/*
*
* Copyright (c) 2013 - 2020 Lijun Liao
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.xipki.ca.api.profile;
import java.math.BigInteger;
import java.security.spec.DSAParameterSpec;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.DSAParameter;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.xipki.security.util.DSAParameterCache;
import org.xipki.util.Args;
/**
* Control of how the CA generate keypair for the new certificate.
*
* @author Lijun Liao
*
*/
public class KeypairGenControl {
public static class ForbiddenKeypairGenControl extends KeypairGenControl {
public static final ForbiddenKeypairGenControl INSTANCE = new ForbiddenKeypairGenControl();
private ForbiddenKeypairGenControl() {
}
} // class class
// CHECKSTYLE:SKIP
public static class InheritCAKeypairGenControl extends KeypairGenControl {
public static final InheritCAKeypairGenControl INSTANCE = new InheritCAKeypairGenControl();
private InheritCAKeypairGenControl() {
}
} // class InheritCAKeypairGenControl
// CHECKSTYLE:SKIP
public static class RSAKeypairGenControl extends KeypairGenControl {
private final int keysize;
private final BigInteger publicExponent;
private final AlgorithmIdentifier keyAlgorithm;
public RSAKeypairGenControl(int keysize) {
this(keysize, null, null);
}
public RSAKeypairGenControl(int keysize, BigInteger publicExponent,
ASN1ObjectIdentifier keyAlgorithmOid) {
if (keysize < 1024 || keysize % 512 != 0) {
throw new IllegalArgumentException("invalid keysize " + keysize);
}
this.keysize = keysize;
this.publicExponent = (publicExponent != null) ? publicExponent
: BigInteger.valueOf(0x10001);
this.keyAlgorithm = new AlgorithmIdentifier(
(keyAlgorithmOid != null) ? keyAlgorithmOid : PKCSObjectIdentifiers.rsaEncryption,
DERNull.INSTANCE);
} // constructor
public int getKeysize() {
return keysize;
}
public BigInteger getPublicExponent() {
return publicExponent;
}
public AlgorithmIdentifier getKeyAlgorithm() {
return keyAlgorithm;
}
} // class RSAKeypairGenControl
// CHECKSTYLE:SKIP
public static class ECKeypairGenControl extends KeypairGenControl {
private final ASN1ObjectIdentifier curveOid;
private final AlgorithmIdentifier keyAlgorithm;
public ECKeypairGenControl(ASN1ObjectIdentifier curveOid) {
this(curveOid, null);
}
public ECKeypairGenControl(ASN1ObjectIdentifier curveOid,
ASN1ObjectIdentifier keyAlgorithmOid) {
this.curveOid = Args.notNull(curveOid, "curveOid");
this.keyAlgorithm = new AlgorithmIdentifier(
(keyAlgorithmOid != null) ? keyAlgorithmOid : X9ObjectIdentifiers.id_ecPublicKey,
curveOid);
}
public ASN1ObjectIdentifier getCurveOid() {
return curveOid;
}
public AlgorithmIdentifier getKeyAlgorithm() {
return keyAlgorithm;
}
} // class ECKeypairGenControl
// CHECKSTYLE:SKIP
public static class DSAKeypairGenControl extends KeypairGenControl {
private final DSAParameterSpec parameterSpec;
private final AlgorithmIdentifier keyAlgorithm;
// CHECKSTYLE:SKIP
public DSAKeypairGenControl(int pLength) {
this(pLength, 0, null);
}
// CHECKSTYLE:SKIP
public DSAKeypairGenControl(int pLength, int qLength, ASN1ObjectIdentifier keyAlgorithmOid) {
if (pLength < 1024 | pLength % 1024 != 0) {
throw new IllegalArgumentException("invalid pLength " + pLength);
}
if (qLength == 0) {
if (pLength < 2048) {
qLength = 160;
} else if (pLength < 3072) {
qLength = 224;
} else {
qLength = 256;
}
}
this.parameterSpec = DSAParameterCache.getDSAParameterSpec(pLength, qLength, null);
this.keyAlgorithm = new AlgorithmIdentifier(
(keyAlgorithmOid != null) ? keyAlgorithmOid : X9ObjectIdentifiers.id_dsa,
new DSAParameter(parameterSpec.getP(), parameterSpec.getQ(), parameterSpec.getG()));
}
public DSAKeypairGenControl(BigInteger p, BigInteger q, BigInteger g,
ASN1ObjectIdentifier keyAlgorithmOid) {
this.parameterSpec = new DSAParameterSpec(p, q, g);
this.keyAlgorithm = new AlgorithmIdentifier(
(keyAlgorithmOid != null) ? keyAlgorithmOid : X9ObjectIdentifiers.id_dsa,
new DSAParameter(p, q, g));
}
public DSAParameterSpec getParameterSpec() {
return parameterSpec;
}
public AlgorithmIdentifier getKeyAlgorithm() {
return keyAlgorithm;
}
} // class DSAKeypairGenControl
// CHECKSTYLE:SKIP
public static class EDDSAKeypairGenControl extends KeypairGenControl {
private final AlgorithmIdentifier keyAlgorithm;
public EDDSAKeypairGenControl(ASN1ObjectIdentifier keyAlgorithmOid) {
this.keyAlgorithm = new AlgorithmIdentifier(Args.notNull(keyAlgorithmOid, "keyAlgorithmOid"));
}
public AlgorithmIdentifier getKeyAlgorithm() {
return keyAlgorithm;
}
} // class EDDSAKeypairGenControl
}
