2006-02-19 Raif S. Naffah <raif@swiftdsl.com.au>

	* gnu/javax/crypto/key/OutgoingMessage.java (writePublicKey): Handle new
	internal format.
	(writePrivateKey): Likewise.
	(writeKey): New method.
	(getKeyType): Likewise.
	* gnu/javax/crypto/key/IncomingMessage.java (readPublicKey): Handle new
	internal format.
	(readPrivateKey): Likewise.
	(getKeyPairCodec): New method.
	* gnu/javax/crypto/key/srp6/SRPKey.java (getFormat): Always return Raw.
	* gnu/javax/crypto/key/dh/GnuDHKey.java (getFormat): Use FormatUtil.
	* gnu/java/security/Registry.java (RSA_SIG_PREFIX): New constant.
	(RSA_PSS_ENCODING): Likewise..
	(RSA_PKCS1_V1_5_ENCODING): Likewise.
	(RSA_PSS_SIG): Redefined using other constants.
	(RSA_PKCS1_V1_5_SIG): Likewise.
	(MAGIC_RAW_RSA_PKCS1V1_5_SIGNATURE): New constant.
	* gnu/java/security/util/FormatUtil.java: New file.
	* gnu/java/security/sig/SignatureFactory.java (names): New field.
	(getInstance): Let RSASignatureFactory handle RSA signature names.
	(getNames): Handle new RSA signature (with format) names.
	* gnu/java/security/sig/SignatureCodecFactory.java: New file.
	* gnu/java/security/sig/BaseSignature.java (BaseSignature): Add check
	for null md.
	(name): Include hash algorithm name.
	* gnu/java/security/sig/rsa/RSASignatureFactory.java: New file.
	* gnu/java/security/sig/rsa/RSAPSSSignature.java
	(RSAPSSSignature): Call constructor with IMessageDigest.
	(RSAPSSSignature(ImessageDigest,int)): New constructor.
	* gnu/java/security/sig/rsa/RSAPKCS1V1_5SignatureRawCodec.java: New
	file.
	* gnu/java/security/sig/rsa/RSAPKCS1V1_5SignatureX509Codec.java:
	Likewise.
	* gnu/java/security/sig/rsa/RSAPKCS1V1_5Signature.java
	(RSAPKCS1V1_5Signature(String)): Call constructor with IMessageDigest.
	(RSAPKCS1V1_5Signature(IMessageDigest)): New constructor.
	* gnu/java/security/sig/rsa/EMSA_PKCS1_V1_5.java (getInstance): Added
	hash algorithm name to exception.
	* gnu/java/security/sig/dss/DSSSignatureX509Codec.java: New file.
	* gnu/java/security/key/KeyPairCodecFactory.java
	(names): New class field.
	(getInstance(Sitrng)): Deconstruct and call getInstance(String,String).
	(getInstance(String,String)): New method.
	(getInstance(String,int)): New method.
	(getInstance(byte[])): Removed.
	(getInstance(Key)): Handle new formats.
	(getNames): Likewise.
	(getEncodingName(int)): Moved to FormatUtil.
	(getEncodingShortName(int)): Likewise.
	(getRawCodec(String)): New method.
	(getX509Codec(String)): Likewise.
	(getPKCS8Codec(String)): Likewise.
	(getRawCodec(Key)): Likewise.
	(getX509Codec(Key)): Likewise.
	(getPKCS8Codec(Key)): Likewise.
	* gnu/java/security/key/dss/DSSKey.java (getFormat): Use FormatUtil.
	* gnu/java/security/key/rsa/GnuRSAKey.java (getFormat): Likewise.
	* gnu/java/security/jce/sig/SHA512withRSA.java: New File.
	* gnu/java/security/jce/sig/SHA384withRSA.java: Likewise.
	* gnu/java/security/jce/sig/SHA256withRSA.java: Likewise.
	* gnu/java/security/jce/sig/SHA160withRSA.java: Likewise.
	* gnu/java/security/jce/sig/SHA160withDSS.java: Likewsie.
	* gnu/java/security/jce/sig/MD5withRSA.java: Likewise.
	* gnu/java/security/jce/sig/MD2withRSA.java: Likewise.

