1 /* 2 * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.x509; 27 28 import java.io.*; 29 import java.util.Arrays; 30 import java.util.Properties; 31 import java.security.Key; 32 import java.security.PublicKey; 33 import java.security.KeyFactory; 34 import java.security.KeyRep; 35 import java.security.Security; 36 import java.security.Provider; 37 import java.security.InvalidKeyException; 38 import java.security.NoSuchAlgorithmException; 39 import java.security.spec.InvalidKeySpecException; 40 import java.security.spec.X509EncodedKeySpec; 41 42 import sun.misc.HexDumpEncoder; 43 import sun.security.util.*; 44 45 /** 46 * Holds an X.509 key, for example a public key found in an X.509 47 * certificate. Includes a description of the algorithm to be used 48 * with the key; these keys normally are used as 49 * "SubjectPublicKeyInfo". 50 * 51 * <P>While this class can represent any kind of X.509 key, it may be 52 * desirable to provide subclasses which understand how to parse keying 53 * data. For example, RSA public keys have two members, one for the 54 * public modulus and one for the prime exponent. If such a class is 55 * provided, it is used when parsing X.509 keys. If one is not provided, 56 * the key still parses correctly. 57 * 58 * @author David Brownell 59 */ 60 public class X509Key implements PublicKey { 61 62 /** use serialVersionUID from JDK 1.1. for interoperability */ 63 private static final long serialVersionUID = -5359250853002055002L; 64 65 /* The algorithm information (name, parameters, etc). */ 66 protected AlgorithmId algid; 67 68 /** 69 * The key bytes, without the algorithm information. 70 * @deprecated Use the BitArray form which does not require keys to 71 * be byte aligned. 72 * @see sun.security.x509.X509Key#setKey(BitArray) 73 * @see sun.security.x509.X509Key#getKey() 74 */ 75 @Deprecated 76 protected byte[] key = null; 77 78 /* 79 * The number of bits unused in the last byte of the key. 80 * Added to keep the byte[] key form consistent with the BitArray 81 * form. Can de deleted when byte[] key is deleted. 82 */ 83 private int unusedBits = 0; 84 85 /* BitArray form of key */ 86 private BitArray bitStringKey = null; 87 88 /* The encoding for the key. */ 89 protected byte[] encodedKey; 90 91 /** 92 * Default constructor. The key constructed must have its key 93 * and algorithm initialized before it may be used, for example 94 * by using <code>decode</code>. 95 */ 96 public X509Key() { } 97 98 /* 99 * Build and initialize as a "default" key. All X.509 key 100 * data is stored and transmitted losslessly, but no knowledge 101 * about this particular algorithm is available. 102 */ 103 private X509Key(AlgorithmId algid, BitArray key) 104 throws InvalidKeyException { 105 this.algid = algid; 106 setKey(key); 107 encode(); 108 } 109 110 /** 111 * Sets the key in the BitArray form. 112 */ 113 protected void setKey(BitArray key) { 114 this.bitStringKey = (BitArray)key.clone(); 115 116 /* 117 * Do this to keep the byte array form consistent with 118 * this. Can delete when byte[] key is deleted. 119 */ 120 this.key = key.toByteArray(); 121 int remaining = key.length() % 8; 122 this.unusedBits = 123 ((remaining == 0) ? 0 : 8 - remaining); 124 } 125 126 /** 127 * Gets the key. The key may or may not be byte aligned. 128 * @return a BitArray containing the key. 129 */ 130 protected BitArray getKey() { 131 /* 132 * Do this for consistency in case a subclass 133 * modifies byte[] key directly. Remove when 134 * byte[] key is deleted. 135 * Note: the consistency checks fail when the subclass 136 * modifies a non byte-aligned key (into a byte-aligned key) 137 * using the deprecated byte[] key field. 138 */ 139 this.bitStringKey = new BitArray( 140 this.key.length * 8 - this.unusedBits, 141 this.key); 142 143 return (BitArray)bitStringKey.clone(); 144 } 145 146 /** 147 * Construct X.509 subject public key from a DER value. If 148 * the runtime environment is configured with a specific class for 149 * this kind of key, a subclass is returned. Otherwise, a generic 150 * X509Key object is returned. 151 * 152 * <P>This mechanism gurantees that keys (and algorithms) may be 153 * freely manipulated and transferred, without risk of losing 154 * information. Also, when a key (or algorithm) needs some special 155 * handling, that specific need can be accomodated. 