michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0:  * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0:  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0: 
michael@0: package org.mozilla.gecko.browserid;
michael@0: 
michael@0: import java.math.BigInteger;
michael@0: import java.security.GeneralSecurityException;
michael@0: import java.security.KeyFactory;
michael@0: import java.security.KeyPair;
michael@0: import java.security.KeyPairGenerator;
michael@0: import java.security.NoSuchAlgorithmException;
michael@0: import java.security.Signature;
michael@0: import java.security.interfaces.RSAPrivateKey;
michael@0: import java.security.interfaces.RSAPublicKey;
michael@0: import java.security.spec.InvalidKeySpecException;
michael@0: import java.security.spec.KeySpec;
michael@0: import java.security.spec.RSAPrivateKeySpec;
michael@0: import java.security.spec.RSAPublicKeySpec;
michael@0: 
michael@0: import org.mozilla.gecko.sync.ExtendedJSONObject;
michael@0: import org.mozilla.gecko.sync.NonObjectJSONException;
michael@0: 
michael@0: public class RSACryptoImplementation {
michael@0:   public static final String SIGNATURE_ALGORITHM = "SHA256withRSA";
michael@0: 
michael@0:   /**
michael@0:    * Parameters are serialized as decimal strings. Hex-versus-decimal was
michael@0:    * reverse-engineered from what the Persona public verifier accepted. We
michael@0:    * expect to follow the JOSE/JWT spec as it solidifies, and that will probably
michael@0:    * mean unifying this base.
michael@0:    */
michael@0:   protected static final int SERIALIZATION_BASE = 10;
michael@0: 
michael@0:   protected static class RSAVerifyingPublicKey implements VerifyingPublicKey {
michael@0:     protected final RSAPublicKey publicKey;
michael@0: 
michael@0:     public RSAVerifyingPublicKey(RSAPublicKey publicKey) {
michael@0:       this.publicKey = publicKey;
michael@0:     }
michael@0: 
michael@0:     /**
michael@0:      * Serialize to a JSON object.
michael@0:      * <p>
michael@0:      * Parameters are serialized as decimal strings. Hex-versus-decimal was
michael@0:      * reverse-engineered from what the Persona public verifier accepted.
michael@0:      */
michael@0:     @Override
michael@0:     public ExtendedJSONObject toJSONObject() {
michael@0:       ExtendedJSONObject o = new ExtendedJSONObject();
michael@0:       o.put("algorithm", "RS");
michael@0:       o.put("n", publicKey.getModulus().toString(SERIALIZATION_BASE));
michael@0:       o.put("e", publicKey.getPublicExponent().toString(SERIALIZATION_BASE));
michael@0:       return o;
michael@0:     }
michael@0: 
michael@0:     @Override
michael@0:     public boolean verifyMessage(byte[] bytes, byte[] signature)
michael@0:         throws GeneralSecurityException {
michael@0:       final Signature signer = Signature.getInstance(SIGNATURE_ALGORITHM);
michael@0:       signer.initVerify(publicKey);
michael@0:       signer.update(bytes);
michael@0:       return signer.verify(signature);
michael@0:     }
michael@0:   }
michael@0: 
michael@0:   protected static class RSASigningPrivateKey implements SigningPrivateKey {
michael@0:     protected final RSAPrivateKey privateKey;
michael@0: 
michael@0:     public RSASigningPrivateKey(RSAPrivateKey privateKey) {
michael@0:       this.privateKey = privateKey;
michael@0:     }
michael@0: 
michael@0:     @Override
michael@0:     public String getAlgorithm() {
michael@0:       return "RS" + (privateKey.getModulus().bitLength() + 7)/8;
michael@0:     }
michael@0: 
michael@0:     /**
michael@0:      * Serialize to a JSON object.
michael@0:      * <p>
michael@0:      * Parameters are serialized as decimal strings. Hex-versus-decimal was
michael@0:      * reverse-engineered from what the Persona public verifier accepted.
