| Frames | No Frames |
1: /* RSAPSSSignatureX509Codec.java -- X.509 encoder/decoder for RSA signatures 2: Copyright (C) 2006 Free Software Foundation, Inc. 3: 4: This file is part of GNU Classpath. 5: 6: GNU Classpath is free software; you can redistribute it and/or modify 7: it under the terms of the GNU General Public License as published by 8: the Free Software Foundation; either version 2, or (at your option) 9: any later version. 10: 11: GNU Classpath is distributed in the hope that it will be useful, but 12: WITHOUT ANY WARRANTY; without even the implied warranty of 13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14: General Public License for more details. 15: 16: You should have received a copy of the GNU General Public License 17: along with GNU Classpath; see the file COPYING. If not, write to the 18: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 19: 02110-1301 USA. 20: 21: Linking this library statically or dynamically with other modules is 22: making a combined work based on this library. Thus, the terms and 23: conditions of the GNU General Public License cover the whole 24: combination. 25: 26: As a special exception, the copyright holders of this library give you 27: permission to link this library with independent modules to produce an 28: executable, regardless of the license terms of these independent 29: modules, and to copy and distribute the resulting executable under 30: terms of your choice, provided that you also meet, for each linked 31: independent module, the terms and conditions of the license of that 32: module. An independent module is a module which is not derived from 33: or based on this library. If you modify this library, you may extend 34: this exception to your version of the library, but you are not 35: obligated to do so. If you do not wish to do so, delete this 36: exception statement from your version. */ 37: 38: 39: package gnu.java.security.sig.rsa; 40: 41: import gnu.java.security.Registry; 42: import gnu.java.security.sig.ISignatureCodec; 43: 44: import java.security.InvalidParameterException; 45: 46: /** 47: * An implementation of an {@link ISignatureCodec} that knows to encode and 48: * decode RSA PKCS1 (v1.5) signatures into the raw bytes which would constitute 49: * a DER-encoded form of the ASN.1 structure defined in RFC-2459, and RFC-2313 50: * as described in the next paragraphs. 51: * <p> 52: * Digital signatures when transmitted in an X.509 certificates are encoded 53: * in DER (Distinguished Encoding Rules) as a BIT STRING; i.e. 54: * 55: * <pre> 56: * Certificate ::= SEQUENCE { 57: * tbsCertificate TBSCertificate, 58: * signatureAlgorithm AlgorithmIdentifier, 59: * signature BIT STRING 60: * } 61: * </pre> 62: * <p> 63: * The output of the encoder, and the input of the decoder, of this codec are 64: * then the <i>raw</i> bytes of such a BIT STRING; i.e. not the DER-encoded 65: * form itself. 66: * <p> 67: * Our implementation of the RSA PKCS1 signature algorithm outputs a byte array 68: * as the result of generating a digital signature, in accordance with RFC-2313. 69: * As a consequence, the encoder and decoder of this codec, simply pass through 70: * such a byte array. 71: * <p> 72: * Client code that needs to build a DER BIT STRING <b>MUST</b> construct such 73: * an ASN.1 value. The following is an example of how to do this: 74: * <p> 75: * <pre> 76: * ... 77: * import gnu.java.security.der.BitString; 78: * import gnu.java.security.der.DER; 79: * import gnu.java.security.der.DERValue; 80: * ... 81: * DERValue bitString = new DERValue(DER.BIT_STRING, new BitString(sigBytes)); 82: * ... 83: * </pre> 84: */ 85: public class RSAPKCS1V1_5SignatureX509Codec 86: implements ISignatureCodec 87: { 88: // default 0-arguments constructor 89: 90: public int getFormatID() 91: { 92: return Registry.X509_ENCODING_ID; 93: } 94: 95: /** 96: * Encodes an RSA Signature output as a <i>signature</i> BIT STRING as 97: * defined in the documentation of this class. 98: * 99: * @param signature the output of the RSA PKCS1 (v1.5) signature algorithm; 100: * i.e. the value returned by the invocation of 101: * {@link gnu.java.security.sig.ISignature#sign()} method. In the 102: * case of the RSA PKCS1 (v1.5) signature this is an array of bytes. 103: * @return the raw bytes of an RSA signature which could be then used as the 104: * contents of a BIT STRING as per rfc-2459. 105: */ 106: public byte[] encodeSignature(Object signature) 107: { 108: byte[] result = (byte[]) signature; 109: return result; 110: } 111: 112: /** 113: * Decodes a <i>signature</i> as defined in the documentation of this class. 114: * 115: * @param input the byte array to unmarshall into a valid RSA PKCS1 (v1.5) 116: * signature instance; i.e. a byte array. MUST NOT be null. 117: * @return an array of raw bytes decoded from the designated input. In the 118: * case of RSA PKCS1 (v1.5) this is the same as the input. 119: * @throw InvalidParameterException if the <code>input</code> array is null. 120: */ 121: public Object decodeSignature(byte[] input) 122: { 123: if (input == null) 124: throw new InvalidParameterException("Input bytes MUST NOT be null"); 125: 126: return input; 127: } 128: }