Back to index...

	/*
	* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	package sun.security.pkcs11;

	import java.math.BigInteger;

	import java.security.*;
	import java.security.interfaces.*;
	import java.security.spec.*;

	import sun.security.rsa.RSAPublicKeyImpl;
	import static sun.security.pkcs11.TemplateManager.*;
	import sun.security.pkcs11.wrapper.*;
	import static sun.security.pkcs11.wrapper.PKCS11Constants.*;

	import sun.security.rsa.RSAKeyFactory;

	/**
	* RSA KeyFactory implementation.
	*
	* @author Andreas Sterbenz
	* @since 1.5
	*/
	final class P11RSAKeyFactory extends P11KeyFactory {

	P11RSAKeyFactory(Token token, String algorithm) {
	super(token, algorithm);
	}

	PublicKey implTranslatePublicKey(PublicKey key) throws InvalidKeyException {
	try {
	if (key instanceof RSAPublicKey) {
	RSAPublicKey rsaKey = (RSAPublicKey)key;
	return generatePublic(
	rsaKey.getModulus(),
	rsaKey.getPublicExponent()
	);
	} else if ("X.509".equals(key.getFormat())) {
	// let SunRsaSign provider parse for us, then recurse
	byte[] encoded = key.getEncoded();
	key = RSAPublicKeyImpl.newKey(encoded);
	return implTranslatePublicKey(key);
	} else {
	throw new InvalidKeyException("PublicKey must be instance "
	+ "of RSAPublicKey or have X.509 encoding");
	}
	} catch (PKCS11Exception e) {
	throw new InvalidKeyException("Could not create RSA public key", e);
	}
	}

	PrivateKey implTranslatePrivateKey(PrivateKey key)
	throws InvalidKeyException {
	try {
	if (key instanceof RSAPrivateCrtKey) {
	RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey)key;
	return generatePrivate(
	rsaKey.getModulus(),
	rsaKey.getPublicExponent(),
	rsaKey.getPrivateExponent(),
	rsaKey.getPrimeP(),
	rsaKey.getPrimeQ(),
	rsaKey.getPrimeExponentP(),
	rsaKey.getPrimeExponentQ(),
	rsaKey.getCrtCoefficient()
	);
	} else if (key instanceof RSAPrivateKey) {
	RSAPrivateKey rsaKey = (RSAPrivateKey)key;
	return generatePrivate(
	rsaKey.getModulus(),
	rsaKey.getPrivateExponent()
	);
	} else if ("PKCS#8".equals(key.getFormat())) {
	// let SunRsaSign provider parse for us, then recurse
	byte[] encoded = key.getEncoded();
	key = sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(encoded);
	return implTranslatePrivateKey(key);
	} else {
	throw new InvalidKeyException("Private key must be instance "
	+ "of RSAPrivate(Crt)Key or have PKCS#8 encoding");
	}
	} catch (PKCS11Exception e) {
	throw new InvalidKeyException("Could not create RSA private key", e);
	}
	}

	// see JCA spec
	protected PublicKey engineGeneratePublic(KeySpec keySpec)
	throws InvalidKeySpecException {
	token.ensureValid();
	if (keySpec instanceof X509EncodedKeySpec) {
	try {
	byte[] encoded = ((X509EncodedKeySpec)keySpec).getEncoded();
	PublicKey key = RSAPublicKeyImpl.newKey(encoded);
	return implTranslatePublicKey(key);
	} catch (InvalidKeyException e) {
	throw new InvalidKeySpecException
	("Could not create RSA public key", e);
	}
	}
	if (keySpec instanceof RSAPublicKeySpec == false) {
	throw new InvalidKeySpecException("Only RSAPublicKeySpec and "
	+ "X509EncodedKeySpec supported for RSA public keys");
	}
	try {
	RSAPublicKeySpec rs = (RSAPublicKeySpec)keySpec;
	return generatePublic(
	rs.getModulus(),
	rs.getPublicExponent()
	);
	} catch (PKCS11Exception \| InvalidKeyException e) {
	throw new InvalidKeySpecException
	("Could not create RSA public key", e);
	}
	}

