protected void assertsDsaKey(DSAPublicKey pubKey) {
final String y =
"4075820517720311789755060432555041302495713535036194101055101600952719"
+ "8027506134078097330328538489864134942817893994891118803853518548361792777130885"
+ "0845452847199857520010376744070518762657897263318144714919719488458432611731877"
+ "3733795914935443964469170020723158291398484608457816805394280489144894060446820"
+ "2";
final String p =
"1562763388678684549676999956870179987376000994454452811488079320239653"
+ "8931971498715717466033996067243932790630000740882000826960832106054102246126902"
+ "3050793071435716238554837246001821695252267029019836147068133782812531548770882"
+ "6153064920839234179080884223223263305562612862165508525479239452754625899807548"
+ "07";
final String q = "1325486242274701569333126235614816814166592776627";
final String g =
"1053939190524437845710740492266780383434946918308472822218659846206636"
+ "3468617688992758226678340652253001602083786669177050081112107298337364078312067"
+ "8593218571928390833559198136388601343715984061418418925932387956796945760464070"
+ "8605211665506462942166129968135830426818793738520715937903855564717876010412364"
+ "82";
Assert.assertEquals(new BigInteger(y), pubKey.getY());
Assert.assertEquals(new BigInteger(p), pubKey.getParams().getP());
Assert.assertEquals(new BigInteger(q), pubKey.getParams().getQ());
Assert.assertEquals(new BigInteger(g), pubKey.getParams().getG());
}
private String getString(PublicKey key) throws FailedLoginException {
try {
if (key instanceof DSAPublicKey) {
DSAPublicKey dsa = (DSAPublicKey) key;
ByteArrayOutputStream baos = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(baos);
write(dos, "ssh-dss");
write(dos, dsa.getParams().getP());
write(dos, dsa.getParams().getQ());
write(dos, dsa.getParams().getG());
write(dos, dsa.getY());
dos.close();
return base64Encode(baos.toByteArray());
} else if (key instanceof RSAKey) {
RSAPublicKey rsa = (RSAPublicKey) key;
ByteArrayOutputStream baos = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(baos);
write(dos, "ssh-rsa");
write(dos, rsa.getPublicExponent());
write(dos, rsa.getModulus());
dos.close();
return base64Encode(baos.toByteArray());
} else {
throw new FailedLoginException("Unsupported key type " + key.getClass().toString());
}
} catch (IOException e) {
throw new FailedLoginException("Unable to check public key");
}
}
/**
* Creates a {@code KeyValueType} that wraps the specified public key. This method supports DSA
* and RSA keys.
*
* @param key the {@code PublicKey} that will be represented as a {@code KeyValueType}.
* @return the constructed {@code KeyValueType} or {@code null} if the specified key is neither a
* DSA nor a RSA key.
*/
public static KeyValueType createKeyValue(PublicKey key) {
if (key instanceof RSAPublicKey) {
RSAPublicKey pubKey = (RSAPublicKey) key;
byte[] modulus = pubKey.getModulus().toByteArray();
byte[] exponent = pubKey.getPublicExponent().toByteArray();
RSAKeyValueType rsaKeyValue = new RSAKeyValueType();
rsaKeyValue.setModulus(Base64.encodeBytes(modulus).getBytes());
rsaKeyValue.setExponent(Base64.encodeBytes(exponent).getBytes());
return rsaKeyValue;
} else if (key instanceof DSAPublicKey) {
DSAPublicKey pubKey = (DSAPublicKey) key;
byte[] P = pubKey.getParams().getP().toByteArray();
byte[] Q = pubKey.getParams().getQ().toByteArray();
byte[] G = pubKey.getParams().getG().toByteArray();
byte[] Y = pubKey.getY().toByteArray();
DSAKeyValueType dsaKeyValue = new DSAKeyValueType();
dsaKeyValue.setP(Base64.encodeBytes(P).getBytes());
dsaKeyValue.setQ(Base64.encodeBytes(Q).getBytes());
dsaKeyValue.setG(Base64.encodeBytes(G).getBytes());
dsaKeyValue.setY(Base64.encodeBytes(Y).getBytes());
return dsaKeyValue;
}
throw logger.unsupportedType(key.toString());
}
private static DsaPublicKey readDsaX509Certificate(PublicKey publicKey) throws KeyczarException {
DSAPublicKey jcePublicKey = (DSAPublicKey) publicKey;
DsaPublicKey key = new DsaPublicKey();
key.set(
jcePublicKey.getY(),
jcePublicKey.getParams().getP(),
jcePublicKey.getParams().getQ(),
jcePublicKey.getParams().getG());
return key;
}
static byte[] buildDSA(DSAPublicKey key) {
DataByteOutputStream out = new DataByteOutputStream();
BigInteger q = key.getParams().getQ();
BigInteger p = key.getParams().getP();
BigInteger g = key.getParams().getG();
BigInteger y = key.getY();
int t = (p.toByteArray().length - 64) / 8;
out.writeByte(t);
out.writeBigInteger(q);
out.writeBigInteger(p);
out.writeBigInteger(g);
out.writeBigInteger(y);
return out.toByteArray();
}
/**
* The method generates a DSAPublicKey object from the provided key.
