Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4503229

default RSA KeyFactory can return broken RSAPrivateCrtKey objects

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 1.4.0
    • Fix Version/s: 1.0.3
    • Component/s: security-libs
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      1.0.3
    • CPU:
      generic
    • OS:
      generic

      Backports

        Description



        Name: nt126004 Date: 09/14/2001


        java version "1.3.1"
        Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.1-b24)
        Java HotSpot(TM) Client VM (build 1.3.1-b24, mixed mode)


        When converting between RSAPrivateCrtKey and RSAPrivateCrtKeySpec objects, you
        can get private keys that throw ArrayIndexOutOfBoundsException when calling
        getPublicExponent().

        A test program:

        import java.security.*;
        import java.security.interfaces.*;
        import java.security.spec.*;
        import java.math.BigInteger;

        public class JCATestCase
        {
          public static void main(String[] args)
          {
            try
            {
              KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
              generator.initialize(512);
              
              KeyPair pair = generator.generateKeyPair();

              RSAPrivateCrtKey privatekey = (RSAPrivateCrtKey) pair.getPrivate();

              RSAPrivateCrtKeySpec spec
                = new RSAPrivateCrtKeySpec(privatekey.getModulus(),
                                           privatekey.getPublicExponent(),
                                           privatekey.getPrivateExponent(),
                                           privatekey.getPrimeP(),
                                           privatekey.getPrimeQ(),
                                           privatekey.getPrimeExponentP(),
                                           privatekey.getPrimeExponentQ(),
                                           privatekey.getCrtCoefficient());

              KeyFactory factory = KeyFactory.getInstance("RSA");
              
              PrivateKey privatekey2 = factory.generatePrivate(spec);

              BigInteger pe = ((RSAPrivateCrtKey) privatekey2).getPublicExponent();

              System.out.print("public exponent: " + pe);
            }
            catch (Exception e)
            {
              e.printStackTrace();
            }
          }
        }


        Output:

        java.lang.ArrayIndexOutOfBoundsException
                at
        com.sun.rsajca.JSA_RSAPrivateKey.getPublicExponent([DashoPro-V1.2-120198])
                at JCATestCase.main(JCATestCase.java:33)
        (Review ID: 131697)
        ======================================================================

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                wetmore Bradford Wetmore
                Reporter:
                nthompsosunw Nathanael Thompson (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: