@@ -127,12 +127,15 @@ public RSAPSSSignature() {
127127 @ Override
128128 protected void engineInitVerify (PublicKey publicKey )
129129 throws InvalidKeyException {
130- if (!(publicKey instanceof RSAPublicKey )) {
130+ if (publicKey instanceof RSAPublicKey ) {
131+ RSAPublicKey rsaPubKey = (RSAPublicKey )publicKey ;
132+ isPublicKeyValid (rsaPubKey );
133+ this .pubKey = rsaPubKey ;
134+ this .privKey = null ;
135+ resetDigest ();
136+ } else {
131137 throw new InvalidKeyException ("key must be RSAPublicKey" );
132138 }
133- this .pubKey = (RSAPublicKey ) isValid ((RSAKey )publicKey );
134- this .privKey = null ;
135- resetDigest ();
136139 }
137140
138141 // initialize for signing. See JCA doc
@@ -146,14 +149,17 @@ protected void engineInitSign(PrivateKey privateKey)
146149 @ Override
147150 protected void engineInitSign (PrivateKey privateKey , SecureRandom random )
148151 throws InvalidKeyException {
149- if (!(privateKey instanceof RSAPrivateKey )) {
152+ if (privateKey instanceof RSAPrivateKey ) {
153+ RSAPrivateKey rsaPrivateKey = (RSAPrivateKey )privateKey ;
154+ isPrivateKeyValid (rsaPrivateKey );
155+ this .privKey = rsaPrivateKey ;
156+ this .pubKey = null ;
157+ this .random =
158+ (random == null ? JCAUtil .getSecureRandom () : random );
159+ resetDigest ();
160+ } else {
150161 throw new InvalidKeyException ("key must be RSAPrivateKey" );
151162 }
152- this .privKey = (RSAPrivateKey ) isValid ((RSAKey )privateKey );
153- this .pubKey = null ;
154- this .random =
155- (random == null ? JCAUtil .getSecureRandom () : random );
156- resetDigest ();
157163 }
158164
159165 /**
@@ -205,11 +211,57 @@ private static boolean isCompatible(AlgorithmParameterSpec keyParams,
205211 }
206212 }
207213
214+ /**
215+ * Validate the specified RSAPrivateKey
216+ */
217+ private void isPrivateKeyValid (RSAPrivateKey prKey ) throws InvalidKeyException {
218+ try {
219+ if (prKey instanceof RSAPrivateCrtKey ) {
220+ RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey )prKey ;
221+ if (RSAPrivateCrtKeyImpl .checkComponents (crtKey )) {
222+ RSAKeyFactory .checkRSAProviderKeyLengths (
223+ crtKey .getModulus ().bitLength (),
224+ crtKey .getPublicExponent ());
225+ } else {
226+ throw new InvalidKeyException (
227+ "Some of the CRT-specific components are not available" );
228+ }
229+ } else {
230+ RSAKeyFactory .checkRSAProviderKeyLengths (
231+ prKey .getModulus ().bitLength (),
232+ null );
233+ }
234+ } catch (InvalidKeyException ikEx ) {
235+ throw ikEx ;
236+ } catch (Exception e ) {
237+ throw new InvalidKeyException (
238+ "Can not access private key components" , e );
239+ }
240+ isValid (prKey );
241+ }
242+
243+ /**
244+ * Validate the specified RSAPublicKey
245+ */
246+ private void isPublicKeyValid (RSAPublicKey pKey ) throws InvalidKeyException {
247+ try {
248+ RSAKeyFactory .checkRSAProviderKeyLengths (
249+ pKey .getModulus ().bitLength (),
250+ pKey .getPublicExponent ());
251+ } catch (InvalidKeyException ikEx ) {
252+ throw ikEx ;
253+ } catch (Exception e ) {
254+ throw new InvalidKeyException (
255+ "Can not access public key components" , e );
256+ }
257+ isValid (pKey );
258+ }
259+
208260 /**
209261 * Validate the specified RSAKey and its associated parameters against
210262 * internal signature parameters.
211263 */
212- private RSAKey isValid (RSAKey rsaKey ) throws InvalidKeyException {
264+ private void isValid (RSAKey rsaKey ) throws InvalidKeyException {
213265 try {
214266 AlgorithmParameterSpec keyParams = rsaKey .getParams ();
215267 // validate key parameters
@@ -227,7 +279,6 @@ private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException {
227279 }
228280 checkKeyLength (rsaKey , hLen , this .sigParams .getSaltLength ());
229281 }
230- return rsaKey ;
231282 } catch (SignatureException e ) {
232283 throw new InvalidKeyException (e );
233284 }
0 commit comments