*
* @param key - a DSAPublicKey object or DSAPrivateKey object.
* @return object of the same type as the "key" argument
* @throws InvalidKeyException if "key" is neither DSAPublicKey nor DSAPrivateKey
*/
protected Key engineTranslateKey(Key key) throws InvalidKeyException {
if (key != null) {
if (key instanceof DSAPrivateKey) {
DSAPrivateKey privateKey = (DSAPrivateKey) key;
DSAParams params = privateKey.getParams();
try {
return engineGeneratePrivate(
new DSAPrivateKeySpec(
privateKey.getX(), params.getP(), params.getQ(), params.getG()));
} catch (InvalidKeySpecException e) {
// Actually this exception shouldn't be thrown
throw new InvalidKeyException(Messages.getString("security.1A0", e)); // $NON-NLS-1$
}
}
if (key instanceof DSAPublicKey) {
DSAPublicKey publicKey = (DSAPublicKey) key;
DSAParams params = publicKey.getParams();
try {
return engineGeneratePublic(
new DSAPublicKeySpec(publicKey.getY(), params.getP(), params.getQ(), params.getG()));
} catch (InvalidKeySpecException e) {
// Actually this exception shouldn't be thrown
throw new InvalidKeyException(Messages.getString("security.1A1", e)); // $NON-NLS-1$
}
}
}
throw new InvalidKeyException(Messages.getString("security.19F")); // $NON-NLS-1$
}
/**
* The method generates a DSAPublicKey object from the provided key.
*
* @param key - a DSAPublicKey object or DSAPrivateKey object.
* @return object of the same type as the "key" argument
* @throws InvalidKeyException if "key" is neither DSAPublicKey nor DSAPrivateKey
*/
protected Key engineTranslateKey(Key key) throws InvalidKeyException {
if (key != null) {
if (key instanceof DSAPrivateKey) {
DSAPrivateKey privateKey = (DSAPrivateKey) key;
DSAParams params = privateKey.getParams();
try {
return engineGeneratePrivate(
new DSAPrivateKeySpec(
privateKey.getX(), params.getP(), params.getQ(), params.getG()));
} catch (InvalidKeySpecException e) {
// Actually this exception shouldn't be thrown
throw new InvalidKeyException("ATTENTION: InvalidKeySpecException: " + e);
}
}
if (key instanceof DSAPublicKey) {
DSAPublicKey publicKey = (DSAPublicKey) key;
DSAParams params = publicKey.getParams();
try {
return engineGeneratePublic(
new DSAPublicKeySpec(publicKey.getY(), params.getP(), params.getQ(), params.getG()));
} catch (InvalidKeySpecException e) {
// Actually this exception shouldn't be thrown
throw new InvalidKeyException("ATTENTION: InvalidKeySpecException: " + e);
}
}
}
throw new InvalidKeyException("'key' is neither DSAPublicKey nor DSAPrivateKey");
}
/**
* This method returns a specification for the supplied key.
*
* <p>The specification will be returned in the form of an object of the type specified by
* keySpec.