	// see JCA spec
	protected PrivateKey engineGeneratePrivate(KeySpec keySpec)
	throws InvalidKeySpecException {
	token.ensureValid();
	if (keySpec instanceof PKCS8EncodedKeySpec) {
	try {
	byte[] encoded = ((PKCS8EncodedKeySpec)keySpec).getEncoded();
	PrivateKey key =
	sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(encoded);
	return implTranslatePrivateKey(key);
	} catch (GeneralSecurityException e) {
	throw new InvalidKeySpecException
	("Could not create RSA private key", e);
	}
	}
	try {
	if (keySpec instanceof RSAPrivateCrtKeySpec) {
	RSAPrivateCrtKeySpec rs = (RSAPrivateCrtKeySpec)keySpec;
	return generatePrivate(
	rs.getModulus(),
	rs.getPublicExponent(),
	rs.getPrivateExponent(),
	rs.getPrimeP(),
	rs.getPrimeQ(),
	rs.getPrimeExponentP(),
	rs.getPrimeExponentQ(),
	rs.getCrtCoefficient()
	);
	} else if (keySpec instanceof RSAPrivateKeySpec) {
	RSAPrivateKeySpec rs = (RSAPrivateKeySpec)keySpec;
	return generatePrivate(
	rs.getModulus(),
	rs.getPrivateExponent()
	);
	} else {
	throw new InvalidKeySpecException("Only RSAPrivate(Crt)KeySpec "
	+ "and PKCS8EncodedKeySpec supported for RSA private keys");
	}
	} catch (PKCS11Exception \| InvalidKeyException e) {
	throw new InvalidKeySpecException
	("Could not create RSA private key", e);
	}
	}

	private PublicKey generatePublic(BigInteger n, BigInteger e)
	throws PKCS11Exception, InvalidKeyException {
	RSAKeyFactory.checkKeyLengths(n.bitLength(), e, -1, 64 * 1024);
	CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
	new CK_ATTRIBUTE(CKA_CLASS, CKO_PUBLIC_KEY),
	new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_RSA),
	new CK_ATTRIBUTE(CKA_MODULUS, n),
	new CK_ATTRIBUTE(CKA_PUBLIC_EXPONENT, e),
	};
	attributes = token.getAttributes
	(O_IMPORT, CKO_PUBLIC_KEY, CKK_RSA, attributes);
	Session session = null;
	try {
	session = token.getObjSession();
	long keyID = token.p11.C_CreateObject(session.id(), attributes);
	return P11Key.publicKey
	(session, keyID, "RSA", n.bitLength(), attributes);
	} finally {
	token.releaseSession(session);
	}
	}

	private PrivateKey generatePrivate(BigInteger n, BigInteger d)
	throws PKCS11Exception, InvalidKeyException {
	RSAKeyFactory.checkKeyLengths(n.bitLength(), null, -1, 64 * 1024);
	CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
	new CK_ATTRIBUTE(CKA_CLASS, CKO_PRIVATE_KEY),
	new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_RSA),
	new CK_ATTRIBUTE(CKA_MODULUS, n),
	new CK_ATTRIBUTE(CKA_PRIVATE_EXPONENT, d),
	};
	attributes = token.getAttributes
	(O_IMPORT, CKO_PRIVATE_KEY, CKK_RSA, attributes);
	Session session = null;
	try {
	session = token.getObjSession();
	long keyID = token.p11.C_CreateObject(session.id(), attributes);
	return P11Key.privateKey
	(session, keyID, "RSA", n.bitLength(), attributes);
	} finally {
	token.releaseSession(session);
	}
	}

	private PrivateKey generatePrivate(BigInteger n, BigInteger e,
	BigInteger d, BigInteger p, BigInteger q, BigInteger pe,
	BigInteger qe, BigInteger coeff) throws PKCS11Exception,
	InvalidKeyException {
	RSAKeyFactory.checkKeyLengths(n.bitLength(), e, -1, 64 * 1024);
	CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
	new CK_ATTRIBUTE(CKA_CLASS, CKO_PRIVATE_KEY),
	new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_RSA),
	new CK_ATTRIBUTE(CKA_MODULUS, n),
	new CK_ATTRIBUTE(CKA_PUBLIC_EXPONENT, e),
	new CK_ATTRIBUTE(CKA_PRIVATE_EXPONENT, d),
	new CK_ATTRIBUTE(CKA_PRIME_1, p),
	new CK_ATTRIBUTE(CKA_PRIME_2, q),
	new CK_ATTRIBUTE(CKA_EXPONENT_1, pe),
	new CK_ATTRIBUTE(CKA_EXPONENT_2, qe),
	new CK_ATTRIBUTE(CKA_COEFFICIENT, coeff),
	};
	attributes = token.getAttributes
	(O_IMPORT, CKO_PRIVATE_KEY, CKK_RSA, attributes);
	Session session = null;
	try {
	session = token.getObjSession();
	long keyID = token.p11.C_CreateObject(session.id(), attributes);
	return P11Key.privateKey
	(session, keyID, "RSA", n.bitLength(), attributes);
	} finally {
	token.releaseSession(session);
	}
	}

