2362N/A * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * KeyFactory for RSA keys. Keys must be instances of PublicKey or PrivateKey 0N/A * and getAlgorithm() must return "RSA". For such keys, it supports conversion 0N/A * between the following: 0N/A * . PublicKey with an X.509 encoding 0N/A * . RSAPublicKeySpec 0N/A * . X509EncodedKeySpec 0N/A * . PrivateKey with a PKCS#8 encoding 0N/A * . RSAPrivateCrtKey 0N/A * . RSAPrivateKeySpec 0N/A * . RSAPrivateCrtKeySpec 0N/A * . PKCS8EncodedKeySpec 0N/A * (of course, CRT variants only for CRT keys) 0N/A * Note: as always, RSA keys should be at least 512 bits long 0N/A * @author Andreas Sterbenz 1111N/A * If the modulus length is above this value, restrict the size of 1111N/A * the exponent to something that can be reasonably computed. We 1111N/A * could simply hardcode the exp len to something like 64 bits, but 1111N/A * this approach allows flexibility in case impls would like to use 1111N/A * larger module and exponent values. 1111N/A "sun.security.rsa.restrictRSAExponent",
"true")));
0N/A // instance used for static translateKey(); 1111N/A * Static method to convert Key into an instance of RSAPublicKeyImpl 1111N/A * or RSAPrivate(Crt)KeyImpl. If the key is not an RSA key or cannot be 1111N/A * used, throw an InvalidKeyException. 0N/A * Used by RSASignature and RSACipher. 1111N/A * Single test entry point for all of the mechanisms in the SunRsaSign 1111N/A * provider (RSA*KeyImpls). All of the tests are the same. 1111N/A * For compatibility, we round up to the nearest byte here: 1111N/A * some Key impls might pass in a value within a byte of the 1111N/A * is not too short or long. Some impls have their own min and 1111N/A * max key sizes that may or may not match with a system defined value. 1111N/A * @param modulusLen the bit length of the RSA modulus. 1111N/A * @param exponent the RSA exponent 1111N/A * @param minModulusLen if > 0, check to see if modulusLen is at 1111N/A * least this long, otherwise unused. 1111N/A * @param maxModulusLen caller will allow this max number of bits. 1111N/A * Allow the smaller of the system-defined maximum and this param. 1111N/A * @throws InvalidKeyException if any of the values are unacceptable. 1111N/A // Even though our policy file may allow this, we don't want 1111N/A // modulus len isn't too big. 1111N/A // If a RSAPublicKey, make sure the exponent isn't too big. 1111N/A "RSA exponents can be no longer than " +
1111N/A " if modulus is greater than " +
0N/A * Translate an RSA key into a SunRsaSign RSA key. If conversion is 0N/A * not possible, throw an InvalidKeyException. 0N/A // internal implementation of translateKey() for public keys. See JCA doc 0N/A // catch providers that incorrectly implement RSAPublicKey 0N/A +
"of RSAPublicKey or have X.509 encoding");
0N/A // internal implementation of translateKey() for private keys. See JCA doc 0N/A // catch providers that incorrectly implement RSAPrivateCrtKey 0N/A // catch providers that incorrectly implement RSAPrivateKey 0N/A +
"of RSAPrivate(Crt)Key or have PKCS#8 encoding");
0N/A // internal implementation of generatePublic. See JCA doc 0N/A +
"and X509EncodedKeySpec supported for RSA public keys");
0N/A // internal implementation of generatePrivate. See JCA doc 0N/A +
"and PKCS8EncodedKeySpec supported for RSA private keys");
0N/A // convert key to one of our keys 0N/A // this also verifies that the key is a valid RSA key and ensures 0N/A (
"KeySpec must be RSAPublicKeySpec or " 0N/A +
"X509EncodedKeySpec for RSA public keys");
0N/A (
"RSAPrivateCrtKeySpec can only be used with CRT keys");
0N/A (
"KeySpec must be RSAPrivate(Crt)KeySpec or " 0N/A +
"PKCS8EncodedKeySpec for RSA private keys");
0N/A // should not occur, caught in engineTranslateKey()