View Javadoc
1   /*
2    * Copyright 2024 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty.pkitesting;
17  
18  import org.bouncycastle.jce.provider.BouncyCastleProvider;
19  
20  import java.security.GeneralSecurityException;
21  import java.security.KeyPairGenerator;
22  import java.security.NoSuchAlgorithmException;
23  import java.security.Provider;
24  import java.security.SecureRandom;
25  import java.security.Signature;
26  import java.security.spec.AlgorithmParameterSpec;
27  import java.util.Locale;
28  
29  final class Algorithms {
30      private static Provider bouncyCastle;
31  
32      private Algorithms() {
33      }
34  
35      static String oidForAlgorithmName(String algorithmIdentifier) {
36          // See the Java Security Standard Algorithm Names documentation for names and links to RFCs.
37          // https://docs.oracle.com/en/java/javase/22/docs/specs/security/standard-names.html#signature-algorithms
38          switch (algorithmIdentifier.toLowerCase(Locale.ROOT)) {
39              case "sha256withecdsa":
40                  return "1.2.840.10045.4.3.2";
41              case "sha384withecdsa":
42                  return "1.2.840.10045.4.3.3";
43              case "sha256withrsa":
44                  return "1.2.840.113549.1.1.11";
45              case "sha384withrsa":
46                  return "1.2.840.113549.1.1.12";
47              case "ed25519":
48                  return "1.3.101.112";
49              case "ed448":
50                  return "1.3.101.113";
51              case "ml-dsa-44":
52                  return "2.16.840.1.101.3.4.3.17";
53              case "ml-dsa-65":
54                  return "2.16.840.1.101.3.4.3.18";
55              case "ml-dsa-87":
56                  return "2.16.840.1.101.3.4.3.19";
57              case "slh-dsa-sha2-128s":
58                  return "2.16.840.1.101.3.4.3.20";
59              case "slh-dsa-sha2-128f":
60                  return "2.16.840.1.101.3.4.3.21";
61              case "slh-dsa-shake-128s":
62                  return "2.16.840.1.101.3.4.3.22";
63              case "slh-dsa-shake-128f":
64                  return "2.16.840.1.101.3.4.3.23";
65              case "slh-dsa-sha2-192s":
66                  return "2.16.840.1.101.3.4.3.24";
67              case "slh-dsa-sha2-192f":
68                  return "2.16.840.1.101.3.4.3.25";
69              case "slh-dsa-shake-192s":
70                  return "2.16.840.1.101.3.4.3.26";
71              case "slh-dsa-shake-192f":
72                  return "2.16.840.1.101.3.4.3.27";
73              case "slh-dsa-sha2-256s":
74                  return "2.16.840.1.101.3.4.3.28";
75              case "slh-dsa-sha2-256f":
76                  return "2.16.840.1.101.3.4.3.29";
77              case "slh-dsa-shake-256s":
78                  return "2.16.840.1.101.3.4.3.30";
79              case "slh-dsa-shake-256f":
80                  return "2.16.840.1.101.3.4.3.31";
81              default:
82                  throw new UnsupportedOperationException("Algorithm not supported: " + algorithmIdentifier);
83          }
84      }
85  
86      static KeyPairGenerator keyPairGenerator(String keyType, AlgorithmParameterSpec spec,
87              SecureRandom rng, Provider provider) throws GeneralSecurityException {
88          try {
89              KeyPairGenerator keyGen;
90              if (provider == null) {
91                  keyGen = KeyPairGenerator.getInstance(keyType);
92              } else {
93                  keyGen = KeyPairGenerator.getInstance(keyType, provider);
94              }
95              try {
96                  keyGen.initialize(spec, rng);
97              } catch (UnsupportedOperationException ignore) {
98                  // The key generators for some algorithms, in some providers, don't support key gen initialization.
99              }
100             return keyGen;
101         } catch (GeneralSecurityException e) {
102             if (provider != null) {
103                  // Don't fall back to BouncyCastle if we were explicitly told to use a specific provider.
104                 throw e;
105             }
106             try {
107                 KeyPairGenerator keyGen = KeyPairGenerator.getInstance(keyType, bouncyCastle());
108                 keyGen.initialize(spec, rng);
109                 return keyGen;
110             } catch (GeneralSecurityException ex) {
111                 e.addSuppressed(ex);
112             }
113             throw e;
114         }
115     }
116 
117     static Signature signature(String algorithmIdentifier, Provider provider) throws NoSuchAlgorithmException {
118         try {
119             return Signature.getInstance(algorithmIdentifier);
120         } catch (NoSuchAlgorithmException e) {
121             try {
122                 return Signature.getInstance(algorithmIdentifier, provider != null ? provider : bouncyCastle());
123             } catch (NoSuchAlgorithmException ex) {
124                 e.addSuppressed(ex);
125             }
126             throw e;
127         }
128     }
129 
130     private static final class DefaultProvider {
131         private static final Provider INSTANCE = new BouncyCastleProvider();
132     }
133 
134     private static synchronized Provider bouncyCastle() {
135         if (bouncyCastle == null) {
136             bouncyCastle = DefaultProvider.INSTANCE;
137         }
138         return bouncyCastle;
139     }
140 }