	<T extends KeySpec> T implGetPublicKeySpec(P11Key key, Class<T> keySpec,
	Session[] session) throws PKCS11Exception, InvalidKeySpecException {
	if (RSAPublicKeySpec.class.isAssignableFrom(keySpec)) {
	session[0] = token.getObjSession();
	CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
	new CK_ATTRIBUTE(CKA_MODULUS),
	new CK_ATTRIBUTE(CKA_PUBLIC_EXPONENT),
	};
	long keyID = key.getKeyID();
	try {
	token.p11.C_GetAttributeValue(session[0].id(), keyID, attributes);
	} finally {
	key.releaseKeyID();
	}
	KeySpec spec = new RSAPublicKeySpec(
	attributes[0].getBigInteger(),
	attributes[1].getBigInteger()
	);
	return keySpec.cast(spec);
	} else { // X.509 handled in superclass
	throw new InvalidKeySpecException("Only RSAPublicKeySpec and "
	+ "X509EncodedKeySpec supported for RSA public keys");
	}
	}

	<T extends KeySpec> T implGetPrivateKeySpec(P11Key key, Class<T> keySpec,
	Session[] session) throws PKCS11Exception, InvalidKeySpecException {
	if (RSAPrivateCrtKeySpec.class.isAssignableFrom(keySpec)) {
	session[0] = token.getObjSession();
	CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
	new CK_ATTRIBUTE(CKA_MODULUS),
	new CK_ATTRIBUTE(CKA_PUBLIC_EXPONENT),
	new CK_ATTRIBUTE(CKA_PRIVATE_EXPONENT),
	new CK_ATTRIBUTE(CKA_PRIME_1),
	new CK_ATTRIBUTE(CKA_PRIME_2),
	new CK_ATTRIBUTE(CKA_EXPONENT_1),
	new CK_ATTRIBUTE(CKA_EXPONENT_2),
	new CK_ATTRIBUTE(CKA_COEFFICIENT),
	};
	long keyID = key.getKeyID();
	try {
	token.p11.C_GetAttributeValue(session[0].id(), keyID, attributes);
	} finally {
	key.releaseKeyID();
	}

	KeySpec spec = new RSAPrivateCrtKeySpec(
	attributes[0].getBigInteger(),
	attributes[1].getBigInteger(),
	attributes[2].getBigInteger(),
	attributes[3].getBigInteger(),
	attributes[4].getBigInteger(),
	attributes[5].getBigInteger(),
	attributes[6].getBigInteger(),
	attributes[7].getBigInteger()
	);
	return keySpec.cast(spec);
	} else if (RSAPrivateKeySpec.class.isAssignableFrom(keySpec)) {
	session[0] = token.getObjSession();
	CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
	new CK_ATTRIBUTE(CKA_MODULUS),
	new CK_ATTRIBUTE(CKA_PRIVATE_EXPONENT),
	};
	long keyID = key.getKeyID();
	try {
	token.p11.C_GetAttributeValue(session[0].id(), keyID, attributes);
	} finally {
	key.releaseKeyID();
	}

	KeySpec spec = new RSAPrivateKeySpec(
	attributes[0].getBigInteger(),
	attributes[1].getBigInteger()
	);
	return keySpec.cast(spec);
	} else { // PKCS#8 handled in superclass
	throw new InvalidKeySpecException("Only RSAPrivate(Crt)KeySpec "
	+ "and PKCS8EncodedKeySpec supported for RSA private keys");
	}
	}

	KeyFactory implGetSoftwareFactory() throws GeneralSecurityException {
	return KeyFactory.getInstance("RSA", P11Util.getSunRsaSignProvider());
	}

	}

Back to index...