156 * 157 * @param in the DER-encoded SubjectPublicKeyInfo value 158 * @exception IOException on data format errors 159 */ 160 public static PublicKey parse(DerValue in) throws IOException 161 { 162 AlgorithmId algorithm; 163 PublicKey subjectKey; 164 165 if (in.tag != DerValue.tag_Sequence) 166 throw new IOException("corrupt subject key"); 167 168 algorithm = AlgorithmId.parse(in.data.getDerValue()); 169 try { 170 subjectKey = buildX509Key(algorithm, 171 in.data.getUnalignedBitString()); 172 173 } catch (InvalidKeyException e) { 174 throw new IOException("subject key, " + e.getMessage(), e); 175 } 176 177 if (in.data.available() != 0) 178 throw new IOException("excess subject key"); 179 return subjectKey; 180 } 181 182 /** 183 * Parse the key bits. This may be redefined by subclasses to take 184 * advantage of structure within the key. For example, RSA public 185 * keys encapsulate two unsigned integers (modulus and exponent) as 186 * DER values within the <code>key</code> bits; Diffie-Hellman and 187 * DSS/DSA keys encapsulate a single unsigned integer. 188 * 189 * <P>This function is called when creating X.509 SubjectPublicKeyInfo 190 * values using the X509Key member functions, such as <code>parse</code> 191 * and <code>decode</code>. 192 * 193 * @exception IOException on parsing errors. 194 * @exception InvalidKeyException on invalid key encodings. 195 */ 196 protected void parseKeyBits() throws IOException, InvalidKeyException { 197 encode(); 198 } 199 200 /* 201 * Factory interface, building the kind of key associated with this 202 * specific algorithm ID or else returning this generic base class. 203 * See the description above. 204 */ 205 static PublicKey buildX509Key(AlgorithmId algid, BitArray key) 206 throws IOException, InvalidKeyException 207 { 208 /* 209 * Use the algid and key parameters to produce the ASN.1 encoding 210 * of the key, which will then be used as the input to the 211 * key factory. 212 */ 213 DerOutputStream x509EncodedKeyStream = new DerOutputStream(); 214 encode(x509EncodedKeyStream, algid, key); 215 X509EncodedKeySpec x509KeySpec 216 = new X509EncodedKeySpec(x509EncodedKeyStream.toByteArray()); 217 218 try { 219 // Instantiate the key factory of the appropriate algorithm 220 KeyFactory keyFac = KeyFactory.getInstance(algid.getName()); 221 222 // Generate the public key 223 return keyFac.generatePublic(x509KeySpec); 224 } catch (NoSuchAlgorithmException e) { 225 // Return generic X509Key with opaque key data (see below) 226 } catch (InvalidKeySpecException e) { 227 throw new InvalidKeyException(e.getMessage(), e); 228 } 229 230 /* 231 * Try again using JDK1.1-style for backwards compatibility. 232 */ 233 String classname = ""; 234 try { 235 Properties props; 236 String keytype; 237 Provider sunProvider; 238 239 sunProvider = Security.getProvider("SUN"); 240 if (sunProvider == null) 241 throw new InstantiationException(); 242 classname = sunProvider.getProperty("PublicKey.X.509." + 243 algid.getName()); 244 if (classname == null) { 245 throw new InstantiationException(); 246 } 247 248 Class keyClass = null; 249 try { 250 keyClass = Class.forName(classname); 251 } catch (ClassNotFoundException e) { 252 ClassLoader cl = ClassLoader.getSystemClassLoader(); 253 if (cl != null) { 254 keyClass = cl.loadClass(classname); 255 } 256 } 257 258 Object inst = null; 259 X509Key result; 260 261 if (keyClass != null) 262 inst = keyClass.newInstance(); 263 if (inst instanceof X509Key) { 264 result = (X509Key) inst; 265 result.algid = algid; 266 result.setKey(key); 267 result.parseKeyBits(); 268 return result; 269 } 270 } catch (ClassNotFoundException e) { 271 } catch (InstantiationException e) { 272 } catch (IllegalAccessException e) { 273 // this should not happen. 274 throw new IOException (classname + " [internal error]"); 275 } 276 277 X509Key result = new X509Key(algid, key); 278 return result; 279 } 280 281 /** 282 * Returns the algorithm to be used with this key. 283 */ 284 public String getAlgorithm() { 285 return algid.getName(); 286 } 287 288 /** 289 * Returns the algorithm ID to be used with this key. 290 */ 291 public AlgorithmId getAlgorithmId() { return algid; } 292 293 /** 294 * Encode SubjectPublicKeyInfo sequence on the DER output stream. 295 * 296 * @exception IOException on encoding errors. 297 */ 298 public final void encode(DerOutputStream out) throws IOException 299 { 300 encode(out, this.algid, getKey()); 301 } 302 303 /** 304 * Returns the DER-encoded form of the key as a byte array. 