*
* @param key - either DSAPrivateKey or DSAPublicKey
* @param keySpec - either DSAPrivateKeySpec.class or DSAPublicKeySpec.class
* @return either a DSAPrivateKeySpec or a DSAPublicKeySpec
* @throws InvalidKeySpecException if "keySpec" is not a specification for DSAPublicKey or
* DSAPrivateKey
*/
protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec)
throws InvalidKeySpecException {
BigInteger p, q, g, x, y;
if (key != null) {
if (keySpec == null) {
throw new NullPointerException("keySpec == null");
}
if (key instanceof DSAPrivateKey) {
DSAPrivateKey privateKey = (DSAPrivateKey) key;
if (keySpec.equals(DSAPrivateKeySpec.class)) {
x = privateKey.getX();
DSAParams params = privateKey.getParams();
p = params.getP();
q = params.getQ();
g = params.getG();
return (T) (new DSAPrivateKeySpec(x, p, q, g));
}
if (keySpec.equals(PKCS8EncodedKeySpec.class)) {
return (T) (new PKCS8EncodedKeySpec(key.getEncoded()));
}
throw new InvalidKeySpecException(
"'keySpec' is neither DSAPrivateKeySpec nor PKCS8EncodedKeySpec");
}
if (key instanceof DSAPublicKey) {
DSAPublicKey publicKey = (DSAPublicKey) key;
if (keySpec.equals(DSAPublicKeySpec.class)) {
y = publicKey.getY();
DSAParams params = publicKey.getParams();
p = params.getP();
q = params.getQ();
g = params.getG();
return (T) (new DSAPublicKeySpec(y, p, q, g));
}
if (keySpec.equals(X509EncodedKeySpec.class)) {
return (T) (new X509EncodedKeySpec(key.getEncoded()));
}
throw new InvalidKeySpecException(
"'keySpec' is neither DSAPublicKeySpec nor X509EncodedKeySpec");
}
}
throw new InvalidKeySpecException("'key' is neither DSAPublicKey nor DSAPrivateKey");
}
private void checkPublic(DSAPublicKey k1, PublicKey vKey) {
if (!k1.getY().equals(((DSAPublicKey) vKey).getY())) {
fail("public number not decoded properly");
}
if (!k1.getParams().getG().equals(((DSAPublicKey) vKey).getParams().getG())) {
fail("public generator not decoded properly");
}
if (!k1.getParams().getP().equals(((DSAPublicKey) vKey).getParams().getP())) {
fail("public p value not decoded properly");
}
if (!k1.getParams().getQ().equals(((DSAPublicKey) vKey).getParams().getQ())) {
fail("public q value not decoded properly");
}
}
/**
* This method returns a specification for the supplied key.
*
* <p>The specification will be returned in the form of an object of the type specified by
* keySpec.
*
* @param key - either DSAPrivateKey or DSAPublicKey
* @param keySpec - either DSAPrivateKeySpec.class or DSAPublicKeySpec.class
* @return either a DSAPrivateKeySpec or a DSAPublicKeySpec
* @throws InvalidKeySpecException if "keySpec" is not a specification for DSAPublicKey or
* DSAPrivateKey
*/
protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec)
throws InvalidKeySpecException {
BigInteger p, q, g, x, y;
if (key != null) {
if (keySpec == null) {
throw new NullPointerException(Messages.getString("security.19E")); // $NON-NLS-1$
}
if (key instanceof DSAPrivateKey) {
DSAPrivateKey privateKey = (DSAPrivateKey) key;
if (keySpec.equals(DSAPrivateKeySpec.class)) {
x = privateKey.getX();
DSAParams params = privateKey.getParams();
p = params.getP();
q = params.getQ();
g = params.getG();
return (T) (new DSAPrivateKeySpec(x, p, q, g));
}
if (keySpec.equals(PKCS8EncodedKeySpec.class)) {
return (T) (new PKCS8EncodedKeySpec(key.getEncoded()));
}
throw new InvalidKeySpecException(Messages.getString("security.19C")); // $NON-NLS-1$
}
if (key instanceof DSAPublicKey) {
DSAPublicKey publicKey = (DSAPublicKey) key;
if (keySpec.equals(DSAPublicKeySpec.class)) {
y = publicKey.getY();
DSAParams params = publicKey.getParams();
p = params.getP();
q = params.getQ();
g = params.getG();
return (T) (new DSAPublicKeySpec(y, p, q, g));
}
if (keySpec.equals(X509EncodedKeySpec.class)) {
return (T) (new X509EncodedKeySpec(key.getEncoded()));
}
throw new InvalidKeySpecException(Messages.getString("security.19D")); // $NON-NLS-1$
}
}
throw new InvalidKeySpecException(Messages.getString("security.19F")); // $NON-NLS-1$
}
@JRubyMethod
public IRubyObject to_text() {
StringBuilder result = new StringBuilder();
if (privKey != null) {
int len = privKey.getParams().getP().bitLength();
result.append("Private-Key: (").append(len).append(" bit)").append("\n");
result.append("priv:");
addSplittedAndFormatted(result, privKey.getX());
}
result.append("pub:");
addSplittedAndFormatted(result, pubKey.getY());
result.append("P:");
addSplittedAndFormatted(result, pubKey.getParams().getP());
result.append("Q:");
addSplittedAndFormatted(result, pubKey.getParams().getQ());
result.append("G:");
addSplittedAndFormatted(result, pubKey.getParams().getG());
return getRuntime().newString(result.toString());
}
/** {@inheritDoc} */
public void initVerify() {
if (verifyKey == null) {
throw new IllegalStateException("Verify key must be set prior to initialization.");
}
final DSAPublicKey pubKey = (DSAPublicKey) verifyKey;
final DSAParams params = pubKey.getParams();
final DSAPublicKeyParameters bcParams =
new DSAPublicKeyParameters(
pubKey.getY(), new DSAParameters(params.getP(), params.getQ(), params.getG()));
init(false, bcParams);
}
/**
* Return the next working key inheriting DSA parameters if necessary.
