2006-02-26 Raif S. Naffah <raif@swiftdsl.com.au>

	* gnu/java/security/jce/sig/EncodedKeyFactory.java (log): New field.
	(engineGeneratePublic): Added logging.
	(engineGeneratePrivate): Likewise.
	* gnu/java/security/key/rsa/RSAKeyPairX509Codec.java (log): New field.
	(encodePublicKey): Added logging.
	Clarified in method documentation that params is optional, but is
	always NULL if present.
	(decodePublicKey): Added logging.
	Handle optional NULL element.

2 files changed, 110 insertions, 64 deletions

diff --git a/gnu/java/security/jce/sig/EncodedKeyFactory.java b/gnu/java/security/jce/sig/EncodedKeyFactory.java
index 6c1a19abd..60152c279 100644
--- a/gnu/java/security/jce/sig/EncodedKeyFactory.java
+++ b/gnu/java/security/jce/sig/EncodedKeyFactory.java
@@ -62,6 +62,8 @@ import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.RSAPrivateCrtKeySpec;
 import java.security.spec.RSAPublicKeySpec;
 import java.security.spec.X509EncodedKeySpec;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 
 import javax.crypto.interfaces.DHPrivateKey;
 import javax.crypto.interfaces.DHPublicKey;
@@ -75,6 +77,8 @@ import javax.crypto.spec.DHPublicKeySpec;
 public class EncodedKeyFactory
     extends KeyFactorySpi
 {
+  private static final Logger log = Logger.getLogger(EncodedKeyFactory.class.getName());
+
   // implicit 0-arguments constructor
 
   // Class methods
@@ -192,79 +196,105 @@ public class EncodedKeyFactory
   protected PublicKey engineGeneratePublic(KeySpec keySpec)
       throws InvalidKeySpecException
   {
-    if (keySpec instanceof DSAPublicKeySpec)
-      return decodeDSSPublicKey((DSAPublicKeySpec) keySpec);
-
-    if (keySpec instanceof RSAPublicKeySpec)
-      return decodeRSAPublicKey((RSAPublicKeySpec) keySpec);
-
-    if (keySpec instanceof DHPublicKeySpec)
-      return decodeDHPublicKey((DHPublicKeySpec) keySpec);
-
-    if (! (keySpec instanceof X509EncodedKeySpec))
-      throw new InvalidKeySpecException("Unsupported key specification");
-
-    byte[] input = ((X509EncodedKeySpec) keySpec).getEncoded();
-
-    // try DSS
-    try
-      {
-        return DSSPublicKey.valueOf(input);
-      }
-    catch (InvalidParameterException ignored)
-      {
-      }
+    log.entering(this.getClass().getName(), "engineGeneratePublic()", keySpec);
 
-    // try RSA
-    try
-      {
-        return GnuRSAPublicKey.valueOf(input);
-      }
-    catch (InvalidParameterException ignored)
+    PublicKey result = null;
+    if (keySpec instanceof DSAPublicKeySpec)
+      result = decodeDSSPublicKey((DSAPublicKeySpec) keySpec);
+    else if (keySpec instanceof RSAPublicKeySpec)
+      result = decodeRSAPublicKey((RSAPublicKeySpec) keySpec);
+    else if (keySpec instanceof DHPublicKeySpec)
+      result = decodeDHPublicKey((DHPublicKeySpec) keySpec);
+    else
       {
+        if (! (keySpec instanceof X509EncodedKeySpec))
+          throw new InvalidKeySpecException("Unsupported key specification");
+
+        byte[] input = ((X509EncodedKeySpec) keySpec).getEncoded();
+        boolean ok = false;
+        // try DSS
+        try
+          {
+            result = DSSPublicKey.valueOf(input);
+            ok = true;
+          }
+        catch (InvalidParameterException ignored)
+          {
+            log.log(Level.FINE, "Exception in DSSPublicKey.valueOf(). Ignore",
+                    ignored);
+          }
+
+        if (! ok) // try RSA
+          try
+            {
+              result = GnuRSAPublicKey.valueOf(input);
+              ok = true;
+            }
+          catch (InvalidParameterException ignored)
+            {
+              log.log(Level.FINE,
+                      "Exception in GnuRSAPublicKey.valueOf(). Ignore",
+                      ignored);
+            }
+
+          if (! ok) // try DH
+            result = decodeDHPublicKey(input);
       }
 
-    // try DH
-    return decodeDHPublicKey(input);
+    log.exiting(this.getClass().getName(), "engineGeneratePublic()", result);
+    return result;
   }
 
   protected PrivateKey engineGeneratePrivate(KeySpec keySpec)
       throws InvalidKeySpecException
   {
-    if (keySpec instanceof DSAPrivateKeySpec)
-      return decodeDSSPrivateKey((DSAPrivateKeySpec) keySpec);
-
-    if (keySpec instanceof RSAPrivateCrtKeySpec)
-      return decodeRSAPrivateKey((RSAPrivateCrtKeySpec) keySpec);
-
-    if (keySpec instanceof DHPrivateKeySpec)
-      return decodeDHPrivateKey((DHPrivateKeySpec) keySpec);
-
-    if (! (keySpec instanceof PKCS8EncodedKeySpec))
-      throw new InvalidKeySpecException("Unsupported key specification");
+    log.entering(this.getClass().getName(), "engineGeneratePrivate()", keySpec);
 
