePrivateDSA(DSAPrivateKey key, DSAPublicKey pub, int algorithm) {
StringWriter sw = new StringWriter();
PrintWriter out = new PrintWriter(sw);
DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance();
DSAParams p = key.getParams();
out.println("Private-key-format: v1.2");
out.println("Algorithm: " + algorithm + " (" + algs.algToString(algorithm) + ")");
out.print("Prime(p): ");
out.println(b64BigInt(p.getP()));
out.print("Subprime(q): ");
out.println(b64BigInt(p.getQ()));
out.print("Base(g): ");
out.println(b64BigInt(p.getG()));
out.print("Private_value(x): ");
out.println(b64BigInt(key.getX()));
out.print("Public_value(y): ");
out.println(b64BigInt(pub.getY()));
return sw.toString();
}
/**
* Return the next working key inheriting DSA parameters if necessary.
*
* <p>This methods inherits DSA parameters from the indexed certificate or previous certificates
* in the certificate chain to the returned <code>PublicKey</code>. The list is searched upwards,
* meaning the end certificate is at position 0 and previous certificates are following.
*
* <p>If the indexed certificate does not contain a DSA key this method simply returns the public
* key. If the DSA key already contains DSA parameters the key is also only returned.
*
* @param certs The certification path.
* @param index The index of the certificate which contains the public key which should be
* extended with DSA parameters.
* @return The public key of the certificate in list position <code>index</code> extended with DSA
* parameters if applicable.
* @throws AnnotatedException if DSA parameters cannot be inherited.
*/
protected static PublicKey getNextWorkingKey(List certs, int index)
throws CertPathValidatorException {
Certificate cert = (Certificate) certs.get(index);
PublicKey pubKey = cert.getPublicKey();
if (!(pubKey instanceof DSAPublicKey)) {
return pubKey;
}
DSAPublicKey dsaPubKey = (DSAPublicKey) pubKey;
if (dsaPubKey.getParams() != null) {
return dsaPubKey;
}
for (int i = index + 1; i < certs.size(); i++) {
X509Certificate parentCert = (X509Certificate) certs.get(i);
pubKey = parentCert.getPublicKey();
if (!(pubKey instanceof DSAPublicKey)) {
throw new CertPathValidatorException(
"DSA parameters cannot be inherited from previous certificate.");
}
DSAPublicKey prevDSAPubKey = (DSAPublicKey) pubKey;
if (prevDSAPubKey.getParams() == null) {
continue;
}
DSAParams dsaParams = prevDSAPubKey.getParams();
DSAPublicKeySpec dsaPubKeySpec =
new DSAPublicKeySpec(
dsaPubKey.getY(), dsaParams.getP(), dsaParams.getQ(), dsaParams.getG());
try {
KeyFactory keyFactory = KeyFactory.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME);
return keyFactory.generatePublic(dsaPubKeySpec);
} catch (Exception exception) {
throw new RuntimeException(exception.getMessage());
}
}
throw new CertPathValidatorException(
"DSA parameters cannot be inherited from previous certificate.");
}
/**
* Appends an HTML representation of the given X509Certificate.
*
* @param sb StringBuilder to append to
* @param certificate to print
*/
private void renderX509(StringBuilder sb, X509Certificate certificate) {
X500Principal issuer = certificate.getIssuerX500Principal();
X500Principal subject = certificate.getSubjectX500Principal();
sb.append("<table cellspacing='1' cellpadding='1'>\n");
// subject
addTitle(sb, R.getI18NString("service.gui.CERT_INFO_ISSUED_TO"));
try {
for (Rdn name : new LdapName(subject.getName()).getRdns()) {
String nameType = name.getType();
String lblKey = "service.gui.CERT_INFO_" + nameType;
String lbl = R.getI18NString(lblKey);
if ((lbl == null) || ("!" + lblKey + "!").equals(lbl)) lbl = nameType;
final String value;
Object nameValue = name.getValue();
if (nameValue instanceof byte[]) {
byte[] nameValueAsByteArray = (byte[]) nameValue;
value = getHex(nameValueAsByteArray) + " (" + new String(nameValueAsByteArray) + ")";
} else value = nameValue.toString();
addField(sb, lbl, value);
}
} catch (InvalidNameException ine) {
addField(sb, R.getI18NString("service.gui.CERT_INFO_CN"), subject.getName());
}
// issuer
addTitle(sb, R.getI18NString("service.gui.CERT_INFO_ISSUED_BY"));
try {
for (Rdn name : new LdapName(issuer.getName()).getRdns()) {
String nameType = name.getType();
String lblKey = "service.gui.CERT_INFO_" + nameType;
String lbl = R.getI18NString(lblKey);