*
* <p>This methods inherits DSA parameters from the indexed certificate or previous certificates
* in the certificate chain to the returned <code>PublicKey</code>. The list is searched upwards,
* meaning the end certificate is at position 0 and previous certificates are following.
*
* <p>If the indexed certificate does not contain a DSA key this method simply returns the public
* key. If the DSA key already contains DSA parameters the key is also only returned.
*
* @param certs The certification path.
* @param index The index of the certificate which contains the public key which should be
* extended with DSA parameters.
* @return The public key of the certificate in list position <code>index</code> extended with DSA
* parameters if applicable.
* @throws AnnotatedException if DSA parameters cannot be inherited.
*/
protected static PublicKey getNextWorkingKey(List certs, int index)
throws CertPathValidatorException {
Certificate cert = (Certificate) certs.get(index);
PublicKey pubKey = cert.getPublicKey();
if (!(pubKey instanceof DSAPublicKey)) {
return pubKey;
}
DSAPublicKey dsaPubKey = (DSAPublicKey) pubKey;
if (dsaPubKey.getParams() != null) {
return dsaPubKey;
}
for (int i = index + 1; i < certs.size(); i++) {
X509Certificate parentCert = (X509Certificate) certs.get(i);
pubKey = parentCert.getPublicKey();
if (!(pubKey instanceof DSAPublicKey)) {
throw new CertPathValidatorException(
"DSA parameters cannot be inherited from previous certificate.");
}
DSAPublicKey prevDSAPubKey = (DSAPublicKey) pubKey;
if (prevDSAPubKey.getParams() == null) {
continue;
}
DSAParams dsaParams = prevDSAPubKey.getParams();
DSAPublicKeySpec dsaPubKeySpec =
new DSAPublicKeySpec(
dsaPubKey.getY(), dsaParams.getP(), dsaParams.getQ(), dsaParams.getG());
try {
KeyFactory keyFactory = KeyFactory.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME);
return keyFactory.generatePublic(dsaPubKeySpec);
} catch (Exception exception) {
throw new RuntimeException(exception.getMessage());
}
}
throw new CertPathValidatorException(
"DSA parameters cannot be inherited from previous certificate.");
}
/**
* Create a PGPPublicKey from the passed in JCA one.
*
* <p>Note: the time passed in affects the value of the key's keyID, so you probably only want to
* do this once for a JCA key, or make sure you keep track of the time you used.
*
* @param algorithm asymmetric algorithm type representing the public key.
* @param pubKey actual public key to associate.
* @param time date of creation.
* @throws PGPException on key creation problem.
*/
public PGPPublicKey getPGPPublicKey(int algorithm, PublicKey pubKey, Date time)
throws PGPException {
BCPGKey bcpgKey;
if (pubKey instanceof RSAPublicKey) {
RSAPublicKey rK = (RSAPublicKey) pubKey;
bcpgKey = new RSAPublicBCPGKey(rK.getModulus(), rK.getPublicExponent());
} else if (pubKey instanceof DSAPublicKey) {
DSAPublicKey dK = (DSAPublicKey) pubKey;
DSAParams dP = dK.getParams();
bcpgKey = new DSAPublicBCPGKey(dP.getP(), dP.getQ(), dP.getG(), dK.getY());
} else if (pubKey instanceof ElGamalPublicKey) {
ElGamalPublicKey eK = (ElGamalPublicKey) pubKey;
ElGamalParameterSpec eS = eK.getParameters();
bcpgKey = new ElGamalPublicBCPGKey(eS.getP(), eS.getG(), eK.getY());
} else {
throw new PGPException("unknown key class");
}
return new PGPPublicKey(new PublicKeyPacket(algorithm, time, bcpgKey), fingerPrintCalculator);
}