1 files changed, 203 insertions, 0 deletions

diff --git a/gnu/java/security/sig/dss/DSSSignatureX509Codec.java b/gnu/java/security/sig/dss/DSSSignatureX509Codec.java
new file mode 100644
index 000000000..e499c2630
--- /dev/null
+++ b/gnu/java/security/sig/dss/DSSSignatureX509Codec.java
@@ -0,0 +1,203 @@
+/* DSSSignatureX509Codec.java -- X.509 encoder/decoder for DSS signatures
+   Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.sig.dss;
+
+import gnu.java.security.Registry;
+import gnu.java.security.der.BitString;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+import gnu.java.security.der.DERWriter;
+import gnu.java.security.sig.ISignatureCodec;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidParameterException;
+import java.util.ArrayList;
+
+/**
+ * An implementation of an {@link ISignatureCodec} that knows to encode and
+ * decode DSS signatures into the DER-encoded form of the ASN.1 structure
+ * defined in RFC-2459 as described in the next paragraphs.
+ * <p>
+ * Digital signatures when transmitted in an X.509 certificates are encoded
+ * in DER (Distinguished Encoding Rules) as a BIT STRING; i.e.
+ * 
+ * <pre>
+ * Certificate ::= SEQUENCE {
+ *   tbsCertificate       TBSCertificate,
+ *   signatureAlgorithm   AlgorithmIdentifier,
+ *   signature            BIT STRING
+ * }
+ * </pre>
+ * <p>
+ * The output of the encoder, and the input of the decoder, of this codec are
+ * then the bytes of such a BIT STRING.
+ * <p>
+ * RFC-2459 states that, for the Digital Signature Standard (DSS), which
+ * generates two MPIs, commonly called <code>r</code> and <code>s</code>, as the
+ * result of digitally signing a message, these two numbers will be transferred
+ * as the following ASN.1 structure:
+ * 
+ * <pre>
+ *   Dss-Sig-Value ::= SEQUENCE {
+ *     r  INTEGER,
+ *     s  INTEGER
+ *   }
+ * </pre>
+ */
+public class DSSSignatureX509Codec
+    implements ISignatureCodec
+{
+  // implicit 0-arguments constructor
+
+  private static void checkIsConstructed(DERValue v, String msg)
+  {
+    if (! v.isConstructed())
+      throw new InvalidParameterException(msg);
+  }
+
+  private static void checkIsBigInteger(DERValue v, String msg)
+  {
+    if (! (v.getValue() instanceof BigInteger))
+      throw new InvalidParameterException(msg);
+  }
+
+  public int getFormatID()
+  {
+    return Registry.X509_ENCODING_ID;
+  }
+
+  /**
+   * Encodes a DSS Signature output as a <i>signature</i> BIT STRING as defined
+   * in the documentation of this class.
+   * 
+   * @param signature the output of the DSS signature algorithm; i.e. the value
+   *          returned by the invocation of
+   *          {@link gnu.java.security.sig.ISignature#sign()} method. In the
+   *          case of a DSS signature this is an array of two MPIs called
+   *          <code>r</code> and <code>s</code>.
+   * @return the DER-encoded output of a DSS signature as defined in rfc-2459.
+   * @throws InvalidParameterException if an exception occurs during the
+   *           marshalling process.
+   */
+  public byte[] encodeSignature(Object signature)
+  {
+    BigInteger[] rs = (BigInteger[]) signature;
+
+    DERValue derR = new DERValue(DER.INTEGER, rs[0]);
+    DERValue derS = new DERValue(DER.INTEGER, rs[1]);
+
+    ArrayList dssSigValue = new ArrayList(2);
+    dssSigValue.add(derR);
+    dssSigValue.add(derS);
+    DERValue derDssSigValue = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE,
+                                           dssSigValue);
+    byte[] result;
+    ByteArrayOutputStream baos = new ByteArrayOutputStream();
+    try
+      {
+        DERWriter.write(baos, derDssSigValue);
+        result = baos.toByteArray();
+
+        // put it in a BIT STRING
+        DERValue derSignature = new DERValue(DER.BIT_STRING,
+                                             new BitString(result));
+        baos.reset();
+        DERWriter.write(baos, derSignature);
+        result = baos.toByteArray();
+      }
+    catch (IOException x)
+      {
+        InvalidParameterException y = new InvalidParameterException();
+        y.initCause(x);
+        throw y;
+      }
+
+    return result;
+  }
+
+  /**
+   * Decodes a <i>signature</i> BIT STRING as defined in the documentation of
+   * this class.
+   * 
+   * @param input the byte array to unmarshall into a valid DSS signature
+   *          instance; i.e. an array of two MPIs. MUST NOT be null.
+   * @return an array of two MPIs, <code>r</code> and <code>s</code> in this
+   *         order, decoded from the designated <code>input</code>.
+   * @throw InvalidParameterException if an exception occurs during the
+   *        unmarshalling process.
+   */
+  public Object decodeSignature(byte[] input)
+  {
+    if (input == null)
+      throw new InvalidParameterException("Input bytes MUST NOT be null");
+
+    BigInteger r, s;
+    DERReader der = new DERReader(input);
+    try
+      {
+        DERValue derSignature = der.read();
+        if (! (derSignature.getValue() instanceof BitString))
+          throw new InvalidParameterException("Wrong signature field");
+
+        byte[] sBytes = ((BitString) derSignature.getValue()).toByteArray();
+        der = new DERReader(sBytes);
+
+        DERValue derDssSigValue = der.read();
+        checkIsConstructed(derDssSigValue, "Wrong Dss-Sig-Value field");
+
+        DERValue val = der.read();
+        checkIsBigInteger(val, "Wrong R field");
+        r = (BigInteger) val.getValue();
+        val = der.read();
+        checkIsBigInteger(val, "Wrong S field");
+        s = (BigInteger) val.getValue();
+      }
+    catch (IOException x)
+      {
+        InvalidParameterException y = new InvalidParameterException();
+        y.initCause(x);
+        throw y;
+      }
+
+    return new BigInteger[] { r, s };
+  }
+}