michael@0:      */
michael@0:     @Override
michael@0:     public ExtendedJSONObject toJSONObject() {
michael@0:       ExtendedJSONObject o = new ExtendedJSONObject();
michael@0:       o.put("algorithm", "RS");
michael@0:       o.put("n", privateKey.getModulus().toString(SERIALIZATION_BASE));
michael@0:       o.put("d", privateKey.getPrivateExponent().toString(SERIALIZATION_BASE));
michael@0:       return o;
michael@0:     }
michael@0: 
michael@0:     @Override
michael@0:     public byte[] signMessage(byte[] bytes)
michael@0:         throws GeneralSecurityException {
michael@0:       final Signature signer = Signature.getInstance(SIGNATURE_ALGORITHM);
michael@0:       signer.initSign(privateKey);
michael@0:       signer.update(bytes);
michael@0:       return signer.sign();
michael@0:     }
michael@0:   }
michael@0: 
michael@0:   public static BrowserIDKeyPair generateKeyPair(final int keysize) throws NoSuchAlgorithmException {
michael@0:     final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
michael@0:     keyPairGenerator.initialize(keysize);
michael@0:     final KeyPair keyPair = keyPairGenerator.generateKeyPair();
michael@0:     RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
michael@0:     RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
michael@0:     return new BrowserIDKeyPair(new RSASigningPrivateKey(privateKey), new RSAVerifyingPublicKey(publicKey));
michael@0:   }
michael@0: 
michael@0:   public static SigningPrivateKey createPrivateKey(BigInteger n, BigInteger d) throws NoSuchAlgorithmException, InvalidKeySpecException {
michael@0:     if (n == null) {
michael@0:       throw new IllegalArgumentException("n must not be null");
michael@0:     }
michael@0:     if (d == null) {
michael@0:       throw new IllegalArgumentException("d must not be null");
michael@0:     }
michael@0:     KeyFactory keyFactory = KeyFactory.getInstance("RSA");
michael@0:     KeySpec keySpec = new RSAPrivateKeySpec(n, d);
michael@0:     RSAPrivateKey privateKey = (RSAPrivateKey) keyFactory.generatePrivate(keySpec);
michael@0:     return new RSASigningPrivateKey(privateKey);
michael@0:   }
michael@0: 
michael@0:   public static VerifyingPublicKey createPublicKey(BigInteger n, BigInteger e) throws NoSuchAlgorithmException, InvalidKeySpecException {
michael@0:     if (n == null) {
michael@0:       throw new IllegalArgumentException("n must not be null");
michael@0:     }
michael@0:     if (e == null) {
michael@0:       throw new IllegalArgumentException("e must not be null");
michael@0:     }
michael@0:     KeyFactory keyFactory = KeyFactory.getInstance("RSA");
michael@0:     KeySpec keySpec = new RSAPublicKeySpec(n, e);
michael@0:     RSAPublicKey publicKey = (RSAPublicKey) keyFactory.generatePublic(keySpec);
michael@0:     return new RSAVerifyingPublicKey(publicKey);
michael@0:   }
michael@0: 
michael@0:   public static SigningPrivateKey createPrivateKey(ExtendedJSONObject o) throws InvalidKeySpecException, NoSuchAlgorithmException {
michael@0:     String algorithm = o.getString("algorithm");
michael@0:     if (!"RS".equals(algorithm)) {
michael@0:       throw new InvalidKeySpecException("algorithm must equal RS, was " + algorithm);
michael@0:     }
michael@0:     try {
michael@0:       BigInteger n = new BigInteger(o.getString("n"), SERIALIZATION_BASE);
michael@0:       BigInteger d = new BigInteger(o.getString("d"), SERIALIZATION_BASE);
michael@0:       return createPrivateKey(n, d);
michael@0:     } catch (NullPointerException e) {
michael@0:       throw new InvalidKeySpecException("n and d must be integers encoded as strings, base " + SERIALIZATION_BASE);
michael@0:     } catch (NumberFormatException e) {
michael@0:       throw new InvalidKeySpecException("n and d must be integers encoded as strings, base " + SERIALIZATION_BASE);
michael@0:     }
michael@0:   }
michael@0: 
michael@0:   public static VerifyingPublicKey createPublicKey(ExtendedJSONObject o) throws InvalidKeySpecException, NoSuchAlgorithmException {
michael@0:     String algorithm = o.getString("algorithm");
michael@0:     if (!"RS".equals(algorithm)) {
michael@0:       throw new InvalidKeySpecException("algorithm must equal RS, was " + algorithm);
michael@0:     }
michael@0:     try {
michael@0:       BigInteger n = new BigInteger(o.getString("n"), SERIALIZATION_BASE);
michael@0:       BigInteger e = new BigInteger(o.getString("e"), SERIALIZATION_BASE);
michael@0:       return createPublicKey(n, e);
michael@0:     } catch (NullPointerException e) {
michael@0:       throw new InvalidKeySpecException("n and e must be integers encoded as strings, base " + SERIALIZATION_BASE);
michael@0:     } catch (NumberFormatException e) {
michael@0:       throw new InvalidKeySpecException("n and e must be integers encoded as strings, base " + SERIALIZATION_BASE);
michael@0:     }
michael@0:   }
michael@0: 
michael@0:   public static BrowserIDKeyPair fromJSONObject(ExtendedJSONObject o) throws InvalidKeySpecException, NoSuchAlgorithmException {
michael@0:     try {
michael@0:       ExtendedJSONObject privateKey = o.getObject(BrowserIDKeyPair.JSON_KEY_PRIVATEKEY);
michael@0:       ExtendedJSONObject publicKey = o.getObject(BrowserIDKeyPair.JSON_KEY_PUBLICKEY);
michael@0:       if (privateKey == null) {
michael@0:         throw new InvalidKeySpecException("privateKey must not be null");
michael@0:       }
michael@0:       if (publicKey == null) {
michael@0:         throw new InvalidKeySpecException("publicKey must not be null");
michael@0:       }
michael@0:       return new BrowserIDKeyPair(createPrivateKey(privateKey), createPublicKey(publicKey));
michael@0:     } catch (NonObjectJSONException e) {
michael@0:       throw new InvalidKeySpecException("privateKey and publicKey must be JSON objects");
michael@0:     }
michael@0:   }
michael@0: }