/*
 * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package sun.security.x509;

import java.io.IOException;
import java.math.BigInteger;
import java.security.*;
import java.security.interfaces.DSAParams;

import sun.security.util.*;


This class identifies DSS/DSA Algorithm variants, which are distinguished by using different algorithm parameters P, Q, G. It uses the NIST/IETF standard DER encoding. These are used to implement the Digital Signature Standard (DSS), FIPS 186.

NOTE: DSS/DSA Algorithm IDs may be created without these parameters. Use of DSS/DSA in modes where parameters are either implicit (e.g. a default applicable to a site or a larger scope), or are derived from some Certificate Authority's DSS certificate, is not supported directly. The application is responsible for creating a key containing the required parameters prior to using the key in cryptographic operations. The follwoing is an example of how this may be done assuming that we have a certificate called currentCert which doesn't contain DSS/DSA parameters and we need to derive DSS/DSA parameters from a CA's certificate called caCert.


// key containing parameters to use
DSAPublicKey cAKey = (DSAPublicKey)(caCert.getPublicKey());
// key without parameters
DSAPublicKey nullParamsKey = (DSAPublicKey)(currentCert.getPublicKey());
DSAParams cAKeyParams = cAKey.getParams();
KeyFactory kf = KeyFactory.getInstance("DSA");
DSAPublicKeySpec ks = new DSAPublicKeySpec(nullParamsKey.getY(),
                                           cAKeyParams.getP(),
                                           cAKeyParams.getQ(),
                                           cAKeyParams.getG());
DSAPublicKey usableKey = kf.generatePublic(ks);
Author:David Brownell
See Also:
/** * This class identifies DSS/DSA Algorithm variants, which are distinguished * by using different algorithm parameters <em>P, Q, G</em>. It uses the * NIST/IETF standard DER encoding. These are used to implement the Digital * Signature Standard (DSS), FIPS 186. * * <P><em><b>NOTE:</b></em> DSS/DSA Algorithm IDs may be created without these * parameters. Use of DSS/DSA in modes where parameters are * either implicit (e.g. a default applicable to a site or a larger scope), * or are derived from some Certificate Authority's DSS certificate, is * not supported directly. The application is responsible for creating a key * containing the required parameters prior to using the key in cryptographic * operations. The follwoing is an example of how this may be done assuming * that we have a certificate called <code>currentCert</code> which doesn't * contain DSS/DSA parameters and we need to derive DSS/DSA parameters * from a CA's certificate called <code>caCert</code>. * * <pre>{@code * // key containing parameters to use * DSAPublicKey cAKey = (DSAPublicKey)(caCert.getPublicKey()); * // key without parameters * DSAPublicKey nullParamsKey = (DSAPublicKey)(currentCert.getPublicKey()); * * DSAParams cAKeyParams = cAKey.getParams(); * KeyFactory kf = KeyFactory.getInstance("DSA"); * DSAPublicKeySpec ks = new DSAPublicKeySpec(nullParamsKey.getY(), * cAKeyParams.getP(), * cAKeyParams.getQ(), * cAKeyParams.getG()); * DSAPublicKey usableKey = kf.generatePublic(ks); * }</pre> * * @see java.security.interfaces.DSAParams * @see java.security.interfaces.DSAPublicKey * @see java.security.KeyFactory * @see java.security.spec.DSAPublicKeySpec * * @author David Brownell */
public final class AlgIdDSA extends AlgorithmId implements DSAParams { private static final long serialVersionUID = 3437177836797504046L; /* * The three unsigned integer parameters. */ private BigInteger p , q, g;
Returns the DSS/DSA parameter "P"
/** Returns the DSS/DSA parameter "P" */
public BigInteger getP () { return p; }
Returns the DSS/DSA parameter "Q"
/** Returns the DSS/DSA parameter "Q" */
public BigInteger getQ () { return q; }
Returns the DSS/DSA parameter "G"
/** Returns the DSS/DSA parameter "G" */