if ((lbl == null) || ("!" + lblKey + "!").equals(lbl)) lbl = nameType;
final String value;
Object nameValue = name.getValue();
if (nameValue instanceof byte[]) {
byte[] nameValueAsByteArray = (byte[]) nameValue;
value = getHex(nameValueAsByteArray) + " (" + new String(nameValueAsByteArray) + ")";
} else value = nameValue.toString();
addField(sb, lbl, value);
}
} catch (InvalidNameException ine) {
addField(sb, R.getI18NString("service.gui.CERT_INFO_CN"), issuer.getName());
}
// validity
addTitle(sb, R.getI18NString("service.gui.CERT_INFO_VALIDITY"));
addField(
sb,
R.getI18NString("service.gui.CERT_INFO_ISSUED_ON"),
certificate.getNotBefore().toString());
addField(
sb,
R.getI18NString("service.gui.CERT_INFO_EXPIRES_ON"),
certificate.getNotAfter().toString());
addTitle(sb, R.getI18NString("service.gui.CERT_INFO_FINGERPRINTS"));
try {
String sha1String = getThumbprint(certificate, "SHA1");
String md5String = getThumbprint(certificate, "MD5");
addField(sb, "SHA1:", sha1String);
addField(sb, "MD5:", md5String);
} catch (CertificateException e) {
// do nothing as we cannot show this value
}
addTitle(sb, R.getI18NString("service.gui.CERT_INFO_CERT_DETAILS"));
addField(
sb,
R.getI18NString("service.gui.CERT_INFO_SER_NUM"),
certificate.getSerialNumber().toString());
addField(
sb, R.getI18NString("service.gui.CERT_INFO_VER"), String.valueOf(certificate.getVersion()));
addField(
sb,
R.getI18NString("service.gui.CERT_INFO_SIGN_ALG"),
String.valueOf(certificate.getSigAlgName()));
addTitle(sb, R.getI18NString("service.gui.CERT_INFO_PUB_KEY_INFO"));
addField(
sb,
R.getI18NString("service.gui.CERT_INFO_ALG"),
certificate.getPublicKey().getAlgorithm());
if (certificate.getPublicKey().getAlgorithm().equals("RSA")) {
RSAPublicKey key = (RSAPublicKey) certificate.getPublicKey();
addField(
sb,
R.getI18NString("service.gui.CERT_INFO_PUB_KEY"),
R.getI18NString(
"service.gui.CERT_INFO_KEY_BYTES_PRINT",
new String[] {
String.valueOf(key.getModulus().toByteArray().length - 1),
key.getModulus().toString(16)
}));
addField(
sb, R.getI18NString("service.gui.CERT_INFO_EXP"), key.getPublicExponent().toString());
addField(
sb,
R.getI18NString("service.gui.CERT_INFO_KEY_SIZE"),
R.getI18NString(
"service.gui.CERT_INFO_KEY_BITS_PRINT",
new String[] {String.valueOf(key.getModulus().bitLength())}));
} else if (certificate.getPublicKey().getAlgorithm().equals("DSA")) {
DSAPublicKey key = (DSAPublicKey) certificate.getPublicKey();
addField(sb, "Y:", key.getY().toString(16));
}
addField(
sb,
R.getI18NString("service.gui.CERT_INFO_SIGN"),
R.getI18NString(
"service.gui.CERT_INFO_KEY_BYTES_PRINT",
new String[] {
String.valueOf(certificate.getSignature().length), getHex(certificate.getSignature())
}));
sb.append("</table>\n");
}
public void testCompat() throws Exception {
if (Security.getProvider("SUN") == null) {
return;
}
Signature s = Signature.getInstance("DSA", "SUN");
KeyPairGenerator g = KeyPairGenerator.getInstance("DSA", "SUN");
byte[] data = {1, 2, 3, 4, 5, 6, 7, 8, 9, 0};
g.initialize(512, new SecureRandom());
KeyPair p = g.generateKeyPair();
PrivateKey sKey = p.getPrivate();
PublicKey vKey = p.getPublic();
//
// sign SUN - verify with BC
//
s.initSign(sKey);
s.update(data);
byte[] sigBytes = s.sign();
s = Signature.getInstance("DSA", "BC");
s.initVerify(vKey);
s.update(data);
if (!s.verify(sigBytes)) {
fail("SUN -> BC verification failed");
}
//
// sign BC - verify with SUN
//
s.initSign(sKey);
s.update(data);
sigBytes = s.sign();
s = Signature.getInstance("DSA", "SUN");
s.initVerify(vKey);
s.update(data);
if (!s.verify(sigBytes)) {
fail("BC -> SUN verification failed");
}
//
// key encoding test - BC decoding Sun keys
//
KeyFactory f = KeyFactory.getInstance("DSA", "BC");
X509EncodedKeySpec x509s = new X509EncodedKeySpec(vKey.getEncoded());
DSAPublicKey k1 = (DSAPublicKey) f.generatePublic(x509s);
checkPublic(k1, vKey);
PKCS8EncodedKeySpec pkcs8 = new PKCS8EncodedKeySpec(sKey.getEncoded());
DSAPrivateKey k2 = (DSAPrivateKey) f.generatePrivate(pkcs8);
checkPrivateKey(k2, sKey);
//
// key decoding test - SUN decoding BC keys
//
f = KeyFactory.getInstance("DSA", "SUN");
x509s = new X509EncodedKeySpec(k1.getEncoded());
vKey = (DSAPublicKey) f.generatePublic(x509s);
checkPublic(k1, vKey);
pkcs8 = new PKCS8EncodedKeySpec(k2.getEncoded());
sKey = f.generatePrivate(pkcs8);
checkPrivateKey(k2, sKey);
}