305 */ 306 public byte[] getEncoded() { 307 try { 308 return getEncodedInternal().clone(); 309 } catch (InvalidKeyException e) { 310 // XXX 311 } 312 return null; 313 } 314 315 public byte[] getEncodedInternal() throws InvalidKeyException { 316 byte[] encoded = encodedKey; 317 if (encoded == null) { 318 try { 319 DerOutputStream out = new DerOutputStream(); 320 encode(out); 321 encoded = out.toByteArray(); 322 } catch (IOException e) { 323 throw new InvalidKeyException("IOException : " + 324 e.getMessage()); 325 } 326 encodedKey = encoded; 327 } 328 return encoded; 329 } 330 331 /** 332 * Returns the format for this key: "X.509" 333 */ 334 public String getFormat() { 335 return "X.509"; 336 } 337 338 /** 339 * Returns the DER-encoded form of the key as a byte array. 340 * 341 * @exception InvalidKeyException on encoding errors. 342 */ 343 public byte[] encode() throws InvalidKeyException { 344 return getEncodedInternal().clone(); 345 } 346 347 /* 348 * Returns a printable representation of the key 349 */ 350 public String toString() 351 { 352 HexDumpEncoder encoder = new HexDumpEncoder(); 353 354 return "algorithm = " + algid.toString() 355 + ", unparsed keybits = \n" + encoder.encodeBuffer(key); 356 } 357 358 /** 359 * Initialize an X509Key object from an input stream. The data on that 360 * input stream must be encoded using DER, obeying the X.509 361 * <code>SubjectPublicKeyInfo</code> format. That is, the data is a 362 * sequence consisting of an algorithm ID and a bit string which holds 363 * the key. (That bit string is often used to encapsulate another DER 364 * encoded sequence.) 365 * 366 * <P>Subclasses should not normally redefine this method; they should 367 * instead provide a <code>parseKeyBits</code> method to parse any 368 * fields inside the <code>key</code> member. 369 * 370 * <P>The exception to this rule is that since private keys need not 371 * be encoded using the X.509 <code>SubjectPublicKeyInfo</code> format, 372 * private keys may override this method, <code>encode</code>, and 373 * of course <code>getFormat</code>. 374 * 375 * @param in an input stream with a DER-encoded X.509 376 * SubjectPublicKeyInfo value 377 * @exception InvalidKeyException on parsing errors. 378 */ 379 public void decode(InputStream in) 380 throws InvalidKeyException 381 { 382 DerValue val; 383 384 try { 385 val = new DerValue(in); 386 if (val.tag != DerValue.tag_Sequence) 387 throw new InvalidKeyException("invalid key format"); 388 389 algid = AlgorithmId.parse(val.data.getDerValue()); 390 setKey(val.data.getUnalignedBitString()); 391 parseKeyBits(); 392 if (val.data.available() != 0) 393 throw new InvalidKeyException ("excess key data"); 394 395 } catch (IOException e) { 396 // e.printStackTrace (); 397 throw new InvalidKeyException("IOException: " + 398 e.getMessage()); 399 } 400 } 401 402 public void decode(byte[] encodedKey) throws InvalidKeyException { 403 decode(new ByteArrayInputStream(encodedKey)); 404 } 405 406 /** 407 * Serialization write ... X.509 keys serialize as 408 * themselves, and they're parsed when they get read back. 409 */ 410 private void writeObject(ObjectOutputStream stream) throws IOException { 411 stream.write(getEncoded()); 412 } 413 414 /** 415 * Serialization read ... X.509 keys serialize as 416 * themselves, and they're parsed when they get read back. 417 */ 418 private void readObject(ObjectInputStream stream) throws IOException { 419 try { 420 decode(stream); 421 } catch (InvalidKeyException e) { 422 e.printStackTrace(); 423 throw new IOException("deserialized key is invalid: " + 424 e.getMessage()); 425 } 426 } 427 428 public boolean equals(Object obj) { 429 if (this == obj) { 430 return true; 431 } 432 if (obj instanceof Key == false) { 433 return false; 434 } 435 try { 436 byte[] thisEncoded = this.getEncodedInternal(); 437 byte[] otherEncoded; 438 if (obj instanceof X509Key) { 439 otherEncoded = ((X509Key)obj).getEncodedInternal(); 440 } else { 441 otherEncoded = ((Key)obj).getEncoded(); 442 } 443 return Arrays.equals(thisEncoded, otherEncoded); 444 } catch (InvalidKeyException e) { 445 return false; 446 } 447 } 448 449 /** 450 * Calculates a hash code value for the object. Objects 451 * which are equal will also have the same hashcode. 452 */ 453 public int hashCode() { 454 try { 455 byte[] b1 = getEncodedInternal(); 456 int r = b1.length; 457 for (int i = 0; i < b1.length; i++) { 458 r += (b1[i] & 0xff) * 37; 459 } 460 return r; 461 } catch (InvalidKeyException e) { 462 // should not happen 463 return 0; 464 } 465 } 466 467 /* 468 * Produce SubjectPublicKey encoding from algorithm id and key material. 469 */ 470 static void encode(DerOutputStream out, AlgorithmId algid, BitArray key) 471 throws IOException { 472 DerOutputStream tmp = new DerOutputStream(); 473 algid.encode(tmp); 474 tmp.putUnalignedBitString(key); 475 out.write(DerValue.tag_Sequence, tmp); 476 } 477 } 478