public BigInteger getG () { return g; }
Default constructor. The OID and parameters must be deserialized before this algorithm ID is used.
/** * Default constructor. The OID and parameters must be * deserialized before this algorithm ID is used. */
@Deprecated public AlgIdDSA () {} AlgIdDSA (DerValue val) throws IOException { super(val.getOID()); }
Construct an AlgIdDSA from an X.509 encoded byte array.
/** * Construct an AlgIdDSA from an X.509 encoded byte array. */
public AlgIdDSA (byte[] encodedAlg) throws IOException { super (new DerValue(encodedAlg).getOID()); }
Constructs a DSS/DSA Algorithm ID from unsigned integers that define the algorithm parameters. Those integers are encoded as big-endian byte arrays.
Params:
  • p – the DSS/DSA parameter "P"
  • q – the DSS/DSA parameter "Q"
  • g – the DSS/DSA parameter "G"
/** * Constructs a DSS/DSA Algorithm ID from unsigned integers that * define the algorithm parameters. Those integers are encoded * as big-endian byte arrays. * * @param p the DSS/DSA parameter "P" * @param q the DSS/DSA parameter "Q" * @param g the DSS/DSA parameter "G" */
public AlgIdDSA (byte[] p, byte[] q, byte[] g) throws IOException { this (new BigInteger (1, p), new BigInteger (1, q), new BigInteger (1, g)); }
Constructs a DSS/DSA Algorithm ID from numeric parameters. If all three are null, then the parameters portion of the algorithm id is set to null. See note in header regarding use.
Params:
  • p – the DSS/DSA parameter "P"
  • q – the DSS/DSA parameter "Q"
  • g – the DSS/DSA parameter "G"
/** * Constructs a DSS/DSA Algorithm ID from numeric parameters. * If all three are null, then the parameters portion of the algorithm id * is set to null. See note in header regarding use. * * @param p the DSS/DSA parameter "P" * @param q the DSS/DSA parameter "Q" * @param g the DSS/DSA parameter "G" */
public AlgIdDSA (BigInteger p, BigInteger q, BigInteger g) { super (DSA_oid); if (p != null || q != null || g != null) { if (p == null || q == null || g == null) throw new ProviderException("Invalid parameters for DSS/DSA" + " Algorithm ID"); try { this.p = p; this.q = q; this.g = g; initializeParams (); } catch (IOException e) { /* this should not happen */ throw new ProviderException ("Construct DSS/DSA Algorithm ID"); } } }
Returns "DSA", indicating the Digital Signature Algorithm (DSA) as defined by the Digital Signature Standard (DSS), FIPS 186.
/** * Returns "DSA", indicating the Digital Signature Algorithm (DSA) as * defined by the Digital Signature Standard (DSS), FIPS 186. */
public String getName () { return "DSA"; } /* * For algorithm IDs which haven't been created from a DER encoded * value, "params" must be created. */ private void initializeParams () throws IOException { DerOutputStream out = new DerOutputStream (); out.putInteger(p); out.putInteger(q); out.putInteger(g); params = new DerValue (DerValue.tag_Sequence,out.toByteArray ()); }
Parses algorithm parameters P, Q, and G. They're found in the "params" member, which never needs to be changed.
/** * Parses algorithm parameters P, Q, and G. They're found * in the "params" member, which never needs to be changed. */
protected void decodeParams () throws IOException { if (params == null) throw new IOException("DSA alg params are null"); if (params.tag != DerValue.tag_Sequence) throw new IOException("DSA alg parsing error"); params.data.reset (); this.p = params.data.getBigInteger(); this.q = params.data.getBigInteger(); this.g = params.data.getBigInteger(); if (params.data.available () != 0) throw new IOException ("AlgIdDSA params, extra="+ params.data.available ()); } /* * Returns a formatted string describing the parameters. */ public String toString () { return paramsToString (); } /* * Returns a string describing the parameters. */ protected String paramsToString () { if (params == null) return " null\n"; else return "\n p:\n" + Debug.toHexString(p) + "\n q:\n" + Debug.toHexString(q) + "\n g:\n" + Debug.toHexString(g) + "\n"; } }