-    byte[] input = ((PKCS8EncodedKeySpec) keySpec).getEncoded();
-
-    // try DSS
-    try
-      {
-        return DSSPrivateKey.valueOf(input);
-      }
-    catch (InvalidParameterException ignored)
-      {
-      }
-
-    // try RSA
-    try
-      {
-        return GnuRSAPrivateKey.valueOf(input);
-      }
-    catch (InvalidParameterException ignored)
+    PrivateKey result = null;
+    if (keySpec instanceof DSAPrivateKeySpec)
+      result = decodeDSSPrivateKey((DSAPrivateKeySpec) keySpec);
+    else if (keySpec instanceof RSAPrivateCrtKeySpec)
+      result = decodeRSAPrivateKey((RSAPrivateCrtKeySpec) keySpec);
+    else if (keySpec instanceof DHPrivateKeySpec)
+      result = decodeDHPrivateKey((DHPrivateKeySpec) keySpec);
+    else
       {
+        if (! (keySpec instanceof PKCS8EncodedKeySpec))
+          throw new InvalidKeySpecException("Unsupported key specification");
+
+        byte[] input = ((PKCS8EncodedKeySpec) keySpec).getEncoded();
+        boolean ok = false;
+        // try DSS
+        try
+          {
+            result = DSSPrivateKey.valueOf(input);
+            ok = true;
+          }
+        catch (InvalidParameterException ignored)
+          {
+            log.log(Level.FINE, "Exception in DSSPrivateKey.valueOf(). Ignore",
+                    ignored);
+          }
+
+        if (! ok) // try RSA
+          try
+            {
+              result = GnuRSAPrivateKey.valueOf(input);
+              ok = true;
+            }
+          catch (InvalidParameterException ignored)
+            {
+              log.log(Level.FINE,
+                      "Exception in GnuRSAPrivateKey.valueOf(). Ignore",
+                      ignored);
+            }
+
+        if (! ok) // try DH
+          result = decodeDHPrivateKey(input);
       }
 
-    // try DH
-    return decodeDHPrivateKey(input);
+    log.exiting(this.getClass().getName(), "engineGeneratePrivate()", result);
+    return result;
   }
 
   protected KeySpec engineGetKeySpec(Key key, Class keySpec)
diff --git a/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java b/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java
index f0a454992..1c362784b 100644
--- a/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java
+++ b/gnu/java/security/key/rsa/RSAKeyPairX509Codec.java
@@ -55,6 +55,7 @@ import java.security.InvalidParameterException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.util.ArrayList;
+import java.util.logging.Logger;
 
 /**
  * An implementation of an {@link IKeyPairCodec} that knows how to encode /
@@ -63,6 +64,7 @@ import java.util.ArrayList;
 public class RSAKeyPairX509Codec
     implements IKeyPairCodec
 {
+  private static final Logger log = Logger.getLogger(RSAKeyPairX509Codec.class.getName());
   private static final OID RSA_ALG_OID = new OID(Registry.RSA_OID_STRING);
 
   // implicit 0-arguments constructor
@@ -88,9 +90,12 @@ public class RSAKeyPairX509Codec
    *     parameters  ANY DEFINED BY algorithm OPTIONAL
    *   }
    * </pre>
-   * 
-   * <p>The <i>subjectPublicKey</i> field, which is a BIT STRING, contains the
-   * DER-encoded form of the RSA public key defined as:</p>
+   * <p>
+   * As indicated in RFC-2459: "The parameters field shall have ASN.1 type NULL
+   * for this algorithm identifier.".
+   * <p>
+   * The <i>subjectPublicKey</i> field, which is a BIT STRING, contains the
+   * DER-encoded form of the RSA public key defined as:
    * 
    * <pre>
    *   RSAPublicKey ::= SEQUENCE {
@@ -109,6 +114,8 @@ public class RSAKeyPairX509Codec
    */
   public byte[] encodePublicKey(PublicKey key)
   {
+    log.entering(this.getClass().getName(), "encodePublicKey()", key);
+
     if (! (key instanceof GnuRSAPublicKey))
       throw new InvalidParameterException("key");
 
@@ -153,6 +160,7 @@ public class RSAKeyPairX509Codec
         throw y;
       }
 
+    log.exiting(this.getClass().getName(), "encodePublicKey()", result);
     return result;
   }
 
@@ -174,6 +182,8 @@ public class RSAKeyPairX509Codec
    */
   public PublicKey decodePublicKey(byte[] input)
   {
+    log.entering(this.getClass().getName(), "decodePublicKey()", input);
+
     if (input == null)
       throw new InvalidParameterException("Input bytes MUST NOT be null");
 
@@ -195,7 +205,11 @@ public class RSAKeyPairX509Codec
         if (! algOID.equals(RSA_ALG_OID))
           throw new InvalidParameterException("Unexpected OID: " + algOID);
 
+        // rfc-2459 states that this field is OPTIONAL but NULL if/when present
         DERValue val = der.read();
+        if (val.getTag() == DER.NULL)
+          val = der.read();
+
         if (! (val.getValue() instanceof BitString))
           throw new InvalidParameterException("Wrong SubjectPublicKey field");
 
@@ -219,7 +233,9 @@ public class RSAKeyPairX509Codec
         throw y;
       }
 
-    return new GnuRSAPublicKey(Registry.X509_ENCODING_ID, n, e);
+    PublicKey result = new GnuRSAPublicKey(Registry.X509_ENCODING_ID, n, e);
+    log.exiting(this.getClass().getName(), "decodePublicKey()", result);
+    return result;
   }
 
   /**